mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-10-26 00:37:41 +03:00
Merge pull request #10402 from ronald-cron-arm/remove-legacy-crypto-options
Remove legacy crypto options
This commit is contained in:
Ronald Cron
GitHub
4
ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt
Normal file
4
ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt
Normal file
@@ -0,0 +1,4 @@
|
||||
API changes
|
||||
* Add MBEDTLS_SSL_NULL_CIPHERSUITES configuration option. It enables
|
||||
TLS 1.2 ciphersuites without encryption and is disabled by default.
|
||||
This new option replaces MBEDTLS_CIPHER_NULL_CIPHER.
|
||||
@@ -14,10 +14,6 @@
|
||||
|
||||
#include "mbedtls/ssl.h"
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#include "mbedtls/private/ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
|
||||
#define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__
|
||||
@@ -32,11 +28,6 @@
|
||||
#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
|
||||
mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
|
||||
mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
||||
#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
|
||||
@@ -51,7 +42,6 @@
|
||||
#define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0)
|
||||
#define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0)
|
||||
#define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0)
|
||||
#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0)
|
||||
#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0)
|
||||
#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0)
|
||||
|
||||
|
||||
@@ -191,6 +191,18 @@
|
||||
* \{
|
||||
*/
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_NULL_CIPHERSUITES
|
||||
*
|
||||
* Enable ciphersuites without encryption.
|
||||
*
|
||||
* Warning: Only do so when you know what you are doing. This allows for
|
||||
* channels without any encryption. All data are transmitted in clear.
|
||||
*
|
||||
* Uncomment this macro to enable the NULL ciphersuites
|
||||
*/
|
||||
//#define MBEDTLS_SSL_NULL_CIPHERSUITES
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_DEBUG_C
|
||||
*
|
||||
@@ -211,8 +223,8 @@
|
||||
*
|
||||
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
|
||||
* MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA
|
||||
* Requires: PSA_WANT_ALG_ECDH
|
||||
* PSA_WANT_ALG_ECDSA
|
||||
* MBEDTLS_X509_CRT_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
@@ -235,7 +247,7 @@
|
||||
*
|
||||
* Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
|
||||
* Requires: PSA_WANT_ALG_ECDH
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
@@ -253,8 +265,7 @@
|
||||
*
|
||||
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
|
||||
* MBEDTLS_RSA_C
|
||||
* Requires: PSA_WANT_ALG_ECDH
|
||||
* PSA_WANT_ALG_RSA_PKCS1V15_SIGN
|
||||
* MBEDTLS_X509_CRT_PARSE_C
|
||||
*
|
||||
@@ -282,9 +293,9 @@
|
||||
* Thread v1.0.0 specification; incompatible changes to the specification
|
||||
* might still happen. For this reason, this is disabled by default.
|
||||
*
|
||||
* Requires: MBEDTLS_ECJPAKE_C or PSA_WANT_ALG_JPAKE
|
||||
* Requires: PSA_WANT_ALG_JPAKE
|
||||
* PSA_WANT_ALG_SHA_256
|
||||
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
* PSA_WANT_ECC_SECP_R1_256
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
@@ -788,7 +799,7 @@
|
||||
* Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH
|
||||
* MBEDTLS_X509_CRT_PARSE_C
|
||||
* and at least one of:
|
||||
* MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA
|
||||
* PSA_WANT_ALG_ECDSA
|
||||
* PSA_WANT_ALG_RSA_PSS
|
||||
*
|
||||
* Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
|
||||
@@ -1032,7 +1043,7 @@
|
||||
*
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C,
|
||||
* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
|
||||
* MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
|
||||
* MBEDTLS_MD_C
|
||||
*
|
||||
* This module is required for the PKCS #7 parsing modules.
|
||||
*/
|
||||
@@ -1045,7 +1056,7 @@
|
||||
*
|
||||
* Module: library/x509_create.c
|
||||
*
|
||||
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C,
|
||||
* Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_PK_PARSE_C
|
||||
*
|
||||
* \warning You must call psa_crypto_init() before doing any X.509 operation.
|
||||
*
|
||||
@@ -1177,7 +1188,7 @@
|
||||
* library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C
|
||||
*
|
||||
* \warning You must call psa_crypto_init() before doing any X.509 operation.
|
||||
*
|
||||
|
||||
@@ -16,10 +16,6 @@
|
||||
#include "mbedtls/asn1.h"
|
||||
#include "mbedtls/pk.h"
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#include "mbedtls/private/rsa.h"
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \addtogroup x509_module
|
||||
* \{
|
||||
|
||||
@@ -73,9 +73,7 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
/**
|
||||
* \brief Print a MPI variable to the debug output. This function is always
|
||||
* used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
|
||||
* ssl context, file and line number parameters.
|
||||
* \brief Print a MPI variable to the debug output.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param level error level of the debug message
|
||||
|
||||
@@ -325,14 +325,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
#endif /* PSA_WANT_ALG_GCM */
|
||||
#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES)
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_CIPHERSUITE_WEAK,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_1 */
|
||||
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
|
||||
#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
|
||||
@@ -415,14 +415,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
#endif /* PSA_WANT_ALG_GCM */
|
||||
#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES)
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
|
||||
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
MBEDTLS_CIPHERSUITE_WEAK,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_1 */
|
||||
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
|
||||
#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
@@ -591,7 +591,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
#endif /* PSA_WANT_KEY_TYPE_AES */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
|
||||
@@ -637,7 +637,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
|
||||
#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ARIA)
|
||||
|
||||
|
||||
@@ -279,7 +279,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type);
|
||||
|
||||
/* This macro determines whether a ciphersuite using a
|
||||
* stream cipher can be used. */
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES)
|
||||
#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM
|
||||
#endif
|
||||
|
||||
@@ -2346,15 +2346,15 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
|
||||
#if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ECC_SECP_R1_256 */
|
||||
#if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ECC_SECP_R1_384 */
|
||||
#if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||
#endif /* PSA_WANT_ALG_SHA_512 && PSA_WANT_ECC_SECP_R1_521 */
|
||||
#endif /* PSA_HAVE_ALG_SOME_ECDSA */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PSS)
|
||||
|
||||
@@ -470,47 +470,47 @@ static const struct {
|
||||
uint8_t is_supported;
|
||||
} tls_id_group_name_table[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 },
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
|
||||
Basic usage, to read the Mbed TLS configuration:
|
||||
config = CombinedConfigFile()
|
||||
if 'MBEDTLS_RSA_C' in config: print('RSA is enabled')
|
||||
if 'MBEDTLS_SSL_TLS_C' in config: print('TLS is enabled')
|
||||
"""
|
||||
|
||||
## Copyright The Mbed TLS Contributors
|
||||
@@ -120,7 +120,6 @@ def is_seamless_alt(name):
|
||||
an implementation of the relevant functions and an xxx_alt.h header.
|
||||
"""
|
||||
if name in (
|
||||
'MBEDTLS_PLATFORM_GET_ENTROPY_ALT',
|
||||
'MBEDTLS_PLATFORM_GMTIME_R_ALT',
|
||||
'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT',
|
||||
'MBEDTLS_PLATFORM_MS_TIME_ALT',
|
||||
|
||||
@@ -124,8 +124,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
|
||||
# Untested platform-specific optimizations.
|
||||
# https://github.com/Mbed-TLS/mbedtls/issues/9588
|
||||
'Config: MBEDTLS_HAVE_SSE2',
|
||||
# Obsolete config option that we are about to remove
|
||||
'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT',
|
||||
# Untested aspect of the platform interface.
|
||||
# https://github.com/Mbed-TLS/mbedtls/issues/9589
|
||||
'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
|
||||
|
||||
@@ -433,19 +433,16 @@ component_test_everest () {
|
||||
component_test_everest_curve25519_only () {
|
||||
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
|
||||
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDSA
|
||||
scripts/config.py set PSA_WANT_ALG_ECDH
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
|
||||
scripts/config.py unset PSA_WANT_ALG_JPAKE
|
||||
|
||||
# Disable all curves
|
||||
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
|
||||
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255
|
||||
scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
|
||||
scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255
|
||||
|
||||
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
@@ -569,9 +566,6 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
||||
$(helper_get_psa_key_type_list "ECC") \
|
||||
$(helper_get_psa_curve_list)"
|
||||
|
||||
# Disable the module that's accelerated
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
|
||||
# Disable things that depend on it
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
|
||||
@@ -610,9 +604,6 @@ component_test_psa_crypto_config_accel_ecdh () {
|
||||
$(helper_get_psa_key_type_list "ECC") \
|
||||
$(helper_get_psa_curve_list)"
|
||||
|
||||
# Disable the module that's accelerated
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
|
||||
# Disable things that depend on it
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
@@ -697,7 +688,6 @@ component_test_psa_crypto_config_accel_pake () {
|
||||
$(helper_get_psa_curve_list)"
|
||||
|
||||
# Make built-in fallback not available
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
|
||||
# Build
|
||||
@@ -737,12 +727,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () {
|
||||
KEY_TYPE_ECC_KEY_PAIR_EXPORT \
|
||||
$(helper_get_psa_curve_list)"
|
||||
|
||||
# Disable modules that are accelerated - some will be re-enabled
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_ECP_C
|
||||
|
||||
# Disable all curves - those that aren't accelerated should be re-enabled
|
||||
helper_disable_builtin_curves
|
||||
|
||||
@@ -801,12 +785,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_C
|
||||
scripts/config.py unset MBEDTLS_PK_WRITE_C
|
||||
|
||||
# Disable modules that are accelerated - some will be re-enabled
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_ECP_C
|
||||
|
||||
# Disable all curves - those that aren't accelerated should be re-enabled
|
||||
helper_disable_builtin_curves
|
||||
|
||||
@@ -912,13 +890,6 @@ config_psa_crypto_config_ecp_light_only () {
|
||||
driver_only="$1"
|
||||
# start with config full for maximum coverage (also enables USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
if [ "$driver_only" -eq 1 ]; then
|
||||
# Disable modules that are accelerated
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_ECP_C
|
||||
fi
|
||||
|
||||
# Restartable feature is not yet supported by PSA. Once it will in
|
||||
# the future, the following line could be removed (see issues
|
||||
@@ -1006,15 +977,6 @@ config_psa_crypto_no_ecp_at_all () {
|
||||
# start with full config for maximum coverage (also enables USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
if [ "$driver_only" -eq 1 ]; then
|
||||
# Disable modules that are accelerated
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
# Disable ECP module (entirely)
|
||||
scripts/config.py unset MBEDTLS_ECP_C
|
||||
fi
|
||||
|
||||
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||
@@ -1121,17 +1083,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
|
||||
# start with full config for maximum coverage (also enables USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
if [ "$driver_only" -eq 1 ]; then
|
||||
# Disable modules that are accelerated
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
# Disable ECP module (entirely)
|
||||
scripts/config.py unset MBEDTLS_ECP_C
|
||||
# Also disable bignum
|
||||
scripts/config.py unset MBEDTLS_BIGNUM_C
|
||||
fi
|
||||
|
||||
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
|
||||
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||
@@ -1491,8 +1442,7 @@ component_test_new_psa_want_key_pair_symbol () {
|
||||
# Start from crypto configuration
|
||||
scripts/config.py crypto
|
||||
|
||||
# Remove RSA support and its dependencies
|
||||
scripts/config.py unset MBEDTLS_PKCS1_V15
|
||||
# Remove RSA dependencies
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
|
||||
|
||||
|
||||
@@ -61,8 +61,8 @@ component_test_tls1_2_default_stream_cipher_only () {
|
||||
scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
|
||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
||||
scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
|
||||
# Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES))
|
||||
scripts/config.py set MBEDTLS_SSL_NULL_CIPHERSUITES
|
||||
# Modules that depend on AEAD
|
||||
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
||||
@@ -89,8 +89,8 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () {
|
||||
scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING
|
||||
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
||||
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
||||
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES))
|
||||
scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES
|
||||
# Modules that depend on AEAD
|
||||
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
||||
@@ -118,8 +118,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
|
||||
scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING
|
||||
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
|
||||
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
||||
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES))
|
||||
scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES
|
||||
# Modules that depend on AEAD
|
||||
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
||||
@@ -368,7 +368,7 @@ component_test_when_no_ciphersuites_have_mac () {
|
||||
scripts/config.py unset PSA_WANT_ALG_CMAC
|
||||
scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
|
||||
|
||||
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
|
||||
scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES
|
||||
|
||||
make
|
||||
|
||||
@@ -437,9 +437,6 @@ component_test_tls13_only_psk () {
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_4096
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_6144
|
||||
scripts/config.py unset PSA_WANT_DH_RFC7919_8192
|
||||
# Note: The four unsets below are to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
|
||||
@@ -475,8 +472,6 @@ component_test_tls13_only_ephemeral_ffdh () {
|
||||
|
||||
scripts/config.py set MBEDTLS_TEST_HOOKS
|
||||
scripts/config.py unset PSA_WANT_ALG_ECDH
|
||||
# Note: The unset below is to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
|
||||
@@ -502,8 +497,6 @@ component_test_tls13_only_psk_ephemeral () {
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_PSS
|
||||
# Note: The two unsets below are to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
|
||||
@@ -530,9 +523,6 @@ component_test_tls13_only_psk_ephemeral_ffdh () {
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_PSS
|
||||
# Note: The three unsets below are to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
|
||||
@@ -557,8 +547,6 @@ component_test_tls13_only_psk_all () {
|
||||
scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
|
||||
scripts/config.py unset PSA_WANT_ALG_RSA_PSS
|
||||
# Note: The two unsets below are to be removed for Mbed TLS 4.0
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
|
||||
make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
|
||||
|
||||
|
||||
@@ -257,33 +257,13 @@ REVERSE_DEPENDENCIES = {
|
||||
'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'],
|
||||
'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'],
|
||||
|
||||
# These reverse dependencies can be removed as part of issue
|
||||
# tf-psa-crypto#364.
|
||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'],
|
||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'],
|
||||
'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'],
|
||||
'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
|
||||
'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE',
|
||||
'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'],
|
||||
|
||||
# Support for secp224[k|r]1 was removed in tfpsacrypto#408 while
|
||||
# secp192[k|r]1 were kept only for internal testing (hidden to the end
|
||||
# user). We need to keep these reverse dependencies here until
|
||||
# symbols are hidden/removed from crypto_config.h.
|
||||
'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'],
|
||||
'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE'],
|
||||
|
||||
'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA',
|
||||
'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
|
||||
'MBEDTLS_ECDSA_C'],
|
||||
'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'],
|
||||
'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [
|
||||
'PSA_WANT_ALG_ECDSA',
|
||||
'PSA_WANT_ALG_ECDH', 'MBEDTLS_ECDH_C',
|
||||
'PSA_WANT_ALG_ECDH',
|
||||
'PSA_WANT_ALG_JPAKE',
|
||||
'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY',
|
||||
'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT',
|
||||
@@ -296,10 +276,8 @@ REVERSE_DEPENDENCIES = {
|
||||
'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
|
||||
'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
|
||||
'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED',
|
||||
'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED',
|
||||
'MBEDTLS_ECP_C'],
|
||||
'PSA_WANT_ALG_JPAKE': ['MBEDTLS_ECJPAKE_C',
|
||||
'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
|
||||
'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED'],
|
||||
'PSA_WANT_ALG_JPAKE': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
|
||||
'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS',
|
||||
'MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
|
||||
'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN',
|
||||
|
||||
@@ -43,7 +43,6 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
|
||||
self.bad_case('''
|
||||
#undef PSA_WANT_ALG_ECDSA
|
||||
#undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
#undef MBEDTLS_ECDSA_C
|
||||
''',
|
||||
'''
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
@@ -52,9 +51,6 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
|
||||
#if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
|
||||
#error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#error MBEDTLS_ECDSA_C unexpected
|
||||
#endif
|
||||
''',
|
||||
error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'))
|
||||
|
||||
|
||||
@@ -1693,35 +1693,35 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
|
||||
|
||||
Record crypt, NULL cipher, 1.2, SHA-384
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, NULL cipher, 1.2, SHA-384, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, NULL cipher, 1.2, SHA-256
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, NULL cipher, 1.2, SHA-256, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, NULL cipher, 1.2, SHA-1
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, NULL cipher, 1.2, SHA-1, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, NULL cipher, 1.2, MD5
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, NULL cipher, 1.2, MD5, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, ChachaPoly
|
||||
@@ -2565,35 +2565,35 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
|
||||
|
||||
Record crypt, little space, NULL cipher, 1.2, SHA-384
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, little space, NULL cipher, 1.2, SHA-256
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, little space, NULL cipher, 1.2, SHA-1
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, little space, NULL cipher, 1.2, MD5
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
Record crypt, little space, NULL cipher, 1.2, MD5, EtM
|
||||
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
|
||||
|
||||
SSL TLS 1.3 Key schedule: Secret evolution #1
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_NULL_CIPHER */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_NULL_CIPHERSUITES */
|
||||
void ssl_decrypt_null(int hash_id)
|
||||
{
|
||||
mbedtls_ssl_transform transform_in, transform_out;
|
||||
|
||||
@@ -655,7 +655,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:PSA_WANT_ALG_ECDSA */
|
||||
void x509_verify_restart(char *crt_file, char *ca_file,
|
||||
int result, int flags_result,
|
||||
int max_ops, int min_restart, int max_restart)
|
||||
|
||||
Reference in New Issue
Block a user