yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 12:21:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update default configuration

Browse source 
Change the default settings for SSL and modify the tests accordingly.
This commit is contained in:
Janos Follath 2016-03-07 15:57:05 +00:00 committed by Simon Butcher
parent 3000f78b0b
commit e2681a448b
3 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CMakeLists.txt
View file

@ -100,7 +100,7 @@ if(ENABLE_TESTING)
ADD_CUSTOM_TARGET(covtest ADD_CUSTOM_TARGET(covtest
COMMAND make test COMMAND make test
COMMAND programs/test/selftest COMMAND programs/test/selftest
COMMAND tests/compat.sh COMMAND tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
COMMAND tests/ssl-opt.sh COMMAND tests/ssl-opt.sh
) )

2
include/mbedtls/config.h
View file

@ -1058,7 +1058,7 @@
* *
* Comment this macro to disable support for SSL 3.0 * Comment this macro to disable support for SSL 3.0
*/ */
#define MBEDTLS_SSL_PROTO_SSL3 //#define MBEDTLS_SSL_PROTO_SSL3
/** /**
* \def MBEDTLS_SSL_PROTO_TLS1 * \def MBEDTLS_SSL_PROTO_TLS1

11
tests/ssl-opt.sh
View file

@ -695,6 +695,7 @@ run_test "Encrypt then MAC: client disabled, server enabled" \
-C "using encrypt then mac" \ -C "using encrypt then mac" \
-S "using encrypt then mac" -S "using encrypt then mac"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Encrypt then MAC: client SSLv3, server enabled" \ run_test "Encrypt then MAC: client SSLv3, server enabled" \
"$P_SRV debug_level=3 min_version=ssl3 \ "$P_SRV debug_level=3 min_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@ -707,6 +708,7 @@ run_test "Encrypt then MAC: client SSLv3, server enabled" \
-C "using encrypt then mac" \ -C "using encrypt then mac" \
-S "using encrypt then mac" -S "using encrypt then mac"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Encrypt then MAC: client enabled, server SSLv3" \ run_test "Encrypt then MAC: client enabled, server SSLv3" \
"$P_SRV debug_level=3 force_version=ssl3 \ "$P_SRV debug_level=3 force_version=ssl3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
@ -754,6 +756,7 @@ run_test "Extended Master Secret: client disabled, server enabled" \
-C "using extended master secret" \ -C "using extended master secret" \
-S "using extended master secret" -S "using extended master secret"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Extended Master Secret: client SSLv3, server enabled" \ run_test "Extended Master Secret: client SSLv3, server enabled" \
"$P_SRV debug_level=3 min_version=ssl3" \ "$P_SRV debug_level=3 min_version=ssl3" \
"$P_CLI debug_level=3 force_version=ssl3" \ "$P_CLI debug_level=3 force_version=ssl3" \
@ -765,6 +768,7 @@ run_test "Extended Master Secret: client SSLv3, server enabled" \
-C "using extended master secret" \ -C "using extended master secret" \
-S "using extended master secret" -S "using extended master secret"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Extended Master Secret: client enabled, server SSLv3" \ run_test "Extended Master Secret: client enabled, server SSLv3" \
"$P_SRV debug_level=3 force_version=ssl3" \ "$P_SRV debug_level=3 force_version=ssl3" \
"$P_CLI debug_level=3 min_version=ssl3" \ "$P_CLI debug_level=3 min_version=ssl3" \
@ -883,6 +887,7 @@ run_test "CBC Record splitting: TLS 1.0, splitting" \
-s "Read from client: 1 bytes read" \ -s "Read from client: 1 bytes read" \
-s "122 bytes read" -s "122 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "CBC Record splitting: SSLv3, splitting" \ run_test "CBC Record splitting: SSLv3, splitting" \
"$P_SRV min_version=ssl3" \ "$P_SRV min_version=ssl3" \
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
@ -1674,6 +1679,7 @@ run_test "Authentication: client no cert, openssl server optional" \
-c "skip write certificate verify" \ -c "skip write certificate verify" \
-C "! mbedtls_ssl_handshake returned" -C "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Authentication: client no cert, ssl3" \ run_test "Authentication: client no cert, ssl3" \
"$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
"$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
@ -2593,6 +2599,7 @@ run_test "ECJPAKE: working, DTLS, nolog" \
# Tests for ciphersuites per version # Tests for ciphersuites per version
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Per-version suites: SSL3" \ run_test "Per-version suites: SSL3" \
"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=ssl3" \ "$P_CLI force_version=ssl3" \
@ -2642,6 +2649,7 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data" \
# Tests for small packets # Tests for small packets
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Small packet SSLv3 BlockCipher" \ run_test "Small packet SSLv3 BlockCipher" \
"$P_SRV min_version=ssl3" \ "$P_SRV min_version=ssl3" \
"$P_CLI request_size=1 force_version=ssl3 \ "$P_CLI request_size=1 force_version=ssl3 \
@ -2649,6 +2657,7 @@ run_test "Small packet SSLv3 BlockCipher" \
0 \ 0 \
-s "Read from client: 1 bytes read" -s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Small packet SSLv3 StreamCipher" \ run_test "Small packet SSLv3 StreamCipher" \
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=ssl3 \ "$P_CLI request_size=1 force_version=ssl3 \
@ -2783,6 +2792,7 @@ run_test "Small packet TLS 1.2 AEAD shorter tag" \
# Test for large packets # Test for large packets
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Large packet SSLv3 BlockCipher" \ run_test "Large packet SSLv3 BlockCipher" \
"$P_SRV min_version=ssl3" \ "$P_SRV min_version=ssl3" \
"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
@ -2790,6 +2800,7 @@ run_test "Large packet SSLv3 BlockCipher" \
0 \ 0 \
-s "Read from client: 16384 bytes read" -s "Read from client: 16384 bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Large packet SSLv3 StreamCipher" \ run_test "Large packet SSLv3 StreamCipher" \
"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=16384 force_version=ssl3 \ "$P_CLI request_size=16384 force_version=ssl3 \