mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 10:54:17 +01:00
696f92e9b4
In a USENIX WOOT '16 paper the authors exploit implementation mistakes that cause Initialisation Vectors (IV) to repeat. This did not happen in mbed TLS, and this test makes sure that this won't happen in the future either. A new test option is introduced to ssl-opt.sh that checks the server and client logs for a pattern and fails in case there are any duplicates in the lines following the matching ones. (This is necessary because of the structure of the logging) Added a test case as well to utilise the new option. This test forces the TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ciphersuite to make the client and the server use an AEAD cipher. Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS", USENIX WOOT '16 |
||
---|---|---|
.. | ||
data_files | ||
scripts | ||
suites | ||
.gitignore | ||
CMakeLists.txt | ||
compat.sh | ||
Descriptions.txt | ||
Makefile | ||
ssl-opt.sh |