mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 00:55:38 +01:00
Merge branch 'development'
This commit is contained in:
commit
9c22e7311c
@ -46,6 +46,8 @@ Changes
|
|||||||
* Disabled SSLv3 in the default configuration.
|
* Disabled SSLv3 in the default configuration.
|
||||||
* Optimized mbedtls_mpi_zeroize() for MPI integer size. (Fix by Alexey
|
* Optimized mbedtls_mpi_zeroize() for MPI integer size. (Fix by Alexey
|
||||||
Skalozub).
|
Skalozub).
|
||||||
|
* Fix non-compliance server extension handling. Extensions for SSLv3 are now
|
||||||
|
ignored, as required by RFC6101.
|
||||||
|
|
||||||
= mbed TLS 2.2.1 released 2016-01-05
|
= mbed TLS 2.2.1 released 2016-01-05
|
||||||
|
|
||||||
|
@ -362,6 +362,11 @@
|
|||||||
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
|
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) && \
|
||||||
|
!defined(MBEDTLS_PKCS1_V15) )
|
||||||
|
#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
|
||||||
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
|
( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
|
||||||
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
|
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -49,7 +49,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
|
void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
|
||||||
|
@ -45,7 +45,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -269,7 +269,8 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
|
|||||||
/* Allocate and assign next pointer */
|
/* Allocate and assign next pointer */
|
||||||
if( *p < end )
|
if( *p < end )
|
||||||
{
|
{
|
||||||
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
|
cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1,
|
||||||
|
sizeof( mbedtls_asn1_sequence ) );
|
||||||
|
|
||||||
if( cur->next == NULL )
|
if( cur->next == NULL )
|
||||||
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
|
return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
|
||||||
|
@ -312,7 +312,9 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data
|
|||||||
{
|
{
|
||||||
// Add new entry if not present yet based on OID
|
// Add new entry if not present yet based on OID
|
||||||
//
|
//
|
||||||
if( ( cur = mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ) ) == NULL )
|
cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
|
||||||
|
sizeof(mbedtls_asn1_named_data) );
|
||||||
|
if( cur == NULL )
|
||||||
return( NULL );
|
return( NULL );
|
||||||
|
|
||||||
cur->oid.len = oid_len;
|
cur->oid.len = oid_len;
|
||||||
|
@ -120,7 +120,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
|
|||||||
|
|
||||||
if( X->n < nblimbs )
|
if( X->n < nblimbs )
|
||||||
{
|
{
|
||||||
if( ( p = mbedtls_calloc( nblimbs, ciL ) ) == NULL )
|
if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
|
||||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||||
|
|
||||||
if( X->p != NULL )
|
if( X->p != NULL )
|
||||||
@ -158,7 +158,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
|
|||||||
if( i < nblimbs )
|
if( i < nblimbs )
|
||||||
i = nblimbs;
|
i = nblimbs;
|
||||||
|
|
||||||
if( ( p = mbedtls_calloc( i, ciL ) ) == NULL )
|
if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
|
||||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||||
|
|
||||||
if( X->p != NULL )
|
if( X->p != NULL )
|
||||||
|
@ -41,7 +41,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -50,7 +50,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -51,7 +51,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define CCM_ENCRYPT 0
|
#define CCM_ENCRYPT 0
|
||||||
|
@ -51,7 +51,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int supported_init = 0;
|
static int supported_init = 0;
|
||||||
|
@ -50,7 +50,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1685,7 +1685,7 @@ int mbedtls_rsa_self_test( int verbose )
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
mbedtls_printf( "PKCS#1 data sign : " );
|
mbedtls_printf( " PKCS#1 data sign : " );
|
||||||
|
|
||||||
mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
|
mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum );
|
||||||
|
|
||||||
|
@ -49,7 +49,7 @@
|
|||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1507,6 +1507,11 @@ read_record_header:
|
|||||||
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Do not parse the extensions if the protocol is SSLv3 */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
|
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
||||||
|
{
|
||||||
|
#endif
|
||||||
/*
|
/*
|
||||||
* Check the extension length
|
* Check the extension length
|
||||||
*/
|
*/
|
||||||
@ -1693,6 +1698,9 @@ read_record_header:
|
|||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||||
for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
|
for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
|
||||||
@ -2363,6 +2371,12 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||||
ssl->session_negotiate->compression ) );
|
ssl->session_negotiate->compression ) );
|
||||||
|
|
||||||
|
/* Do not write the extensions if the protocol is SSLv3 */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
|
if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
|
||||||
|
{
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* First write extensions, then the total length
|
* First write extensions, then the total length
|
||||||
*/
|
*/
|
||||||
@ -2419,6 +2433,10 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
p += ext_len;
|
p += ext_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
ssl->out_msglen = p - buf;
|
ssl->out_msglen = p - buf;
|
||||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
|
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
|
||||||
|
@ -502,7 +502,8 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
|
|||||||
{
|
{
|
||||||
mbedtls_pem_init( &pem );
|
mbedtls_pem_init( &pem );
|
||||||
|
|
||||||
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
|
// Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
|
||||||
|
// string
|
||||||
if( buflen == 0 || buf[buflen - 1] != '\0' )
|
if( buflen == 0 || buf[buflen - 1] != '\0' )
|
||||||
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
|
||||||
else
|
else
|
||||||
|
@ -1,4 +1,17 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||||
|
#
|
||||||
|
# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
|
||||||
|
#
|
||||||
|
# Purpose
|
||||||
|
#
|
||||||
|
# Sets the version numbers in the source code to those given.
|
||||||
|
#
|
||||||
|
# Usage: bump_version.sh [ --version <version> ] [ --so-crypto <version>]
|
||||||
|
# [ --so-x509 <version> ] [ --so-tls <version> ]
|
||||||
|
# [ -v | --verbose ] [ -h | --help ]
|
||||||
|
#
|
||||||
|
|
||||||
VERSION=""
|
VERSION=""
|
||||||
SOVERSION=""
|
SOVERSION=""
|
||||||
@ -109,10 +122,6 @@ mv tmp include/mbedtls/version.h
|
|||||||
sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp
|
sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp
|
||||||
mv tmp tests/suites/test_suite_version.data
|
mv tmp tests/suites/test_suite_version.data
|
||||||
|
|
||||||
[ $VERBOSE ] && echo "Bumping version in yotta/data/module.json"
|
|
||||||
sed -e "s/\"version\": \".\{1,\}\"/\"version\": \"$VERSION\"/g" < yotta/data/module.json > tmp
|
|
||||||
mv tmp yotta/data/module.json
|
|
||||||
|
|
||||||
[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
|
[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
|
||||||
for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
|
for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
|
||||||
do
|
do
|
||||||
@ -128,3 +137,4 @@ scripts/generate_features.pl
|
|||||||
|
|
||||||
[ $VERBOSE ] && echo "Re-generating visualc files"
|
[ $VERBOSE ] && echo "Re-generating visualc files"
|
||||||
scripts/generate_visualc_files.pl
|
scripts/generate_visualc_files.pl
|
||||||
|
|
||||||
|
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
# basic-build-tests.sh
|
# basic-build-tests.sh
|
||||||
#
|
#
|
||||||
|
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||||
|
#
|
||||||
# Copyright (c) 2016, ARM Limited, All Rights Reserved
|
# Copyright (c) 2016, ARM Limited, All Rights Reserved
|
||||||
#
|
#
|
||||||
# Purpose
|
# Purpose
|
||||||
@ -40,7 +42,7 @@ export CFLAGS=' --coverage -g3 -O0 '
|
|||||||
make clean
|
make clean
|
||||||
scripts/config.pl full
|
scripts/config.pl full
|
||||||
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
|
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
|
||||||
make
|
make -j
|
||||||
|
|
||||||
|
|
||||||
# Step 2 - Execute the tests
|
# Step 2 - Execute the tests
|
||||||
|
@ -1,12 +1,23 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Test various options that are not covered by compat.sh
|
# ssl-opt.sh
|
||||||
#
|
#
|
||||||
# Here the goal is not to cover every ciphersuite/version, but
|
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||||
# rather specific options (max fragment length, truncated hmac, etc)
|
#
|
||||||
# or procedures (session resumption from cache or ticket, renego, etc).
|
# Copyright (c) 2016, ARM Limited, All Rights Reserved
|
||||||
|
#
|
||||||
|
# Purpose
|
||||||
|
#
|
||||||
|
# Executes tests to prove various TLS/SSL options and extensions.
|
||||||
|
#
|
||||||
|
# The goal is not to cover every ciphersuite/version, but instead to cover
|
||||||
|
# specific options (max fragment length, truncated hmac, etc) or procedures
|
||||||
|
# (session resumption from cache or ticket, renego, etc).
|
||||||
|
#
|
||||||
|
# The tests assume a build with default options, with exceptions expressed
|
||||||
|
# with a dependency. The tests focus on functionality and do not consider
|
||||||
|
# performance.
|
||||||
#
|
#
|
||||||
# Assumes a build with default options.
|
|
||||||
|
|
||||||
set -u
|
set -u
|
||||||
|
|
||||||
@ -33,12 +44,20 @@ MEMCHECK=0
|
|||||||
FILTER='.*'
|
FILTER='.*'
|
||||||
EXCLUDE='^$'
|
EXCLUDE='^$'
|
||||||
|
|
||||||
|
SHOW_TEST_NUMBER=0
|
||||||
|
RUN_TEST_NUMBER=''
|
||||||
|
|
||||||
|
PRESERVE_LOGS=0
|
||||||
|
|
||||||
print_usage() {
|
print_usage() {
|
||||||
echo "Usage: $0 [options]"
|
echo "Usage: $0 [options]"
|
||||||
printf " -h|--help\tPrint this help.\n"
|
printf " -h|--help\tPrint this help.\n"
|
||||||
printf " -m|--memcheck\tCheck memory leaks and errors.\n"
|
printf " -m|--memcheck\tCheck memory leaks and errors.\n"
|
||||||
printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n"
|
printf " -f|--filter\tOnly matching tests are executed (default: '$FILTER')\n"
|
||||||
printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n"
|
printf " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')\n"
|
||||||
|
printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
|
||||||
|
printf " -s|--show-numbers\tShow test numbers in front of test names\n"
|
||||||
|
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
|
||||||
}
|
}
|
||||||
|
|
||||||
get_options() {
|
get_options() {
|
||||||
@ -53,6 +72,15 @@ get_options() {
|
|||||||
-m|--memcheck)
|
-m|--memcheck)
|
||||||
MEMCHECK=1
|
MEMCHECK=1
|
||||||
;;
|
;;
|
||||||
|
-n|--number)
|
||||||
|
shift; RUN_TEST_NUMBER=$1
|
||||||
|
;;
|
||||||
|
-s|--show-numbers)
|
||||||
|
SHOW_TEST_NUMBER=1
|
||||||
|
;;
|
||||||
|
-p|--preserve-logs)
|
||||||
|
PRESERVE_LOGS=1
|
||||||
|
;;
|
||||||
-h|--help)
|
-h|--help)
|
||||||
print_usage
|
print_usage
|
||||||
exit 0
|
exit 0
|
||||||
@ -144,12 +172,19 @@ needs_more_time() {
|
|||||||
|
|
||||||
# print_name <name>
|
# print_name <name>
|
||||||
print_name() {
|
print_name() {
|
||||||
printf "$1 "
|
TESTS=$(( $TESTS + 1 ))
|
||||||
LEN=$(( 72 - `echo "$1" | wc -c` ))
|
LINE=""
|
||||||
|
|
||||||
|
if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then
|
||||||
|
LINE="$TESTS "
|
||||||
|
fi
|
||||||
|
|
||||||
|
LINE="$LINE$1"
|
||||||
|
printf "$LINE "
|
||||||
|
LEN=$(( 72 - `echo "$LINE" | wc -c` ))
|
||||||
for i in `seq 1 $LEN`; do printf '.'; done
|
for i in `seq 1 $LEN`; do printf '.'; done
|
||||||
printf ' '
|
printf ' '
|
||||||
|
|
||||||
TESTS=$(( $TESTS + 1 ))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# fail <message>
|
# fail <message>
|
||||||
@ -300,6 +335,13 @@ run_test() {
|
|||||||
|
|
||||||
print_name "$NAME"
|
print_name "$NAME"
|
||||||
|
|
||||||
|
# Do we only run numbered tests?
|
||||||
|
if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
|
||||||
|
elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
|
||||||
|
else
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
|
||||||
# should we skip?
|
# should we skip?
|
||||||
if [ "X$SKIP_NEXT" = "XYES" ]; then
|
if [ "X$SKIP_NEXT" = "XYES" ]; then
|
||||||
SKIP_NEXT="NO"
|
SKIP_NEXT="NO"
|
||||||
@ -468,6 +510,11 @@ run_test() {
|
|||||||
|
|
||||||
# if we're here, everything is ok
|
# if we're here, everything is ok
|
||||||
echo "PASS"
|
echo "PASS"
|
||||||
|
if [ "$PRESERVE_LOGS" -gt 0 ]; then
|
||||||
|
mv $SRV_OUT o-srv-${TESTS}.log
|
||||||
|
mv $CLI_OUT o-cli-${TESTS}.log
|
||||||
|
fi
|
||||||
|
|
||||||
rm -f $SRV_OUT $CLI_OUT $PXY_OUT
|
rm -f $SRV_OUT $CLI_OUT $PXY_OUT
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -504,6 +551,12 @@ if [ ! -x "$P_PXY" ]; then
|
|||||||
echo "Command '$P_PXY' is not an executable file"
|
echo "Command '$P_PXY' is not an executable file"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
if [ "$MEMCHECK" -gt 0 ]; then
|
||||||
|
if which valgrind >/dev/null 2>&1; then :; else
|
||||||
|
echo "Memcheck not possible. Valgrind not found"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
|
if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
|
||||||
echo "Command '$OPENSSL_CMD' not found"
|
echo "Command '$OPENSSL_CMD' not found"
|
||||||
exit 1
|
exit 1
|
||||||
@ -575,12 +628,14 @@ run_test "Default, DTLS" \
|
|||||||
|
|
||||||
# Tests for rc4 option
|
# Tests for rc4 option
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||||
run_test "RC4: server disabled, client enabled" \
|
run_test "RC4: server disabled, client enabled" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||||
1 \
|
1 \
|
||||||
-s "SSL - The server has no ciphersuites in common"
|
-s "SSL - The server has no ciphersuites in common"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
|
||||||
run_test "RC4: server half, client enabled" \
|
run_test "RC4: server half, client enabled" \
|
||||||
"$P_SRV arc4=1" \
|
"$P_SRV arc4=1" \
|
||||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||||
@ -723,7 +778,7 @@ run_test "Encrypt then MAC: client enabled, server SSLv3" \
|
|||||||
"$P_CLI debug_level=3 min_version=ssl3" \
|
"$P_CLI debug_level=3 min_version=ssl3" \
|
||||||
0 \
|
0 \
|
||||||
-c "client hello, adding encrypt_then_mac extension" \
|
-c "client hello, adding encrypt_then_mac extension" \
|
||||||
-s "found encrypt then mac extension" \
|
-S "found encrypt then mac extension" \
|
||||||
-S "server hello, adding encrypt then mac extension" \
|
-S "server hello, adding encrypt then mac extension" \
|
||||||
-C "found encrypt_then_mac extension" \
|
-C "found encrypt_then_mac extension" \
|
||||||
-C "using encrypt then mac" \
|
-C "using encrypt then mac" \
|
||||||
@ -782,7 +837,7 @@ run_test "Extended Master Secret: client enabled, server SSLv3" \
|
|||||||
"$P_CLI debug_level=3 min_version=ssl3" \
|
"$P_CLI debug_level=3 min_version=ssl3" \
|
||||||
0 \
|
0 \
|
||||||
-c "client hello, adding extended_master_secret extension" \
|
-c "client hello, adding extended_master_secret extension" \
|
||||||
-s "found extended master secret extension" \
|
-S "found extended master secret extension" \
|
||||||
-S "server hello, adding extended master secret extension" \
|
-S "server hello, adding extended master secret extension" \
|
||||||
-C "found extended_master_secret extension" \
|
-C "found extended_master_secret extension" \
|
||||||
-C "using extended master secret" \
|
-C "using extended master secret" \
|
||||||
@ -2856,6 +2911,16 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \
|
|||||||
0 \
|
0 \
|
||||||
-s "Read from client: 1 bytes read"
|
-s "Read from client: 1 bytes read"
|
||||||
|
|
||||||
|
# A test for extensions in SSLv3
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
|
run_test "SSLv3 with extensions, server side" \
|
||||||
|
"$P_SRV min_version=ssl3 debug_level=3" \
|
||||||
|
"$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
|
||||||
|
0 \
|
||||||
|
-S "dumping 'client hello extensions'" \
|
||||||
|
-S "server hello, total extension length:"
|
||||||
|
|
||||||
# Test for large packets
|
# Test for large packets
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
|
Loading…
Reference in New Issue
Block a user