AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-05-03 10:28:37 +02:00
parent e952a30d47
commit cd05f0b9e5
3 changed files with 13 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
library/ssl_tls12_client.c
View File

@ -3046,11 +3046,6 @@ ecdh_calc_secret:
/* Write the ECDH computation length before the ECDH computation */
MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
pms += zlen_size + zlen;
/* In case of opaque psk skip writting psk to pms.
* Opaque key will be handled later. */
MBEDTLS_SSL_DEBUG_MSG( 1,
( "skip PMS generation for opaque ECDHE-PSK" ) );
}
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
@ -3164,26 +3159,18 @@ ecdh_calc_secret:
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK)
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "skip PMS generation for opaque PSK" ) );
}
else
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK)
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "skip PMS generation for opaque RSA-PSK" ) );
}
else
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK )
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
"mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
"mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
}
}
else

19
library/ssl_tls12_server.c
View File

@ -3983,18 +3983,14 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* For opaque PSKs, we perform the PSK-to-MS derivation automatically
* and skip the intermediate PMS. */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
#else
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
@ -4026,18 +4022,14 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
return( ret );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* For opaque PSKs, we perform the PSK-to-MS derivation automatically
* and skip the intermediate PMS. */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque RSA-PSK" ) );
#else
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
@ -4147,9 +4139,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 );
psm += zlen_size + zlen;
/* In case of opaque psk skip writting psk to pms.
* Opaque key will be handled later. */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque ECDHE-PSK" ) );
#else /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
{

102
tests/ssl-opt.sh
View File

@ -6399,8 +6399,6 @@ run_test "PSK callback: opaque psk on client, no callback" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque PSK"\
-S "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6414,8 +6412,6 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque PSK"\
-S "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6429,8 +6425,6 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque PSK"\
-S "skip PMS generation for opaque PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6444,8 +6438,6 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque PSK"\
-S "skip PMS generation for opaque PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6459,8 +6451,6 @@ run_test "PSK callback: opaque rsa-psk on client, no callback" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque RSA-PSK"\
-S "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6474,8 +6464,6 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque RSA-PSK"\
-S "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6489,8 +6477,6 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque RSA-PSK"\
-S "skip PMS generation for opaque RSA-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6504,8 +6490,6 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS"
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque RSA-PSK"\
-S "skip PMS generation for opaque RSA-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6519,8 +6503,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque ECDHE-PSK"\
-S "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6534,8 +6516,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque ECDHE-PSK"\
-S "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6549,8 +6529,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque ECDHE-PSK"\
-S "skip PMS generation for opaque ECDHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6564,8 +6542,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque ECDHE-PSK"\
-S "skip PMS generation for opaque ECDHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6579,8 +6555,6 @@ run_test "PSK callback: opaque dhe-psk on client, no callback" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque DHE-PSK"\
-S "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6594,8 +6568,6 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque DHE-PSK"\
-S "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6609,8 +6581,6 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque DHE-PSK"\
-S "skip PMS generation for opaque DHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6624,8 +6594,6 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS"
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
-c "skip PMS generation for opaque DHE-PSK"\
-S "skip PMS generation for opaque DHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6639,8 +6607,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6654,8 +6620,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6672,8 +6636,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6688,8 +6650,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6701,8 +6661,6 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque RSA-PSK"\
-s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6716,8 +6674,6 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque RSA-PSK"\
-s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6734,8 +6690,6 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque RSA-PSK"\
-s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6750,8 +6704,6 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque RSA-PSK"\
-s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6763,8 +6715,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque ECDHE-PSK"\
-s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6778,8 +6728,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque ECDHE-PSK"\
-s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6796,8 +6744,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque ECDHE-PSK"\
-s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6812,8 +6758,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque ECDHE-PSK"\
-s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6825,8 +6769,6 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque DHE-PSK"\
-s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6840,8 +6782,6 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
-C "skip PMS generation for opaque DHE-PSK"\
-s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6858,8 +6798,6 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque DHE-PSK"\
-s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6874,8 +6812,6 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque DHE-PSK"\
-s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6887,8 +6823,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6902,8 +6836,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6920,8 +6852,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6936,8 +6866,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6949,8 +6877,6 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque RSA-PSK"\
-s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6964,8 +6890,6 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque RSA-PSK"\
-s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -6982,8 +6906,6 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque RSA-PSK"\
-s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -6998,8 +6920,6 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque RSA-PSK"\
-s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -7011,8 +6931,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque ECDHE-PSK"\
-s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -7026,8 +6944,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque ECDHE-PSK"\
-s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -7044,8 +6960,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque ECDHE-PSK"\
-s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -7060,8 +6974,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque ECDHE-PSK"\
-s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -7073,8 +6985,6 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque DHE-PSK"\
-s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -7088,8 +6998,6 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque DHE-PSK"\
-s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -7106,8 +7014,6 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque DHE-PSK"\
-s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -7122,8 +7028,6 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-C "skip PMS generation for opaque DHE-PSK"\
-s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@ -7135,8 +7039,6 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -7150,8 +7052,6 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -7165,7 +7065,6 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@ -7179,7 +7078,6 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \