mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-26 23:40:59 +00:00
Merge branch 'mbedtls-1.3'
This commit is contained in:
commit
77bc55dc4c
|
@ -16,6 +16,7 @@ Changes
|
|||
* On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
|
||||
don't use the optimized assembly for bignum multiplication. This removes
|
||||
the need to pass -fomit-frame-pointer to avoid a build error with -O0.
|
||||
* Disabled SSLv3 in the default configuration.
|
||||
|
||||
= mbed TLS 1.3.16 released 2016-01-05
|
||||
|
||||
|
|
|
@ -1012,7 +1012,7 @@
|
|||
*
|
||||
* Comment this macro to disable support for SSL 3.0
|
||||
*/
|
||||
#define POLARSSL_SSL_PROTO_SSL3
|
||||
//#define POLARSSL_SSL_PROTO_SSL3
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_PROTO_TLS1
|
||||
|
|
|
@ -45,7 +45,7 @@ else
|
|||
fi
|
||||
|
||||
# default values for options
|
||||
MODES="ssl3 tls1 tls1_1 tls1_2"
|
||||
MODES="tls1 tls1_1 tls1_2"
|
||||
VERIFIES="NO YES"
|
||||
TYPES="ECDSA RSA PSK"
|
||||
FILTER=""
|
||||
|
|
|
@ -103,6 +103,27 @@ cd tests
|
|||
./compat.sh
|
||||
cd ..
|
||||
|
||||
msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl set POLARSSL_SSL_PROTO_SSL3
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: SSLv3 - main suites and selftest (ASan build)" # ~ 50s
|
||||
make test
|
||||
programs/test/selftest
|
||||
|
||||
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
|
||||
cd tests
|
||||
./compat.sh -m 'ssl3 tls1 tls1_1 tls1_2'
|
||||
cd ..
|
||||
|
||||
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
|
||||
cd tests
|
||||
./ssl-opt.sh
|
||||
cd ..
|
||||
|
||||
msg "build: cmake, full config, clang" # ~ 50s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
|
|
|
@ -66,6 +66,13 @@ get_options() {
|
|||
done
|
||||
}
|
||||
|
||||
# skip next test if the flag is not enabled in config.h
|
||||
requires_config_enabled() {
|
||||
if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
# skip next test if OpenSSL can't send SSLv2 ClientHello
|
||||
requires_openssl_with_sslv2() {
|
||||
if [ -z "${OPENSSL_HAS_SSL2:-}" ]; then
|
||||
|
@ -560,6 +567,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \
|
|||
-C "using encrypt then mac" \
|
||||
-S "using encrypt then mac"
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Encrypt then MAC: client SSLv3, server enabled" \
|
||||
"$P_SRV debug_level=3 min_version=ssl3 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -572,6 +580,7 @@ run_test "Encrypt then MAC: client SSLv3, server enabled" \
|
|||
-C "using encrypt then mac" \
|
||||
-S "using encrypt then mac"
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Encrypt then MAC: client enabled, server SSLv3" \
|
||||
"$P_SRV debug_level=3 force_version=ssl3 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
|
@ -619,6 +628,7 @@ run_test "Extended Master Secret: client disabled, server enabled" \
|
|||
-C "using extended master secret" \
|
||||
-S "using extended master secret"
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Extended Master Secret: client SSLv3, server enabled" \
|
||||
"$P_SRV debug_level=3 min_version=ssl3" \
|
||||
"$P_CLI debug_level=3 force_version=ssl3" \
|
||||
|
@ -630,6 +640,7 @@ run_test "Extended Master Secret: client SSLv3, server enabled" \
|
|||
-C "using extended master secret" \
|
||||
-S "using extended master secret"
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Extended Master Secret: client enabled, server SSLv3" \
|
||||
"$P_SRV debug_level=3 force_version=ssl3" \
|
||||
"$P_CLI debug_level=3 min_version=ssl3" \
|
||||
|
@ -748,6 +759,7 @@ run_test "CBC Record splitting: TLS 1.0, splitting" \
|
|||
-s "Read from client: 1 bytes read" \
|
||||
-s "122 bytes read"
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "CBC Record splitting: SSLv3, splitting" \
|
||||
"$P_SRV min_version=ssl3" \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||
|
@ -1454,6 +1466,7 @@ run_test "Authentication: client no cert, openssl server optional" \
|
|||
-c "skip write certificate verify" \
|
||||
-C "! ssl_handshake returned"
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Authentication: client no cert, ssl3" \
|
||||
"$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
|
||||
"$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
|
||||
|
@ -2159,6 +2172,7 @@ run_test "PSK callback: wrong key" \
|
|||
|
||||
# Tests for ciphersuites per version
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Per-version suites: SSL3" \
|
||||
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
|
||||
"$P_CLI force_version=ssl3" \
|
||||
|
@ -2199,6 +2213,7 @@ run_test "ssl_get_bytes_avail: extra data" \
|
|||
|
||||
# Tests for small packets
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Small packet SSLv3 BlockCipher" \
|
||||
"$P_SRV min_version=ssl3" \
|
||||
"$P_CLI request_size=1 force_version=ssl3 \
|
||||
|
@ -2206,6 +2221,7 @@ run_test "Small packet SSLv3 BlockCipher" \
|
|||
0 \
|
||||
-s "Read from client: 1 bytes read"
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Small packet SSLv3 StreamCipher" \
|
||||
"$P_SRV min_version=ssl3 arc4=1" \
|
||||
"$P_CLI request_size=1 force_version=ssl3 \
|
||||
|
@ -2340,6 +2356,7 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \
|
|||
|
||||
# Test for large packets
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Large packet SSLv3 BlockCipher" \
|
||||
"$P_SRV min_version=ssl3" \
|
||||
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
|
||||
|
@ -2347,6 +2364,7 @@ run_test "Large packet SSLv3 BlockCipher" \
|
|||
0 \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
requires_config_enabled POLARSSL_SSL_PROTO_SSL3
|
||||
run_test "Large packet SSLv3 StreamCipher" \
|
||||
"$P_SRV min_version=ssl3 arc4=1" \
|
||||
"$P_CLI request_size=16384 force_version=ssl3 \
|
||||
|
|
Loading…
Reference in a new issue