Improve pointer calculations when resizing I/O buffers
This commit introduces two changes: - Add in_msg and out_msg calculations for buffer upsizing. This was previously considered as unnecessary, but renegotiation using certain ciphersuites needs this. - Improving the way out_msg and in_msg pointers are calculated, so that even if no resizing is introduced, the pointers remain the same; New tests added: - various renegotiation schemes with a range of MFL's and ciphersuites; - an ssl-opt.sh test exercising two things that were problematic: renegotiation with TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 and a server MFL that's smaller than the one negotiated by the client. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Родитель
90c6e84a9c
Коммит
8ea6872889
|
@ -3673,36 +3673,51 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
/* If the buffers are too small - reallocate */
|
/* If the buffers are too small - reallocate */
|
||||||
{
|
{
|
||||||
int modified = 0;
|
int modified = 0;
|
||||||
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
|
size_t written_in = 0;
|
||||||
|
size_t written_out = 0;
|
||||||
|
if( ssl->in_buf != NULL )
|
||||||
{
|
{
|
||||||
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
|
written_in = ssl->in_msg - ssl->in_buf;
|
||||||
&ssl->in_buf_len ) != 0 )
|
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
|
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
|
||||||
}
|
&ssl->in_buf_len ) != 0 )
|
||||||
else
|
{
|
||||||
{
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) );
|
}
|
||||||
modified = 1;
|
else
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", MBEDTLS_SSL_IN_BUFFER_LEN ) );
|
||||||
|
modified = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
|
|
||||||
|
if( ssl->out_buf != NULL )
|
||||||
{
|
{
|
||||||
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
|
written_out = ssl->out_msg - ssl->out_buf;
|
||||||
&ssl->out_buf_len ) != 0 )
|
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
|
||||||
}
|
&ssl->out_buf_len ) != 0 )
|
||||||
else
|
{
|
||||||
{
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) );
|
}
|
||||||
modified = 1;
|
else
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", MBEDTLS_SSL_OUT_BUFFER_LEN ) );
|
||||||
|
modified = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if( modified )
|
if( modified )
|
||||||
{
|
{
|
||||||
/* Update pointers here to avoid doing it twice. */
|
/* Update pointers here to avoid doing it twice. */
|
||||||
mbedtls_ssl_reset_in_out_pointers( ssl );
|
mbedtls_ssl_reset_in_out_pointers( ssl );
|
||||||
|
/* Fields below might not be properly updated with record
|
||||||
|
* splitting, so they are manually updated here. */
|
||||||
|
ssl->out_msg = ssl->out_buf + written_out;
|
||||||
|
ssl->in_msg = ssl->in_buf + written_in;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -5934,36 +5949,41 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
|
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
|
||||||
size_t written_in = 0;
|
size_t written_in = 0;
|
||||||
size_t written_out = 0;
|
size_t written_out = 0;
|
||||||
if( ssl->in_buf != NULL &&
|
if( ssl->in_buf != NULL )
|
||||||
ssl->in_buf_len > buf_len &&
|
|
||||||
ssl->in_left < buf_len )
|
|
||||||
{
|
{
|
||||||
written_in = ssl->in_msg - ssl->in_buf;
|
written_in = ssl->in_msg - ssl->in_buf;
|
||||||
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
|
if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
|
written_in = ssl->in_msg - ssl->in_buf;
|
||||||
}
|
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
|
||||||
else
|
{
|
||||||
{
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) );
|
}
|
||||||
modified = 1;
|
else
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", buf_len ) );
|
||||||
|
modified = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
buf_len = mbedtls_ssl_get_output_buflen( ssl );
|
buf_len = mbedtls_ssl_get_output_buflen( ssl );
|
||||||
if( ssl->out_buf != NULL &&
|
if(ssl->out_buf != NULL )
|
||||||
ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
|
|
||||||
ssl->out_left < buf_len )
|
|
||||||
{
|
{
|
||||||
written_out = ssl->out_msg - ssl->out_buf;
|
written_out = ssl->out_msg - ssl->out_buf;
|
||||||
if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
|
if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
|
||||||
|
ssl->out_left < buf_len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
|
||||||
}
|
{
|
||||||
else
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
|
||||||
{
|
}
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) );
|
else
|
||||||
modified = 1;
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", buf_len ) );
|
||||||
|
modified = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if( modified )
|
if( modified )
|
||||||
|
|
|
@ -3343,6 +3343,29 @@ run_test "Renegotiation: double" \
|
||||||
-s "=> renegotiate" \
|
-s "=> renegotiate" \
|
||||||
-s "write hello request"
|
-s "write hello request"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
run_test "Renegotiation with max fragment length: client 2048, server 512" \
|
||||||
|
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
||||||
|
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||||
|
0 \
|
||||||
|
-c "Maximum input fragment length is 2048" \
|
||||||
|
-c "Maximum output fragment length is 2048" \
|
||||||
|
-s "Maximum input fragment length is 2048" \
|
||||||
|
-s "Maximum output fragment length is 512" \
|
||||||
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
|
-s "found max fragment length extension" \
|
||||||
|
-s "server hello, max_fragment_length extension" \
|
||||||
|
-c "found max_fragment_length extension" \
|
||||||
|
-c "client hello, adding renegotiation extension" \
|
||||||
|
-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
|
||||||
|
-s "found renegotiation extension" \
|
||||||
|
-s "server hello, secure renegotiation extension" \
|
||||||
|
-c "found renegotiation extension" \
|
||||||
|
-c "=> renegotiate" \
|
||||||
|
-s "=> renegotiate" \
|
||||||
|
-s "write hello request"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
run_test "Renegotiation: client-initiated, server-rejected" \
|
run_test "Renegotiation: client-initiated, server-rejected" \
|
||||||
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
|
"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
|
||||||
|
|
|
@ -379,40 +379,184 @@ DTLS serialization with MFL=4096
|
||||||
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096
|
resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096
|
||||||
|
|
||||||
DTLS no legacy renegotiation with MFL=512
|
DTLS no legacy renegotiation with MFL=512
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS no legacy renegotiation with MFL=1024
|
DTLS no legacy renegotiation with MFL=1024
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS no legacy renegotiation with MFL=2048
|
DTLS no legacy renegotiation with MFL=2048
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS no legacy renegotiation with MFL=4096
|
DTLS no legacy renegotiation with MFL=4096
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy allow renegotiation with MFL=512
|
DTLS legacy allow renegotiation with MFL=512
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy allow renegotiation with MFL=1024
|
DTLS legacy allow renegotiation with MFL=1024
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy allow renegotiation with MFL=2048
|
DTLS legacy allow renegotiation with MFL=2048
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy allow renegotiation with MFL=4096
|
DTLS legacy allow renegotiation with MFL=4096
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:""
|
||||||
|
|
||||||
DTLS legacy break handshake renegotiation with MFL=512
|
DTLS legacy break handshake renegotiation with MFL=512
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
|
||||||
|
|
||||||
DTLS legacy break handshake renegotiation with MFL=1024
|
DTLS legacy break handshake renegotiation with MFL=1024
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
|
||||||
|
|
||||||
DTLS legacy break handshake renegotiation with MFL=2048
|
DTLS legacy break handshake renegotiation with MFL=2048
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
|
||||||
|
|
||||||
DTLS legacy break handshake renegotiation with MFL=4096
|
DTLS legacy break handshake renegotiation with MFL=4096
|
||||||
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||||
|
depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
|
||||||
|
depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
|
DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
|
||||||
|
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SHA256_C
|
||||||
|
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
|
||||||
|
|
||||||
SSL DTLS replay: initial state, seqnum 0
|
SSL DTLS replay: initial state, seqnum 0
|
||||||
ssl_dtls_replay:"":"000000000000":0
|
ssl_dtls_replay:"":"000000000000":0
|
||||||
|
|
|
@ -3900,12 +3900,13 @@ void renegotiation( int legacy_renegotiation )
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
|
void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
|
||||||
int serialize, int dtls )
|
int serialize, int dtls, char *cipher )
|
||||||
{
|
{
|
||||||
handshake_test_options options;
|
handshake_test_options options;
|
||||||
init_handshake_options( &options );
|
init_handshake_options( &options );
|
||||||
|
|
||||||
options.mfl = mfl;
|
options.mfl = mfl;
|
||||||
|
options.cipher = cipher;
|
||||||
options.renegotiate = renegotiation;
|
options.renegotiate = renegotiation;
|
||||||
options.legacy_renegotiation = legacy_renegotiation;
|
options.legacy_renegotiation = legacy_renegotiation;
|
||||||
options.serialize = serialize;
|
options.serialize = serialize;
|
||||||
|
@ -3921,7 +3922,8 @@ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation,
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */
|
||||||
void resize_buffers_serialize_mfl( int mfl )
|
void resize_buffers_serialize_mfl( int mfl )
|
||||||
{
|
{
|
||||||
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1 );
|
test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
|
||||||
|
(char *) "" );
|
||||||
|
|
||||||
/* The goto below is used to avoid an "unused label" warning.*/
|
/* The goto below is used to avoid an "unused label" warning.*/
|
||||||
goto exit;
|
goto exit;
|
||||||
|
@ -3929,9 +3931,10 @@ void resize_buffers_serialize_mfl( int mfl )
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation )
|
void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
|
||||||
|
char *cipher )
|
||||||
{
|
{
|
||||||
test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1 );
|
test_resize_buffers( mfl, 1, legacy_renegotiation, 0, 1, cipher );
|
||||||
|
|
||||||
/* The goto below is used to avoid an "unused label" warning.*/
|
/* The goto below is used to avoid an "unused label" warning.*/
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
Загрузка…
Ссылка в новой задаче