Gilles Peskine | 0d980b8 | 2021-01-05 23:34:27 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Common source code for SSL test programs. This file is included by |
| 3 | * both ssl_client2.c and ssl_server2.c and is intended for source |
| 4 | * code that is textually identical in both programs, but that cannot be |
| 5 | * compiled separately because it refers to types or macros that are |
| 6 | * different in the two programs, or because it would have an incomplete |
| 7 | * type. |
| 8 | * |
| 9 | * This file is meant to be #include'd and cannot be compiled separately. |
| 10 | * |
| 11 | * Copyright The Mbed TLS Contributors |
Dave Rodgman | 7ff7965 | 2023-11-03 12:04:52 +0000 | [diff] [blame] | 12 | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
Gilles Peskine | 0d980b8 | 2021-01-05 23:34:27 +0100 | [diff] [blame] | 13 | */ |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 14 | |
| 15 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 16 | int eap_tls_key_derivation(void *p_expkey, |
| 17 | const unsigned char *ms, |
| 18 | const unsigned char *kb, |
| 19 | size_t maclen, |
| 20 | size_t keylen, |
| 21 | size_t ivlen, |
| 22 | const unsigned char client_random[32], |
| 23 | const unsigned char server_random[32], |
| 24 | mbedtls_tls_prf_types tls_prf_type) |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 25 | { |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 26 | eap_tls_keys *keys = (eap_tls_keys *) p_expkey; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 27 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 28 | ((void) kb); |
| 29 | memcpy(keys->master_secret, ms, sizeof(keys->master_secret)); |
| 30 | memcpy(keys->randbytes, client_random, 32); |
| 31 | memcpy(keys->randbytes + 32, server_random, 32); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 32 | keys->tls_prf_type = tls_prf_type; |
| 33 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 34 | if (opt.debug_level > 2) { |
| 35 | mbedtls_printf("exported maclen is %u\n", (unsigned) maclen); |
| 36 | mbedtls_printf("exported keylen is %u\n", (unsigned) keylen); |
| 37 | mbedtls_printf("exported ivlen is %u\n", (unsigned) ivlen); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 38 | } |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 39 | return 0; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 40 | } |
| 41 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 42 | int nss_keylog_export(void *p_expkey, |
| 43 | const unsigned char *ms, |
| 44 | const unsigned char *kb, |
| 45 | size_t maclen, |
| 46 | size_t keylen, |
| 47 | size_t ivlen, |
| 48 | const unsigned char client_random[32], |
| 49 | const unsigned char server_random[32], |
| 50 | mbedtls_tls_prf_types tls_prf_type) |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 51 | { |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 52 | char nss_keylog_line[200]; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 53 | size_t const client_random_len = 32; |
| 54 | size_t const master_secret_len = 48; |
| 55 | size_t len = 0; |
| 56 | size_t j; |
| 57 | int ret = 0; |
| 58 | |
| 59 | ((void) p_expkey); |
| 60 | ((void) kb); |
| 61 | ((void) maclen); |
| 62 | ((void) keylen); |
| 63 | ((void) ivlen); |
| 64 | ((void) server_random); |
| 65 | ((void) tls_prf_type); |
| 66 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 67 | len += sprintf(nss_keylog_line + len, |
| 68 | "%s", "CLIENT_RANDOM "); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 69 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 70 | for (j = 0; j < client_random_len; j++) { |
| 71 | len += sprintf(nss_keylog_line + len, |
| 72 | "%02x", client_random[j]); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 73 | } |
| 74 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 75 | len += sprintf(nss_keylog_line + len, " "); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 76 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 77 | for (j = 0; j < master_secret_len; j++) { |
| 78 | len += sprintf(nss_keylog_line + len, |
| 79 | "%02x", ms[j]); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 80 | } |
| 81 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 82 | len += sprintf(nss_keylog_line + len, "\n"); |
| 83 | nss_keylog_line[len] = '\0'; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 84 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 85 | mbedtls_printf("\n"); |
| 86 | mbedtls_printf("---------------- NSS KEYLOG -----------------\n"); |
| 87 | mbedtls_printf("%s", nss_keylog_line); |
| 88 | mbedtls_printf("---------------------------------------------\n"); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 89 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 90 | if (opt.nss_keylog_file != NULL) { |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 91 | FILE *f; |
| 92 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 93 | if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) { |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 94 | ret = -1; |
| 95 | goto exit; |
| 96 | } |
| 97 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 98 | if (fwrite(nss_keylog_line, 1, len, f) != len) { |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 99 | ret = -1; |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 100 | fclose(f); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 101 | goto exit; |
| 102 | } |
| 103 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 104 | fclose(f); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 105 | } |
| 106 | |
| 107 | exit: |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 108 | mbedtls_platform_zeroize(nss_keylog_line, |
| 109 | sizeof(nss_keylog_line)); |
| 110 | return ret; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 111 | } |
| 112 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 113 | #if defined(MBEDTLS_SSL_DTLS_SRTP) |
| 114 | int dtls_srtp_key_derivation(void *p_expkey, |
| 115 | const unsigned char *ms, |
| 116 | const unsigned char *kb, |
| 117 | size_t maclen, |
| 118 | size_t keylen, |
| 119 | size_t ivlen, |
| 120 | const unsigned char client_random[32], |
| 121 | const unsigned char server_random[32], |
| 122 | mbedtls_tls_prf_types tls_prf_type) |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 123 | { |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 124 | dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 125 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 126 | ((void) kb); |
| 127 | memcpy(keys->master_secret, ms, sizeof(keys->master_secret)); |
| 128 | memcpy(keys->randbytes, client_random, 32); |
| 129 | memcpy(keys->randbytes + 32, server_random, 32); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 130 | keys->tls_prf_type = tls_prf_type; |
| 131 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 132 | if (opt.debug_level > 2) { |
| 133 | mbedtls_printf("exported maclen is %u\n", (unsigned) maclen); |
| 134 | mbedtls_printf("exported keylen is %u\n", (unsigned) keylen); |
| 135 | mbedtls_printf("exported ivlen is %u\n", (unsigned) ivlen); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 136 | } |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 137 | return 0; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 138 | } |
| 139 | #endif /* MBEDTLS_SSL_DTLS_SRTP */ |
| 140 | |
| 141 | #endif /* MBEDTLS_SSL_EXPORT_KEYS */ |
| 142 | |
| 143 | #if defined(MBEDTLS_SSL_RECORD_CHECKING) |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 144 | int ssl_check_record(mbedtls_ssl_context const *ssl, |
| 145 | unsigned char const *buf, size_t len) |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 146 | { |
Manuel Pégourié-Gonnard | 87e8b5c | 2021-07-07 10:48:26 +0200 | [diff] [blame] | 147 | int my_ret = 0, ret_cr1, ret_cr2; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 148 | unsigned char *tmp_buf; |
| 149 | |
| 150 | /* Record checking may modify the input buffer, |
| 151 | * so make a copy. */ |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 152 | tmp_buf = mbedtls_calloc(1, len); |
| 153 | if (tmp_buf == NULL) { |
| 154 | return MBEDTLS_ERR_SSL_ALLOC_FAILED; |
| 155 | } |
| 156 | memcpy(tmp_buf, buf, len); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 157 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 158 | ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len); |
| 159 | if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) { |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 160 | /* Test-only: Make sure that mbedtls_ssl_check_record() |
| 161 | * doesn't alter state. */ |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 162 | memcpy(tmp_buf, buf, len); /* Restore buffer */ |
| 163 | ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len); |
| 164 | if (ret_cr2 != ret_cr1) { |
| 165 | mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n"); |
Manuel Pégourié-Gonnard | 87e8b5c | 2021-07-07 10:48:26 +0200 | [diff] [blame] | 166 | my_ret = -1; |
Manuel Pégourié-Gonnard | 40e26b2 | 2021-07-06 12:05:23 +0200 | [diff] [blame] | 167 | goto cleanup; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 168 | } |
| 169 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 170 | switch (ret_cr1) { |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 171 | case 0: |
| 172 | break; |
| 173 | |
| 174 | case MBEDTLS_ERR_SSL_INVALID_RECORD: |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 175 | if (opt.debug_level > 1) { |
| 176 | mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n"); |
| 177 | } |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 178 | break; |
| 179 | |
| 180 | case MBEDTLS_ERR_SSL_INVALID_MAC: |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 181 | if (opt.debug_level > 1) { |
| 182 | mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n"); |
| 183 | } |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 184 | break; |
| 185 | |
| 186 | case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 187 | if (opt.debug_level > 1) { |
| 188 | mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n"); |
| 189 | } |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 190 | break; |
| 191 | |
| 192 | default: |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 193 | mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n", |
| 194 | (unsigned int) -ret_cr1); |
Manuel Pégourié-Gonnard | 87e8b5c | 2021-07-07 10:48:26 +0200 | [diff] [blame] | 195 | my_ret = -1; |
Manuel Pégourié-Gonnard | 40e26b2 | 2021-07-06 12:05:23 +0200 | [diff] [blame] | 196 | goto cleanup; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 197 | } |
| 198 | |
| 199 | /* Regardless of the outcome, forward the record to the stack. */ |
| 200 | } |
| 201 | |
Manuel Pégourié-Gonnard | 40e26b2 | 2021-07-06 12:05:23 +0200 | [diff] [blame] | 202 | cleanup: |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 203 | mbedtls_free(tmp_buf); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 204 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 205 | return my_ret; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 206 | } |
| 207 | #endif /* MBEDTLS_SSL_RECORD_CHECKING */ |
| 208 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 209 | int recv_cb(void *ctx, unsigned char *buf, size_t len) |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 210 | { |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 211 | io_ctx_t *io_ctx = (io_ctx_t *) ctx; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 212 | size_t recv_len; |
| 213 | int ret; |
| 214 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 215 | if (opt.nbio == 2) { |
| 216 | ret = delayed_recv(io_ctx->net, buf, len); |
| 217 | } else { |
| 218 | ret = mbedtls_net_recv(io_ctx->net, buf, len); |
| 219 | } |
| 220 | if (ret < 0) { |
| 221 | return ret; |
| 222 | } |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 223 | recv_len = (size_t) ret; |
| 224 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 225 | if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 226 | /* Here's the place to do any datagram/record checking |
| 227 | * in between receiving the packet from the underlying |
| 228 | * transport and passing it on to the TLS stack. */ |
| 229 | #if defined(MBEDTLS_SSL_RECORD_CHECKING) |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 230 | if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { |
| 231 | return -1; |
| 232 | } |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 233 | #endif /* MBEDTLS_SSL_RECORD_CHECKING */ |
| 234 | } |
| 235 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 236 | return (int) recv_len; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 237 | } |
| 238 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 239 | int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, |
| 240 | uint32_t timeout) |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 241 | { |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 242 | io_ctx_t *io_ctx = (io_ctx_t *) ctx; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 243 | int ret; |
| 244 | size_t recv_len; |
| 245 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 246 | ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout); |
| 247 | if (ret < 0) { |
| 248 | return ret; |
| 249 | } |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 250 | recv_len = (size_t) ret; |
| 251 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 252 | if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 253 | /* Here's the place to do any datagram/record checking |
| 254 | * in between receiving the packet from the underlying |
| 255 | * transport and passing it on to the TLS stack. */ |
| 256 | #if defined(MBEDTLS_SSL_RECORD_CHECKING) |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 257 | if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) { |
| 258 | return -1; |
| 259 | } |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 260 | #endif /* MBEDTLS_SSL_RECORD_CHECKING */ |
| 261 | } |
| 262 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 263 | return (int) recv_len; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 264 | } |
| 265 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 266 | int send_cb(void *ctx, unsigned char const *buf, size_t len) |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 267 | { |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 268 | io_ctx_t *io_ctx = (io_ctx_t *) ctx; |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 269 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 270 | if (opt.nbio == 2) { |
| 271 | return delayed_send(io_ctx->net, buf, len); |
| 272 | } |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 273 | |
Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 274 | return mbedtls_net_send(io_ctx->net, buf, len); |
Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 275 | } |
| 276 | |
| 277 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 278 | int ssl_sig_hashes_for_test[] = { |
| 279 | #if defined(MBEDTLS_SHA512_C) |
| 280 | MBEDTLS_MD_SHA512, |
| 281 | MBEDTLS_MD_SHA384, |
| 282 | #endif |
| 283 | #if defined(MBEDTLS_SHA256_C) |
| 284 | MBEDTLS_MD_SHA256, |
| 285 | MBEDTLS_MD_SHA224, |
| 286 | #endif |
| 287 | #if defined(MBEDTLS_SHA1_C) |
| 288 | /* Allow SHA-1 as we use it extensively in tests. */ |
| 289 | MBEDTLS_MD_SHA1, |
| 290 | #endif |
| 291 | MBEDTLS_MD_NONE |
| 292 | }; |
| 293 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |