Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations
HKDF 2: use internal implementations in TLS 1.3
diff --git a/.travis.yml b/.travis.yml
index cdb68ac..82e7d30 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -65,7 +65,7 @@
- gnutls-bin
coverity_scan:
project:
- name: "ARMmbed/mbedtls"
+ name: "Mbed-TLS/mbedtls"
notification_email: support-mbedtls@arm.com
build_command_prepend:
build_command: make
diff --git a/BRANCHES.md b/BRANCHES.md
index a6ddfd5..bc8e750 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -2,24 +2,24 @@
At any point in time, we have a number of maintained branches, currently consisting of:
-- The [`master`](https://github.com/ARMmbed/mbedtls/tree/master) branch:
+- The [`master`](https://github.com/Mbed-TLS/mbedtls/tree/master) branch:
this always contains the latest release, including all publicly available
security fixes.
-- The [`development`](https://github.com/ARMmbed/mbedtls/tree/development) branch:
+- The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch:
this is where the current major version of Mbed TLS (version 3.x) is being
prepared. It has API changes that make it incompatible with Mbed TLS 2.x,
as well as all the new features and bug fixes and security fixes.
- One or more long-time support (LTS) branches: these only get bug fixes and
security fixes. Currently, the only supported LTS branch is:
- [`mbedtls-2.28`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.28).
+ [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28).
- For a short time we also have the previous LTS, which has recently ended its
support period,
- [`mbedtls-2.16`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16).
+ [`mbedtls-2.16`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.16).
This branch will move into the `archive` namespace around the time of
the next release.
We retain a number of historical branches, whose names are prefixed by `archive/`,
-such as [`archive/mbedtls-2.7`](https://github.com/ARMmbed/mbedtls/tree/archive/mbedtls-2.7).
+such as [`archive/mbedtls-2.7`](https://github.com/Mbed-TLS/mbedtls/tree/archive/mbedtls-2.7).
These branches will not receive any changes or updates.
We use [Semantic Versioning](https://semver.org/). In particular, we maintain
@@ -75,10 +75,10 @@
The following branches are currently maintained:
-- [master](https://github.com/ARMmbed/mbedtls/tree/master)
-- [`development`](https://github.com/ARMmbed/mbedtls/)
-- [`mbedtls-2.28`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.28)
+- [master](https://github.com/Mbed-TLS/mbedtls/tree/master)
+- [`development`](https://github.com/Mbed-TLS/mbedtls/)
+- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until at least the end of 2024, see
- <https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/BUGS.md b/BUGS.md
index e8705ff..47bde07 100644
--- a/BUGS.md
+++ b/BUGS.md
@@ -1,6 +1,6 @@
## Known issues
-Known issues in Mbed TLS are [tracked on GitHub](https://github.com/ARMmbed/mbedtls/issues).
+Known issues in Mbed TLS are [tracked on GitHub](https://github.com/Mbed-TLS/mbedtls/issues).
## Reporting a bug
@@ -9,12 +9,12 @@
1. Make sure you're using the latest version of a
[maintained branch](BRANCHES.md): `master`, `development`,
or a long-time support branch.
-2. Check [GitHub](https://github.com/ARMmbed/mbedtls/issues) to see if
+2. Check [GitHub](https://github.com/Mbed-TLS/mbedtls/issues) to see if
your issue has already been reported. If not, …
3. If the issue is a security risk (for example: buffer overflow,
data leak), please report it confidentially as described in
[`SECURITY.md`](SECURITY.md). If not, …
-4. Please [create an issue on on GitHub](https://github.com/ARMmbed/mbedtls/issues).
+4. Please [create an issue on on GitHub](https://github.com/Mbed-TLS/mbedtls/issues).
Please do not use GitHub for support questions. If you want to know
how to do something with Mbed TLS, please see [`SUPPORT.md`](SUPPORT.md) for available documentation and support channels.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index cd41578..aac526e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,8 +14,8 @@
Making a Contribution
---------------------
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org) around a feature idea or a bug.
-1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
+1. [Check for open issues](https://github.com/Mbed-TLS/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org) around a feature idea or a bug.
+1. Fork the [Mbed TLS repository on GitHub](https://github.com/Mbed-TLS/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/Mbed-TLS/mbedtls/tree/development) as a basis.
1. Write a test which shows that the bug was fixed or that the feature works as expected.
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
@@ -47,13 +47,13 @@
1. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
1. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts.
-It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
+It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/Mbed-TLS/mbedtls/tree/development) by contributors.
The list of maintained branches can be found in the [Current Branches section
of BRANCHES.md](BRANCHES.md#current-branches).
The only currently maintained LTS branch is:
-1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
+1. [mbedtls-2.16](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.16)
Tests
@@ -72,7 +72,7 @@
----------------------------
Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures.
-It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
+It is advised to enable the [githooks scripts](https://github.com/Mbed-TLS/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
Documentation
-------------
@@ -82,4 +82,4 @@
1. Complex parts in the code should include comments.
1. If needed, a Readme file is advised.
1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
-1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution.
+1. A [ChangeLog](https://github.com/Mbed-TLS/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution.
diff --git a/ChangeLog.d/add_final_delay_accessor b/ChangeLog.d/add_final_delay_accessor
new file mode 100644
index 0000000..8d341df
--- /dev/null
+++ b/ChangeLog.d/add_final_delay_accessor
@@ -0,0 +1,4 @@
+Features
+ * Add the function mbedtls_timing_get_final_delay() to access the private
+ final delay field in an mbedtls_timing_delay_context, as requested in
+ #5183
diff --git a/ChangeLog.d/add_handshake_completion_accessor b/ChangeLog.d/add_handshake_completion_accessor
new file mode 100644
index 0000000..e2b28cf
--- /dev/null
+++ b/ChangeLog.d/add_handshake_completion_accessor
@@ -0,0 +1,4 @@
+Features
+ * Add function mbedtls_ssl_is_handshake_over() to enable querying if the SSL
+ Handshake has completed or not, and thus whether to continue calling
+ mbedtls_ssl_handshake_step(), requested in #4383
diff --git a/ChangeLog.d/mbedtls_ecp_export.txt b/ChangeLog.d/mbedtls_ecp_export.txt
new file mode 100644
index 0000000..4b5d7d4
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ecp_export.txt
@@ -0,0 +1,3 @@
+Features
+ * Add mbedtls_ecp_export() function to export ECP
+ keypair parameters. Fixes #4838.
diff --git a/ChangeLog.d/mbedtls_pk_sign_ext.txt b/ChangeLog.d/mbedtls_pk_sign_ext.txt
new file mode 100644
index 0000000..8dfa2e5
--- /dev/null
+++ b/ChangeLog.d/mbedtls_pk_sign_ext.txt
@@ -0,0 +1,3 @@
+Features
+ * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when
+ PSA Crypto is enabled.
diff --git a/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt b/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt
new file mode 100644
index 0000000..01be0b3
--- /dev/null
+++ b/ChangeLog.d/mbedtls_sha512_a64_crypto_acceleration.txt
@@ -0,0 +1,2 @@
+Features
+ * A64 crypto extension support for SHA-512
diff --git a/README.md b/README.md
index 7e44f21..275e2dd 100644
--- a/README.md
+++ b/README.md
@@ -290,7 +290,7 @@
The X.509 and TLS code can use PSA cryptography for a limited subset of operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `mbedtls_config.h`.
-There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/ARMmbed/mbed-crypto/labels/compliance) for an up-to-date list.
+There are currently a few deviations where the library does not yet implement the latest version of the specification. Please refer to the [compliance issues on Github](https://github.com/Mbed-TLS/mbedtls/labels/compliance) for an up-to-date list.
### Upcoming features
@@ -315,5 +315,5 @@
-------
* To report a security vulnerability in Mbed TLS, please email <mbed-tls-security@lists.trustedfirmware.org>. For more information, see [`SECURITY.md`](SECURITY.md).
-* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/ARMmbed/mbedtls/issues/new/choose).
+* To report a bug or request a feature in Mbed TLS, please [file an issue on GitHub](https://github.com/Mbed-TLS/mbedtls/issues/new/choose).
* Please see [`SUPPORT.md`](SUPPORT.md) for other channels for discussion and support about Mbed TLS.
diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index 12cff49..3653683 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -48,7 +48,7 @@
If you were accessing structure fields directly, and these fields are not documented as public, you need to change your code. If an accessor (getter/setter) function exists, use that. Direct accessor functions are usually called `mbedtls_<MODULE>_{get,set}_<FIELD>` or `mbedtls_<MODULE>_<STRUCTURE>_{get,set}_<FIELD>`. Accessor functions that change the format may use different verbs, for example `read`/`write` for functions that import/export data from/to a text or byte string.
-If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/ARMmbed/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.).
+If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.).
As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS.
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index a7c4afb..31adec3 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -27,12 +27,12 @@
(Regarding FFDH, see the next section as well.) See issue [3261][ffdh] on
github.
-[ffdh]: https://github.com/ARMmbed/mbedtls/issues/3261
+[ffdh]: https://github.com/Mbed-TLS/mbedtls/issues/3261
PSA Crypto has an experimental API for EC J-PAKE, but it's not implemented in
Mbed TLS yet. See the [EC J-PAKE follow-up EPIC][ecjp] on github.
-[ecjp]: https://github.com/orgs/ARMmbed/projects/18#column-15836385
+[ecjp]: https://github.com/orgs/Mbed-TLS/projects/1#column-17950140
Arbitrary parameters for FFDH
-----------------------------
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index 205c6cd..d63bb8e 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -42,7 +42,7 @@
- it's incompatible with `MBEDTLS_ECP_RESTARTABLE`;
- historical: used to be incompatible
`MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER` (fixed early 2022, see
- <https://github.com/ARMmbed/mbedtls/issues/5259>);
+ <https://github.com/Mbed-TLS/mbedtls/issues/5259>);
- it does not work well with `MBEDTLS_PSA_CRYPTO_CONFIG` (could compile with
both of them, but then `MBEDTLS_PSA_CRYPTO_CONFIG` won't have the desired
effect)
@@ -99,8 +99,8 @@
implementation of that algorithm. But then the TLS code would consider the
algorithm unavailable.
-This is tracked in https://github.com/ARMmbed/mbedtls/issues/3674 and
-https://github.com/ARMmbed/mbedtls/issues/3677. But now that I look at it with
+This is tracked in https://github.com/Mbed-TLS/mbedtls/issues/3674 and
+https://github.com/Mbed-TLS/mbedtls/issues/3677. But now that I look at it with
fresh eyes, I don't think the approach we were planning to use would actually
works. This needs more design effort.
@@ -138,7 +138,7 @@
to have one version using it, for entropy-less builds, and one version using
the standard function, for driver support in build with entropy.)
-See https://github.com/ARMmbed/mbedtls/issues/5156
+See https://github.com/Mbed-TLS/mbedtls/issues/5156
Taking advantage of the existing abstractions layers - or not
=============================================================
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index 39e46c4..2cf2a48 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -324,7 +324,7 @@
```
- To mitigate what happened here
- (https://github.com/ARMmbed/mbedtls/pull/4882#discussion_r701704527) from
+ (https://github.com/Mbed-TLS/mbedtls/pull/4882#discussion_r701704527) from
happening again, use always a local variable named `p` for the reading
pointer in functions parsing TLS 1.3 data, and for the writing pointer in
functions writing data into an output buffer and only that variable. The
@@ -388,10 +388,10 @@
Example:
```
- int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buf_len );
+ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char **buf,
+ size_t *buf_len );
```
- When a function's parameters span several lines, group related parameters
@@ -400,12 +400,12 @@
For example, prefer:
```
- mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type,
- buf, buf_len );
+ mbedtls_ssl_start_handshake_msg( ssl, hs_type,
+ buf, buf_len );
```
over
```
- mbedtls_ssl_tls13_start_handshake_msg( ssl, hs_type, buf,
- buf_len );
+ mbedtls_ssl_start_handshake_msg( ssl, hs_type, buf,
+ buf_len );
```
even if it fits.
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
index 4f82bed..2a10ca0 100644
--- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -1,5 +1,5 @@
-Migrating to an auto genrated psa_crypto_driver_wrappers.c file
-===============================================================
+Migrating to an auto generated psa_crypto_driver_wrappers.c file
+================================================================
**This is a specification of work in progress. The implementation is not yet merged into Mbed TLS.**
@@ -8,7 +8,7 @@
## Introduction
-The design of the Driver Wrappers code generation is based on the design proposal https://github.com/ARMmbed/mbedtls/pull/5067
+The design of the Driver Wrappers code generation is based on the design proposal https://github.com/Mbed-TLS/mbedtls/pull/5067
During the process of implementation there might be minor variations wrt versioning and broader implementation specific ideas, but the design remains the same.
## Prerequisites
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 06ba6b7..1ced6e5 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -605,6 +605,61 @@
#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
#endif
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+#error "Must only define one of MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+#endif
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+#if !defined(MBEDTLS_SHA512_C)
+#error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C"
+#endif
+#if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT)
+#error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+#endif
+/*
+ * Best performance comes from most recent compilers, with intrinsics and -O3.
+ * Must compile with -march=armv8.2-a+sha3, but we can't detect armv8.2-a, and
+ * can't always detect __ARM_FEATURE_SHA512 (notably clang 7-12).
+ *
+ * GCC < 8 won't work at all (lacks the sha512 instructions)
+ * GCC >= 8 uses intrinsics, sets __ARM_FEATURE_SHA512
+ *
+ * Clang < 7 won't work at all (lacks the sha512 instructions)
+ * Clang 7-12 don't have intrinsics (but we work around that with inline
+ * assembler) or __ARM_FEATURE_SHA512
+ * Clang == 13.0.0 same as clang 12 (only seen on macOS)
+ * Clang >= 13.0.1 has __ARM_FEATURE_SHA512 and intrinsics
+ */
+#if defined(__aarch64__) && !defined(__ARM_FEATURE_SHA512)
+ /* Test Clang first, as it defines __GNUC__ */
+# if defined(__clang__)
+# if __clang_major__ < 7
+# error "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# elif __clang_major__ < 13 || \
+ (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0)
+ /* We implement the intrinsics with inline assembler, so don't error */
+# else
+# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# endif
+# elif defined(__GNUC__)
+# if __GNUC__ < 8
+# error "A more recent GCC is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# else
+# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# endif
+# else
+# error "Only GCC and Clang supported for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
+# endif
+#endif
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) && !defined(__aarch64__)
+#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
+#endif
+
#if defined(MBEDTLS_SHA224_C) && !defined(MBEDTLS_SHA256_C)
#error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
#endif
@@ -824,23 +879,23 @@
* cause a build to succeed but with features removed. */
#if defined(MBEDTLS_HAVEGE_C) //no-check-names
-#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
+#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/2599"
#endif
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
-#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
-#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
-#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
@@ -848,23 +903,23 @@
#endif
#if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
-#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4031"
#endif
#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
-#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
+#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4313"
#endif
#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
#endif
#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4335"
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341"
+#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341"
#endif
/*
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 68dda0f..dd3554d 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -515,7 +515,7 @@
#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
/*
* SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541).
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
*/
#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
@@ -776,7 +776,7 @@
#define PSA_WANT_ECC_SECP_K1_192
#endif
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
+/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
#define PSA_WANT_ECC_SECP_K1_224
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 9895573..395db14 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -1278,6 +1278,26 @@
const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+/**
+ * \brief This function exports generic key-pair parameters.
+ *
+ * \param key The key pair to export from.
+ * \param grp Slot for exported ECP group.
+ * It must point to an initialized ECP group.
+ * \param d Slot for the exported secret value.
+ * It must point to an initialized mpi.
+ * \param Q Slot for the exported public value.
+ * It must point to an initialized ECP point.
+ *
+ * \return \c 0 on success,
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+ * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
+ * correspond to a known group.
+ * \return Another negative error code on other kinds of failure.
+ */
+int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q);
+
#if defined(MBEDTLS_SELF_TEST)
/**
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 1c631b5..2e1d04b 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2181,9 +2181,10 @@
* Enable the debug functions.
*
* Module: library/debug.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/ssl_msg.c
* library/ssl_tls.c
+ * library/ssl_tls12_*.c
+ * library/ssl_tls13_*.c
*
* This module provides debugging functions.
*/
@@ -2211,8 +2212,9 @@
* Enable the Diffie-Hellman-Merkle module.
*
* Module: library/dhm.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* This module is used by the following key exchanges:
* DHE-RSA, DHE-PSK
@@ -2232,8 +2234,10 @@
* Enable the elliptic curve Diffie-Hellman library.
*
* Module: library/ecdh.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/psa_crypto.c
+ * library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* This module is used by the following key exchanges:
* ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
@@ -2519,9 +2523,11 @@
* Enable the generic public (asymetric) key layer.
*
* Module: library/pk.c
- * Caller: library/ssl_tls.c
- * library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/psa_crypto_rsa.c
+ * library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
+ * library/x509.c
*
* Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
*
@@ -2689,10 +2695,11 @@
*
* Module: library/rsa.c
* library/rsa_alt_helpers.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/pk.c
+ * library/psa_crypto.c
* library/ssl_tls.c
- * library/x509.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* This module is used by the following key exchanges:
* RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
@@ -2708,10 +2715,7 @@
*
* Module: library/sha1.c
* Caller: library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509write_crt.c
+ * library/psa_crypto_hash.c
*
* This module is required for TLS 1.2 depending on the handshake parameters,
* and for SHA1-signed certificates.
@@ -2750,9 +2754,9 @@
* Module: library/sha256.c
* Caller: library/entropy.c
* library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
* library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* This module adds support for SHA-256.
* This module is required for the SSL/TLS 1.2 PRF function.
@@ -2818,8 +2822,10 @@
*
* Module: library/sha512.c
* Caller: library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
+ * library/psa_crypto_hash.c
+ * library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* Comment to disable SHA-384
*/
@@ -2841,6 +2847,60 @@
#define MBEDTLS_SHA512_C
/**
+ * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * Enable acceleration of the SHA-512 cryptographic hash algorithm with the
+ * Arm A64 cryptographic extensions if they are available at runtime. If not,
+ * it will fall back to the C implementation.
+ *
+ * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Aarch64 build it will be silently ignored.
+ *
+ * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
+ * Clang >= 7, and \c CFLAGS must be set to a minimum of
+ * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the
+ * fastest code.
+ *
+ * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY.
+ *
+ * Requires: MBEDTLS_SHA512_C.
+ *
+ * Module: library/sha512.c
+ *
+ * Uncomment to have the library check for the A64 SHA-512 crypto extensions
+ * and use them if available.
+ */
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+ *
+ * Enable acceleration of the SHA-512 cryptographic hash algorithm with the
+ * Arm A64 cryptographic extensions, which must be available at runtime (or
+ * an illegal instruction fault will occur).
+ *
+ * \note This allows builds with a smaller code size than with
+ * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
+ * Clang >= 7, and \c CFLAGS must be set to a minimum of
+ * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the
+ * fastest code.
+ *
+ * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT.
+ *
+ * Requires: MBEDTLS_SHA512_C.
+ *
+ * Module: library/sha512.c
+ *
+ * Uncomment to have the library use the A64 SHA-512 crypto extensions
+ * unconditionally.
+ */
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+
+/**
* \def MBEDTLS_SSL_CACHE_C
*
* Enable simple SSL cache implementation.
@@ -2879,7 +2939,7 @@
*
* Enable the SSL/TLS client code.
*
- * Module: library/ssl_cli.c
+ * Module: library/ssl*_client.c
* Caller:
*
* Requires: MBEDTLS_SSL_TLS_C
@@ -2893,7 +2953,7 @@
*
* Enable the SSL/TLS server code.
*
- * Module: library/ssl_srv.c
+ * Module: library/ssl*_server.c
* Caller:
*
* Requires: MBEDTLS_SSL_TLS_C
@@ -2908,8 +2968,8 @@
* Enable the generic SSL/TLS code.
*
* Module: library/ssl_tls.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
+ * Caller: library/ssl*_client.c
+ * library/ssl*_server.c
*
* Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
* and at least one of the MBEDTLS_SSL_PROTO_XXX defines
@@ -2994,9 +3054,9 @@
* Enable X.509 certificate parsing.
*
* Module: library/x509_crt.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
+ * Caller: library/ssl_tls.c
+ * library/ssl*_client.c
+ * library/ssl*_server.c
*
* Requires: MBEDTLS_X509_USE_C
*
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 9ad7a1d..324612a 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -535,6 +535,45 @@
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/**
+ * \brief Make signature given a signature type.
+ *
+ * \param pk_type Signature type.
+ * \param ctx The PK context to use. It must have been set up
+ * with a private key.
+ * \param md_alg Hash algorithm used (see notes)
+ * \param hash Hash of the message to sign
+ * \param hash_len Hash length
+ * \param sig Place to write the signature.
+ * It must have enough room for the signature.
+ * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+ * You may use a smaller buffer if it is large enough
+ * given the key type.
+ * \param sig_size The size of the \p sig buffer in bytes.
+ * \param sig_len On successful return,
+ * the number of bytes written to \p sig.
+ * \param f_rng RNG function, must not be \c NULL.
+ * \param p_rng RNG parameter
+ *
+ * \return 0 on success, or a specific error code.
+ *
+ * \note When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
+ * see #PSA_ALG_RSA_PSS for a description of PSS options used.
+ *
+ * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+ * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+ *
+ */
+int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
+ mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
/**
* \brief Restartable version of \c mbedtls_pk_sign()
*
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index b4c7ba8..8dd47f6 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -29,7 +29,7 @@
#include "mbedtls/build_info.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
@@ -277,13 +277,11 @@
}
#endif /* MBEDTLS_ECP_C */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
/* Expose whatever RNG the PSA subsystem uses to applications using the
* mbedtls_xxx API. The declarations and definitions here need to be
* consistent with the implementation in library/psa_crypto_random_impl.h.
* See that file for implementation documentation. */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+
/* The type of a `f_rng` random generator function that many library functions
* take.
@@ -363,6 +361,6 @@
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) */
+#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b819bba..7e9985e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -41,9 +41,8 @@
#endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
- * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
- * in functionality that access to ecdh_ctx structure is needed for
- * MBEDTLS_ECDSA_C which does not seem correct.
+ * to guards in TLS code. There is a gap in functionality that access to
+ * ecdh_ctx structure is needed for MBEDTLS_ECDSA_C which does not seem correct.
*/
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdh.h"
@@ -4358,11 +4357,40 @@
int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
/**
+ * \brief After calling mbedtls_ssl_handshake() to start the SSL
+ * handshake you can call this function to check whether the
+ * handshake is over for a given SSL context. This function
+ * should be also used to determine when to stop calling
+ * mbedtls_handshake_step() for that context.
+ *
+ * \param ssl SSL context
+ *
+ * \return \c 1 if handshake is over, \c 0 if it is still ongoing.
+ */
+static inline int mbedtls_ssl_is_handshake_over( mbedtls_ssl_context *ssl )
+{
+ return( ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_HANDSHAKE_OVER );
+}
+
+/**
* \brief Perform a single step of the SSL handshake
*
* \note The state of the context (ssl->state) will be at
* the next state after this function returns \c 0. Do not
- * call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
+ * call this function if mbedtls_ssl_is_handshake_over()
+ * returns \c 1.
+ *
+ * \warning Whilst in the past you may have used direct access to the
+ * context state (ssl->state) in order to ascertain when to
+ * stop calling this function and although you can still do
+ * so with something like ssl->MBEDTLS_PRIVATE(state) or by
+ * defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now
+ * considered deprecated and could be broken in any future
+ * release. If you still find you have good reason for such
+ * direct access, then please do contact the team to explain
+ * this (raise an issue or post to the mailing list), so that
+ * we can add a solution to your problem that will be
+ * guaranteed to work in the future.
*
* \param ssl SSL context
*
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 34452aa..c5b80d9 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -27,9 +27,11 @@
#include "mbedtls/ssl.h"
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/**
* \name SECTION: Module settings
@@ -53,16 +55,23 @@
*/
typedef struct mbedtls_ssl_cookie_ctx
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */
+ psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */
+#else
mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_ssl_cookie_ctx;
/**
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 25db1c6..652548d 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -90,6 +90,17 @@
*/
int mbedtls_timing_get_delay( void *data );
+/**
+ * \brief Get the final timing delay
+ *
+ * \param data Pointer to timing data
+ * Must point to a valid \c mbedtls_timing_delay_context struct.
+ *
+ * \return Final timing delay in milliseconds.
+ */
+uint32_t mbedtls_timing_get_final_delay(
+ const mbedtls_timing_delay_context *data );
+
#ifdef __cplusplus
}
#endif
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 6476e3c..d290971 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -97,7 +97,7 @@
#define PSA_WANT_ECC_SECP_K1_192 1
/*
* SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/ARMmbed/mbedtls/issues/3541). Thus, do not enable it by
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
* default.
*/
//#define PSA_WANT_ECC_SECP_K1_224 1
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index ddede03..6c3d7fd 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -99,12 +99,12 @@
net_sockets.c
ssl_cache.c
ssl_ciphersuites.c
- ssl_cli.c
ssl_cookie.c
ssl_msg.c
- ssl_srv.c
ssl_ticket.c
ssl_tls.c
+ ssl_tls12_client.c
+ ssl_tls12_server.c
ssl_tls13_keys.c
ssl_tls13_server.c
ssl_tls13_client.c
diff --git a/library/Makefile b/library/Makefile
index e9c0a11..d49d20c 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -168,12 +168,12 @@
net_sockets.o \
ssl_cache.o \
ssl_ciphersuites.o \
- ssl_cli.o \
ssl_cookie.o \
ssl_msg.o \
- ssl_srv.o \
ssl_ticket.o \
ssl_tls.o \
+ ssl_tls12_client.o \
+ ssl_tls12_server.o \
ssl_tls13_keys.o \
ssl_tls13_client.o \
ssl_tls13_server.o \
diff --git a/library/constant_time.c b/library/constant_time.c
index 0f2e46f..a6451bb 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -437,6 +437,126 @@
}
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#if defined(PSA_WANT_ALG_SHA_384)
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_384 )
+#elif defined(PSA_WANT_ALG_SHA_256)
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_256 )
+#else /* See check_config.h */
+#define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH( PSA_ALG_SHA_1 )
+#endif
+
+int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
+ psa_algorithm_t mac_alg,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output )
+{
+ /*
+ * This function breaks the HMAC abstraction and uses psa_hash_clone()
+ * extension in order to get constant-flow behaviour.
+ *
+ * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
+ * concatenation, and okey/ikey are the XOR of the key with some fixed bit
+ * patterns (see RFC 2104, sec. 2).
+ *
+ * We'll first compute ikey/okey, then inner_hash = HASH(ikey + msg) by
+ * hashing up to minlen, then cloning the context, and for each byte up
+ * to maxlen finishing up the hash computation, keeping only the
+ * correct result.
+ *
+ * Then we only need to compute HASH(okey + inner_hash) and we're done.
+ */
+ psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( mac_alg );
+ const size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
+ unsigned char key_buf[MAX_HASH_BLOCK_LENGTH];
+ const size_t hash_size = PSA_HASH_LENGTH( hash_alg );
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t hash_length;
+
+ unsigned char aux_out[PSA_HASH_MAX_SIZE];
+ psa_hash_operation_t aux_operation = PSA_HASH_OPERATION_INIT;
+ size_t offset;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t mac_key_length;
+ size_t i;
+
+#define PSA_CHK( func_call ) \
+ do { \
+ status = (func_call); \
+ if( status != PSA_SUCCESS ) \
+ goto cleanup; \
+ } while( 0 )
+
+ /* Export MAC key
+ * We assume key length is always exactly the output size
+ * which is never more than the block size, thus we use block_size
+ * as the key buffer size.
+ */
+ PSA_CHK( psa_export_key( key, key_buf, block_size, &mac_key_length ) );
+
+ /* Calculate ikey */
+ for( i = 0; i < mac_key_length; i++ )
+ key_buf[i] = (unsigned char)( key_buf[i] ^ 0x36 );
+ for(; i < block_size; ++i )
+ key_buf[i] = 0x36;
+
+ PSA_CHK( psa_hash_setup( &operation, hash_alg ) );
+
+ /* Now compute inner_hash = HASH(ikey + msg) */
+ PSA_CHK( psa_hash_update( &operation, key_buf, block_size ) );
+ PSA_CHK( psa_hash_update( &operation, add_data, add_data_len ) );
+ PSA_CHK( psa_hash_update( &operation, data, min_data_len ) );
+
+ /* For each possible length, compute the hash up to that point */
+ for( offset = min_data_len; offset <= max_data_len; offset++ )
+ {
+ PSA_CHK( psa_hash_clone( &operation, &aux_operation ) );
+ PSA_CHK( psa_hash_finish( &aux_operation, aux_out,
+ PSA_HASH_MAX_SIZE, &hash_length ) );
+ /* Keep only the correct inner_hash in the output buffer */
+ mbedtls_ct_memcpy_if_eq( output, aux_out, hash_size,
+ offset, data_len_secret );
+
+ if( offset < max_data_len )
+ PSA_CHK( psa_hash_update( &operation, data + offset, 1 ) );
+ }
+
+ /* Abort current operation to prepare for final operation */
+ PSA_CHK( psa_hash_abort( &operation ) );
+
+ /* Calculate okey */
+ for( i = 0; i < mac_key_length; i++ )
+ key_buf[i] = (unsigned char)( ( key_buf[i] ^ 0x36 ) ^ 0x5C );
+ for(; i < block_size; ++i )
+ key_buf[i] = 0x5C;
+
+ /* Now compute HASH(okey + inner_hash) */
+ PSA_CHK( psa_hash_setup( &operation, hash_alg ) );
+ PSA_CHK( psa_hash_update( &operation, key_buf, block_size ) );
+ PSA_CHK( psa_hash_update( &operation, output, hash_size ) );
+ PSA_CHK( psa_hash_finish( &operation, output, hash_size, &hash_length ) );
+
+#undef PSA_CHK
+
+cleanup:
+ mbedtls_platform_zeroize( key_buf, MAX_HASH_BLOCK_LENGTH );
+ mbedtls_platform_zeroize( aux_out, PSA_HASH_MAX_SIZE );
+
+ psa_hash_abort( &operation );
+ psa_hash_abort( &aux_operation );
+ return( psa_ssl_status_to_mbedtls( status ) );
+}
+
+#undef MAX_HASH_BLOCK_LENGTH
+
+#else
int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
const unsigned char *add_data,
size_t add_data_len,
@@ -520,6 +640,7 @@
mbedtls_md_free( &aux );
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 053cf12..4838d05 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -276,6 +276,17 @@
* \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
* The hardware accelerator failed.
*/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const unsigned char *add_data,
+ size_t add_data_len,
+ const unsigned char *data,
+ size_t data_len_secret,
+ size_t min_data_len,
+ size_t max_data_len,
+ unsigned char *output );
+#else
int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
const unsigned char *add_data,
size_t add_data_len,
@@ -284,6 +295,7 @@
size_t min_data_len,
size_t max_data_len,
unsigned char *output );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
diff --git a/library/ecp.c b/library/ecp.c
index ba76abb..f39cb02 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -3356,6 +3356,26 @@
return( ret );
}
+/*
+ * Export generic key-pair parameters.
+ */
+int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if( ( ret = mbedtls_ecp_group_copy( grp, &key->grp ) ) != 0 )
+ return ret;
+
+ if( ( ret = mbedtls_mpi_copy( d, &key->d ) ) != 0 )
+ return ret;
+
+ if( ( ret = mbedtls_ecp_copy( Q, &key->Q ) ) != 0 )
+ return ret;
+
+ return 0;
+}
+
#if defined(MBEDTLS_SELF_TEST)
/*
diff --git a/library/pk.c b/library/pk.c
index 79eccaa..7f4d5fe 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -36,7 +36,7 @@
#include "mbedtls/ecdsa.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
#endif
@@ -518,6 +518,48 @@
f_rng, p_rng, NULL ) );
}
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/*
+ * Make a signature given a signature type.
+ */
+int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
+ mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+#if defined(MBEDTLS_RSA_C)
+ psa_algorithm_t psa_md_alg;
+#endif /* MBEDTLS_RSA_C */
+ *sig_len = 0;
+
+ if( ctx->pk_info == NULL )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ if( ! mbedtls_pk_can_do( ctx, pk_type ) )
+ return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+
+ if( pk_type != MBEDTLS_PK_RSASSA_PSS )
+ {
+ return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
+ sig, sig_size, sig_len, f_rng, p_rng ) );
+ }
+#if defined(MBEDTLS_RSA_C)
+ psa_md_alg = mbedtls_psa_translate_md( md_alg );
+ if( psa_md_alg == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( psa_md_alg ),
+ ctx->pk_ctx, hash, hash_len,
+ sig, sig_size, sig_len ) );
+#else /* MBEDTLS_RSA_C */
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+#endif /* !MBEDTLS_RSA_C */
+
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
/*
* Decrypt message
*/
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index ad1f84c..2569b9c 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -65,7 +65,7 @@
#include <limits.h>
#include <stdint.h>
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
int mbedtls_pk_error_from_psa( psa_status_t status )
{
switch( status )
@@ -100,28 +100,6 @@
}
}
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-int mbedtls_pk_error_from_psa_ecdca( psa_status_t status )
-{
- switch( status )
- {
- case PSA_ERROR_NOT_PERMITTED:
- case PSA_ERROR_INVALID_ARGUMENT:
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- case PSA_ERROR_INVALID_HANDLE:
- return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
- case PSA_ERROR_BUFFER_TOO_SMALL:
- return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
- case PSA_ERROR_INSUFFICIENT_ENTROPY:
- return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
- case PSA_ERROR_INVALID_SIGNATURE:
- return( MBEDTLS_ERR_ECP_VERIFY_FAILED );
- default:
- return( mbedtls_pk_error_from_psa( status ) );
- }
-}
-#endif
-
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
{
@@ -144,7 +122,34 @@
}
}
#endif
-#endif
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status )
+{
+ switch( status )
+ {
+ case PSA_ERROR_NOT_PERMITTED:
+ case PSA_ERROR_INVALID_ARGUMENT:
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ case PSA_ERROR_INVALID_HANDLE:
+ return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+ case PSA_ERROR_BUFFER_TOO_SMALL:
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+ case PSA_ERROR_INSUFFICIENT_ENTROPY:
+ return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ case PSA_ERROR_INVALID_SIGNATURE:
+ return( MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ default:
+ return( mbedtls_pk_error_from_psa( status ) );
+ }
+}
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_RSA_C)
static int rsa_can_do( mbedtls_pk_type_t type )
@@ -191,13 +196,13 @@
return( 0 );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg,
+ mbedtls_rsa_context *rsa_ctx,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size,
+ size_t *sig_len )
{
- mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@@ -206,31 +211,20 @@
int key_len;
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
- psa_algorithm_t psa_alg_md =
- PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
- ((void) f_rng);
- ((void) p_rng);
-
-#if SIZE_MAX > UINT_MAX
- if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
- *sig_len = mbedtls_rsa_get_len( rsa );
+ *sig_len = mbedtls_rsa_get_len( rsa_ctx );
if( sig_size < *sig_len )
return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
/* mbedtls_pk_write_key_der() expects a full PK context;
* re-construct one to make it happy */
key.pk_info = &pk_info;
- key.pk_ctx = ctx;
+ key.pk_ctx = rsa_ctx;
key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
if( key_len <= 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
- psa_set_key_algorithm( &attributes, psa_alg_md );
+ psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
status = psa_import_key( &attributes,
@@ -241,8 +235,7 @@
ret = mbedtls_pk_error_from_psa( status );
goto cleanup;
}
-
- status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len,
+ status = psa_sign_hash( key_id, alg, hash, hash_len,
sig, sig_size, sig_len );
if( status != PSA_SUCCESS )
{
@@ -256,9 +249,29 @@
status = psa_destroy_key( key_id );
if( ret == 0 && status != PSA_SUCCESS )
ret = mbedtls_pk_error_from_psa( status );
-
return( ret );
}
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ ((void) f_rng);
+ ((void) p_rng);
+
+ psa_algorithm_t psa_md_alg;
+ psa_md_alg = mbedtls_psa_translate_md( md_alg );
+ if( psa_md_alg == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN(
+ psa_md_alg ),
+ ctx, hash, hash_len,
+ sig, sig_size, sig_len ) );
+}
#else
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
@@ -365,6 +378,73 @@
}
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int rsa_encrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ mbedtls_pk_context key;
+ int key_len;
+ unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
+
+ ((void) f_rng);
+ ((void) p_rng);
+
+#if !defined(MBEDTLS_RSA_ALT)
+ if( rsa->padding != MBEDTLS_RSA_PKCS_V15 )
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
+
+ if( mbedtls_rsa_get_len( rsa ) > osize )
+ return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+
+ /* mbedtls_pk_write_pubkey_der() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &mbedtls_rsa_info;
+ key.pk_ctx = ctx;
+ key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_CRYPT );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY );
+
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa( status );
+ goto cleanup;
+ }
+
+ status = psa_asymmetric_encrypt( key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ input, ilen,
+ NULL, 0,
+ output, osize, olen );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa_rsa( status );
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
+ return( ret );
+}
+#else
static int rsa_encrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
@@ -379,6 +459,7 @@
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng,
ilen, input, output ) );
}
+#endif
static int rsa_check_pair_wrap( const void *pub, const void *prv,
int (*f_rng)(void *, unsigned char *, size_t),
@@ -843,7 +924,7 @@
buf, 2 * signature_part_size );
if( status != PSA_SUCCESS )
{
- ret = mbedtls_pk_error_from_psa_ecdca( status );
+ ret = mbedtls_pk_error_from_psa_ecdsa( status );
goto cleanup;
}
@@ -855,7 +936,10 @@
ret = 0;
cleanup:
- psa_destroy_key( key_id );
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
return( ret );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -876,6 +960,206 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/*
+ * Simultaneously convert and move raw MPI from the beginning of a buffer
+ * to an ASN.1 MPI at the end of the buffer.
+ * See also mbedtls_asn1_write_mpi().
+ *
+ * p: pointer to the end of the output buffer
+ * start: start of the output buffer, and also of the mpi to write at the end
+ * n_len: length of the mpi to read from start
+ */
+static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
+ size_t n_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0;
+
+ if( (size_t)( *p - start ) < n_len )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ len = n_len;
+ *p -= len;
+ memmove( *p, start, len );
+
+ /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
+ * Neither r nor s should be 0, but as a failsafe measure, still detect
+ * that rather than overflowing the buffer in case of a PSA error. */
+ while( len > 0 && **p == 0x00 )
+ {
+ ++(*p);
+ --len;
+ }
+
+ /* this is only reached if the signature was invalid */
+ if( len == 0 )
+ return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+
+ /* if the msb is 1, ASN.1 requires that we prepend a 0.
+ * Neither r nor s can be 0, so we can assume len > 0 at all times. */
+ if( **p & 0x80 )
+ {
+ if( *p - start < 1 )
+ return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+ *--(*p) = 0x00;
+ len += 1;
+ }
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
+ MBEDTLS_ASN1_INTEGER ) );
+
+ return( (int) len );
+}
+
+/* Transcode signature from PSA format to ASN.1 sequence.
+ * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
+ * MPIs, and in-place.
+ *
+ * [in/out] sig: the signature pre- and post-transcoding
+ * [in/out] sig_len: signature length pre- and post-transcoding
+ * [int] buf_len: the available size the in/out buffer
+ */
+static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
+ size_t buf_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0;
+ const size_t rs_len = *sig_len / 2;
+ unsigned char *p = sig + buf_len;
+
+ MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
+
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
+ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+
+ memmove( sig, p, len );
+ *sig_len = len;
+
+ return( 0 );
+}
+
+/* Locate an ECDSA privateKey in a RFC 5915, or SEC1 Appendix C.4 ASN.1 buffer
+ *
+ * [in/out] buf: ASN.1 buffer start as input - ECDSA privateKey start as output
+ * [in] end: ASN.1 buffer end
+ * [out] key_len: the ECDSA privateKey length in bytes
+ */
+static int find_ecdsa_private_key( unsigned char **buf, unsigned char *end,
+ size_t *key_len )
+{
+ size_t len;
+ int ret;
+
+ /*
+ * RFC 5915, or SEC1 Appendix C.4
+ *
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ */
+
+ if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ return( ret );
+
+ /* version */
+ if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
+ MBEDTLS_ASN1_INTEGER ) ) != 0 )
+ return( ret );
+
+ *buf += len;
+
+ /* privateKey */
+ if( ( ret = mbedtls_asn1_get_tag( buf, end, &len,
+ MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+ return( ret );
+
+ *key_len = len;
+
+ return 0;
+}
+
+static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ mbedtls_ecdsa_context *ctx = ctx_arg;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ mbedtls_pk_context key;
+ size_t key_len;
+ unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES];
+ unsigned char *p;
+ psa_algorithm_t psa_sig_md =
+ PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+ size_t curve_bits;
+ psa_ecc_family_t curve =
+ mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
+
+ /* PSA has its own RNG */
+ ((void) f_rng);
+ ((void) p_rng);
+
+ if( curve == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ /* mbedtls_pk_write_key_der() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &mbedtls_eckey_info;
+ key.pk_ctx = ctx;
+ key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ p = buf + sizeof( buf ) - key_len;
+ ret = find_ecdsa_private_key( &p, buf + sizeof( buf ), &key_len );
+ if( ret != 0 )
+ goto cleanup;
+
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( curve ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes, psa_sig_md );
+
+ status = psa_import_key( &attributes,
+ p, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa( status );
+ goto cleanup;
+ }
+
+ status = psa_sign_hash( key_id, psa_sig_md, hash, hash_len,
+ sig, sig_size, sig_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa_ecdsa( status );
+ goto cleanup;
+ }
+
+ ret = pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size );
+
+cleanup:
+ mbedtls_platform_zeroize( buf, sizeof( buf ) );
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
+ return( ret );
+}
+#else
static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
@@ -886,6 +1170,7 @@
sig, sig_size, sig_len,
f_rng, p_rng ) );
}
+#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
@@ -1153,92 +1438,6 @@
type == MBEDTLS_PK_ECDSA );
}
-#if defined(MBEDTLS_ECDSA_C)
-
-/*
- * Simultaneously convert and move raw MPI from the beginning of a buffer
- * to an ASN.1 MPI at the end of the buffer.
- * See also mbedtls_asn1_write_mpi().
- *
- * p: pointer to the end of the output buffer
- * start: start of the output buffer, and also of the mpi to write at the end
- * n_len: length of the mpi to read from start
- */
-static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
- size_t n_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
-
- if( (size_t)( *p - start ) < n_len )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
- len = n_len;
- *p -= len;
- memmove( *p, start, len );
-
- /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
- * Neither r nor s should be 0, but as a failsafe measure, still detect
- * that rather than overflowing the buffer in case of a PSA error. */
- while( len > 0 && **p == 0x00 )
- {
- ++(*p);
- --len;
- }
-
- /* this is only reached if the signature was invalid */
- if( len == 0 )
- return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
-
- /* if the msb is 1, ASN.1 requires that we prepend a 0.
- * Neither r nor s can be 0, so we can assume len > 0 at all times. */
- if( **p & 0x80 )
- {
- if( *p - start < 1 )
- return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
- *--(*p) = 0x00;
- len += 1;
- }
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
- MBEDTLS_ASN1_INTEGER ) );
-
- return( (int) len );
-}
-
-/* Transcode signature from PSA format to ASN.1 sequence.
- * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
- * MPIs, and in-place.
- *
- * [in/out] sig: the signature pre- and post-transcoding
- * [in/out] sig_len: signature length pre- and post-transcoding
- * [int] buf_len: the available size the in/out buffer
- */
-static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
- size_t buf_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len = 0;
- const size_t rs_len = *sig_len / 2;
- unsigned char *p = sig + buf_len;
-
- MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
- MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
-
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
- MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
- memmove( sig, p, len );
- *sig_len = len;
-
- return( 0 );
-}
-
-#endif /* MBEDTLS_ECDSA_C */
-
static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
@@ -1268,7 +1467,7 @@
status = psa_sign_hash( *key, alg, hash, hash_len,
sig, sig_size, sig_len );
if( status != PSA_SUCCESS )
- return( mbedtls_pk_error_from_psa_ecdca( status ) );
+ return( mbedtls_pk_error_from_psa_ecdsa( status ) );
/* transcode it to ASN.1 sequence */
return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index ca0d8d8..1b490cc 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -27,6 +27,10 @@
#include "mbedtls/pk.h"
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
struct mbedtls_pk_info_t
{
/** Public key type */
@@ -133,18 +137,28 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_pk_error_from_psa( psa_status_t status );
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-int mbedtls_pk_error_from_psa_ecdca( psa_status_t status );
+int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status );
#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+int mbedtls_pk_error_from_psa( psa_status_t status );
+
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
#endif
-#endif
+
+#if defined(MBEDTLS_RSA_C)
+int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md,
+ mbedtls_rsa_context *rsa_ctx,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size,
+ size_t *sig_len );
+#endif /* MBEDTLS_RSA_C */
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/library/sha256.c b/library/sha256.c
index ff62802..bdc396a 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -49,8 +49,15 @@
defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
# include <arm_neon.h>
# endif
-# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && defined(__linux__)
-# include <sys/auxv.h>
+# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+# if defined(__unix__)
+# if defined(__linux__)
+ /* Our preferred method of detection is getauxval() */
+# include <sys/auxv.h>
+# endif
+ /* Use SIGILL on Unix, and fall back to it on Linux */
+# include <signal.h>
+# endif
# endif
#elif defined(_M_ARM64)
# if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
@@ -272,10 +279,10 @@
uint32x4_t abcd_orig = abcd;
uint32x4_t efgh_orig = efgh;
- uint32x4_t sched0 = vld1q_u32( (const uint32_t *)( msg + 16 * 0 ) );
- uint32x4_t sched1 = vld1q_u32( (const uint32_t *)( msg + 16 * 1 ) );
- uint32x4_t sched2 = vld1q_u32( (const uint32_t *)( msg + 16 * 2 ) );
- uint32x4_t sched3 = vld1q_u32( (const uint32_t *)( msg + 16 * 3 ) );
+ uint32x4_t sched0 = (uint32x4_t) vld1q_u8( msg + 16 * 0 );
+ uint32x4_t sched1 = (uint32x4_t) vld1q_u8( msg + 16 * 1 );
+ uint32x4_t sched2 = (uint32x4_t) vld1q_u8( msg + 16 * 2 );
+ uint32x4_t sched3 = (uint32x4_t) vld1q_u8( msg + 16 * 3 );
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ /* Will be true if not defined */
/* Untested on BE */
diff --git a/library/sha512.c b/library/sha512.c
index 2b4cc54..71fbff0 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -50,12 +50,128 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
+#if defined(__aarch64__)
+# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+# include <arm_neon.h>
+# endif
+# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+# if defined(__unix__)
+# if defined(__linux__)
+ /* Our preferred method of detection is getauxval() */
+# include <sys/auxv.h>
+# endif
+ /* Use SIGILL on Unix, and fall back to it on Linux */
+# include <signal.h>
+# endif
+# endif
+#elif defined(_M_ARM64)
+# if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+# include <arm64_neon.h>
+# endif
+#else
+# undef MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+# undef MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+#endif
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+/*
+ * Capability detection code comes early, so we can disable
+ * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT if no detection mechanism found
+ */
+#if defined(HWCAP_SHA512)
+static int mbedtls_a64_crypto_sha512_determine_support( void )
+{
+ return( ( getauxval( AT_HWCAP ) & HWCAP_SHA512 ) ? 1 : 0 );
+}
+#elif defined(__APPLE__)
+#include <sys/types.h>
+#include <sys/sysctl.h>
+
+static int mbedtls_a64_crypto_sha512_determine_support( void )
+{
+ int value = 0;
+ size_t value_len = sizeof(value);
+
+ int ret = sysctlbyname( "hw.optional.armv8_2_sha512", &value, &value_len,
+ NULL, 0 );
+ return( ret == 0 && value != 0 );
+}
+#elif defined(_M_ARM64)
+/*
+ * As of March 2022, there don't appear to be any PF_ARM_V8_* flags
+ * available to pass to IsProcessorFeaturePresent() to check for
+ * SHA-512 support. So we fall back to the C code only.
+ */
+#if defined(_MSC_VER)
+#pragma message "No mechanism to detect A64_CRYPTO found, using C code only"
+#else
+#warning "No mechanism to detect A64_CRYPTO found, using C code only"
+#endif
+#elif defined(__unix__) && defined(SIG_SETMASK)
+/* Detection with SIGILL, setjmp() and longjmp() */
+#include <signal.h>
+#include <setjmp.h>
+
+#ifndef asm
+#define asm __asm__
+#endif
+
+static jmp_buf return_from_sigill;
+
+/*
+ * A64 SHA512 support detection via SIGILL
+ */
+static void sigill_handler( int signal )
+{
+ (void) signal;
+ longjmp( return_from_sigill, 1 );
+}
+
+static int mbedtls_a64_crypto_sha512_determine_support( void )
+{
+ struct sigaction old_action, new_action;
+
+ sigset_t old_mask;
+ if( sigprocmask( 0, NULL, &old_mask ) )
+ return( 0 );
+
+ sigemptyset( &new_action.sa_mask );
+ new_action.sa_flags = 0;
+ new_action.sa_handler = sigill_handler;
+
+ sigaction( SIGILL, &new_action, &old_action );
+
+ static int ret = 0;
+
+ if( setjmp( return_from_sigill ) == 0 ) /* First return only */
+ {
+ /* If this traps, we will return a second time from setjmp() with 1 */
+ asm( "sha512h q0, q0, v0.2d" : : : "v0" );
+ ret = 1;
+ }
+
+ sigaction( SIGILL, &old_action, NULL );
+ sigprocmask( SIG_SETMASK, &old_mask, NULL );
+
+ return( ret );
+}
+#else
+#warning "No mechanism to detect A64_CRYPTO found, using C code only"
+#undef MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+#endif /* HWCAP_SHA512, __APPLE__, __unix__ && SIG_SETMASK */
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
+
#define SHA512_VALIDATE_RET(cond) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
#if !defined(MBEDTLS_SHA512_ALT)
+#define SHA512_BLOCK_SIZE 128
+
#if defined(MBEDTLS_SHA512_SMALLER)
static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
{
@@ -188,9 +304,249 @@
UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
};
+#endif
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
- const unsigned char data[128] )
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \
+ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+# define mbedtls_internal_sha512_process_many_a64_crypto mbedtls_internal_sha512_process_many
+# define mbedtls_internal_sha512_process_a64_crypto mbedtls_internal_sha512_process
+#endif
+
+#ifndef asm
+#define asm __asm__
+#endif
+
+/* Accelerated SHA-512 implementation originally written by Simon Tatham for PuTTY,
+ * under the MIT licence; dual-licensed as Apache 2 with his kind permission.
+ */
+
+#if defined(__clang__) && \
+ (__clang_major__ < 13 || \
+ (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0))
+static inline uint64x2_t vsha512su0q_u64(uint64x2_t x, uint64x2_t y)
+{
+ asm( "sha512su0 %0.2D,%1.2D" : "+w" (x) : "w" (y) );
+ return( x );
+}
+static inline uint64x2_t vsha512su1q_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
+{
+ asm( "sha512su1 %0.2D,%1.2D,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
+ return( x );
+}
+static inline uint64x2_t vsha512hq_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
+{
+ asm( "sha512h %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
+ return( x );
+}
+static inline uint64x2_t vsha512h2q_u64(uint64x2_t x, uint64x2_t y, uint64x2_t z)
+{
+ asm( "sha512h2 %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z) );
+ return( x );
+}
+#endif /* __clang__ etc */
+
+static size_t mbedtls_internal_sha512_process_many_a64_crypto(
+ mbedtls_sha512_context *ctx, const uint8_t *msg, size_t len )
+{
+ uint64x2_t ab = vld1q_u64( &ctx->state[0] );
+ uint64x2_t cd = vld1q_u64( &ctx->state[2] );
+ uint64x2_t ef = vld1q_u64( &ctx->state[4] );
+ uint64x2_t gh = vld1q_u64( &ctx->state[6] );
+
+ size_t processed = 0;
+
+ for ( ;
+ len >= SHA512_BLOCK_SIZE;
+ processed += SHA512_BLOCK_SIZE,
+ msg += SHA512_BLOCK_SIZE,
+ len -= SHA512_BLOCK_SIZE )
+ {
+ uint64x2_t initial_sum, sum, intermed;
+
+ uint64x2_t ab_orig = ab;
+ uint64x2_t cd_orig = cd;
+ uint64x2_t ef_orig = ef;
+ uint64x2_t gh_orig = gh;
+
+ uint64x2_t s0 = (uint64x2_t) vld1q_u8( msg + 16 * 0 );
+ uint64x2_t s1 = (uint64x2_t) vld1q_u8( msg + 16 * 1 );
+ uint64x2_t s2 = (uint64x2_t) vld1q_u8( msg + 16 * 2 );
+ uint64x2_t s3 = (uint64x2_t) vld1q_u8( msg + 16 * 3 );
+ uint64x2_t s4 = (uint64x2_t) vld1q_u8( msg + 16 * 4 );
+ uint64x2_t s5 = (uint64x2_t) vld1q_u8( msg + 16 * 5 );
+ uint64x2_t s6 = (uint64x2_t) vld1q_u8( msg + 16 * 6 );
+ uint64x2_t s7 = (uint64x2_t) vld1q_u8( msg + 16 * 7 );
+
+#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ /* assume LE if these not defined; untested on BE */
+ s0 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s0 ) ) );
+ s1 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s1 ) ) );
+ s2 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s2 ) ) );
+ s3 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s3 ) ) );
+ s4 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s4 ) ) );
+ s5 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s5 ) ) );
+ s6 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s6 ) ) );
+ s7 = vreinterpretq_u64_u8( vrev64q_u8( vreinterpretq_u8_u64( s7 ) ) );
+#endif
+
+ /* Rounds 0 and 1 */
+ initial_sum = vaddq_u64( s0, vld1q_u64( &K[0] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
+ intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
+ gh = vsha512h2q_u64( intermed, cd, ab );
+ cd = vaddq_u64( cd, intermed );
+
+ /* Rounds 2 and 3 */
+ initial_sum = vaddq_u64( s1, vld1q_u64( &K[2] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
+ intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
+ ef = vsha512h2q_u64( intermed, ab, gh );
+ ab = vaddq_u64( ab, intermed );
+
+ /* Rounds 4 and 5 */
+ initial_sum = vaddq_u64( s2, vld1q_u64( &K[4] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
+ intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
+ cd = vsha512h2q_u64( intermed, gh, ef );
+ gh = vaddq_u64( gh, intermed );
+
+ /* Rounds 6 and 7 */
+ initial_sum = vaddq_u64( s3, vld1q_u64( &K[6] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
+ intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
+ ab = vsha512h2q_u64( intermed, ef, cd );
+ ef = vaddq_u64( ef, intermed );
+
+ /* Rounds 8 and 9 */
+ initial_sum = vaddq_u64( s4, vld1q_u64( &K[8] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
+ intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
+ gh = vsha512h2q_u64( intermed, cd, ab );
+ cd = vaddq_u64( cd, intermed );
+
+ /* Rounds 10 and 11 */
+ initial_sum = vaddq_u64( s5, vld1q_u64( &K[10] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
+ intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
+ ef = vsha512h2q_u64( intermed, ab, gh );
+ ab = vaddq_u64( ab, intermed );
+
+ /* Rounds 12 and 13 */
+ initial_sum = vaddq_u64( s6, vld1q_u64( &K[12] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
+ intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
+ cd = vsha512h2q_u64( intermed, gh, ef );
+ gh = vaddq_u64( gh, intermed );
+
+ /* Rounds 14 and 15 */
+ initial_sum = vaddq_u64( s7, vld1q_u64( &K[14] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
+ intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
+ ab = vsha512h2q_u64( intermed, ef, cd );
+ ef = vaddq_u64( ef, intermed );
+
+ for ( unsigned int t = 16; t < 80; t += 16 )
+ {
+ /* Rounds t and t + 1 */
+ s0 = vsha512su1q_u64( vsha512su0q_u64( s0, s1 ), s7, vextq_u64( s4, s5, 1 ) );
+ initial_sum = vaddq_u64( s0, vld1q_u64( &K[t] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
+ intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
+ gh = vsha512h2q_u64( intermed, cd, ab );
+ cd = vaddq_u64( cd, intermed );
+
+ /* Rounds t + 2 and t + 3 */
+ s1 = vsha512su1q_u64( vsha512su0q_u64( s1, s2 ), s0, vextq_u64( s5, s6, 1 ) );
+ initial_sum = vaddq_u64( s1, vld1q_u64( &K[t + 2] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
+ intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
+ ef = vsha512h2q_u64( intermed, ab, gh );
+ ab = vaddq_u64( ab, intermed );
+
+ /* Rounds t + 4 and t + 5 */
+ s2 = vsha512su1q_u64( vsha512su0q_u64( s2, s3 ), s1, vextq_u64( s6, s7, 1 ) );
+ initial_sum = vaddq_u64( s2, vld1q_u64( &K[t + 4] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
+ intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
+ cd = vsha512h2q_u64( intermed, gh, ef );
+ gh = vaddq_u64( gh, intermed );
+
+ /* Rounds t + 6 and t + 7 */
+ s3 = vsha512su1q_u64( vsha512su0q_u64( s3, s4 ), s2, vextq_u64( s7, s0, 1 ) );
+ initial_sum = vaddq_u64( s3, vld1q_u64( &K[t + 6] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
+ intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
+ ab = vsha512h2q_u64( intermed, ef, cd );
+ ef = vaddq_u64( ef, intermed );
+
+ /* Rounds t + 8 and t + 9 */
+ s4 = vsha512su1q_u64( vsha512su0q_u64( s4, s5 ), s3, vextq_u64( s0, s1, 1 ) );
+ initial_sum = vaddq_u64( s4, vld1q_u64( &K[t + 8] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), gh );
+ intermed = vsha512hq_u64( sum, vextq_u64( ef, gh, 1 ), vextq_u64( cd, ef, 1 ) );
+ gh = vsha512h2q_u64( intermed, cd, ab );
+ cd = vaddq_u64( cd, intermed );
+
+ /* Rounds t + 10 and t + 11 */
+ s5 = vsha512su1q_u64( vsha512su0q_u64( s5, s6 ), s4, vextq_u64( s1, s2, 1 ) );
+ initial_sum = vaddq_u64( s5, vld1q_u64( &K[t + 10] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ef );
+ intermed = vsha512hq_u64( sum, vextq_u64( cd, ef, 1 ), vextq_u64( ab, cd, 1 ) );
+ ef = vsha512h2q_u64( intermed, ab, gh );
+ ab = vaddq_u64( ab, intermed );
+
+ /* Rounds t + 12 and t + 13 */
+ s6 = vsha512su1q_u64( vsha512su0q_u64( s6, s7 ), s5, vextq_u64( s2, s3, 1 ) );
+ initial_sum = vaddq_u64( s6, vld1q_u64( &K[t + 12] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), cd );
+ intermed = vsha512hq_u64( sum, vextq_u64( ab, cd, 1 ), vextq_u64( gh, ab, 1 ) );
+ cd = vsha512h2q_u64( intermed, gh, ef );
+ gh = vaddq_u64( gh, intermed );
+
+ /* Rounds t + 14 and t + 15 */
+ s7 = vsha512su1q_u64( vsha512su0q_u64( s7, s0 ), s6, vextq_u64( s3, s4, 1 ) );
+ initial_sum = vaddq_u64( s7, vld1q_u64( &K[t + 14] ) );
+ sum = vaddq_u64( vextq_u64( initial_sum, initial_sum, 1 ), ab );
+ intermed = vsha512hq_u64( sum, vextq_u64( gh, ab, 1 ), vextq_u64( ef, gh, 1 ) );
+ ab = vsha512h2q_u64( intermed, ef, cd );
+ ef = vaddq_u64( ef, intermed );
+ }
+
+ ab = vaddq_u64( ab, ab_orig );
+ cd = vaddq_u64( cd, cd_orig );
+ ef = vaddq_u64( ef, ef_orig );
+ gh = vaddq_u64( gh, gh_orig );
+ }
+
+ vst1q_u64( &ctx->state[0], ab );
+ vst1q_u64( &ctx->state[2], cd );
+ vst1q_u64( &ctx->state[4], ef );
+ vst1q_u64( &ctx->state[6], gh );
+
+ return( processed );
+}
+
+int mbedtls_internal_sha512_process_a64_crypto( mbedtls_sha512_context *ctx,
+ const unsigned char data[SHA512_BLOCK_SIZE] )
+{
+ return( mbedtls_internal_sha512_process_many_a64_crypto( ctx, data,
+ SHA512_BLOCK_SIZE ) == SHA512_BLOCK_SIZE ) ? 0 : -1;
+}
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+
+#if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+#define mbedtls_internal_sha512_process_many_c mbedtls_internal_sha512_process_many
+#define mbedtls_internal_sha512_process_c mbedtls_internal_sha512_process
+#endif
+
+
+#if !defined(MBEDTLS_SHA512_PROCESS_ALT) && !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+
+int mbedtls_internal_sha512_process_c( mbedtls_sha512_context *ctx,
+ const unsigned char data[SHA512_BLOCK_SIZE] )
{
int i;
struct
@@ -291,7 +647,68 @@
return( 0 );
}
-#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
+#endif /* !MBEDTLS_SHA512_PROCESS_ALT && !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+
+#if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+
+static size_t mbedtls_internal_sha512_process_many_c(
+ mbedtls_sha512_context *ctx, const uint8_t *data, size_t len)
+{
+ size_t processed = 0;
+
+ while( len >= SHA512_BLOCK_SIZE )
+ {
+ if( mbedtls_internal_sha512_process_c( ctx, data ) != 0)
+ return( 0 );
+
+ data += SHA512_BLOCK_SIZE;
+ len -= SHA512_BLOCK_SIZE;
+
+ processed += SHA512_BLOCK_SIZE;
+ }
+
+ return( processed );
+}
+
+#endif /* !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+
+int mbedtls_a64_crypto_sha512_has_support( void )
+{
+ static int done = 0;
+ static int supported = 0;
+
+ if( !done )
+ {
+ supported = mbedtls_a64_crypto_sha512_determine_support();
+ done = 1;
+ }
+
+ return( supported );
+}
+
+static size_t mbedtls_internal_sha512_process_many( mbedtls_sha512_context *ctx,
+ const uint8_t *msg, size_t len )
+{
+ if( mbedtls_a64_crypto_sha512_has_support() )
+ return( mbedtls_internal_sha512_process_many_a64_crypto( ctx, msg, len ) );
+ else
+ return( mbedtls_internal_sha512_process_many_c( ctx, msg, len ) );
+}
+
+int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
+ const unsigned char data[SHA512_BLOCK_SIZE] )
+{
+ if( mbedtls_a64_crypto_sha512_has_support() )
+ return( mbedtls_internal_sha512_process_a64_crypto( ctx, data ) );
+ else
+ return( mbedtls_internal_sha512_process_c( ctx, data ) );
+}
+
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
/*
* SHA-512 process buffer
@@ -311,7 +728,7 @@
return( 0 );
left = (unsigned int) (ctx->total[0] & 0x7F);
- fill = 128 - left;
+ fill = SHA512_BLOCK_SIZE - left;
ctx->total[0] += (uint64_t) ilen;
@@ -330,13 +747,15 @@
left = 0;
}
- while( ilen >= 128 )
+ while( ilen >= SHA512_BLOCK_SIZE )
{
- if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 )
- return( ret );
+ size_t processed =
+ mbedtls_internal_sha512_process_many( ctx, input, ilen );
+ if( processed < SHA512_BLOCK_SIZE )
+ return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
- input += 128;
- ilen -= 128;
+ input += processed;
+ ilen -= processed;
}
if( ilen > 0 )
@@ -373,7 +792,7 @@
else
{
/* We'll need an extra block */
- memset( ctx->buffer + used, 0, 128 - used );
+ memset( ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used );
if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
return( ret );
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 358169e..3be4b45 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -68,15 +68,21 @@
void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
+#else
mbedtls_md_init( &ctx->hmac_ctx );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_HAVE_TIME)
ctx->serial = 0;
#endif
ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
@@ -86,11 +92,15 @@
void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( ctx->psa_hmac_key );
+#else
mbedtls_md_free( &ctx->hmac_ctx );
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_free( &ctx->mutex );
#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
}
@@ -99,6 +109,33 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_algorithm_t alg;
+
+ (void)f_rng;
+ (void)p_rng;
+
+ alg = mbedtls_psa_translate_md( COOKIE_MD );
+ if( alg == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+ ctx->psa_hmac_alg = PSA_ALG_TRUNCATED_MAC( PSA_ALG_HMAC( alg ),
+ COOKIE_HMAC_LEN );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE |
+ PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, ctx->psa_hmac_alg );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+ psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( COOKIE_MD_OUTLEN ) );
+
+ if( ( status = psa_generate_key( &attributes,
+ &ctx->psa_hmac_key ) ) != PSA_SUCCESS )
+ {
+ return psa_ssl_status_to_mbedtls( status );
+ }
+#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char key[COOKIE_MD_OUTLEN];
@@ -114,10 +151,12 @@
return( ret );
mbedtls_platform_zeroize( key, sizeof( key ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( 0 );
}
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Generate the HMAC part of a cookie
*/
@@ -143,6 +182,7 @@
return( 0 );
}
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/*
* Generate cookie for DTLS ClientHello verification
@@ -151,6 +191,11 @@
unsigned char **p, unsigned char *end,
const unsigned char *cli_id, size_t cli_id_len )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t sign_mac_length = 0;
+#endif
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long t;
@@ -169,6 +214,41 @@
MBEDTLS_PUT_UINT32_BE(t, *p, 0);
*p += 4;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_sign_setup( &operation, ctx->psa_hmac_key,
+ ctx->psa_hmac_alg );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_update( &operation, *p - 4, 4 );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_update( &operation, cli_id, cli_id_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_sign_finish( &operation, *p, COOKIE_MD_OUTLEN,
+ &sign_mac_length );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ *p += COOKIE_HMAC_LEN;
+
+ ret = 0;
+#else
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
@@ -182,7 +262,14 @@
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ status = psa_mac_abort( &operation );
+ if( status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( ret );
}
@@ -193,9 +280,14 @@
const unsigned char *cookie, size_t cookie_len,
const unsigned char *cli_id, size_t cli_id_len )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+#else
unsigned char ref_hmac[COOKIE_HMAC_LEN];
- int ret = 0;
unsigned char *p = ref_hmac;
+#endif
+ int ret = 0;
mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
unsigned long cur_time, cookie_time;
@@ -205,6 +297,40 @@
if( cookie_len != COOKIE_LEN )
return( -1 );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_verify_setup( &operation, ctx->psa_hmac_key,
+ ctx->psa_hmac_alg );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_update( &operation, cookie, 4 );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_update( &operation, cli_id,
+ cli_id_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ status = psa_mac_verify_finish( &operation, cookie + 4,
+ COOKIE_HMAC_LEN );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ goto exit;
+ }
+
+ ret = 0;
+#else
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
@@ -231,6 +357,7 @@
ret = -1;
goto exit;
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_HAVE_TIME)
cur_time = (unsigned long) mbedtls_time( NULL );
@@ -250,7 +377,13 @@
}
exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_abort( &operation );
+ if( status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#else
mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
return( ret );
}
#endif /* MBEDTLS_SSL_COOKIE_C */
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 2ffc5f4..29b64dc 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -39,7 +39,7 @@
const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in );
-
+const char *mbedtls_ssl_sig_alg_to_str( uint16_t in );
#endif /* MBEDTLS_DEBUG_C */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e0af4df..a50fe86 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -534,8 +534,6 @@
{
/* Frequently-used boolean or byte fields (placed early to take
* advantage of smaller code size for indirect access on Arm Thumb) */
- uint8_t max_major_ver; /*!< max. major version client*/
- uint8_t max_minor_ver; /*!< max. minor version client*/
uint8_t resume; /*!< session resume indicator*/
uint8_t cli_exts; /*!< client extension presence*/
@@ -618,9 +616,9 @@
#endif
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
- * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
- * in functionality that access to ecdh_ctx structure is needed for
- * MBEDTLS_ECDSA_C which does not seem correct.
+ * to guards in client and server code. There is a gap in functionality that
+ * access to ecdh_ctx structure is needed for MBEDTLS_ECDSA_C which does not
+ * seem correct.
*/
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
@@ -699,14 +697,20 @@
} buffering;
-#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
- unsigned char *verify_cookie; /*!< Cli: HelloVerifyRequest cookie
- * for dtls / tls 1.3
- * Srv: unused */
- unsigned char verify_cookie_len; /*!< Cli: cookie length for
- * dtls / tls 1.3
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ unsigned char *cookie; /*!< HelloVerifyRequest cookie for DTLS
+ * HelloRetryRequest cookie for TLS 1.3 */
+#endif /* MBEDTLS_SSL_CLI_C &&
+ ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ unsigned char verify_cookie_len; /*!< Cli: HelloVerifyRequest cookie
+ * length
* Srv: flag for sending a cookie */
-#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ uint16_t hrr_cookie_len; /*!< HelloRetryRequest cookie length */
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
@@ -949,8 +953,14 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t psa_mac_enc; /*!< MAC (encryption) */
+ mbedtls_svc_key_id_t psa_mac_dec; /*!< MAC (decryption) */
+ psa_algorithm_t psa_mac_alg; /*!< psa MAC algorithm */
+#else
mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */
mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac; /*!< flag for EtM activation */
@@ -1137,6 +1147,11 @@
int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
+static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
+ mbedtls_ssl_states state )
+{
+ ssl->state = ( int ) state;
+}
int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
@@ -1230,14 +1245,27 @@
unsigned update_hs_digest );
int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
+/*
+ * Write handshake message header
+ */
+int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
+ unsigned char **buf, size_t *buf_len );
+
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
- int update_checksum );
+ int update_checksum,
+ int force_flush );
static inline int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
{
- return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */ ) );
+ return( mbedtls_ssl_write_handshake_msg_ext( ssl, 1 /* update checksum */, 1 /* force flush */ ) );
}
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
+/*
+ * Write handshake message tail
+ */
+int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+ size_t buf_len, size_t msg_len );
+
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush );
int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
@@ -1252,8 +1280,17 @@
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
+/*
+ * Update checksum of handshake messages.
+ */
+void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len );
+
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
+int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
+ mbedtls_key_exchange_type_t key_ex );
/**
* Get the first defined PSK by order of precedence:
@@ -1318,7 +1355,10 @@
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
unsigned char mbedtls_ssl_hash_from_md_alg( int md );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
+#endif
int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
#if defined(MBEDTLS_ECP_C)
@@ -1708,13 +1748,6 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
-
-static inline void mbedtls_ssl_handshake_set_state( mbedtls_ssl_context *ssl,
- mbedtls_ssl_states state )
-{
- ssl->state = ( int ) state;
-}
-
/*
* Fetch TLS 1.3 handshake message header
*/
@@ -1724,14 +1757,6 @@
size_t *buf_len );
/*
- * Write TLS 1.3 handshake message header
- */
-int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buf_len );
-
-/*
* Handler of TLS 1.3 server certificate message
*/
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
@@ -1759,25 +1784,6 @@
*/
int mbedtls_ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl );
-/*
- * Write TLS 1.3 handshake message tail
- */
-int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
- size_t buf_len,
- size_t msg_len );
-
-void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- size_t total_hs_len );
-
-/*
- * Update checksum of handshake messages.
- */
-void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len );
-
int mbedtls_ssl_reset_transcript_for_hrr( mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -1942,6 +1948,97 @@
return( 0 );
}
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+ uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
+{
+ *pk_type = MBEDTLS_PK_NONE;
+ *md_alg = MBEDTLS_MD_NONE;
+
+ switch( sig_alg )
+ {
+#if defined(MBEDTLS_ECDSA_C)
+
+#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
+ *md_alg = MBEDTLS_MD_SHA256;
+ *pk_type = MBEDTLS_PK_ECDSA;
+ break;
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
+ *md_alg = MBEDTLS_MD_SHA384;
+ *pk_type = MBEDTLS_PK_ECDSA;
+ break;
+#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
+ *md_alg = MBEDTLS_MD_SHA512;
+ *pk_type = MBEDTLS_PK_ECDSA;
+ break;
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
+ *md_alg = MBEDTLS_MD_SHA256;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+ *md_alg = MBEDTLS_MD_SHA384;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+ *md_alg = MBEDTLS_MD_SHA512;
+ *pk_type = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_SHA512_C */
+
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
+
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
+ *md_alg = MBEDTLS_MD_SHA256;
+ *pk_type = MBEDTLS_PK_RSA;
+ break;
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
+ *md_alg = MBEDTLS_MD_SHA384;
+ *pk_type = MBEDTLS_PK_RSA;
+ break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
+ *md_alg = MBEDTLS_MD_SHA512;
+ *pk_type = MBEDTLS_PK_RSA;
+ break;
+#endif /* MBEDTLS_SHA512_C */
+
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */
+
+ default:
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+ return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
static inline int mbedtls_ssl_sig_alg_is_supported(
const mbedtls_ssl_context *ssl,
const uint16_t sig_alg )
@@ -2013,52 +2110,10 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4)
{
- switch( sig_alg )
- {
-#if defined(MBEDTLS_SHA256_C) && \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
- defined(MBEDTLS_ECDSA_C)
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
- break;
-#endif /* MBEDTLS_SHA256_C &&
- MBEDTLS_ECP_DP_SECP256R1_ENABLED &&
- MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_SHA384_C) && \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
- defined(MBEDTLS_ECDSA_C)
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
- break;
-#endif /* MBEDTLS_SHA384_C &&
- MBEDTLS_ECP_DP_SECP384R1_ENABLED &&
- MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_SHA512_C) && \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
- defined(MBEDTLS_ECDSA_C)
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
- break;
-#endif /* MBEDTLS_SHA512_C &&
- MBEDTLS_ECP_DP_SECP521R1_ENABLED &&
- MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_SHA256_C) && \
- defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
- break;
-#endif /* MBEDTLS_SHA256_C &&
- MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-
-#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_RSA_C)
- case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
- break;
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_RSA_C*/
-
- default:
- return( 0 );
- }
-
- return( 1 );
+ mbedtls_pk_type_t pk_type;
+ mbedtls_md_type_t md_alg;
+ return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+ sig_alg, &pk_type, &md_alg ) );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
((void) ssl);
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 5f80ed5..4eac24b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -673,11 +673,35 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t sign_mac_length = 0;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
transform->minor_ver,
transform->taglen );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_sign_setup( &operation, transform->psa_mac_enc,
+ transform->psa_mac_alg );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_disabled;
+
+ status = psa_mac_update( &operation, add_data, add_data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_disabled;
+
+ status = psa_mac_update( &operation, data, rec->data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_disabled;
+
+ status = psa_mac_sign_finish( &operation, mac, MBEDTLS_SSL_MAC_ADD,
+ &sign_mac_length );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_disabled;
+#else
ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
add_data_len );
if( ret != 0 )
@@ -691,6 +715,7 @@
ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
if( ret != 0 )
goto hmac_failed_etm_disabled;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
memcpy( data + rec->data_len, mac, transform->maclen );
#endif
@@ -704,6 +729,12 @@
hmac_failed_etm_disabled:
mbedtls_platform_zeroize( mac, transform->maclen );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
@@ -998,6 +1029,10 @@
if( auth_done == 0 )
{
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ size_t sign_mac_length = 0;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* MAC(MAC_write_key, seq_num +
@@ -1021,6 +1056,25 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
add_data_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_sign_setup( &operation, transform->psa_mac_enc,
+ transform->psa_mac_alg );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_update( &operation, add_data, add_data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_update( &operation, data, rec->data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_sign_finish( &operation, mac, MBEDTLS_SSL_MAC_ADD,
+ &sign_mac_length );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+#else
ret = mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
add_data_len );
@@ -1036,6 +1090,7 @@
ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
if( ret != 0 )
goto hmac_failed_etm_enabled;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
memcpy( data + rec->data_len, mac, transform->maclen );
@@ -1045,6 +1100,12 @@
hmac_failed_etm_enabled:
mbedtls_platform_zeroize( mac, transform->maclen );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "HMAC calculation failed", ret );
@@ -1331,7 +1392,11 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+#else
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
@@ -1353,6 +1418,26 @@
/* Calculate expected MAC. */
MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data,
add_data_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_mac_verify_setup( &operation, transform->psa_mac_dec,
+ transform->psa_mac_alg );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_update( &operation, add_data, add_data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ status = psa_mac_update( &operation, data, rec->data_len );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+
+ /* Compare expected MAC with MAC at the end of the record. */
+ status = psa_mac_verify_finish( &operation, data + rec->data_len,
+ transform->maclen );
+ if( status != PSA_SUCCESS )
+ goto hmac_failed_etm_enabled;
+#else
ret = mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data,
add_data_len );
if( ret != 0 )
@@ -1381,10 +1466,18 @@
ret = MBEDTLS_ERR_SSL_INVALID_MAC;
goto hmac_failed_etm_enabled;
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
auth_done++;
hmac_failed_etm_enabled:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = psa_ssl_status_to_mbedtls( status );
+ status = psa_mac_abort( &operation );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = psa_ssl_status_to_mbedtls( status );
+#else
mbedtls_platform_zeroize( mac_expect, transform->maclen );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
if( ret != MBEDTLS_ERR_SSL_INVALID_MAC )
@@ -1621,10 +1714,18 @@
const size_t max_len = rec->data_len + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ ret = mbedtls_ct_hmac( transform->psa_mac_dec,
+ transform->psa_mac_alg,
+ add_data, add_data_len,
+ data, rec->data_len, min_len, max_len,
+ mac_expect );
+#else
ret = mbedtls_ct_hmac( &transform->md_ctx_dec,
add_data, add_data_len,
data, rec->data_len, min_len, max_len,
mac_expect );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ct_hmac", ret );
@@ -1820,7 +1921,7 @@
{
len = in_buf_len - ( ssl->in_hdr - ssl->in_buf );
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
timeout = ssl->handshake->retransmit_timeout;
else
timeout = ssl->conf->read_timeout;
@@ -1844,7 +1945,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
mbedtls_ssl_set_timer( ssl, 0 );
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
if( ssl_double_retransmit_timeout( ssl ) != 0 )
{
@@ -2157,7 +2258,7 @@
( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
cur->p[0] == MBEDTLS_SSL_HS_FINISHED );
- uint8_t const force_flush = ssl->disable_datagram_packing == 1 ?
+ int const force_flush = ssl->disable_datagram_packing == 1 ?
SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
/* Swap epochs before sending Finished: we can't do it after
@@ -2279,7 +2380,7 @@
return( ret );
/* Update state and set timer */
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
else
{
@@ -2344,6 +2445,24 @@
/*
* Handshake layer functions
*/
+int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
+ unsigned char **buf, size_t *buf_len )
+{
+ /*
+ * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
+ * ...
+ * HandshakeType msg_type;
+ * uint24 length;
+ * ...
+ */
+ *buf = ssl->out_msg + 4;
+ *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
+
+ ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+ ssl->out_msg[0] = hs_type;
+
+ return( 0 );
+}
/*
* Write (DTLS: or queue) current handshake (including CCS) message.
@@ -2368,7 +2487,8 @@
* - ssl->out_msg: the record contents (handshake headers + content)
*/
int mbedtls_ssl_write_handshake_msg_ext( mbedtls_ssl_context *ssl,
- int update_checksum )
+ int update_checksum,
+ int force_flush )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const size_t hs_len = ssl->out_msglen - 4;
@@ -2495,7 +2615,7 @@
else
#endif
{
- if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
+ if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
return( ret );
@@ -2507,6 +2627,22 @@
return( 0 );
}
+int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
+ size_t buf_len, size_t msg_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t msg_with_header_len;
+ ((void) buf_len);
+
+ /* Add reserved 4 bytes for handshake header */
+ msg_with_header_len = msg_len + 4;
+ ssl->out_msglen = msg_with_header_len;
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0, 0 ) );
+
+cleanup:
+ return( ret );
+}
+
/*
* Record layer functions
*/
@@ -2519,11 +2655,11 @@
* - ssl->out_msglen: length of the record content (excl headers)
* - ssl->out_msg: record content
*/
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, int force_flush )
{
int ret, done = 0;
size_t len = ssl->out_msglen;
- uint8_t flush = force_flush;
+ int flush = force_flush;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
@@ -2835,9 +2971,9 @@
}
if( ssl->handshake != NULL &&
- ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
+ ( ( mbedtls_ssl_is_handshake_over( ssl ) == 0 &&
recv_msg_seq != ssl->handshake->in_msg_seq ) ||
- ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
+ ( mbedtls_ssl_is_handshake_over( ssl ) == 1 &&
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
{
if( recv_msg_seq > ssl->handshake->in_msg_seq )
@@ -2903,7 +3039,7 @@
{
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 && hs != NULL )
{
ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
}
@@ -3524,7 +3660,7 @@
*/
if( rec_epoch == 0 &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
+ mbedtls_ssl_is_handshake_over( ssl ) == 1 &&
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
ssl->in_left > 13 &&
ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
@@ -4681,7 +4817,7 @@
/* Drop unexpected ApplicationData records,
* except at the beginning of renegotiations */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
- ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
+ mbedtls_ssl_is_handshake_over( ssl ) == 0
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->state == MBEDTLS_SSL_SERVER_HELLO )
@@ -4693,7 +4829,7 @@
}
if( ssl->handshake != NULL &&
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ mbedtls_ssl_is_handshake_over( ssl ) == 1 )
{
mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl );
}
@@ -5117,7 +5253,7 @@
int in_ctr_cmp;
int out_ctr_cmp;
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
{
@@ -5295,7 +5431,7 @@
}
#endif
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
ret = mbedtls_ssl_handshake( ssl );
if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
@@ -5406,7 +5542,7 @@
/* We're going to return something now, cancel timer,
* except if handshake (renegotiation) is in progress */
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
mbedtls_ssl_set_timer( ssl, 0 );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -5550,7 +5686,7 @@
}
#endif
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{
@@ -5581,7 +5717,7 @@
if( ssl->out_left != 0 )
return( mbedtls_ssl_flush_output( ssl ) );
- if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 1 )
{
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_WARNING,
@@ -5611,8 +5747,13 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( transform->psa_mac_enc );
+ psa_destroy_key( transform->psa_mac_dec );
+#else
mbedtls_md_free( &transform->md_ctx_enc );
mbedtls_md_free( &transform->md_ctx_dec );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif
mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2220721..857a76c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -120,7 +120,7 @@
*enabled = MBEDTLS_SSL_CID_DISABLED;
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
- ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -475,6 +475,30 @@
}
}
+static void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len )
+{
+ unsigned char hs_hdr[4];
+
+ /* Build HS header for checksum update. */
+ hs_hdr[0] = MBEDTLS_BYTE_0( hs_type );
+ hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
+ hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len );
+ hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len );
+
+ ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
+}
+
+void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len )
+{
+ mbedtls_ssl_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
+ ssl->handshake->update_checksum( ssl, msg, msg_len );
+}
+
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
{
((void) ssl);
@@ -610,9 +634,14 @@
#endif
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
+ transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
+#else
mbedtls_md_init( &transform->md_ctx_enc );
mbedtls_md_init( &transform->md_ctx_dec );
#endif
+#endif
}
void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
@@ -848,12 +877,21 @@
static int ssl_conf_version_check( const mbedtls_ssl_context *ssl )
{
+ const mbedtls_ssl_config *conf = ssl->conf;
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( mbedtls_ssl_conf_is_tls13_only( ssl->conf ) )
+ if( mbedtls_ssl_conf_is_tls13_enabled( conf ) &&
+ ( conf->endpoint == MBEDTLS_SSL_IS_SERVER ) )
{
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS 1.3 server is not supported yet." ) );
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ if( mbedtls_ssl_conf_is_tls13_only( conf ) )
+ {
+ if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS 1.3 is not yet supported." ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls13 only." ) );
@@ -862,7 +900,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( mbedtls_ssl_conf_is_tls12_only( ssl->conf ) )
+ if( mbedtls_ssl_conf_is_tls12_only( conf ) )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "The SSL configuration is tls12 only." ) );
return( 0 );
@@ -870,7 +908,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
- if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( ssl->conf ) )
+ if( mbedtls_ssl_conf_is_hybrid_tls12_tls13( conf ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
@@ -2728,6 +2766,21 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ /*
+ * We may have not been able to send to the peer all the handshake data
+ * that were written into the output buffer by the previous handshake step,
+ * if the write to the network callback returned with the
+ * #MBEDTLS_ERR_SSL_WANT_WRITE error code.
+ * We proceed to the next handshake step only when all data from the
+ * previous one have been sent to the peer, thus we make sure that this is
+ * the case here by calling `mbedtls_ssl_flush_output()`. The function may
+ * return with the #MBEDTLS_ERR_SSL_WANT_WRITE error code in which case
+ * we have to wait before to go ahead.
+ * In the case of TLS 1.3, handshake step handlers do not send data to the
+ * peer. Data are only sent here and through
+ * `mbedtls_ssl_handle_pending_alert` in case an error that triggered an
+ * alert occured.
+ */
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
@@ -2750,7 +2803,7 @@
if( ssl == NULL ||
ssl->conf == NULL ||
ssl->handshake == NULL ||
- ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
+ mbedtls_ssl_is_handshake_over( ssl ) == 1 )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -2833,7 +2886,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
/* Main handshake loop */
- while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ while( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
ret = mbedtls_ssl_handshake_step( ssl );
@@ -2933,7 +2986,7 @@
/* On server, just send the request */
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
@@ -2953,7 +3006,7 @@
*/
if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
{
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 )
@@ -3080,17 +3133,19 @@
mbedtls_pk_free( &handshake->peer_pubkey );
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#if defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
- mbedtls_free( handshake->verify_cookie );
-#endif /* MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ ( defined(MBEDTLS_SSL_PROTO_DTLS) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
+ mbedtls_free( handshake->cookie );
+#endif /* MBEDTLS_SSL_CLI_C &&
+ ( MBEDTLS_SSL_PROTO_DTLS || MBEDTLS_SSL_PROTO_TLS1_3 ) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
mbedtls_ssl_flight_free( handshake->flight );
mbedtls_ssl_buffering_free( ssl );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(MBEDTLS_ECDH_C) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_ECDH_C) && \
+ ( defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) )
psa_destroy_key( handshake->ecdh_psa_privkey );
#endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */
@@ -3235,7 +3290,7 @@
* (only DTLS) but are currently used to simplify the implementation.
*/
/* The initial handshake must be over */
- if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( mbedtls_ssl_is_handshake_over( ssl ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -3917,6 +3972,14 @@
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C)
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C)
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */
+
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
@@ -4487,37 +4550,6 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
-{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- return( -1 );
-
- switch( md )
- {
-#if defined(MBEDTLS_SHA384_C)
- case MBEDTLS_SSL_HASH_SHA384:
- ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
- break;
-#endif
-#if defined(MBEDTLS_SHA256_C)
- case MBEDTLS_SSL_HASH_SHA256:
- ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
- break;
-#endif
- default:
- return( -1 );
- }
-
- return 0;
-#else /* !MBEDTLS_SSL_PROTO_TLS1_2 */
- (void) ssl;
- (void) md;
-
- return( -1 );
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-}
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md,
@@ -5196,20 +5228,16 @@
* Set appropriate PRF function and other SSL / TLS1.2 functions
*
* Inputs:
- * - SSL/TLS minor version
* - hash associated with the ciphersuite (only used by TLS 1.2)
*
* Outputs:
* - the tls_prf, calc_verify and calc_finished members of handshake structure
*/
static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
- int minor_ver,
mbedtls_md_type_t hash )
{
-
#if defined(MBEDTLS_SHA384_C)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
- hash == MBEDTLS_MD_SHA384 )
+ if( hash == MBEDTLS_MD_SHA384 )
{
handshake->tls_prf = tls_prf_sha384;
handshake->calc_verify = ssl_calc_verify_tls_sha384;
@@ -5218,20 +5246,19 @@
else
#endif
#if defined(MBEDTLS_SHA256_C)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
+ (void) hash;
handshake->tls_prf = tls_prf_sha256;
handshake->calc_verify = ssl_calc_verify_tls_sha256;
handshake->calc_finished = ssl_calc_finished_tls_sha256;
}
- else
-#endif
+#else
{
- (void) hash;
- (void) minor_ver;
(void) handshake;
+ (void) hash;
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
+#endif
return( 0 );
}
@@ -5270,7 +5297,7 @@
* [in] ssl: optionally used for debugging, EMS and PSA-PSK
* debug: conf->f_dbg, conf->p_dbg
* EMS: passed to calc_verify (debug + session_negotiate)
- * PSA-PSA: minor_ver, conf
+ * PSA-PSA: conf
*/
static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
unsigned char *master,
@@ -5331,7 +5358,6 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
ssl_use_opaque_psk( ssl ) == 1 )
{
/* Perform PSK-to-MS expansion in a single step. */
@@ -5409,7 +5435,6 @@
/* Set PRF, calc_verify and calc_finished function pointers */
ret = ssl_set_handshake_prfs( ssl->handshake,
- ssl->minor_ver,
ciphersuite_info->mac );
if( ret != 0 )
{
@@ -5467,6 +5492,27 @@
return( 0 );
}
+int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
+{
+ switch( md )
+ {
+#if defined(MBEDTLS_SHA384_C)
+ case MBEDTLS_SSL_HASH_SHA384:
+ ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_SSL_HASH_SHA256:
+ ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
+ break;
+#endif
+ default:
+ return( -1 );
+ }
+
+ return( 0 );
+}
+
#if defined(MBEDTLS_SHA256_C)
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
unsigned char *hash,
@@ -7033,12 +7079,15 @@
size_t keylen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
const mbedtls_cipher_info_t *cipher_info;
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
const mbedtls_md_info_t *md_info;
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
+ psa_algorithm_t mac_alg = 0;
size_t key_bits;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif
@@ -7093,6 +7142,15 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mac_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
+ if( mac_alg == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_psa_translate_md for %u not found",
+ (unsigned) ciphersuite_info->mac ) );
+ return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ }
+#else
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
if( md_info == NULL )
{
@@ -7100,6 +7158,7 @@
(unsigned) ciphersuite_info->mac ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Copy own and peer's CID if the use of the CID
@@ -7181,6 +7240,10 @@
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Get MAC length */
+ mac_key_len = PSA_HASH_LENGTH(mac_alg);
+#else
/* Initialize HMAC contexts */
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
@@ -7191,6 +7254,7 @@
/* Get MAC length */
mac_key_len = mbedtls_md_get_size( md_info );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
transform->maclen = mac_key_len;
/* IV length */
@@ -7295,23 +7359,6 @@
goto end;
}
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
- /* For HMAC-based ciphersuites, initialize the HMAC transforms.
- For AEAD-based ciphersuites, there is nothing to do here. */
- if( mac_key_len != 0 )
- {
- ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
- if( ret != 0 )
- goto end;
- ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
- if( ret != 0 )
- goto end;
- }
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
-
- ((void) mac_dec);
- ((void) mac_enc);
-
if( ssl != NULL && ssl->f_export_keys != NULL )
{
ssl->f_export_keys( ssl->p_export_keys,
@@ -7416,6 +7463,58 @@
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+ /* For HMAC-based ciphersuites, initialize the HMAC transforms.
+ For AEAD-based ciphersuites, there is nothing to do here. */
+ if( mac_key_len != 0 )
+ {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ transform->psa_mac_alg = PSA_ALG_HMAC( mac_alg );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( mac_alg ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+ if( ( status = psa_import_key( &attributes,
+ mac_enc, mac_key_len,
+ &transform->psa_mac_enc ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
+ goto end;
+ }
+
+ if( ( transform->psa_alg == MBEDTLS_SSL_NULL_CIPHER ) ||
+ ( ( transform->psa_alg == PSA_ALG_CBC_NO_PADDING ) &&
+ ( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ) ) )
+ /* mbedtls_ct_hmac() requires the key to be exportable */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_VERIFY_HASH );
+ else
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+
+ if( ( status = psa_import_key( &attributes,
+ mac_dec, mac_key_len,
+ &transform->psa_mac_dec ) ) != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_import_mac_key", ret );
+ goto end;
+ }
+#else
+ ret = mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
+ if( ret != 0 )
+ goto end;
+ ret = mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
+ if( ret != 0 )
+ goto end;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ }
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+
+ ((void) mac_dec);
+ ((void) mac_enc);
+
end:
mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) );
return( ret );
diff --git a/library/ssl_cli.c b/library/ssl_tls12_client.c
similarity index 93%
rename from library/ssl_cli.c
rename to library/ssl_tls12_client.c
index 98b8978..7b609e9 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_tls12_client.c
@@ -608,7 +608,7 @@
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->handshake->verify_cookie != NULL )
+ ssl->handshake->cookie != NULL )
{
return( 0 );
}
@@ -681,6 +681,118 @@
return( 0 );
}
+static int ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ int uses_ec,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ size_t ext_len = 0;
+
+ (void) ssl;
+ (void) end;
+ (void) uses_ec;
+ (void) ret;
+ (void) ext_len;
+
+ *out_len = 0;
+
+ /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
+ * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( ( ret = ssl_write_renegotiation_ext( ssl, p, end, &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+#endif
+
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( uses_ec )
+ {
+ if( ( ret = ssl_write_supported_point_formats_ext( ssl, p, end,
+ &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+ }
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p, end, &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( ( ret = ssl_write_cid_ext( ssl, p, end, &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if( ( ret = ssl_write_max_fragment_length_ext( ssl, p, end,
+ &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p, end, &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( ( ret = ssl_write_extended_ms_ext( ssl, p, end, &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ if( ( ret = ssl_write_use_srtp_ext( ssl, p, end, &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( ( ret = ssl_write_session_ticket_ext( ssl, p, end, &ext_len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
+ return( ret );
+ }
+ p += ext_len;
+#endif
+
+ *out_len = p - buf;
+
+ return( 0 );
+}
+
static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -692,10 +804,7 @@
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
int uses_ec = 0;
-#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
@@ -846,7 +955,7 @@
{
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
- if( ssl->handshake->verify_cookie == NULL )
+ if( ssl->handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
*p++ = 0;
@@ -854,15 +963,15 @@
else
{
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
- ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
+ ssl->handshake->cookie,
+ ssl->handshake->verify_cookie_len );
*p++ = ssl->handshake->verify_cookie_len;
MBEDTLS_SSL_CHK_BUF_PTR( p, end,
ssl->handshake->verify_cookie_len );
- memcpy( p, ssl->handshake->verify_cookie,
- ssl->handshake->verify_cookie_len );
+ memcpy( p, ssl->handshake->cookie,
+ ssl->handshake->verify_cookie_len );
p += ssl->handshake->verify_cookie_len;
}
}
@@ -946,13 +1055,10 @@
ext_len += olen;
#endif
- /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
- * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
+#if defined(MBEDTLS_SSL_ALPN)
+ if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
return( ret );
}
ext_len += olen;
@@ -979,101 +1085,18 @@
return( ret );
}
ext_len += olen;
-
- if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
- return( ret );
- }
- ext_len += olen;
}
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
+ ret = ssl_tls12_write_client_hello_exts( ssl, p + 2 + ext_len, end, uses_ec,
+ &olen );
+ if( ret != 0 )
return( ret );
- }
ext_len += olen;
-#endif
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ALPN)
- if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
- if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len,
- end, &olen ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
- return( ret );
- }
- ext_len += olen;
-#endif
-
- /* olen unused if all extensions are disabled */
- ((void) olen);
-
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
- ext_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
+ ext_len ) );
if( ext_len > 0 )
{
@@ -1645,16 +1668,16 @@
}
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
- mbedtls_free( ssl->handshake->verify_cookie );
+ mbedtls_free( ssl->handshake->cookie );
- ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( ssl->handshake->verify_cookie == NULL )
+ ssl->handshake->cookie = mbedtls_calloc( 1, cookie_len );
+ if( ssl->handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
- memcpy( ssl->handshake->verify_cookie, p, cookie_len );
+ memcpy( ssl->handshake->cookie, p, cookie_len );
ssl->handshake->verify_cookie_len = cookie_len;
/* Start over at ClientHello */
@@ -1736,8 +1759,8 @@
else
{
/* We made it through the verification process */
- mbedtls_free( ssl->handshake->verify_cookie );
- ssl->handshake->verify_cookie = NULL;
+ mbedtls_free( ssl->handshake->cookie );
+ ssl->handshake->cookie = NULL;
ssl->handshake->verify_cookie_len = 0;
}
}
@@ -2242,8 +2265,9 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+ ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
+ ( defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ) )
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
{
const mbedtls_ecp_curve_info *curve_info;
@@ -2274,8 +2298,9 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+ ( !MBEDTLS_USE_PSA_CRYPTO &&
+ ( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) ) */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
@@ -2459,8 +2484,8 @@
* opaque random[46];
* } PreMasterSecret;
*/
- mbedtls_ssl_write_version( ssl->conf->max_major_ver,
- ssl->conf->max_minor_ver,
+ mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_3,
ssl->conf->transport, p );
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
@@ -2529,12 +2554,6 @@
*md_alg = MBEDTLS_MD_NONE;
*pk_alg = MBEDTLS_PK_NONE;
- /* Only in TLS 1.2 */
- if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- return( 0 );
- }
-
if( (*p) + 2 > end )
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
@@ -2610,6 +2629,42 @@
peer_key = mbedtls_pk_ec( *peer_pk );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ size_t ecdh_bits = 0;
+ size_t olen = 0;
+
+ if( mbedtls_ssl_check_curve( ssl, peer_key->grp.id ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
+ }
+
+ ssl->handshake->ecdh_psa_type =
+ PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa( peer_key->grp.id,
+ &ecdh_bits ) );
+
+ if( ssl->handshake->ecdh_psa_type == 0 || ecdh_bits > 0xffff )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid ecc group conversion to psa." ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ ssl->handshake->ecdh_bits = (uint16_t) ecdh_bits;
+
+ /* Store peer's public key in psa format. */
+ ret = mbedtls_ecp_point_write_binary( &peer_key->grp, &peer_key->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
+ ssl->handshake->ecdh_psa_peerkey,
+ MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH );
+
+ if ( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecp_point_write_binary" ), ret );
+ return( ret );
+ }
+
+ ssl->handshake->ecdh_psa_peerkey_len = olen;
+#else
if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
MBEDTLS_ECDH_THEIRS ) ) != 0 )
{
@@ -2622,7 +2677,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE );
}
-
+#endif
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
* so that more RAM is available for upcoming expensive
@@ -2865,36 +2920,28 @@
/*
* Handle the digitally-signed structure
*/
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( ssl_parse_signature_algorithm( ssl, &p, end,
+ &md_alg, &pk_alg ) != 0 )
{
- if( ssl_parse_signature_algorithm( ssl, &p, end,
- &md_alg, &pk_alg ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
-
- if( pk_alg !=
- mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- else
+
+ if( pk_alg !=
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
/*
@@ -3036,6 +3083,10 @@
size_t cert_type_len = 0, dn_len = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
+ size_t sig_alg_len;
+#if defined(MBEDTLS_DEBUG_C)
+ unsigned char *sig_alg;
+#endif
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@@ -3132,52 +3183,43 @@
}
/* supported_signature_algorithms */
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
+ | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
+
+ /*
+ * The furthest access in buf is in the loop few lines below:
+ * sig_alg[i + 1],
+ * where:
+ * sig_alg = buf + ...hdr_len + 3 + n,
+ * max(i) = sig_alg_len - 1.
+ * Therefore the furthest access is:
+ * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
+ * which reduces to:
+ * buf[...hdr_len + 3 + n + sig_alg_len],
+ * which is one less than we need the buf to be.
+ */
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
{
- size_t sig_alg_len =
- ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
- | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
-#if defined(MBEDTLS_DEBUG_C)
- unsigned char* sig_alg;
- size_t i;
-#endif
-
- /*
- * The furthest access in buf is in the loop few lines below:
- * sig_alg[i + 1],
- * where:
- * sig_alg = buf + ...hdr_len + 3 + n,
- * max(i) = sig_alg_len - 1.
- * Therefore the furthest access is:
- * buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
- * which reduces to:
- * buf[...hdr_len + 3 + n + sig_alg_len],
- * which is one less than we need the buf to be.
- */
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl )
- + 3 + n + sig_alg_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message(
- ssl,
- MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
-
-#if defined(MBEDTLS_DEBUG_C)
- sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
- for( i = 0; i < sig_alg_len; i += 2 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "Supported Signature Algorithm found: %d,%d",
- sig_alg[i], sig_alg[i + 1] ) );
- }
-#endif
-
- n += 2 + sig_alg_len;
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
+#if defined(MBEDTLS_DEBUG_C)
+ sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
+ for( size_t i = 0; i < sig_alg_len; i += 2 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "Supported Signature Algorithm found: %d,%d",
+ sig_alg[i], sig_alg[i + 1] ) );
+ }
+#endif
+
+ n += 2 + sig_alg_len;
+
/* certificate_authorities */
dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
| ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
@@ -3288,9 +3330,13 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
+ ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -3366,7 +3412,9 @@
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
+ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
+ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
@@ -3568,7 +3616,6 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
- ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
@@ -3739,45 +3786,37 @@
ssl->handshake->calc_verify( ssl, hash, &hashlen );
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ /*
+ * digitally-signed struct {
+ * opaque handshake_messages[handshake_messages_length];
+ * };
+ *
+ * Taking shortcut here. We assume that the server always allows the
+ * PRF Hash function and has sent it in the allowed signature
+ * algorithms list received in the Certificate Request message.
+ *
+ * Until we encounter a server that does not, we will take this
+ * shortcut.
+ *
+ * Reason: Otherwise we should have running hashes for SHA512 and
+ * SHA224 in order to satisfy 'weird' needs from the server
+ * side.
+ */
+ if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
- /*
- * digitally-signed struct {
- * opaque handshake_messages[handshake_messages_length];
- * };
- *
- * Taking shortcut here. We assume that the server always allows the
- * PRF Hash function and has sent it in the allowed signature
- * algorithms list received in the Certificate Request message.
- *
- * Until we encounter a server that does not, we will take this
- * shortcut.
- *
- * Reason: Otherwise we should have running hashes for SHA512 and
- * SHA224 in order to satisfy 'weird' needs from the server
- * side.
- */
- if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
- {
- md_alg = MBEDTLS_MD_SHA384;
- ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
- }
- else
- {
- md_alg = MBEDTLS_MD_SHA256;
- ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
- }
- ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
-
- /* Info from md_alg will be used instead */
- hashlen = 0;
- offset = 2;
+ md_alg = MBEDTLS_MD_SHA384;
+ ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
}
else
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ md_alg = MBEDTLS_MD_SHA256;
+ ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
}
+ ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
+
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
+ offset = 2;
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ssl->handshake->ecrs_enabled )
diff --git a/library/ssl_srv.c b/library/ssl_tls12_server.c
similarity index 95%
rename from library/ssl_srv.c
rename to library/ssl_tls12_server.c
index 094fca8..fe81e34 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_tls12_server.c
@@ -1011,23 +1011,6 @@
}
#endif
- /*
- * Try to select a SHA-1 certificate for pre-1.2 clients, but still
- * present them a SHA-higher cert rather than failing if it's the only
- * one we got that satisfies the other conditions.
- */
- if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 &&
- cur->cert->sig_md != MBEDTLS_MD_SHA1 )
- {
- if( fallback == NULL )
- fallback = cur;
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
- "sha-2 with pre-TLS 1.2 client" ) );
- continue;
- }
- }
-
/* If we get there, we got a winner */
break;
}
@@ -1120,16 +1103,13 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* If the ciphersuite requires signing, check whether
* a suitable hash algorithm is present. */
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
+ if( sig_type != MBEDTLS_PK_NONE &&
+ mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
{
- sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
- if( sig_type != MBEDTLS_PK_NONE &&
- mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
- "for signature algorithm %u", (unsigned) sig_type ) );
- return( 0 );
- }
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
+ "for signature algorithm %u", (unsigned) sig_type ) );
+ return( 0 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@@ -1435,29 +1415,15 @@
ssl->conf->transport, buf );
ssl->session_negotiate->minor_ver = ssl->minor_ver;
- ssl->handshake->max_major_ver = ssl->major_ver;
- ssl->handshake->max_minor_ver = ssl->minor_ver;
-
- if( ssl->major_ver < ssl->conf->min_major_ver ||
- ssl->minor_ver < ssl->conf->min_minor_ver )
+ if( ( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) ||
+ ( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
- " [%d:%d] < [%d:%d]",
- ssl->major_ver, ssl->minor_ver,
- ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "server only supports TLS 1.2" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION );
}
- if( ssl->major_ver > ssl->conf->max_major_ver )
- {
- ssl->major_ver = ssl->conf->max_major_ver;
- ssl->minor_ver = ssl->conf->max_minor_ver;
- }
- else if( ssl->minor_ver > ssl->conf->max_minor_ver )
- ssl->minor_ver = ssl->conf->max_minor_ver;
-
/*
* Save client random (inc. Unix time)
*/
@@ -1962,21 +1928,18 @@
/* Debugging-only output for testsuite */
#if defined(MBEDTLS_DEBUG_C) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
+ if( sig_alg != MBEDTLS_PK_NONE )
{
- mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
- if( sig_alg != MBEDTLS_PK_NONE )
- {
- mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
- sig_alg );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
- mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
- "%u - should not happen", (unsigned) sig_alg ) );
- }
+ mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
+ sig_alg );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
+ mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
+ "%u - should not happen", (unsigned) sig_alg ) );
}
#endif
@@ -2047,12 +2010,6 @@
const mbedtls_cipher_info_t *cipher = NULL;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
- {
- *olen = 0;
- return;
- }
-
/*
* RFC 7366: "If a server receives an encrypt-then-MAC request extension
* from a client and then selects a stream or Authenticated Encryption
@@ -2070,6 +2027,11 @@
cipher->mode != MBEDTLS_MODE_CBC )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
+ ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_DISABLED;
+ }
+
+ if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED )
+ {
*olen = 0;
return;
}
@@ -2812,33 +2774,27 @@
* enum { (255) } HashAlgorithm;
* enum { (255) } SignatureAlgorithm;
*/
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
+ if( sig_alg == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
- /*
- * Supported signature algorithms
- */
- const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
- if( sig_alg == NULL )
- return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ unsigned char hash = MBEDTLS_BYTE_1( *sig_alg );
- for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
- {
- unsigned char hash = MBEDTLS_BYTE_1( *sig_alg );
+ if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
+ continue;
+ if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
+ continue;
- if( mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
- continue;
- if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) )
- continue;
-
- MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
- sa_len += 2;
- }
-
- MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( *sig_alg, p, sa_len );
sa_len += 2;
- p += sa_len;
}
+ MBEDTLS_PUT_UINT16_BE( sa_len, p, 0 );
+ sa_len += 2;
+ p += sa_len;
+
/*
* DistinguishedName certificate_authorities<0..2^16-1>;
* opaque DistinguishedName<1..2^16-1>;
@@ -3261,26 +3217,18 @@
*/
mbedtls_md_type_t md_alg;
-
mbedtls_pk_type_t sig_alg =
mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- /* For TLS 1.2, obey signature-hash-algorithm extension
- * (RFC 5246, Sec. 7.4.1.4.1). */
- if( sig_alg == MBEDTLS_PK_NONE ||
- ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
- sig_alg ) ) == MBEDTLS_MD_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- /* (... because we choose a cipher suite
- * only if there is a matching hash.) */
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
- }
- else
+
+ /* For TLS 1.2, obey signature-hash-algorithm extension
+ * (RFC 5246, Sec. 7.4.1.4.1). */
+ if( sig_alg == MBEDTLS_PK_NONE ||
+ ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
+ sig_alg ) ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ /* (... because we choose a cipher suite
+ * only if there is a matching hash.) */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
@@ -3309,29 +3257,24 @@
/*
* 2.3: Compute and add the signature
*/
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- /*
- * For TLS 1.2, we need to specify signature and hash algorithm
- * explicitly through a prefix to the signature.
- *
- * struct {
- * HashAlgorithm hash;
- * SignatureAlgorithm signature;
- * } SignatureAndHashAlgorithm;
- *
- * struct {
- * SignatureAndHashAlgorithm algorithm;
- * opaque signature<0..2^16-1>;
- * } DigitallySigned;
- *
- */
+ /*
+ * We need to specify signature and hash algorithm explicitly through
+ * a prefix to the signature.
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * struct {
+ * SignatureAndHashAlgorithm algorithm;
+ * opaque signature<0..2^16-1>;
+ * } DigitallySigned;
+ *
+ */
- ssl->out_msg[ssl->out_msglen++] =
- mbedtls_ssl_hash_from_md_alg( md_alg );
- ssl->out_msg[ssl->out_msglen++] =
- mbedtls_ssl_sig_from_pk_alg( sig_alg );
- }
+ ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_hash_from_md_alg( md_alg );
+ ssl->out_msg[ssl->out_msglen++] = mbedtls_ssl_sig_from_pk_alg( sig_alg );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_sign_start != NULL )
@@ -3703,8 +3646,8 @@
return( ret );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
- ssl->handshake->max_minor_ver,
+ mbedtls_ssl_write_version( MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_3,
ssl->conf->transport, ver );
/* Avoid data-dependent branches while checking for invalid
@@ -4279,64 +4222,56 @@
* opaque signature<0..2^16-1>;
* } DigitallySigned;
*/
- if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( i + 2 > ssl->in_hslen )
{
- if( i + 2 > ssl->in_hslen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
- return( MBEDTLS_ERR_SSL_DECODE_ERROR );
- }
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
+ return( MBEDTLS_ERR_SSL_DECODE_ERROR );
+ }
- /*
- * Hash
- */
- md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
+ /*
+ * Hash
+ */
+ md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
- if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
- " for verify message" ) );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
+ if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
#if !defined(MBEDTLS_MD_SHA1)
- if( MBEDTLS_MD_SHA1 == md_alg )
- hash_start += 16;
+ if( MBEDTLS_MD_SHA1 == md_alg )
+ hash_start += 16;
#endif
- /* Info from md_alg will be used instead */
- hashlen = 0;
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
- i++;
+ i++;
- /*
- * Signature
- */
- if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
- == MBEDTLS_PK_NONE )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
- " for verify message" ) );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
-
- /*
- * Check the certificate's key type matches the signature alg
- */
- if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
- return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
- }
-
- i++;
- }
- else
+ /*
+ * Signature
+ */
+ if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
+ == MBEDTLS_PK_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
+ /*
+ * Check the certificate's key type matches the signature alg
+ */
+ if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+
+ i++;
+
if( i + 2 > ssl->in_hslen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index cd1baa1..9f22e1d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -113,7 +113,10 @@
#if defined(MBEDTLS_SSL_ALPN)
/*
- * ssl_tls13_write_alpn_ext( ) structure:
+ * ssl_tls13_write_alpn_ext()
+ *
+ * Structure of the application_layer_protocol_negotiation extension in
+ * ClientHello:
*
* opaque ProtocolName<1..2^8-1>;
*
@@ -123,28 +126,27 @@
*
*/
static int ssl_tls13_write_alpn_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- const unsigned char *end,
- size_t *olen )
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *out_len )
{
unsigned char *p = buf;
- size_t alpnlen = 0;
- const char **cur;
- *olen = 0;
+ *out_len = 0;
if( ssl->conf->alpn_list == NULL )
return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
- for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- alpnlen += strlen( *cur ) + 1;
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
-
+ /* Check we have enough space for the extension type (2 bytes), the
+ * extension length (2 bytes) and the protocol_name_list length (2 bytes).
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
- p += 2;
+ /* Skip writing extension and list length for now */
+ p += 6;
/*
* opaque ProtocolName<1..2^8-1>;
@@ -153,28 +155,27 @@
* ProtocolName protocol_name_list<2..2^16-1>
* } ProtocolNameList;
*/
-
- /* Skip writing extension and list length for now */
- p += 4;
-
- for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
+ for( const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
{
/*
* mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
* protocol names is less than 255.
*/
- *p = (unsigned char)strlen( *cur );
- memcpy( p + 1, *cur, *p );
- p += 1 + *p;
+ size_t protocol_name_len = strlen( *cur );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 + protocol_name_len );
+ *p++ = (unsigned char)protocol_name_len;
+ memcpy( p, *cur, protocol_name_len );
+ p += protocol_name_len;
}
- *olen = p - buf;
+ *out_len = p - buf;
- /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
- MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
+ /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
+ MBEDTLS_PUT_UINT16_BE( *out_len - 6, buf, 4 );
- /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
- MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
+ /* Extension length = *out_len - 2 (ext_type) - 2 (ext_len) */
+ MBEDTLS_PUT_UINT16_BE( *out_len - 4, buf, 2 );
return( 0 );
}
@@ -230,13 +231,26 @@
static int ssl_tls13_reset_key_share( mbedtls_ssl_context *ssl )
{
uint16_t group_id = ssl->handshake->offered_group_id;
+
if( group_id == 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
#if defined(MBEDTLS_ECDH_C)
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group_id ) )
{
- mbedtls_ecdh_free( &ssl->handshake->ecdh_ctx );
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* Destroy generated private key. */
+ status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
+ if( status != PSA_SUCCESS )
+ {
+ ret = psa_ssl_status_to_mbedtls( status );
+ MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
+ return( ret );
+ }
+
+ ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return( 0 );
}
else
@@ -659,7 +673,7 @@
const unsigned char *buf,
const unsigned char *end )
{
- size_t cookie_len;
+ uint16_t cookie_len;
const unsigned char *p = buf;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -671,19 +685,55 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cookie_len );
MBEDTLS_SSL_DEBUG_BUF( 3, "cookie extension", p, cookie_len );
- mbedtls_free( handshake->verify_cookie );
- handshake->verify_cookie_len = 0;
- handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
- if( handshake->verify_cookie == NULL )
+ mbedtls_free( handshake->cookie );
+ handshake->hrr_cookie_len = 0;
+ handshake->cookie = mbedtls_calloc( 1, cookie_len );
+ if( handshake->cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "alloc failed ( %" MBEDTLS_PRINTF_SIZET " bytes )",
+ ( "alloc failed ( %ud bytes )",
cookie_len ) );
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
- memcpy( handshake->verify_cookie, p, cookie_len );
- handshake->verify_cookie_len = (unsigned char) cookie_len;
+ memcpy( handshake->cookie, p, cookie_len );
+ handshake->hrr_cookie_len = cookie_len;
+
+ return( 0 );
+}
+
+static int ssl_tls13_write_cookie_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ unsigned char *p = buf;
+ *out_len = 0;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+
+ if( handshake->cookie == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no cookie to send; skip extension" ) );
+ return( 0 );
+ }
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
+ handshake->cookie,
+ handshake->hrr_cookie_len );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, handshake->hrr_cookie_len + 6 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding cookie extension" ) );
+
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_COOKIE, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len + 2, p, 2 );
+ MBEDTLS_PUT_UINT16_BE( handshake->hrr_cookie_len, p, 4 );
+ p += 6;
+
+ /* Cookie */
+ memcpy( p, handshake->cookie, handshake->hrr_cookie_len );
+
+ *out_len = handshake->hrr_cookie_len + 6;
return( 0 );
}
@@ -755,6 +805,49 @@
return( 0 );
}
+static int ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ size_t ext_len;
+
+ *out_len = 0;
+
+ /* Write supported_versions extension
+ *
+ * Supported Versions Extension is mandatory with TLS 1.3.
+ */
+ ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &ext_len );
+ if( ret != 0 )
+ return( ret );
+ p += ext_len;
+
+ /* Echo the cookie if the server provided one in its preceding
+ * HelloRetryRequest message.
+ */
+ ret = ssl_tls13_write_cookie_ext( ssl, p, end, &ext_len );
+ if( ret != 0 )
+ return( ret );
+ p += ext_len;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
+ {
+ ret = ssl_tls13_write_key_share_ext( ssl, p, end, &ext_len );
+ if( ret != 0 )
+ return( ret );
+ p += ext_len;
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+
+ *out_len = p - buf;
+
+ return( 0 );
+}
+
/*
* Structure of ClientHello message:
*
@@ -849,54 +942,49 @@
/* Write extensions */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* Keeping track of the included extensions */
ssl->handshake->extensions_present = MBEDTLS_SSL_EXT_NONE;
+#endif
/* First write extensions, then the total length */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
p_extensions_len = p;
p += 2;
- /* Write supported_versions extension
- *
- * Supported Versions Extension is mandatory with TLS 1.3.
- */
- ret = ssl_tls13_write_supported_versions_ext( ssl, p, end, &output_len );
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ ret = ssl_tls13_write_client_hello_exts( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
+#endif
#if defined(MBEDTLS_SSL_ALPN)
- ssl_tls13_write_alpn_ext( ssl, p, end, &output_len );
+ ret = ssl_tls13_write_alpn_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
#endif /* MBEDTLS_SSL_ALPN */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
- /*
- * Add the extensions related to (EC)DHE ephemeral key establishment only if
- * enabled as per the configuration.
- */
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{
ret = mbedtls_ssl_write_supported_groups_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
+ }
- ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
- if( ret != 0 )
- return( ret );
- p += output_len;
-
+ if( mbedtls_ssl_conf_tls13_ephemeral_enabled( ssl ) )
+ {
ret = mbedtls_ssl_write_sig_alg_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/* Write server name extension */
@@ -919,12 +1007,6 @@
return( 0 );
}
-static int ssl_tls13_finalize_client_hello( mbedtls_ssl_context *ssl )
-{
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
- return( 0 );
-}
-
static int ssl_tls13_prepare_client_hello( mbedtls_ssl_context *ssl )
{
int ret;
@@ -978,7 +1060,7 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_client_hello( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg(
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg(
ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
&buf, &buf_len ) );
@@ -986,15 +1068,14 @@
buf + buf_len,
&msg_len ) );
- mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl,
- MBEDTLS_SSL_HS_CLIENT_HELLO,
- msg_len );
- ssl->handshake->update_checksum( ssl, buf, msg_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+ buf, msg_len );
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_client_hello( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
- buf_len,
- msg_len ) );
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
+ buf_len,
+ msg_len ) );
+
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
cleanup:
@@ -1624,9 +1705,8 @@
if( is_hrr )
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_reset_transcript_for_hrr( ssl ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
- MBEDTLS_SSL_HS_SERVER_HELLO,
- buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+ buf, buf_len );
if( is_hrr )
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_hrr( ssl ) );
@@ -1679,8 +1759,8 @@
MBEDTLS_SSL_PROC_CHK(
ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
@@ -1976,8 +2056,8 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_request( ssl,
buf, buf + buf_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ buf, buf_len );
}
else if( ret == SSL_CERTIFICATE_REQUEST_SKIP )
{
@@ -2049,52 +2129,62 @@
ssl,
MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED );
#else
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
-#else
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
return( 0 );
}
/*
- * Handler for MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED
- */
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
-static int ssl_tls13_write_change_cipher_spec( mbedtls_ssl_context *ssl )
-{
- int ret;
-
- ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
- if( ret != 0 )
- return( ret );
-
- return( 0 );
-}
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE
*/
static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
{
+ int non_empty_certificate_msg = 0;
+
MBEDTLS_SSL_DEBUG_MSG( 1,
( "Switch to handshake traffic keys for outbound traffic" ) );
mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
- return( mbedtls_ssl_tls13_write_certificate( ssl ) );
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+ if( ssl->handshake->client_auth )
+ {
+ int ret = mbedtls_ssl_tls13_write_certificate( ssl );
+ if( ret != 0 )
+ return( ret );
+
+ if( mbedtls_ssl_own_cert( ssl ) != NULL )
+ non_empty_certificate_msg = 1;
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "No certificate message to send." ) );
+ }
+#endif
+
+ if( non_empty_certificate_msg )
+ {
+ mbedtls_ssl_handshake_set_state( ssl,
+ MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
+ }
+ else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+
+ return( 0 );
}
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
*/
static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
{
- return( mbedtls_ssl_tls13_write_certificate_verify( ssl ) );
+ int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
+
+ if( ret == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+
+ return( ret );
}
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
@@ -2105,13 +2195,6 @@
{
int ret;
- if( !ssl->handshake->client_auth )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "Switch to handshake traffic keys for outbound traffic" ) );
- mbedtls_ssl_set_outbound_transform( ssl,
- ssl->handshake->transform_handshake );
- }
ret = mbedtls_ssl_tls13_write_finished_message( ssl );
if( ret != 0 )
return( ret );
@@ -2192,11 +2275,11 @@
ret = ssl_tls13_process_server_finished( ssl );
break;
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
ret = ssl_tls13_write_client_certificate( ssl );
break;
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
ret = ssl_tls13_write_client_certificate_verify( ssl );
break;
@@ -2218,9 +2301,16 @@
* Injection of dummy-CCS's for middlebox compatibility
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
- case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
- ret = ssl_tls13_write_change_cipher_spec( ssl );
+ ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
+ if( ret == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+ break;
+
+ case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
+ ret = mbedtls_ssl_tls13_write_change_cipher_spec( ssl );
+ if( ret == 0 )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE );
break;
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f006438..6623e7f 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -32,6 +32,7 @@
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
+#include "ssl_debug_helpers.h"
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
@@ -71,68 +72,6 @@
return( ret );
}
-int mbedtls_ssl_tls13_start_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buf_len )
-{
- /*
- * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
- * ...
- * HandshakeType msg_type;
- * uint24 length;
- * ...
- */
- *buf = ssl->out_msg + 4;
- *buf_len = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
-
- ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
- ssl->out_msg[0] = hs_type;
-
- return( 0 );
-}
-
-int mbedtls_ssl_tls13_finish_handshake_msg( mbedtls_ssl_context *ssl,
- size_t buf_len,
- size_t msg_len )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t msg_with_header_len;
- ((void) buf_len);
-
- /* Add reserved 4 bytes for handshake header */
- msg_with_header_len = msg_len + 4;
- ssl->out_msglen = msg_with_header_len;
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext( ssl, 0 ) );
-
-cleanup:
- return( ret );
-}
-
-void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len )
-{
- mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
- ssl->handshake->update_checksum( ssl, msg, msg_len );
-}
-
-void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- size_t total_hs_len )
-{
- unsigned char hs_hdr[4];
-
- /* Build HS header for checksum update. */
- hs_hdr[0] = MBEDTLS_BYTE_0( hs_type );
- hs_hdr[1] = MBEDTLS_BYTE_2( total_hs_len );
- hs_hdr[2] = MBEDTLS_BYTE_1( total_hs_len );
- hs_hdr[3] = MBEDTLS_BYTE_0( total_hs_len );
-
- ssl->handshake->update_checksum( ssl, hs_hdr, sizeof( hs_hdr ) );
-}
-
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* mbedtls_ssl_tls13_parse_sig_alg_ext()
*
@@ -334,31 +273,10 @@
goto error;
}
- /* We currently only support ECDSA-based signatures */
- switch( algorithm )
+ if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+ algorithm, &sig_alg, &md_alg ) != 0 )
{
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
- md_alg = MBEDTLS_MD_SHA256;
- sig_alg = MBEDTLS_PK_ECDSA;
- break;
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
- md_alg = MBEDTLS_MD_SHA384;
- sig_alg = MBEDTLS_PK_ECDSA;
- break;
- case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
- md_alg = MBEDTLS_MD_SHA512;
- sig_alg = MBEDTLS_PK_ECDSA;
- break;
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
- MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) );
- md_alg = MBEDTLS_MD_SHA256;
- sig_alg = MBEDTLS_PK_RSASSA_PSS;
- break;
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
- default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
- goto error;
+ goto error;
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )",
@@ -499,8 +417,8 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
buf + buf_len, verify_buffer, verify_buffer_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
- MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, buf_len );
cleanup:
@@ -732,24 +650,6 @@
/*
* Secondary checks: always done, but change 'ret' only if it was 0
*/
-
-#if defined(MBEDTLS_ECP_C)
- {
- const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
-
- /* If certificate uses an EC key, make sure the curve is OK */
- if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
- mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
- {
- verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate ( EC key curve )" ) );
- if( ret == 0 )
- ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
- }
- }
-#endif /* MBEDTLS_ECP_C */
-
if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
ssl->handshake->ciphersuite_info,
!ssl->conf->endpoint,
@@ -834,8 +734,8 @@
/* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
- buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+ buf, buf_len );
cleanup:
@@ -847,54 +747,6 @@
return( ret );
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-/*
- * STATE HANDLING: Output Certificate
- */
-/* Check if a certificate should be written, and if yes,
- * if it is available.
- * Returns a negative error code on failure ( such as no certificate
- * being available on the server ), and otherwise
- * SSL_WRITE_CERTIFICATE_SEND or
- * SSL_WRITE_CERTIFICATE_SKIP
- * indicating that a Certificate message should be written based
- * on the configured certificate, or whether it should be silently skipped.
- */
-#define SSL_WRITE_CERTIFICATE_SEND 0
-#define SSL_WRITE_CERTIFICATE_SKIP 1
-
-static int ssl_tls13_write_certificate_coordinate( mbedtls_ssl_context *ssl )
-{
-
- /* For PSK and ECDHE-PSK ciphersuites there is no certificate to exchange. */
- if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
- return( SSL_WRITE_CERTIFICATE_SKIP );
- }
-
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- /* The client MUST send a Certificate message if and only
- * if the server has requested client authentication via a
- * CertificateRequest message.
- *
- * client_auth indicates whether the server had requested
- * client authentication.
- */
- if( ssl->handshake->client_auth == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
- return( SSL_WRITE_CERTIFICATE_SKIP );
- }
- }
-#endif /* MBEDTLS_SSL_CLI_C */
-
- return( SSL_WRITE_CERTIFICATE_SEND );
-
-}
-
/*
* enum {
* X509(0),
@@ -982,63 +834,27 @@
return( 0 );
}
-static int ssl_tls13_finalize_write_certificate( mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- const mbedtls_x509_crt *crt = mbedtls_ssl_own_cert( ssl );
- if( ssl->handshake->client_auth && crt != NULL )
- {
- mbedtls_ssl_handshake_set_state( ssl,
- MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY );
- }
- else
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
- return( 0 );
- }
- else
-#endif /* MBEDTLS_SSL_CLI_C */
- ((void) ssl);
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-
int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl )
{
int ret;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
- /* Coordination: Check if we need to send a certificate. */
- MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_write_certificate_coordinate( ssl ) );
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) );
- if( ret == SSL_WRITE_CERTIFICATE_SEND )
- {
- unsigned char *buf;
- size_t buf_len, msg_len;
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl,
+ buf,
+ buf + buf_len,
+ &msg_len ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
- MBEDTLS_SSL_HS_CERTIFICATE, &buf, &buf_len ) );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+ buf, msg_len );
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_body( ssl,
- buf,
- buf + buf_len,
- &msg_len ) );
-
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
- MBEDTLS_SSL_HS_CERTIFICATE,
- buf,
- msg_len );
-
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg(
- ssl, buf_len, msg_len ) );
- }
- else
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_write_certificate( ssl ) );
- }
-
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
@@ -1048,6 +864,123 @@
/*
* STATE HANDLING: Output Certificate Verify
*/
+static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
+ mbedtls_pk_context *own_key,
+ uint16_t *algorithm )
+{
+ mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key );
+ /* Determine the size of the key */
+ size_t own_key_size = mbedtls_pk_get_bitlen( own_key );
+ *algorithm = MBEDTLS_TLS1_3_SIG_NONE;
+ ((void) own_key_size);
+
+ switch( sig )
+ {
+#if defined(MBEDTLS_ECDSA_C)
+ case MBEDTLS_SSL_SIG_ECDSA:
+ switch( own_key_size )
+ {
+ case 256:
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
+ return( 0 );
+ case 384:
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
+ return( 0 );
+ case 521:
+ *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
+ return( 0 );
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "unknown key size: %"
+ MBEDTLS_PRINTF_SIZET " bits",
+ own_key_size ) );
+ break;
+ }
+ break;
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_RSA_C)
+ case MBEDTLS_SSL_SIG_RSA:
+#if defined(MBEDTLS_PKCS1_V21)
+#if defined(MBEDTLS_SHA256_C)
+ if( own_key_size <= 2048 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA384_C)
+ if( own_key_size <= 3072 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA384_C */
+#if defined(MBEDTLS_SHA512_C)
+ if( own_key_size <= 4096 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_PKCS1_V15)
+#if defined(MBEDTLS_SHA256_C)
+ if( own_key_size <= 2048 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA384_C)
+ if( own_key_size <= 3072 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA384_C */
+#if defined(MBEDTLS_SHA512_C)
+ if( own_key_size <= 4096 &&
+ mbedtls_ssl_sig_alg_is_received( ssl,
+ MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) )
+ {
+ *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512;
+ return( 0 );
+ }
+ else
+#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_PKCS1_V15 */
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "unknown key size: %"
+ MBEDTLS_PRINTF_SIZET " bits",
+ own_key_size ) );
+ }
+ break;
+#endif /* MBEDTLS_RSA_C */
+ default:
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "unkown signature type : %u", sig ) );
+ break;
+ }
+ return( -1 );
+}
+
static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -1061,11 +994,8 @@
size_t handshake_hash_len;
unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
size_t verify_buffer_len;
- unsigned char signature_type;
-#if defined(MBEDTLS_ECDSA_C)
- size_t own_key_size;
-#endif /* MBEDTLS_ECDSA_C */
- mbedtls_md_type_t md_alg;
+ mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
+ mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
size_t signature_len = 0;
const mbedtls_md_info_t *md_info;
@@ -1103,55 +1033,26 @@
* opaque signature<0..2^16-1>;
* } CertificateVerify;
*/
- signature_type = mbedtls_ssl_sig_from_pk( own_key );
-#if defined(MBEDTLS_ECDSA_C)
- /* Determine the size of the key */
- own_key_size = mbedtls_pk_get_bitlen( own_key );
-#endif /* MBEDTLS_ECDSA_C */
- switch( signature_type )
- {
-#if defined(MBEDTLS_ECDSA_C)
- case MBEDTLS_SSL_SIG_ECDSA:
- switch( own_key_size )
- {
- case 256:
- md_alg = MBEDTLS_MD_SHA256;
- algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
- break;
- case 384:
- md_alg = MBEDTLS_MD_SHA384;
- algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
- break;
- case 521:
- md_alg = MBEDTLS_MD_SHA512;
- algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
- break;
- default:
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "unknown key size: %"
- MBEDTLS_PRINTF_SIZET " bits",
- own_key_size ) );
- break;
- }
- break;
-#endif /* MBEDTLS_ECDSA_C */
-
- default:
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "unkown pk type : %d", signature_type ) );
- break;
- }
-
- if( algorithm == MBEDTLS_TLS1_3_SIG_NONE ||
- ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
+ ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
+ if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "signature algorithm not in received or offered list." ) );
+
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s",
+ mbedtls_ssl_sig_alg_to_str( algorithm ) ) );
+
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
+ if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+ algorithm, &pk_type, &md_alg ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
/* Check there is space for the algorithm identifier (2 bytes) and the
* signature length (2 bytes).
*/
@@ -1171,10 +1072,10 @@
verify_hash_len = mbedtls_md_get_size( md_info );
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
- if( ( ret = mbedtls_pk_sign( own_key, md_alg,
- verify_hash, verify_hash_len,
- p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
+ md_alg, verify_hash, verify_hash_len,
+ p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
return( ret );
@@ -1188,22 +1089,6 @@
return( ret );
}
-static int ssl_tls13_finalize_certificate_verify( mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
- }
- else
-#endif /* MBEDTLS_SSL_CLI_C */
- {
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
- }
-
- return( 0 );
-}
-
int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret = 0;
@@ -1212,18 +1097,16 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_certificate_verify_body(
ssl, buf, buf + buf_len, &msg_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len );
- /* Update state */
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_certificate_verify( ssl ) );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, msg_len );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg(
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len ) );
cleanup:
@@ -1393,8 +1276,8 @@
MBEDTLS_SSL_HS_FINISHED,
&buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buf_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_FINISHED, buf, buf_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
+ buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) );
cleanup:
@@ -1471,20 +1354,18 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_prepare_finished_message( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,
MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
ssl, buf, buf + buf_len, &msg_len ) );
- mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
- buf, msg_len );
+ mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
+ buf, msg_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
- buf_len, msg_len ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
-
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
+ ssl, buf_len, msg_len ) );
cleanup:
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished message" ) );
@@ -1516,40 +1397,6 @@
*
*/
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
-
-static int ssl_tls13_finalize_change_cipher_spec( mbedtls_ssl_context* ssl )
-{
-
-#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- switch( ssl->state )
- {
- case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
- break;
- case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- mbedtls_ssl_handshake_set_state( ssl,
- MBEDTLS_SSL_CLIENT_CERTIFICATE );
-#else
- mbedtls_ssl_handshake_set_state( ssl,
- MBEDTLS_SSL_CLIENT_FINISHED );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
- break;
- default:
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
- }
-#else
- ((void) ssl);
-#endif /* MBEDTLS_SSL_CLI_C */
-
- return( 0 );
-}
-
static int ssl_tls13_write_change_cipher_spec_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@@ -1570,8 +1417,6 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
-
/* Write CCS message */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_change_cipher_spec_body(
ssl, ssl->out_msg,
@@ -1580,11 +1425,8 @@
ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
- /* Update state */
- MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_change_cipher_spec( ssl ) );
-
/* Dispatch message */
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 1 ) );
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_record( ssl, 0 ) );
cleanup:
@@ -1612,7 +1454,6 @@
size_t hash_len;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
uint16_t cipher_suite = ssl->session_negotiate->ciphersuite;
- psa_status_t status = PSA_ERROR_GENERIC_ERROR;
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Reset SSL session for HRR" ) );
@@ -1667,18 +1508,6 @@
ssl->handshake->update_checksum( ssl, hash_transcript, hash_len );
#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA384_C */
- /* Destroy generated private key. */
- status = psa_destroy_key( ssl->handshake->ecdh_psa_privkey );
-
- if( status != PSA_SUCCESS )
- {
- ret = psa_ssl_status_to_mbedtls( status );
- MBEDTLS_SSL_DEBUG_RET( 1, "psa_destroy_key", ret );
- return( ret );
- }
-
- ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-
return( ret );
}
diff --git a/library/threading.c b/library/threading.c
index bae6644..cd9942b 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -113,7 +113,7 @@
int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread;
/*
- * With phtreads we can statically initialize mutexes
+ * With pthreads we can statically initialize mutexes
*/
#define MUTEX_INIT = { PTHREAD_MUTEX_INITIALIZER, 1 }
diff --git a/library/timing.c b/library/timing.c
index d66e11e..a65bc99 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -158,13 +158,28 @@
return( 0 );
}
-#else
-int mbedtls_timing_get_delay( void *data )
+
+/*
+ * Get the final delay.
+ */
+uint32_t mbedtls_timing_get_final_delay(
+ const mbedtls_timing_delay_context *data )
+{
+ return( data->fin_ms );
+}
+#else /* MBEDTLS_HAVE_TIME */
+uint32_t mbedtls_timing_get_final_delay(
+ const mbedtls_timing_delay_context *data )
{
(void) data;
return( 0 );
}
+int mbedtls_timing_get_delay( void *data )
+{
+ (void) data;
+ return( 0 );
+}
void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
{
(void) data;
@@ -178,6 +193,7 @@
(void) reset;
return( 0 );
}
+
#endif /* MBEDTLS_HAVE_TIME */
#endif /* !MBEDTLS_TIMING_ALT */
#endif /* MBEDTLS_TIMING_C */
diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c
index aa56b41..6238892 100644
--- a/programs/psa/hmac_demo.c
+++ b/programs/psa/hmac_demo.c
@@ -107,7 +107,7 @@
const psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
uint8_t out[PSA_MAC_MAX_SIZE]; // safe but not optimal
/* PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 8 * sizeof( key_bytes ), alg)
- * should work but see https://github.com/ARMmbed/mbedtls/issues/4320 */
+ * should work but see https://github.com/Mbed-TLS/mbedtls/issues/4320 */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key = 0;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f83af07..d8a3a4e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1542,6 +1542,14 @@
{
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
}
+ else if( strcmp( q, "rsa_pss_rsae_sha384" ) == 0 )
+ {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+ }
+ else if( strcmp( q, "rsa_pss_rsae_sha512" ) == 0 )
+ {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+ }
else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
@@ -1554,6 +1562,8 @@
mbedtls_printf( "ecdsa_secp384r1_sha384 " );
mbedtls_printf( "ecdsa_secp521r1_sha512 " );
mbedtls_printf( "rsa_pss_rsae_sha256 " );
+ mbedtls_printf( "rsa_pss_rsae_sha384 " );
+ mbedtls_printf( "rsa_pss_rsae_sha512 " );
mbedtls_printf( "rsa_pkcs1_sha256 " );
mbedtls_printf( "\n" );
goto exit;
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index b3c4cfa..a359b3f 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -133,7 +133,7 @@
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
* mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
*
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index 209ae3d..1ad983f 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -8,5 +8,5 @@
pylint == 2.4.4
# Use the earliest version of mypy that works with our code base.
-# See https://github.com/ARMmbed/mbedtls/pull/3953 .
+# See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
mypy >= 0.780
diff --git a/scripts/config.py b/scripts/config.py
index 0ab1e39..7395656 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -198,7 +198,8 @@
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
- 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_ONLY
+ 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
+ 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt
index 38838f5..0d75a3d 100644
--- a/scripts/driver.requirements.txt
+++ b/scripts/driver.requirements.txt
@@ -7,7 +7,7 @@
markupsafe < 2.1
# Use the version of Jinja that's in Ubuntu 20.04.
-# See https://github.com/ARMmbed/mbedtls/pull/5067#discussion_r738794607 .
+# See https://github.com/Mbed-TLS/mbedtls/pull/5067#discussion_r738794607 .
# Note that Jinja 3.0 drops support for Python 3.5, so we need to support
# Jinja 2.x as long as we're still using Python 3.5 anywhere.
Jinja2 >= 2.10.1
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
index 98e1c48..a722c19 100755
--- a/scripts/generate_ssl_debug_helpers.py
+++ b/scripts/generate_ssl_debug_helpers.py
@@ -234,6 +234,63 @@
prototype=self._prototype)
return body
+class SignatureAlgorithmDefinition:
+ """
+ Generate helper functions for signature algorithms.
+
+ It generates translation function from signature algorithm define to string.
+ Signature algorithm definition looks like:
+ #define MBEDTLS_TLS1_3_SIG_[ upper case signature algorithm ] [ value(hex) ]
+
+ Known limitation:
+ - the definitions SHOULD exist in same macro blocks.
+ """
+
+ @classmethod
+ def extract(cls, source_code, start=0, end=-1):
+ sig_alg_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_TLS1_3_SIG_\w+)\s+' +
+ r'(?P<value>0[xX][0-9a-fA-F]+)$',
+ re.MULTILINE | re.DOTALL)
+ matches = list(sig_alg_pattern.finditer(source_code, start, end))
+ if matches:
+ yield SignatureAlgorithmDefinition(source_code, definitions=matches)
+
+ def __init__(self, source_code, definitions=None):
+ if definitions is None:
+ definitions = []
+ assert isinstance(definitions, list) and definitions
+ self._definitions = definitions
+ self._source = source_code
+
+ def __repr__(self):
+ return 'SigAlgs({})'.format(self._definitions[0].span())
+
+ def span(self):
+ return self._definitions[0].span()
+ def __str__(self):
+ """
+ Generate function for translating value to string
+ """
+ translation_table = []
+ for m in self._definitions:
+ name = m.groupdict()['name']
+ translation_table.append(
+ '\tcase {}:\n\t return "{}";'.format(name,
+ name[len('MBEDTLS_TLS1_3_SIG_'):].lower())
+ )
+
+ body = textwrap.dedent('''\
+ const char *mbedtls_ssl_sig_alg_to_str( uint16_t in )
+ {{
+ switch( in )
+ {{
+ {translation_table}
+ }};
+
+ return "UNKOWN";
+ }}''')
+ body = body.format(translation_table='\n'.join(translation_table))
+ return body
OUTPUT_C_TEMPLATE = '''\
/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
@@ -283,7 +340,9 @@
source_code = remove_c_comments(f.read())
definitions = dict()
- for start, instance in preprocess_c_source_code(source_code, EnumDefinition):
+ for start, instance in preprocess_c_source_code(source_code,
+ EnumDefinition,
+ SignatureAlgorithmDefinition):
if start in definitions:
continue
if isinstance(instance, EnumDefinition):
diff --git a/tests/compat.sh b/tests/compat.sh
index ce77658..c8a883d 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -213,15 +213,6 @@
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
- # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
- # supports from the s_server help. (The s_client help isn't
- # accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
- # But the s_server help seems to be accurate.)
- if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then
- M_CIPHERS=""
- O_CIPHERS=""
- fi
-
# For GnuTLS client -> mbed TLS server,
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
@@ -346,7 +337,7 @@
#
# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
# so RSA-PSK ciphersuites need to go in other sections, see
-# https://github.com/ARMmbed/mbedtls/issues/1419
+# https://github.com/Mbed-TLS/mbedtls/issues/1419
#
# ChachaPoly suites are here rather than in "common", as they were added in
# GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
@@ -631,12 +622,15 @@
setup_arguments()
{
+ O_MODE=""
G_MODE=""
case "$MODE" in
"tls12")
+ O_MODE="tls1_2"
G_PRIO_MODE="+VERS-TLS1.2"
;;
"dtls12")
+ O_MODE="dtls1_2"
G_PRIO_MODE="+VERS-DTLS1.2"
G_MODE="-u"
;;
@@ -653,7 +647,7 @@
fi
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
- O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
+ O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$O_MODE"
G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
@@ -678,7 +672,7 @@
fi
M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
- O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
+ O_CLIENT_ARGS="-connect localhost:$PORT -$O_MODE"
G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
@@ -1077,6 +1071,15 @@
continue;
fi
+ # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
+ # supports $O_MODE from the s_server help. (The s_client
+ # help isn't accurate as of 1.0.2g: it supports DTLS 1.2
+ # but doesn't list it. But the s_server help seems to be
+ # accurate.)
+ if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
+ continue;
+ fi
+
reset_ciphersuites
add_common_ciphersuites
add_openssl_ciphersuites
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
index f5989ba..291fe1c 100755
--- a/tests/opt-testcases/tls13-compat.sh
+++ b/tests/opt-testcases/tls13-compat.sh
@@ -20,7 +20,7 @@
# Purpose
#
# List TLS1.3 compat test cases. They are generated by
-# `generate_tls13_compat_tests.py -a`.
+# `./tests/scripts/generate_tls13_compat_tests.py -a -o tests/opt-testcases/tls13-compat.sh`.
#
# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
# AND REGENERATE THIS FILE.
@@ -35,10 +35,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -52,10 +53,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -64,13 +66,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -81,13 +84,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -96,13 +100,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -113,13 +118,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -128,13 +134,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -145,13 +152,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -160,13 +168,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -177,13 +186,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -192,13 +202,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -209,13 +220,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -227,10 +239,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -244,10 +257,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -256,13 +270,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -273,13 +288,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -288,13 +304,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -305,13 +322,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -320,13 +338,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -337,13 +356,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -352,13 +372,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -369,13 +390,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -384,13 +406,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -401,13 +424,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -419,10 +443,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -436,10 +461,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -448,13 +474,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -465,13 +492,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -480,13 +508,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -497,13 +526,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -516,10 +546,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -534,10 +565,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -550,10 +582,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -568,10 +601,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -584,10 +618,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -602,10 +637,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -618,10 +654,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -636,10 +673,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -652,10 +690,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -670,10 +709,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -685,10 +725,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -702,10 +743,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -714,13 +756,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -731,13 +774,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -746,13 +790,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -763,13 +808,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -778,13 +824,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -795,13 +842,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -810,13 +858,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -827,13 +876,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -842,13 +892,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -859,13 +910,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -877,10 +929,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -894,10 +947,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -906,13 +960,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -923,13 +978,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -938,13 +994,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -955,13 +1012,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -970,13 +1028,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -987,13 +1046,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1002,13 +1062,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1019,13 +1080,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1034,13 +1096,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1051,13 +1114,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1069,10 +1133,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1086,10 +1151,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1098,13 +1164,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1115,13 +1182,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1130,13 +1198,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1147,13 +1216,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1166,10 +1236,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1184,10 +1255,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1200,10 +1272,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1218,10 +1291,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1234,10 +1308,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1252,10 +1327,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1268,10 +1344,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1286,10 +1363,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1302,10 +1380,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1320,10 +1399,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1335,10 +1415,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1352,10 +1433,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1364,13 +1446,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1381,13 +1464,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1396,13 +1480,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1413,13 +1498,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1428,13 +1514,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1445,13 +1532,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1460,13 +1548,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1477,13 +1566,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1492,13 +1582,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1509,13 +1600,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1527,10 +1619,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1544,10 +1637,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1556,13 +1650,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1573,13 +1668,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1588,13 +1684,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1605,13 +1702,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1620,13 +1718,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1637,13 +1736,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1652,13 +1752,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1669,13 +1770,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1684,13 +1786,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1701,13 +1804,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1719,10 +1823,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1736,10 +1841,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1748,13 +1854,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1765,13 +1872,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1780,13 +1888,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1797,13 +1906,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1816,10 +1926,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1834,10 +1945,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1850,10 +1962,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1868,10 +1981,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1884,10 +1998,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1902,10 +2017,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1918,10 +2034,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1936,10 +2053,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1952,10 +2070,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -1970,10 +2089,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -1985,10 +2105,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2002,10 +2123,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2014,13 +2136,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2031,13 +2154,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2046,13 +2170,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2063,13 +2188,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2078,13 +2204,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2095,13 +2222,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2110,13 +2238,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2127,13 +2256,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2142,13 +2272,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2159,13 +2290,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2177,10 +2309,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2194,10 +2327,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2206,13 +2340,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2223,13 +2358,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2238,13 +2374,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2255,13 +2392,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2270,13 +2408,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2287,13 +2426,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2302,13 +2442,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2319,13 +2460,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2334,13 +2476,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2351,13 +2494,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2369,10 +2513,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2386,10 +2531,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2398,13 +2544,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2415,13 +2562,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2430,13 +2578,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2447,13 +2596,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2466,10 +2616,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2484,10 +2635,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2500,10 +2652,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2518,10 +2671,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2534,10 +2688,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2552,10 +2707,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2568,10 +2724,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2586,10 +2743,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2602,10 +2760,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2620,10 +2779,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2635,10 +2795,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2652,10 +2813,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2664,13 +2826,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2681,13 +2844,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2696,13 +2860,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2713,13 +2878,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2728,13 +2894,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2745,13 +2912,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2760,13 +2928,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2777,13 +2946,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0403 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2792,13 +2962,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2809,13 +2980,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2827,10 +2999,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2844,10 +3017,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2856,13 +3030,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2873,13 +3048,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2888,13 +3064,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2905,13 +3082,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2920,13 +3098,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2937,13 +3116,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0503 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2952,13 +3132,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -2969,13 +3150,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2984,13 +3166,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3001,13 +3184,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -3019,10 +3203,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3036,10 +3221,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -3048,13 +3234,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3065,13 +3252,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -3080,13 +3268,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3097,13 +3286,14 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0603 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -3116,10 +3306,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3134,10 +3325,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp256r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -3150,10 +3342,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3168,10 +3361,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp384r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -3184,10 +3378,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3202,10 +3397,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: secp521r1" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -3218,10 +3414,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3236,10 +3433,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
@@ -3252,10 +3450,11 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 ok" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -3270,7 +3469,688 @@
"$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
0 \
-c "HTTP/1.0 200 OK" \
- -c "ECDH curve: x448" \
-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
- -c "Verifying peer X.509 certificate... ok"
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -C "received HelloRetryRequest message"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
+ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 ok" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 30 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp256r1 ( 17 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 23 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp384r1 ( 18 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 24 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: secp521r1 ( 19 )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 25 )"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
+ 0 \
+ -c "HTTP/1.0 200 OK" \
+ -c "NamedGroup: x448 ( 1e )" \
+ -c "NamedGroup: x25519 ( 1d )" \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "received HelloRetryRequest message" \
+ -c "selected_group ( 29 )"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 3aab764..a64f7c1 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1325,6 +1325,25 @@
# - or alternatively, change the build type to MemSanDbg, which enables
# origin tracking and nicer stack traces (which are useful for debugging
# anyway), and check if the origin was TEST_CF_SECRET() or something else.
+ msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
+ CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
+ make
+
+ msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
+ make test
+}
+
+component_test_memsan_constant_flow_psa () {
+ # This tests both (1) accesses to undefined memory, and (2) branches or
+ # memory access depending on secret values. To distinguish between those:
+ # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
+ # - or alternatively, change the build type to MemSanDbg, which enables
+ # origin tracking and nicer stack traces (which are useful for debugging
+ # anyway), and check if the origin was TEST_CF_SECRET() or something else.
msg "build: cmake MSan (clang), full config with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
@@ -1346,6 +1365,29 @@
# - or alternatively, build with debug info and manually run the offending
# test suite with valgrind --track-origins=yes, then check if the origin
# was TEST_CF_SECRET() or something else.
+ msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ cmake -D CMAKE_BUILD_TYPE:String=Release .
+ make
+
+ # this only shows a summary of the results (how many of each type)
+ # details are left in Testing/<date>/DynamicAnalysis.xml
+ msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
+ make memcheck
+}
+
+component_test_valgrind_constant_flow_psa () {
+ # This tests both (1) everything that valgrind's memcheck usually checks
+ # (heap buffer overflows, use of uninitialized memory, use-after-free,
+ # etc.) and (2) branches or memory access depending on secret values,
+ # which will be reported as uninitialized memory. To distinguish between
+ # secret and actually uninitialized:
+ # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
+ # - or alternatively, build with debug info and manually run the offending
+ # test suite with valgrind --track-origins=yes, then check if the origin
+ # was TEST_CF_SECRET() or something else.
msg "build: cmake release GCC, full config with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
@@ -1516,6 +1558,9 @@
# MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ # MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
# Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
# MBEDTLS_XXX_YYY_ALT which are for single functions.
scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
@@ -2127,14 +2172,14 @@
}
component_build_no_ssl_srv () {
- msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
+ msg "build: full config except SSL server, make, gcc" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_SRV_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
}
component_build_no_ssl_cli () {
- msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
+ msg "build: full config except SSL client, make, gcc" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_CLI_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1'
@@ -2646,9 +2691,9 @@
scripts/config.py baremetal
# Build for a target platform that's close to what Debian uses
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
- # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
+ # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments.
# Build everything including programs, see for example
- # https://github.com/ARMmbed/mbedtls/pull/3449#issuecomment-675313720
+ # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1"
@@ -2700,6 +2745,9 @@
component_build_armcc () {
msg "build: ARM Compiler 5"
scripts/config.py baremetal
+ # armc[56] don't support SHA-512 intrinsics
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
msg "size: ARM Compiler 5"
@@ -2719,7 +2767,7 @@
# ARM Compiler 6 - Target ARMv8-M
armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main"
- # ARM Compiler 6 - Target ARMv8-A - AArch64
+ # ARM Compiler 6 - Target ARMv8.2-A - AArch64
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
}
@@ -3063,7 +3111,7 @@
local dd_cmd
dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
case $OSTYPE in
- linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none)
+ linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
esac
"${dd_cmd[@]}"
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index 2e6ff72..7ff07e7 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -28,7 +28,6 @@
import argparse
import itertools
from collections import namedtuple
-# pylint: disable=useless-super-delegation
# define certificates configuration entry
Certificate = namedtuple("Certificate", ['cafile', 'certfile', 'keyfile'])
@@ -71,18 +70,26 @@
'x448': 0x1e,
}
+
class TLSProgram(metaclass=abc.ABCMeta):
"""
Base class for generate server/client command.
"""
-
- def __init__(self, ciphersuite, signature_algorithm, named_group, compat_mode=True):
+ # pylint: disable=too-many-arguments
+ def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
+ cert_sig_alg=None, compat_mode=True):
self._ciphers = []
self._sig_algs = []
self._named_groups = []
- self.add_ciphersuites(ciphersuite)
- self.add_named_groups(named_group)
- self.add_signature_algorithms(signature_algorithm)
+ self._cert_sig_algs = []
+ if ciphersuite:
+ self.add_ciphersuites(ciphersuite)
+ if named_group:
+ self.add_named_groups(named_group)
+ if signature_algorithm:
+ self.add_signature_algorithms(signature_algorithm)
+ if cert_sig_alg:
+ self.add_cert_signature_algorithms(cert_sig_alg)
self._compat_mode = compat_mode
# add_ciphersuites should not override by sub class
@@ -95,18 +102,24 @@
self._sig_algs.extend(
[sig_alg for sig_alg in signature_algorithms if sig_alg not in self._sig_algs])
- # add_signature_algorithms should not override by sub class
+ # add_named_groups should not override by sub class
def add_named_groups(self, *named_groups):
self._named_groups.extend(
[named_group for named_group in named_groups if named_group not in self._named_groups])
+ # add_cert_signature_algorithms should not override by sub class
+ def add_cert_signature_algorithms(self, *signature_algorithms):
+ self._cert_sig_algs.extend(
+ [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs])
+
@abc.abstractmethod
def pre_checks(self):
return []
@abc.abstractmethod
def cmd(self):
- pass
+ if not self._cert_sig_algs:
+ self._cert_sig_algs = list(CERTIFICATES.keys())
@abc.abstractmethod
def post_checks(self):
@@ -127,18 +140,27 @@
}
def cmd(self):
+ super().cmd()
ret = ['$O_NEXT_SRV_NO_CERT']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._sig_algs):
+ for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
ret += ['-accept $SRV_PORT']
- ciphersuites = ','.join(self._ciphers)
- signature_algorithms = ','.join(self._sig_algs)
- named_groups = ','.join(
- map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
- ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites),
- "-sigalgs {signature_algorithms}".format(
- signature_algorithms=signature_algorithms),
- "-groups {named_groups}".format(named_groups=named_groups)]
+
+ if self._ciphers:
+ ciphersuites = ':'.join(self._ciphers)
+ ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
+
+ if self._sig_algs:
+ signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
+ signature_algorithms = ':'.join(signature_algorithms)
+ ret += ["-sigalgs {signature_algorithms}".format(
+ signature_algorithms=signature_algorithms)]
+
+ if self._named_groups:
+ named_groups = ':'.join(
+ map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
+ ret += ["-groups {named_groups}".format(named_groups=named_groups)]
+
ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache']
if not self._compat_mode:
ret += ['-no_middlebox']
@@ -202,10 +224,11 @@
return ['-c "HTTP/1.0 200 OK"']
def cmd(self):
+ super().cmd()
ret = ['$G_NEXT_SRV_NO_CERT', '--http',
'--disable-client-cert', '--debug=4']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._sig_algs):
+ for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
cert=cert, key=key)]
@@ -216,16 +239,33 @@
for i in map_table[item]:
if i not in priority_string_list:
yield i
- priority_string_list.extend(update_priority_string_list(
- self._sig_algs, self.SIGNATURE_ALGORITHM))
- priority_string_list.extend(
- update_priority_string_list(self._ciphers, self.CIPHER_SUITE))
- priority_string_list.extend(update_priority_string_list(
- self._named_groups, self.NAMED_GROUP))
- priority_string_list = ['NONE'] + sorted(priority_string_list) + ['VERS-TLS1.3']
+
+ if self._ciphers:
+ priority_string_list.extend(update_priority_string_list(
+ self._ciphers, self.CIPHER_SUITE))
+ else:
+ priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
+
+ if self._sig_algs:
+ signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
+ priority_string_list.extend(update_priority_string_list(
+ signature_algorithms, self.SIGNATURE_ALGORITHM))
+ else:
+ priority_string_list.append('SIGN-ALL')
+
+
+ if self._named_groups:
+ priority_string_list.extend(update_priority_string_list(
+ self._named_groups, self.NAMED_GROUP))
+ else:
+ priority_string_list.append('GROUP-ALL')
+
+ priority_string_list = ['NONE'] + \
+ sorted(priority_string_list) + ['VERS-TLS1.3']
priority_string = ':+'.join(priority_string_list)
priority_string += ':%NO_TICKETS'
+
if not self._compat_mode:
priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
@@ -248,25 +288,21 @@
'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
def cmd(self):
+ super().cmd()
ret = ['$P_CLI']
ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT',
'debug_level=4', 'force_version=tls13']
ret += ['ca_file={cafile}'.format(
- cafile=CERTIFICATES[self._sig_algs[0]].cafile)]
+ cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
if self._ciphers:
ciphers = ','.join(
map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
- if self._sig_algs:
+ if self._sig_algs + self._cert_sig_algs:
ret += ['sig_algs={sig_algs}'.format(
- sig_algs=','.join(self._sig_algs))]
- for sig_alg in self._sig_algs:
- if sig_alg in ('ecdsa_secp256r1_sha256',
- 'ecdsa_secp384r1_sha384',
- 'ecdsa_secp521r1_sha512'):
- self.add_named_groups(sig_alg.split('_')[1])
+ sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
if self._named_groups:
named_groups = ','.join(self._named_groups)
@@ -283,19 +319,29 @@
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
- if 'rsa_pss_rsae_sha256' in self._sig_algs:
+ if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
return ret
def post_checks(self):
- check_strings = ["ECDH curve: {group}".format(group=self._named_groups[0]),
- "server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
- self.CIPHER_SUITE[self._ciphers[0]]),
- "Certificate Verify: Signature algorithm ( {:04x} )".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]),
- "Verifying peer X.509 certificate... ok", ]
+ check_strings = []
+ if self._ciphers:
+ check_strings.append(
+ "server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
+ CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
+ self.CIPHER_SUITE[self._ciphers[0]]))
+ if self._sig_algs:
+ check_strings.append(
+ "Certificate Verify: Signature algorithm ( {:04x} )".format(
+ SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
+
+ for named_group in self._named_groups:
+ check_strings += ['NamedGroup: {named_group} ( {iana_value:x} )'.format(
+ named_group=named_group,
+ iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
+
+ check_strings.append("Verifying peer X.509 certificate... ok")
return ['-c "{}"'.format(i) for i in check_strings]
@@ -309,18 +355,55 @@
"""
name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format(
client=client, server=server, cipher=cipher, sig_alg=sig_alg, named_group=named_group)
- server_object = SERVER_CLASSES[server](cipher, sig_alg, named_group)
- client_object = CLIENT_CLASSES[client](cipher, sig_alg, named_group)
+
+ server_object = SERVER_CLASSES[server](ciphersuite=cipher,
+ named_group=named_group,
+ signature_algorithm=sig_alg,
+ cert_sig_alg=sig_alg)
+ client_object = CLIENT_CLASSES[client](ciphersuite=cipher,
+ named_group=named_group,
+ signature_algorithm=sig_alg,
+ cert_sig_alg=sig_alg)
cmd = ['run_test "{}"'.format(name), '"{}"'.format(
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
cmd += server_object.post_checks()
cmd += client_object.post_checks()
+ cmd += ['-C "received HelloRetryRequest message"']
prefix = ' \\\n' + (' '*9)
cmd = prefix.join(cmd)
return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
+def generate_hrr_compat_test(client=None, server=None, cert_sig_alg=None,
+ client_named_group=None, server_named_group=None):
+ """
+ Generate Hello Retry Request test case with `ssl-opt.sh` format.
+ """
+ name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format(
+ client=client, server=server, c_named_group=client_named_group,
+ s_named_group=server_named_group)
+ server_object = SERVER_CLASSES[server](named_group=server_named_group,
+ cert_sig_alg=cert_sig_alg)
+
+ client_object = CLIENT_CLASSES[client](named_group=client_named_group,
+ cert_sig_alg=cert_sig_alg)
+ client_object.add_named_groups(server_named_group)
+
+ cmd = ['run_test "{}"'.format(name), '"{}"'.format(
+ server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
+ cmd += server_object.post_checks()
+ cmd += client_object.post_checks()
+ cmd += ['-c "received HelloRetryRequest message"']
+ cmd += ['-c "selected_group ( {:d} )"'.format(
+ NAMED_GROUP_IANA_VALUE[server_named_group])]
+ prefix = ' \\\n' + (' '*9)
+ cmd = prefix.join(cmd)
+ return '\n'.join(server_object.pre_checks() +
+ client_object.pre_checks() +
+ [cmd])
+
+
SSL_OUTPUT_HEADER = '''#!/bin/sh
# {filename}
@@ -343,14 +426,13 @@
# Purpose
#
# List TLS1.3 compat test cases. They are generated by
-# `generate_tls13_compat_tests.py -a`.
+# `{cmd}`.
#
# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
# AND REGENERATE THIS FILE.
#
'''
-
def main():
"""
Main function of this program
@@ -397,22 +479,37 @@
args = parser.parse_args()
def get_all_test_cases():
+ # Generate normal compat test cases
for cipher, sig_alg, named_group, server, client in \
- itertools.product(CIPHER_SUITE_IANA_VALUE.keys(), SIG_ALG_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys(), SERVER_CLASSES.keys(),
+ itertools.product(CIPHER_SUITE_IANA_VALUE.keys(),
+ SIG_ALG_IANA_VALUE.keys(),
+ NAMED_GROUP_IANA_VALUE.keys(),
+ SERVER_CLASSES.keys(),
CLIENT_CLASSES.keys()):
yield generate_compat_test(cipher=cipher, sig_alg=sig_alg, named_group=named_group,
server=server, client=client)
+ # Generate Hello Retry Request compat test cases
+ for client, server, client_named_group, server_named_group in \
+ itertools.product(CLIENT_CLASSES.keys(),
+ SERVER_CLASSES.keys(),
+ NAMED_GROUP_IANA_VALUE.keys(),
+ NAMED_GROUP_IANA_VALUE.keys()):
+ if client_named_group != server_named_group:
+ yield generate_hrr_compat_test(client=client, server=server,
+ cert_sig_alg="ecdsa_secp256r1_sha256",
+ client_named_group=client_named_group,
+ server_named_group=server_named_group)
+
if args.generate_all_tls13_compat_tests:
if args.output:
with open(args.output, 'w', encoding="utf-8") as f:
f.write(SSL_OUTPUT_HEADER.format(
- filename=os.path.basename(args.output)))
+ filename=os.path.basename(args.output), cmd=' '.join(sys.argv)))
f.write('\n\n'.join(get_all_test_cases()))
f.write('\n')
else:
- print('\n'.join(get_all_test_cases()))
+ print('\n\n'.join(get_all_test_cases()))
return 0
if args.list_ciphers or args.list_sig_algs or args.list_named_groups \
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d5334ce..51177ad 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1633,7 +1633,7 @@
requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
run_test_psa_force_curve "secp224r1"
## SECP224K1 is buggy via the PSA API
-## (https://github.com/ARMmbed/mbedtls/issues/3541),
+## (https://github.com/Mbed-TLS/mbedtls/issues/3541),
## so it is disabled in PSA even when it's enabled in Mbed TLS.
## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but
## dependencies on PSA symbols in ssl-opt.sh are not implemented yet.
@@ -9630,26 +9630,23 @@
-c "Version: TLS1.3"
# TLS1.3 test cases
-# TODO: remove or rewrite this test case if #4832 is resolved.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
skip_handshake_stage_check
run_test "TLS 1.3: Not supported version check: tls12 and tls13" \
- "$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \
+ "$P_SRV debug_level=1" \
"$P_CLI debug_level=1 min_version=tls12 max_version=tls13" \
1 \
- -s "SSL - The requested feature is not available" \
-c "SSL - The requested feature is not available" \
- -s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \
-c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-run_test "TLS 1.3: handshake dispatch test: tls13 only" \
- "$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \
- "$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \
+skip_handshake_stage_check
+run_test "TLS 1.3: No server support" \
+ "$P_SRV debug_level=2 force_version=tls13" \
+ "$P_CLI debug_level=2 force_version=tls13" \
1 \
- -s "tls13 server state: MBEDTLS_SSL_HELLO_REQUEST" \
- -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST"
+ -s "TLS 1.3 server is not supported yet."
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -10037,12 +10034,11 @@
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
- 1 \
+ 0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "unkown pk type" \
- -c "signature algorithm not in received or offered list."
+ -c "Protocol is TLSv1.3"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10055,12 +10051,77 @@
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
"$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
- 1 \
+ 0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "unkown pk type" \
- -c "signature algorithm not in received or offered list."
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
+ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
+ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
+ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
+ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
+ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
+ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
+ -c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 0c30e4a..2eb8c2d 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -882,3 +882,11 @@
# The first call to fix_negative in the test case of issue #4296.
ECP fix_negative: #4296.1
fix_negative:"8A4DD4C8B42C5EAED15FE4F4579F4CE513EC90A94010BF000000000000000000":-1:256
+
+ECP export key parameters #1 (OK)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:0
+
+ECP export key parameters #2 (invalid group)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_export:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:1
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 2afc355..c3e6b05 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -16,6 +16,44 @@
mbedtls_ecp_point_free( x ); \
mbedtls_ecp_point_init( x );
+/* Auxiliary function to compare two mbedtls_ecp_group objects. */
+inline static int mbedtls_ecp_group_cmp( mbedtls_ecp_group *grp1,
+ mbedtls_ecp_group *grp2 )
+{
+ if( mbedtls_mpi_cmp_mpi( &grp1->P, &grp2->P ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->A, &grp2->A ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->B, &grp2->B ) != 0 )
+ return 1;
+ if( mbedtls_mpi_cmp_mpi( &grp1->N, &grp2->N ) != 0 )
+ return 1;
+ if( mbedtls_ecp_point_cmp( &grp1->G, &grp2->G ) != 0 )
+ return 1;
+ if( grp1->id != grp2->id )
+ return 1;
+ if( grp1->pbits != grp2->pbits )
+ return 1;
+ if( grp1->nbits != grp2->nbits )
+ return 1;
+ if( grp1->h != grp2->h )
+ return 1;
+ if( grp1->modp != grp2->modp )
+ return 1;
+ if( grp1->t_pre != grp2->t_pre )
+ return 1;
+ if( grp1->t_post != grp2->t_post )
+ return 1;
+ if( grp1->t_data != grp2->t_data )
+ return 1;
+ if( grp1->T_size != grp2->T_size )
+ return 1;
+ if( grp1->T != grp2->T )
+ return 1;
+
+ return 0;
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -988,3 +1026,40 @@
TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void ecp_export( int id, char * Qx, char * Qy,char * d, int expected_ret, int invalid_grp )
+{
+ mbedtls_ecp_keypair key;
+ mbedtls_ecp_group export_grp;
+ mbedtls_mpi export_d;
+ mbedtls_ecp_point export_Q;
+
+ mbedtls_ecp_group_init( &export_grp );
+ mbedtls_ecp_group_init( &key.grp );
+ mbedtls_mpi_init( &export_d );
+ mbedtls_ecp_point_init( &export_Q );
+
+ mbedtls_ecp_keypair_init( &key );
+ if( invalid_grp == 0 )
+ TEST_ASSERT( mbedtls_ecp_group_load( &key.grp, id ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_point_read_string( &key.Q, 16, Qx, Qy ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &key.d, 16, d ) == 0 );
+
+ TEST_EQUAL( mbedtls_ecp_export( &key, &export_grp,
+ &export_d, &export_Q ), expected_ret );
+
+ if( expected_ret == 0 )
+ {
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &key.Q, &export_Q ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &key.d, &export_d ), 0 );
+ TEST_EQUAL( mbedtls_ecp_group_cmp( &key.grp, &export_grp ), 0 );
+ }
+
+exit:
+ mbedtls_ecp_keypair_free( &key );
+ mbedtls_ecp_group_free( &export_grp );
+ mbedtls_mpi_free( &export_d );
+ mbedtls_ecp_point_free( &export_Q );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index f10774e..cf40e55 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -136,9 +136,9 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
pk_sign_verify:MBEDTLS_PK_RSA:512:0:0
-RSA encrypt test vector
+RSA encrypt-decrypt test
depends_on:MBEDTLS_PKCS1_V15
-pk_rsa_encrypt_test_vec:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0
+pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":0
RSA decrypt test vector #1
depends_on:MBEDTLS_PKCS1_V15
@@ -340,3 +340,40 @@
PSA wrapped sign: BP512R1
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512
+
+PK Sign ext:RSA2048,PK_RSA,MD_SHA256
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
+
+PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
+
+PK Sign ext:RSA2048,PK_RSA,MD_SHA384
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA384_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
+
+PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA384_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
+
+PK Sign ext:RSA2048,PK_RSA,MD_SHA512
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
+
+PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
+pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
+
+PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256
+
+PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA384_C
+pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384
+
+PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C
+pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512
+
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 8eff010..f37974d 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -12,7 +12,7 @@
/* Needed only for test case data under #if defined(MBEDTLS_USE_PSA_CRYPTO),
* but the test code generator requires test case data to be valid C code
- * unconditionally (https://github.com/ARMmbed/mbedtls/issues/2023). */
+ * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
#define RSA_KEY_SIZE 512
@@ -710,24 +710,32 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
- char * input_N, int radix_E, char * input_E,
- data_t * result, int ret )
+void pk_rsa_encrypt_decrypt_test( data_t * message, int mod, int radix_P,
+ char * input_P, int radix_Q, char * input_Q,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, int ret )
{
- unsigned char output[300];
+ unsigned char output[300], result[300];
mbedtls_test_rnd_pseudo_info rnd_info;
+ mbedtls_mpi N, P, Q, E;
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
- size_t olen;
+ size_t olen, rlen;
+
+ mbedtls_pk_init( &pk );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( output, 0, sizeof( output ) );
+ USE_PSA_INIT( );
- mbedtls_pk_init( &pk );
+ /* encryption test */
+
+ /* init pk-rsa context */
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
rsa = mbedtls_pk_rsa( pk );
+ /* load public key */
rsa->len = mod / 8;
TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
@@ -735,11 +743,44 @@
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
output, &olen, sizeof( output ),
mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
- TEST_ASSERT( olen == result->len );
- TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
+
+ /* decryption test */
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
+ mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+
+ /* init pk-rsa context */
+ mbedtls_pk_free( &pk );
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+ rsa = mbedtls_pk_rsa( pk );
+
+ /* load public key */
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
+
+ /* load private key */
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
+ TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
+
+ memset( result, 0, sizeof( result ) );
+ rlen = 0;
+ TEST_ASSERT( mbedtls_pk_decrypt( &pk, output, olen,
+ result, &rlen, sizeof( result ),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
+ if( ret == 0 )
+ {
+ TEST_ASSERT( rlen == message->len );
+ TEST_ASSERT( memcmp( result, message->x, rlen ) == 0 );
+ }
exit:
+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
+ mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
mbedtls_pk_free( &pk );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -884,6 +925,8 @@
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
+ USE_PSA_INIT( );
+
mbedtls_rsa_init( &raw );
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
@@ -948,6 +991,7 @@
exit:
mbedtls_rsa_free( &raw );
mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -1043,3 +1087,46 @@
USE_PSA_DONE( );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */
+void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg )
+{
+ /* See the description of pk_genkey() for the description of the `parameter` argument. */
+ mbedtls_pk_context pk;
+ size_t sig_len;
+ unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+ size_t hash_len = mbedtls_md_get_size( md_info );
+ void const *options = NULL;
+ mbedtls_pk_rsassa_pss_options rsassa_pss_options;
+ memset( hash, 0x2a, sizeof( hash ) );
+ memset( sig, 0, sizeof( sig ) );
+
+ mbedtls_pk_init( &pk );
+ PSA_INIT();
+
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( pk_type ) ) == 0 );
+
+ TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
+
+ TEST_ASSERT( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len,
+ sig, sizeof( sig ), &sig_len,
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
+
+ if( key_pk_type == MBEDTLS_PK_RSASSA_PSS )
+ {
+ rsassa_pss_options.mgf1_hash_id = md_alg;
+ TEST_ASSERT( md_info != NULL );
+ rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info );
+ options = (const void*) &rsassa_pss_options;
+ }
+ TEST_ASSERT( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg,
+ hash, hash_len, sig, sig_len ) == 0 );
+exit:
+ PSA_DONE( );
+ mbedtls_pk_free( &pk );
+}
+/* END_CASE */
+
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index b8ca7ff..b46d3be 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -101,6 +101,7 @@
mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_CLIENT
Test mbedtls_endpoint sanity for the server
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2
mbedtls_endpoint_sanity:MBEDTLS_SSL_IS_SERVER
Test moving clients handshake to state: HELLO_REQUEST
@@ -696,30 +697,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, AES-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -744,30 +721,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, AES-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -792,30 +745,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, AES-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -840,30 +769,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, AES-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, AES-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -888,30 +793,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, AES-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -936,30 +817,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, AES-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -984,30 +841,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, AES-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1032,30 +865,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, AES-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, ARIA-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1080,30 +889,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, ARIA-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1128,30 +913,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, ARIA-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1176,30 +937,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, ARIA-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1224,30 +961,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, ARIA-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1272,30 +985,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, ARIA-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1320,30 +1009,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, ARIA-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1368,30 +1033,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, ARIA-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1416,30 +1057,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1464,30 +1081,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1512,30 +1105,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1560,30 +1129,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, CAMELLIA-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1608,30 +1153,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1656,30 +1177,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1704,30 +1201,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1752,30 +1225,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, CAMELLIA-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -1800,30 +1249,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, AES-128-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2072,14 +1497,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-Record crypt, NULL cipher, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
Record crypt, NULL cipher, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2088,14 +1505,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-Record crypt, NULL cipher, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
Record crypt, NULL cipher, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2104,14 +1513,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-Record crypt, NULL cipher, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
Record crypt, NULL cipher, 1.2, MD5
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2120,14 +1521,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-Record crypt, NULL cipher, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, NULL cipher, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
Record crypt, ChachaPoly
depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2
ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2176,30 +1569,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, AES-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2224,30 +1593,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, AES-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2272,30 +1617,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, AES-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2320,30 +1641,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, AES-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2368,30 +1665,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, AES-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2416,30 +1689,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, AES-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2464,30 +1713,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, AES-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2512,30 +1737,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2560,30 +1761,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2608,30 +1785,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2656,30 +1809,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, ARIA-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2704,30 +1833,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2752,30 +1857,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2800,30 +1881,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2848,30 +1905,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, ARIA-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2896,30 +1929,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2944,30 +1953,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -2992,30 +1977,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3040,30 +2001,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3088,30 +2025,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3136,30 +2049,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3184,30 +2073,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3232,30 +2097,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5
depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3280,30 +2121,6 @@
depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4
-
-Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0
-
Record crypt, little space, AES-128-GCM, 1.2
depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3552,14 +2369,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
Record crypt, little space, NULL cipher, 1.2, SHA-256
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3568,14 +2377,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
Record crypt, little space, NULL cipher, 1.2, SHA-1
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3584,14 +2385,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
Record crypt, little space, NULL cipher, 1.2, MD5
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
@@ -3600,14 +2393,6 @@
depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-Record crypt, little space, NULL cipher, 1.2, MD5, short tag
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
-Record crypt, little space, NULL cipher, 1.2, MD5, short tag, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC
-ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0
-
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1
@@ -3616,14 +2401,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2
-Decrypt CBC !EtM, AES MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, AES MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:-2
-
Decrypt CBC !EtM, AES MD5 !trunc, padlen=0
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0
@@ -3632,14 +2409,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240
-Decrypt CBC !EtM, AES MD5 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:240
-
Decrypt CBC !EtM, AES MD5 !trunc, padlen=1
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1
@@ -3648,14 +2417,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241
-Decrypt CBC !EtM, AES MD5 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:241
-
Decrypt CBC !EtM, AES MD5 !trunc, padlen=15
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15
@@ -3664,14 +2425,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255
-Decrypt CBC !EtM, AES MD5 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, AES MD5 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:255
-
Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1
@@ -3680,14 +2433,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2
-Decrypt CBC !EtM, AES SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, AES SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0
@@ -3696,14 +2441,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:240
-
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1
@@ -3712,14 +2449,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:241
-
Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15
@@ -3728,14 +2457,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, AES SHA1 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:255
-
Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1
@@ -3744,14 +2465,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2
-Decrypt CBC !EtM, AES SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, AES SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0
@@ -3760,14 +2473,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:240
-
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1
@@ -3776,14 +2481,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:241
-
Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15
@@ -3792,14 +2489,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, AES SHA256 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:255
-
Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
@@ -3808,14 +2497,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
-Decrypt CBC !EtM, AES SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, AES SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
@@ -3824,14 +2505,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=0
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=240
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:240
-
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
@@ -3840,14 +2513,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=1
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=241
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:241
-
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
@@ -3856,14 +2521,6 @@
depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=15
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, AES SHA384 trunc, padlen=255
-depends_on:MBEDTLS_AES_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:255
-
Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1
@@ -3872,14 +2529,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2
-Decrypt CBC !EtM, ARIA MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, ARIA MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:-2
-
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0
@@ -3888,14 +2537,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:240
-
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1
@@ -3904,14 +2545,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:241
-
Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15
@@ -3920,14 +2553,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, ARIA MD5 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:255
-
Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
@@ -3936,14 +2561,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
-Decrypt CBC !EtM, ARIA SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0
@@ -3952,14 +2569,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:240
-
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1
@@ -3968,14 +2577,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:241
-
Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15
@@ -3984,14 +2585,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, ARIA SHA1 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:255
-
Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
@@ -4000,14 +2593,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
-Decrypt CBC !EtM, ARIA SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0
@@ -4016,14 +2601,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:240
-
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1
@@ -4032,14 +2609,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:241
-
Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15
@@ -4048,14 +2617,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, ARIA SHA256 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:255
-
Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
@@ -4064,14 +2625,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
-Decrypt CBC !EtM, ARIA SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
@@ -4080,14 +2633,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=0
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=240
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:240
-
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
@@ -4096,14 +2641,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=1
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=241
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:241
-
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
@@ -4112,14 +2649,6 @@
depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=15
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, ARIA SHA384 trunc, padlen=255
-depends_on:MBEDTLS_ARIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:255
-
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1
@@ -4128,14 +2657,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:-1
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:-2
-
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0
@@ -4144,14 +2665,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:240
-
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1
@@ -4160,14 +2673,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:241
-
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15
@@ -4176,14 +2681,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:15
-
-Decrypt CBC !EtM, CAMELLIA MD5 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD5_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:255
-
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1
@@ -4192,14 +2689,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:-2
-
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0
@@ -4208,14 +2697,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:240
-
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1
@@ -4224,14 +2705,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:241
-
Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15
@@ -4240,14 +2713,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA1 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA1_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:255
-
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1
@@ -4256,14 +2721,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:-2
-
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0
@@ -4272,14 +2729,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:240
-
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1
@@ -4288,14 +2737,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:241
-
Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15
@@ -4304,14 +2745,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA256 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA256_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:255
-
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
@@ -4320,14 +2753,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, empty plaintext, minpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:-1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:-2
-
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
@@ -4336,14 +2761,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=0
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=240
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:240
-
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
@@ -4352,14 +2769,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=1
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=241
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:241
-
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
@@ -4368,14 +2777,6 @@
depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=15
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:15
-
-Decrypt CBC !EtM, CAMELLIA SHA384 trunc, padlen=255
-depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SHA384_C
-ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:255
-
SSL TLS 1.3 Key schedule: Secret evolution #1
# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
# Initial secret to Early Secret
@@ -4835,3 +3236,6 @@
Test configuration of groups for DHE through mbedtls_ssl_conf_groups()
conf_group:
+
+Test accessor into timing_delay_context
+timing_final_delay_accessor
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index cc7baba..fd42b06 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1044,7 +1044,7 @@
{
/* If /p second_ssl ends the handshake procedure before /p ssl then
* there is no need to call the next step */
- if( second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+ if( !mbedtls_ssl_is_handshake_over( second_ssl ) )
{
ret = mbedtls_ssl_handshake_step( second_ssl );
if( ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
@@ -1359,6 +1359,47 @@
memset( md0, 0x5, maclen );
memset( md1, 0x6, maclen );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ alg = mbedtls_psa_translate_md( mbedtls_md_get_type( md_info ) );
+
+ CHK( alg != 0 );
+
+ t_out->psa_mac_alg = PSA_ALG_HMAC( alg );
+ t_in->psa_mac_alg = PSA_ALG_HMAC( alg );
+ t_in->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
+ t_out->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
+ t_in->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
+ t_out->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
+
+ psa_reset_key_attributes( &attributes );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+
+ CHK( psa_import_key( &attributes,
+ md0, maclen,
+ &t_in->psa_mac_enc ) == PSA_SUCCESS );
+
+ CHK( psa_import_key( &attributes,
+ md1, maclen,
+ &t_out->psa_mac_enc ) == PSA_SUCCESS );
+
+ if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
+ etm == MBEDTLS_SSL_ETM_DISABLED )
+ /* mbedtls_ct_hmac() requires the key to be exportable */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_VERIFY_HASH );
+ else
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+
+ CHK( psa_import_key( &attributes,
+ md1, maclen,
+ &t_in->psa_mac_dec ) == PSA_SUCCESS );
+
+ CHK( psa_import_key( &attributes,
+ md0, maclen,
+ &t_out->psa_mac_dec ) == PSA_SUCCESS );
+#else
CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 );
CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 );
CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 );
@@ -1372,6 +1413,7 @@
md1, maclen ) == 0 );
CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec,
md0, maclen ) == 0 );
+#endif
}
#else
((void) hash_id);
@@ -1468,10 +1510,6 @@
t_out->maclen = maclen;
t_in->maclen = maclen;
break;
- case 1: /* Partial tag */
- t_out->maclen = 10;
- t_in->maclen = 10;
- break;
default:
ret = 1;
goto cleanup;
@@ -1520,6 +1558,7 @@
if ( alg != MBEDTLS_SSL_NULL_CIPHER )
{
+ psa_reset_key_attributes( &attributes );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
@@ -1884,6 +1923,8 @@
#endif
int expected_handshake_result = 0;
+ USE_PSA_INIT( );
+
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
mbedtls_message_socket_init( &server_context );
@@ -2048,8 +2089,8 @@
goto exit;
}
- TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
- TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER );
+ TEST_ASSERT( mbedtls_ssl_is_handshake_over( &client.ssl ) == 1 );
+ TEST_ASSERT( mbedtls_ssl_is_handshake_over( &server.ssl ) == 1 );
/* Check that both sides have negotiated the expected version. */
mbedtls_test_set_step( 0 );
@@ -2242,6 +2283,7 @@
if( context_buf != NULL )
mbedtls_free( context_buf );
#endif
+ USE_PSA_DONE( );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
@@ -3699,6 +3741,10 @@
unsigned char padlen; /* excluding the padding_length byte */
unsigned char add_data[13];
unsigned char mac[MBEDTLS_MD_MAX_SIZE];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ size_t sign_mac_length = 0;
+#endif
int exp_ret;
int ret;
const unsigned char pad_max_len = 255; /* Per the standard */
@@ -3782,11 +3828,24 @@
*/
/* MAC with additional data */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_sign_setup( &operation,
+ t0.psa_mac_enc,
+ t0.psa_mac_alg ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation, add_data, 13 ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation,
+ rec.buf + rec.data_offset,
+ rec.data_len ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_sign_finish( &operation,
+ mac, MBEDTLS_MD_MAX_SIZE,
+ &sign_mac_length ) );
+#else
TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc, add_data, 13 ) );
TEST_EQUAL( 0, mbedtls_md_hmac_update( &t0.md_ctx_enc,
rec.buf + rec.data_offset,
rec.data_len ) );
TEST_EQUAL( 0, mbedtls_md_hmac_finish( &t0.md_ctx_enc, mac ) );
+#endif
memcpy( rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen );
rec.data_len += t0.maclen;
@@ -4845,7 +4904,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_version( int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version )
@@ -4868,7 +4927,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls )
{
handshake_test_options options;
@@ -4886,7 +4945,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void handshake_cipher( char* cipher, int pk_alg, int dtls )
{
test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls );
@@ -4896,7 +4955,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
void app_data( int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments, int dtls )
@@ -5057,8 +5116,15 @@
* Test the function mbedtls_ct_hmac() against a reference
* implementation.
*/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+#else
mbedtls_md_context_t ctx, ref_ctx;
const mbedtls_md_info_t *md_info;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
size_t out_len, block_size;
size_t min_in_len, in_len, max_in_len, i;
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
@@ -5068,6 +5134,20 @@
unsigned char *out = NULL;
unsigned char rec_num = 0;
+ USE_PSA_INIT( );
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ alg = PSA_ALG_HMAC( mbedtls_psa_translate_md( hash ) );
+
+ out_len = PSA_HASH_LENGTH( alg );
+ block_size = PSA_HASH_BLOCK_LENGTH( alg );
+
+ /* mbedtls_ct_hmac() requires the key to be exportable */
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( &attributes, PSA_ALG_HMAC( alg ) );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+#else
mbedtls_md_init( &ctx );
mbedtls_md_init( &ref_ctx );
@@ -5076,10 +5156,18 @@
out_len = mbedtls_md_get_size( md_info );
TEST_ASSERT( out_len != 0 );
block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Use allocated out buffer to catch overwrites */
ASSERT_ALLOC( out, out_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Set up dummy key */
+ memset( ref_out, 42, sizeof( ref_out ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_import_key( &attributes,
+ ref_out, out_len,
+ &key ) );
+#else
/* Set up contexts with the given hash and a dummy key */
TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
@@ -5087,6 +5175,7 @@
TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
memset( ref_out, 0, sizeof( ref_out ) );
+#endif
/*
* Test all possible lengths up to a point. The difference between
@@ -5113,13 +5202,31 @@
/* Get the function's result */
TEST_CF_SECRET( &in_len, sizeof( in_len ) );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_EQUAL( 0, mbedtls_ct_hmac( key, PSA_ALG_HMAC( alg ),
+ add_data, sizeof( add_data ),
+ data, in_len,
+ min_in_len, max_in_len,
+ out ) );
+#else
TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ),
data, in_len,
min_in_len, max_in_len,
out ) );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
TEST_CF_PUBLIC( out, out_len );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_verify_setup( &operation,
+ key, alg ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation, add_data,
+ sizeof( add_data ) ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_update( &operation,
+ data, in_len ) );
+ TEST_EQUAL( PSA_SUCCESS, psa_mac_verify_finish( &operation,
+ out, out_len ) );
+#else
/* Compute the reference result */
TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
sizeof( add_data ) ) );
@@ -5129,6 +5236,7 @@
/* Compare */
ASSERT_COMPARE( out, out_len, ref_out, out_len );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
mbedtls_free( data );
@@ -5136,11 +5244,18 @@
}
exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_mac_abort( &operation );
+ psa_destroy_key( key );
+#else
mbedtls_md_free( &ref_ctx );
mbedtls_md_free( &ctx );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_free( data );
mbedtls_free( out );
+
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -5357,3 +5472,14 @@
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TIMING_C:MBEDTLS_HAVE_TIME */
+void timing_final_delay_accessor( )
+{
+ mbedtls_timing_delay_context delay_context;
+
+ mbedtls_timing_set_delay( &delay_context, 50, 100 );
+
+ TEST_ASSERT( mbedtls_timing_get_final_delay( &delay_context ) == 100 );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 1e88191..947fcc4 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -83,11 +83,14 @@
mbedtls_pk_context key;
mbedtls_x509write_csr req;
unsigned char buf[4096];
- unsigned char check_buf[4000];
int ret;
- size_t olen = 0, pem_len = 0, buf_index;
- int der_len = -1;
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char check_buf[4000];
FILE *f;
+ size_t olen = 0;
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+ size_t pem_len = 0, buf_index;
+ int der_len = -1;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
@@ -119,6 +122,12 @@
TEST_ASSERT( buf[buf_index] == 0 );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
+ (void)cert_req_check_file;
+ buf[pem_len] = '\0';
+ TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
+#else
f = fopen( cert_req_check_file, "r" );
TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof( check_buf ), f );
@@ -126,6 +135,7 @@
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
mbedtls_test_rnd_pseudo_rand,
@@ -135,7 +145,15 @@
if( der_len == 0 )
goto exit;
- ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ // When using PSA crypto, RNG isn't controllable, result length isn't
+ // deterministic over multiple runs, removing a single byte isn't enough to
+ // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
+ der_len /= 2;
+#else
+ der_len -= 1;
+#endif
+ ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len ),
mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );