yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-04 13:49:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

calc_verify is only called in some configurations

Browse source 
If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled
at runtime, and if client authentication is not used, then calc_verify is not
called, so don't require the corresponding debug trace.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-03-14 17:55:04 +01:00
parent def0e147ab
commit 64c683fd18
1 changed files with 40 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
tests/ssl-opt.sh
View file

@ -803,6 +803,38 @@ is_gnutls() {
esac
}
# Determine what calc_verify trace is to be expected, if any.
#
# calc_verify is only called for two things: to calculate the
# extended master secret, and to process client authentication.
#
# Warning: the current implementation assumes that extended_ms is not
# disabled on the client or on the server.
#
# Inputs:
# * $1: 'required' or 1 if client authentication is expected,
# 'none' or 0 or absent if not.
# * $CONFIGS_ENABLED
#
# Outputs:
# * $maybe_calc_verify: set to a trace expected in the debug logs
set_maybe_calc_verify() {
maybe_calc_verify=
case $CONFIGS_ENABLED in
*\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;;
*)
case ${1-} in
''|0|none) return;;
1|required) :;;
*) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;;
esac
esac
case $CONFIGS_ENABLED in
*\ MBEDTLS_USE_PSA_CRYPTO\ *) maybe_calc_verify="PSA calc verify";;
*) maybe_calc_verify="<= calc verify";;
esac
}
# Compare file content
# Usage: find_in_both pattern file1 file2
# extract from file1 the first line matching the pattern
@ -1191,17 +1223,18 @@ run_test() {
run_test_psa() {
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
set_maybe_calc_verify none
run_test "PSA-supported ciphersuite: $1" \
"$P_SRV debug_level=3 force_version=tls12" \
"$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \
0 \
-c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \
-c "PSA calc verify" \
-c "$maybe_calc_verify" \
-c "calc PSA finished" \
-s "Successfully setup PSA-based decryption cipher context" \
-s "Successfully setup PSA-based encryption cipher context" \
-s "PSA calc verify" \
-s "$maybe_calc_verify" \
-s "calc PSA finished" \
-C "Failed to setup PSA-based cipher context"\
-S "Failed to setup PSA-based cipher context"\
@ -1210,22 +1243,24 @@ run_test_psa() {
-c "Perform PSA-based computation of digest of ServerKeyExchange" \
-S "error" \
-C "error"
unset maybe_calc_verify
}
run_test_psa_force_curve() {
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
set_maybe_calc_verify none
run_test "PSA - ECDH with $1" \
"$P_SRV debug_level=4 force_version=tls12" \
"$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
0 \
-c "Successfully setup PSA-based decryption cipher context" \
-c "Successfully setup PSA-based encryption cipher context" \
-c "PSA calc verify" \
-c "$maybe_calc_verify" \
-c "calc PSA finished" \
-s "Successfully setup PSA-based decryption cipher context" \
-s "Successfully setup PSA-based encryption cipher context" \
-s "PSA calc verify" \
-s "$maybe_calc_verify" \
-s "calc PSA finished" \
-C "Failed to setup PSA-based cipher context"\
-S "Failed to setup PSA-based cipher context"\
@ -1234,6 +1269,7 @@ run_test_psa_force_curve() {
-c "Perform PSA-based computation of digest of ServerKeyExchange" \
-S "error" \
-C "error"
unset maybe_calc_verify
}
# Test that the server's memory usage after a handshake is reduced when a client specifies