AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rename MBEDTLS_SSL_ASYNC_PRIVATE_C to MBEDTLS_SSL_ASYNC_PRIVATE

Browse Source 
This is an optional feature, not a module of its own, so don't call it
MBEDTLS_xxx_C and put it in the appropriate section of config.h.
This commit is contained in:
Gilles Peskine 2018-04-24 13:09:22 +02:00
parent f112725487
commit b74a1c73b1
8 changed files with 84 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
include/mbedtls/config.h
View File

@ -1128,6 +1128,17 @@
*/
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/**
* \def MBEDTLS_SSL_ASYNC_PRIVATE
*
* Enable asynchronous external private key operations in SSL. This allows
* you to configure an SSL connection to call an external cryptographic
* module to perform private key operations instead of performing the
* operation inside the library.
*
*/
//#define MBEDTLS_SSL_ASYNC_PRIVATE
/**
* \def MBEDTLS_SSL_DEBUG_ALL
*
@ -2472,17 +2483,6 @@
*/
#define MBEDTLS_SHA512_C
/**
* \def MBEDTLS_SSL_ASYNC_PRIVATE_C
*
* Enable asynchronous external private key operations in SSL. This allows
* you to configure an SSL connection to call an external cryptographic
* module to perform private key operations instead of performing the
* operation inside the library.
*
*/
//#define MBEDTLS_SSL_ASYNC_PRIVATE_C
/**
* \def MBEDTLS_SSL_CACHE_C
*

12
include/mbedtls/ssl.h
View File

@ -537,7 +537,7 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx,
*/
typedef int mbedtls_ssl_get_timer_t( void * ctx );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Callback type: start external signature operation
@ -692,7 +692,7 @@ typedef int mbedtls_ssl_async_resume_t( void *connection_ctx,
*/
typedef void mbedtls_ssl_async_cancel_t( void *connection_ctx,
void *operation_ctx );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
@ -826,7 +826,7 @@ struct mbedtls_ssl_config
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
@ -834,7 +834,7 @@ struct mbedtls_ssl_config
mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
void *p_async_connection_ctx; /*!< connection context for asynchronous operation callbacks */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
const int *sig_hashes; /*!< allowed signature hashes */
@ -1482,7 +1482,7 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
void *p_export_keys );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/**
* \brief Configure asynchronous private key operation callbacks.
*
@ -1514,7 +1514,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_async_resume_t *f_async_resume,
mbedtls_ssl_async_cancel_t *f_async_cancel,
void *connection_ctx );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/**
* \brief Callback type: generate a cookie

4
include/mbedtls/ssl_internal.h
View File

@ -243,9 +243,9 @@ struct mbedtls_ssl_handshake_params
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
void *p_async_operation_ctx; /*!< asynchronous operation context */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */

34
library/ssl_srv.c
View File

@ -2835,7 +2835,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
defined(MBEDTLS_SSL_ASYNC_PRIVATE)
static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len )
{
@ -2853,7 +2853,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
return( ret );
}
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
/* Prepare the ServerKeyExchange message, up to and including
calculating the signature if any, but excluding formatting the
@ -3164,7 +3164,7 @@ curve_matching_done:
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_sign_start != NULL )
{
ret = ssl->conf->f_async_sign_start(
@ -3186,7 +3186,7 @@ curve_matching_done:
return( ret );
}
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( mbedtls_ssl_own_key( ssl ) == NULL )
{
@ -3248,7 +3248,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/* If we have already prepared the message and there is an ongoing
signature operation, resume signing. */
if( ssl->handshake->p_async_operation_ctx != NULL )
@ -3258,7 +3258,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
}
else
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
{
/* ServerKeyExchange is needed. Prepare the message. */
ret = ssl_prepare_server_key_exchange( ssl, &signature_len );
@ -3379,7 +3379,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char *
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
unsigned char *peer_pms,
size_t *peer_pmslen,
@ -3395,7 +3395,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret );
return( ret );
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
const unsigned char *p,
@ -3409,7 +3409,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk;
size_t len = mbedtls_pk_get_len( public_key );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/* If we have already started decoding the message and there is an ongoing
decryption operation, resume signing. */
if( ssl->handshake->p_async_operation_ctx != NULL )
@ -3418,7 +3418,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
return( ssl_resume_decrypt_pms( ssl,
peer_pms, peer_pmslen, peer_pmssize ) );
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/*
* Prepare to decrypt the premaster using own private RSA key
@ -3445,7 +3445,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
/*
* Decrypt the premaster secret
*/
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_decrypt_start != NULL )
{
ret = ssl->conf->f_async_decrypt_start(
@ -3470,7 +3470,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
return( ret );
}
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_RSA ) )
{
@ -3503,10 +3503,10 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
&peer_pmslen,
sizeof( peer_pms ) );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
return( ret );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/*
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
@ -3644,7 +3644,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) && \
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) )
if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
@ -3770,7 +3770,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
{
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if ( ssl->handshake->p_async_operation_ctx != NULL )
{
/* There is an asynchronous operation in progress to
@ -3782,7 +3782,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
p += ssl->conf->psk_identity_len + 2;
}
else
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );

8
library/ssl_tls.c
View File

@ -6478,7 +6478,7 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
}
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
void mbedtls_ssl_conf_async_private_cb(
mbedtls_ssl_config *conf,
mbedtls_ssl_async_sign_t *f_async_sign,
@ -6493,7 +6493,7 @@ void mbedtls_ssl_conf_async_private_cb(
conf->f_async_cancel = f_async_cancel;
conf->p_async_connection_ctx = connection_ctx;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/*
* SSL get accessors
@ -7495,14 +7495,14 @@ void mbedtls_ssl_handshake_free( const mbedtls_ssl_config *conf,
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( conf->f_async_cancel != NULL &&
handshake->p_async_operation_ctx != NULL )
{
conf->f_async_cancel( conf->p_async_connection_ctx,
handshake->p_async_operation_ctx );
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
mbedtls_free( handshake->verify_cookie );

6
library/version_features.c
View File

@ -402,6 +402,9 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
"MBEDTLS_SSL_ALL_ALERT_MESSAGES",
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
"MBEDTLS_SSL_ASYNC_PRIVATE",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_DEBUG_ALL)
"MBEDTLS_SSL_DEBUG_ALL",
#endif /* MBEDTLS_SSL_DEBUG_ALL */
@ -648,9 +651,6 @@ static const char *features[] = {
#if defined(MBEDTLS_SHA512_C)
"MBEDTLS_SHA512_C",
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
"MBEDTLS_SSL_ASYNC_PRIVATE_C",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#if defined(MBEDTLS_SSL_CACHE_C)
"MBEDTLS_SSL_CACHE_C",
#endif /* MBEDTLS_SSL_CACHE_C */

34
programs/ssl/ssl_server2.c
View File

@ -200,7 +200,7 @@ int main( void )
#define USAGE_IO ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#define USAGE_SSL_ASYNC \
" async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
" async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
@ -210,7 +210,7 @@ int main( void )
" 1=start, 2=cancel, 3=resume, 4=pk, negative=first time only)"
#else
#define USAGE_SSL_ASYNC ""
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK \
@ -862,7 +862,7 @@ static int ssl_sig_hashes_for_test[] = {
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
typedef struct
{
mbedtls_x509_crt *cert;
@ -1054,7 +1054,7 @@ static void ssl_async_cancel( void *connection_ctx_arg,
mbedtls_printf( "Async cancel callback.\n" );
mbedtls_free( ctx );
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/*
* Wait for an event from the underlying transport or the timer
@ -1144,9 +1144,9 @@ int main( int argc, char *argv[] )
mbedtls_x509_crt srvcert2;
mbedtls_pk_context pkey2;
int key_cert_init = 0, key_cert_init2 = 0;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
ssl_async_key_context_t ssl_async_keys;
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
mbedtls_dhm_context dhm;
@ -1346,7 +1346,7 @@ int main( int argc, char *argv[] )
opt.key_file2 = q;
else if( strcmp( p, "dhm_file" ) == 0 )
opt.dhm_file = q;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
else if( strcmp( p, "async_operations" ) == 0 )
opt.async_operations = q;
else if( strcmp( p, "async_private_delay1" ) == 0 )
@ -1364,7 +1364,7 @@ int main( int argc, char *argv[] )
}
opt.async_private_error = n;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
else if( strcmp( p, "psk_identity" ) == 0 )
@ -2261,14 +2261,14 @@ int main( int argc, char *argv[] )
if( key_cert_init )
{
mbedtls_pk_context *pk = &pkey;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay1 >= 0 )
{
ssl_async_set_key( &ssl_async_keys, &srvcert, pk,
opt.async_private_delay1 );
pk = NULL;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, pk ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
@ -2278,14 +2278,14 @@ int main( int argc, char *argv[] )
if( key_cert_init2 )
{
mbedtls_pk_context *pk = &pkey2;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay2 >= 0 )
{
ssl_async_set_key( &ssl_async_keys, &srvcert2, pk,
opt.async_private_delay2 );
pk = NULL;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, pk ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
@ -2293,7 +2293,7 @@ int main( int argc, char *argv[] )
}
}
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_operations[0] != '-' )
{
mbedtls_ssl_async_sign_t *sign = NULL;
@ -2323,7 +2323,7 @@ int main( int argc, char *argv[] )
ssl_async_cancel,
&ssl_async_keys );
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(SNI_OPTION)
@ -2500,14 +2500,14 @@ handshake:
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL )
{
mbedtls_printf( " cancelling on injected error\n" );
break;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@ -2549,7 +2549,7 @@ handshake:
}
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_error < 0 )
/* Injected error only the first time round, to test reset */
ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE;

48
tests/ssl-opt.sh
View File

@ -4069,7 +4069,7 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \
# Tests of asynchronous private key support in SSL
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: sign, delay=0" \
"$P_SRV \
async_operations=s async_private_delay1=0 async_private_delay2=0" \
@ -4078,7 +4078,7 @@ run_test "SSL async private: sign, delay=0" \
-s "Async sign callback: using key slot " \
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: sign, delay=1" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1" \
@ -4088,7 +4088,7 @@ run_test "SSL async private: sign, delay=1" \
-s "Async resume (slot [0-9]): call 0 more times." \
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt, delay=0" \
"$P_SRV \
async_operations=d async_private_delay1=0 async_private_delay2=0" \
@ -4097,7 +4097,7 @@ run_test "SSL async private: decrypt, delay=0" \
-s "Async decrypt callback: using key slot " \
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt, delay=1" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@ -4107,7 +4107,7 @@ run_test "SSL async private: decrypt, delay=1" \
-s "Async resume (slot [0-9]): call 0 more times." \
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt RSA-PSK, delay=0" \
"$P_SRV psk=abc123 \
async_operations=d async_private_delay1=0 async_private_delay2=0" \
@ -4117,7 +4117,7 @@ run_test "SSL async private: decrypt RSA-PSK, delay=0" \
-s "Async decrypt callback: using key slot " \
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt RSA-PSK, delay=1" \
"$P_SRV psk=abc123 \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@ -4128,7 +4128,7 @@ run_test "SSL async private: decrypt RSA-PSK, delay=1" \
-s "Async resume (slot [0-9]): call 0 more times." \
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: sign callback not present" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
@ -4141,7 +4141,7 @@ run_test "SSL async private: sign callback not present" \
-s "Async resume (slot [0-9]): decrypt done, status=0" \
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt callback not present" \
"$P_SRV debug_level=1 \
async_operations=s async_private_delay1=1 async_private_delay2=1" \
@ -4155,7 +4155,7 @@ run_test "SSL async private: decrypt callback not present" \
-s "Successful connection"
# key1: ECDSA, key2: RSA; use key1 from slot 0
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: slot 0 used with key1" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
@ -4168,7 +4168,7 @@ run_test "SSL async private: slot 0 used with key1" \
-s "Async resume (slot 0): sign done, status=0"
# key1: ECDSA, key2: RSA; use key2 from slot 0
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: slot 0 used with key2" \
"$P_SRV \
async_operations=s async_private_delay2=1 \
@ -4181,7 +4181,7 @@ run_test "SSL async private: slot 0 used with key2" \
-s "Async resume (slot 0): sign done, status=0"
# key1: ECDSA, key2: RSA; use key2 from slot 1
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: slot 1 used" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1\
@ -4194,7 +4194,7 @@ run_test "SSL async private: slot 1 used" \
-s "Async resume (slot 1): sign done, status=0"
# key1: ECDSA, key2: RSA; use key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
@ -4204,7 +4204,7 @@ run_test "SSL async private: fall back to transparent key" \
0 \
-s "Async sign callback: no key matches this certificate."
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in start" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4215,7 +4215,7 @@ run_test "SSL async private: error in start" \
-S "Async resume" \
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: cancel after start" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4226,7 +4226,7 @@ run_test "SSL async private: cancel after start" \
-S "Async resume" \
-s "Async cancel"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in resume" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4237,7 +4237,7 @@ run_test "SSL async private: error in resume" \
-s "Async resume callback: injected error" \
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in pk" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4248,7 +4248,7 @@ run_test "SSL async private: error in pk" \
-s "Async resume callback: sign done but injected error" \
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: cancel after start then operate correctly" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4260,7 +4260,7 @@ run_test "SSL async private: cancel after start then operate correctly" \
-s "Async resume" \
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in resume then operate correctly" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4272,7 +4272,7 @@ run_test "SSL async private: error in resume then operate correctly" \
-s "Successful connection"
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: cancel after start then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-2 \
@ -4289,7 +4289,7 @@ run_test "SSL async private: cancel after start then fall back to transparent
-s "Successful connection"
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in resume then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-3 \
@ -4304,7 +4304,7 @@ run_test "SSL async private: error in resume then fall back to transparent ke
-s "Async sign callback: no key matches this certificate." \
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "SSL async private: renegotiation: client-initiated; sign" \
"$P_SRV \
@ -4315,7 +4315,7 @@ run_test "SSL async private: renegotiation: client-initiated; sign" \
-s "Async sign callback: using key slot " \
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "SSL async private: renegotiation: server-initiated; sign" \
"$P_SRV \
@ -4326,7 +4326,7 @@ run_test "SSL async private: renegotiation: server-initiated; sign" \
-s "Async sign callback: using key slot " \
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "SSL async private: renegotiation: client-initiated; decrypt" \
"$P_SRV \
@ -4338,7 +4338,7 @@ run_test "SSL async private: renegotiation: client-initiated; decrypt" \
-s "Async decrypt callback: using key slot " \
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "SSL async private: renegotiation: server-initiated; decrypt" \
"$P_SRV \