mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 06:35:31 +00:00
Merge remote-tracking branch 'upstream-public/pr/1814' into mbedtls-2.7
This commit is contained in:
commit
f37a99e3fc
|
@ -7,6 +7,9 @@ Bugfix
|
|||
MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
|
||||
* Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
|
||||
Fix contributed by Espressif Systems.
|
||||
* Add ecc extensions only if an ecc based ciphersuite is used.
|
||||
This improves compliance to RFC 4492, and as a result, solves
|
||||
interoperability issues with BouncyCastle. Raised by milenamil in #1157.
|
||||
|
||||
= mbed TLS 2.7.5 branch released 2018-07-25
|
||||
|
||||
|
|
|
@ -1837,7 +1837,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers
|
|||
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
|
@ -1847,13 +1848,14 @@ int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
|
|||
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
|
||||
return( 1 );
|
||||
|
||||
default:
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
|
||||
|
|
|
@ -769,6 +769,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
unsigned char offer_compress;
|
||||
const int *ciphersuites;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
int uses_ec = 0;
|
||||
#endif
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
||||
|
||||
|
@ -920,6 +924,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
|
||||
ciphersuites[i] ) );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
|
||||
#endif
|
||||
|
||||
n++;
|
||||
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
|
||||
*p++ = (unsigned char)( ciphersuites[i] );
|
||||
|
@ -1013,11 +1022,14 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
if( uses_ec )
|
||||
{
|
||||
ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
|
||||
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
|
|
@ -2595,8 +2595,12 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
if ( mbedtls_ssl_ciphersuite_uses_ec(
|
||||
mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) )
|
||||
{
|
||||
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
|
|
@ -4117,6 +4117,56 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \
|
|||
-c "16384 bytes written in 1 fragments" \
|
||||
-s "Read from client: 16384 bytes read"
|
||||
|
||||
# Tests for ECC extensions (rfc 4492)
|
||||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
run_test "Force a non ECC ciphersuite in the client side" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
|
||||
0 \
|
||||
-C "client hello, adding supported_elliptic_curves extension" \
|
||||
-C "client hello, adding supported_point_formats extension" \
|
||||
-S "found supported elliptic curves extension" \
|
||||
-S "found supported point formats extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
run_test "Force a non ECC ciphersuite in the server side" \
|
||||
"$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-C "found supported_point_formats extension" \
|
||||
-S "server hello, supported_point_formats extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Force an ECC ciphersuite in the client side" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
|
||||
0 \
|
||||
-c "client hello, adding supported_elliptic_curves extension" \
|
||||
-c "client hello, adding supported_point_formats extension" \
|
||||
-s "found supported elliptic curves extension" \
|
||||
-s "found supported point formats extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
run_test "Force an ECC ciphersuite in the server side" \
|
||||
"$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-c "found supported_point_formats extension" \
|
||||
-s "server hello, supported_point_formats extension"
|
||||
|
||||
# Tests for DTLS HelloVerifyRequest
|
||||
|
||||
run_test "DTLS cookie: enabled" \
|
||||
|
|
Loading…
Reference in a new issue