diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4aec9ac64..b80667ab1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1128,6 +1128,17 @@ */ #define MBEDTLS_SSL_ALL_ALERT_MESSAGES +/** + * \def MBEDTLS_SSL_ASYNC_PRIVATE + * + * Enable asynchronous external private key operations in SSL. This allows + * you to configure an SSL connection to call an external cryptographic + * module to perform private key operations instead of performing the + * operation inside the library. + * + */ +//#define MBEDTLS_SSL_ASYNC_PRIVATE + /** * \def MBEDTLS_SSL_DEBUG_ALL * @@ -2472,17 +2483,6 @@ */ #define MBEDTLS_SHA512_C -/** - * \def MBEDTLS_SSL_ASYNC_PRIVATE_C - * - * Enable asynchronous external private key operations in SSL. This allows - * you to configure an SSL connection to call an external cryptographic - * module to perform private key operations instead of performing the - * operation inside the library. - * - */ -//#define MBEDTLS_SSL_ASYNC_PRIVATE_C - /** * \def MBEDTLS_SSL_CACHE_C * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 582be2c79..be27b89ca 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -537,7 +537,7 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx, */ typedef int mbedtls_ssl_get_timer_t( void * ctx ); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) /** * \brief Callback type: start external signature operation @@ -692,7 +692,7 @@ typedef int mbedtls_ssl_async_resume_t( void *connection_ctx, */ typedef void mbedtls_ssl_async_cancel_t( void *connection_ctx, void *operation_ctx ); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /* Defined below */ typedef struct mbedtls_ssl_session mbedtls_ssl_session; @@ -826,7 +826,7 @@ struct mbedtls_ssl_config mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */ mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */ @@ -834,7 +834,7 @@ struct mbedtls_ssl_config mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */ mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */ void *p_async_connection_ctx; /*!< connection context for asynchronous operation callbacks */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) const int *sig_hashes; /*!< allowed signature hashes */ @@ -1482,7 +1482,7 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, void *p_export_keys ); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /** * \brief Configure asynchronous private key operation callbacks. * @@ -1514,7 +1514,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *connection_ctx ); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /** * \brief Callback type: generate a cookie diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 6f36711a1..4c7205d70 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -243,9 +243,9 @@ struct mbedtls_ssl_handshake_params mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) void *p_async_operation_ctx; /*!< asynchronous operation context */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_PROTO_DTLS) unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f7bed5847..de8056426 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2835,7 +2835,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \ - defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) + defined(MBEDTLS_SSL_ASYNC_PRIVATE) static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, size_t *signature_len ) { @@ -2853,7 +2853,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, return( ret ); } #endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && - defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */ + defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ /* Prepare the ServerKeyExchange message, up to and including calculating the signature if any, but excluding formatting the @@ -3164,7 +3164,7 @@ curve_matching_done: } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_sign_start != NULL ) { ret = ssl->conf->f_async_sign_start( @@ -3186,7 +3186,7 @@ curve_matching_done: return( ret ); } } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if( mbedtls_ssl_own_key( ssl ) == NULL ) { @@ -3248,7 +3248,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \ - defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) + defined(MBEDTLS_SSL_ASYNC_PRIVATE) /* If we have already prepared the message and there is an ongoing signature operation, resume signing. */ if( ssl->handshake->p_async_operation_ctx != NULL ) @@ -3258,7 +3258,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) } else #endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && - defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */ + defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ { /* ServerKeyExchange is needed. Prepare the message. */ ret = ssl_prepare_server_key_exchange( ssl, &signature_len ); @@ -3379,7 +3379,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, unsigned char *peer_pms, size_t *peer_pmslen, @@ -3395,7 +3395,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret ); return( ret ); } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, const unsigned char *p, @@ -3409,7 +3409,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk; size_t len = mbedtls_pk_get_len( public_key ); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /* If we have already started decoding the message and there is an ongoing decryption operation, resume signing. */ if( ssl->handshake->p_async_operation_ctx != NULL ) @@ -3418,7 +3418,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, return( ssl_resume_decrypt_pms( ssl, peer_pms, peer_pmslen, peer_pmssize ) ); } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /* * Prepare to decrypt the premaster using own private RSA key @@ -3445,7 +3445,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, /* * Decrypt the premaster secret */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_decrypt_start != NULL ) { ret = ssl->conf->f_async_decrypt_start( @@ -3470,7 +3470,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, return( ret ); } } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_RSA ) ) { @@ -3503,10 +3503,10 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, &peer_pmslen, sizeof( peer_pms ) ); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) return( ret ); -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /* * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding @@ -3644,7 +3644,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) ); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) && \ +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ) if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || @@ -3770,7 +3770,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) { -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if ( ssl->handshake->p_async_operation_ctx != NULL ) { /* There is an asynchronous operation in progress to @@ -3782,7 +3782,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) p += ssl->conf->psk_identity_len + 2; } else -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 256590ff7..f5d332fa8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6478,7 +6478,7 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, } #endif -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, @@ -6493,7 +6493,7 @@ void mbedtls_ssl_conf_async_private_cb( conf->f_async_cancel = f_async_cancel; conf->p_async_connection_ctx = connection_ctx; } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /* * SSL get accessors @@ -7495,14 +7495,14 @@ void mbedtls_ssl_handshake_free( const mbedtls_ssl_config *conf, } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( conf->f_async_cancel != NULL && handshake->p_async_operation_ctx != NULL ) { conf->f_async_cancel( conf->p_async_connection_ctx, handshake->p_async_operation_ctx ); } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_PROTO_DTLS) mbedtls_free( handshake->verify_cookie ); diff --git a/library/version_features.c b/library/version_features.c index c017c4151..659b96d17 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -402,6 +402,9 @@ static const char *features[] = { #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) "MBEDTLS_SSL_ALL_ALERT_MESSAGES", #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) + "MBEDTLS_SSL_ASYNC_PRIVATE", +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_DEBUG_ALL) "MBEDTLS_SSL_DEBUG_ALL", #endif /* MBEDTLS_SSL_DEBUG_ALL */ @@ -648,9 +651,6 @@ static const char *features[] = { #if defined(MBEDTLS_SHA512_C) "MBEDTLS_SHA512_C", #endif /* MBEDTLS_SHA512_C */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) - "MBEDTLS_SSL_ASYNC_PRIVATE_C", -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #if defined(MBEDTLS_SSL_CACHE_C) "MBEDTLS_SSL_CACHE_C", #endif /* MBEDTLS_SSL_CACHE_C */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 9f05e7d4d..bf25d4e03 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -200,7 +200,7 @@ int main( void ) #define USAGE_IO "" #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #define USAGE_SSL_ASYNC \ " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \ " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \ @@ -210,7 +210,7 @@ int main( void ) " 1=start, 2=cancel, 3=resume, 4=pk, negative=first time only)" #else #define USAGE_SSL_ASYNC "" -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #define USAGE_PSK \ @@ -862,7 +862,7 @@ static int ssl_sig_hashes_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) typedef struct { mbedtls_x509_crt *cert; @@ -1054,7 +1054,7 @@ static void ssl_async_cancel( void *connection_ctx_arg, mbedtls_printf( "Async cancel callback.\n" ); mbedtls_free( ctx ); } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /* * Wait for an event from the underlying transport or the timer @@ -1144,9 +1144,9 @@ int main( int argc, char *argv[] ) mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; int key_cert_init = 0, key_cert_init2 = 0; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) ssl_async_key_context_t ssl_async_keys; -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) mbedtls_dhm_context dhm; @@ -1346,7 +1346,7 @@ int main( int argc, char *argv[] ) opt.key_file2 = q; else if( strcmp( p, "dhm_file" ) == 0 ) opt.dhm_file = q; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) else if( strcmp( p, "async_operations" ) == 0 ) opt.async_operations = q; else if( strcmp( p, "async_private_delay1" ) == 0 ) @@ -1364,7 +1364,7 @@ int main( int argc, char *argv[] ) } opt.async_private_error = n; } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ else if( strcmp( p, "psk" ) == 0 ) opt.psk = q; else if( strcmp( p, "psk_identity" ) == 0 ) @@ -2261,14 +2261,14 @@ int main( int argc, char *argv[] ) if( key_cert_init ) { mbedtls_pk_context *pk = &pkey; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( opt.async_private_delay1 >= 0 ) { ssl_async_set_key( &ssl_async_keys, &srvcert, pk, opt.async_private_delay1 ); pk = NULL; } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, pk ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); @@ -2278,14 +2278,14 @@ int main( int argc, char *argv[] ) if( key_cert_init2 ) { mbedtls_pk_context *pk = &pkey2; -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( opt.async_private_delay2 >= 0 ) { ssl_async_set_key( &ssl_async_keys, &srvcert2, pk, opt.async_private_delay2 ); pk = NULL; } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, pk ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); @@ -2293,7 +2293,7 @@ int main( int argc, char *argv[] ) } } -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( opt.async_operations[0] != '-' ) { mbedtls_ssl_async_sign_t *sign = NULL; @@ -2323,7 +2323,7 @@ int main( int argc, char *argv[] ) ssl_async_cancel, &ssl_async_keys ); } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(SNI_OPTION) @@ -2500,14 +2500,14 @@ handshake: while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS && ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL ) { mbedtls_printf( " cancelling on injected error\n" ); break; } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && @@ -2549,7 +2549,7 @@ handshake: } #endif -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( opt.async_private_error < 0 ) /* Injected error only the first time round, to test reset */ ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ee34a6c6b..c692fc9ae 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4069,7 +4069,7 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \ # Tests of asynchronous private key support in SSL -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: sign, delay=0" \ "$P_SRV \ async_operations=s async_private_delay1=0 async_private_delay2=0" \ @@ -4078,7 +4078,7 @@ run_test "SSL async private: sign, delay=0" \ -s "Async sign callback: using key slot " \ -s "Async resume (slot [0-9]): sign done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: sign, delay=1" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1" \ @@ -4088,7 +4088,7 @@ run_test "SSL async private: sign, delay=1" \ -s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): sign done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt, delay=0" \ "$P_SRV \ async_operations=d async_private_delay1=0 async_private_delay2=0" \ @@ -4097,7 +4097,7 @@ run_test "SSL async private: decrypt, delay=0" \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt, delay=1" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ @@ -4107,7 +4107,7 @@ run_test "SSL async private: decrypt, delay=1" \ -s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): decrypt done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt RSA-PSK, delay=0" \ "$P_SRV psk=abc123 \ async_operations=d async_private_delay1=0 async_private_delay2=0" \ @@ -4117,7 +4117,7 @@ run_test "SSL async private: decrypt RSA-PSK, delay=0" \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt RSA-PSK, delay=1" \ "$P_SRV psk=abc123 \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ @@ -4128,7 +4128,7 @@ run_test "SSL async private: decrypt RSA-PSK, delay=1" \ -s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): decrypt done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: sign callback not present" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ @@ -4141,7 +4141,7 @@ run_test "SSL async private: sign callback not present" \ -s "Async resume (slot [0-9]): decrypt done, status=0" \ -s "Successful connection" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt callback not present" \ "$P_SRV debug_level=1 \ async_operations=s async_private_delay1=1 async_private_delay2=1" \ @@ -4155,7 +4155,7 @@ run_test "SSL async private: decrypt callback not present" \ -s "Successful connection" # key1: ECDSA, key2: RSA; use key1 from slot 0 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 0 used with key1" \ "$P_SRV \ async_operations=s async_private_delay1=1 \ @@ -4168,7 +4168,7 @@ run_test "SSL async private: slot 0 used with key1" \ -s "Async resume (slot 0): sign done, status=0" # key1: ECDSA, key2: RSA; use key2 from slot 0 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 0 used with key2" \ "$P_SRV \ async_operations=s async_private_delay2=1 \ @@ -4181,7 +4181,7 @@ run_test "SSL async private: slot 0 used with key2" \ -s "Async resume (slot 0): sign done, status=0" # key1: ECDSA, key2: RSA; use key2 from slot 1 -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 1 used" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1\ @@ -4194,7 +4194,7 @@ run_test "SSL async private: slot 1 used" \ -s "Async resume (slot 1): sign done, status=0" # key1: ECDSA, key2: RSA; use key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 \ @@ -4204,7 +4204,7 @@ run_test "SSL async private: fall back to transparent key" \ 0 \ -s "Async sign callback: no key matches this certificate." -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: error in start" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -4215,7 +4215,7 @@ run_test "SSL async private: error in start" \ -S "Async resume" \ -s "! mbedtls_ssl_handshake returned" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: cancel after start" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -4226,7 +4226,7 @@ run_test "SSL async private: cancel after start" \ -S "Async resume" \ -s "Async cancel" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: error in resume" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -4237,7 +4237,7 @@ run_test "SSL async private: error in resume" \ -s "Async resume callback: injected error" \ -s "! mbedtls_ssl_handshake returned" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: error in pk" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -4248,7 +4248,7 @@ run_test "SSL async private: error in pk" \ -s "Async resume callback: sign done but injected error" \ -s "! mbedtls_ssl_handshake returned" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: cancel after start then operate correctly" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -4260,7 +4260,7 @@ run_test "SSL async private: cancel after start then operate correctly" \ -s "Async resume" \ -s "Successful connection" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: error in resume then operate correctly" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_delay2=1 \ @@ -4272,7 +4272,7 @@ run_test "SSL async private: error in resume then operate correctly" \ -s "Successful connection" # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: cancel after start then fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_error=-2 \ @@ -4289,7 +4289,7 @@ run_test "SSL async private: cancel after start then fall back to transparent -s "Successful connection" # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: error in resume then fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_error=-3 \ @@ -4304,7 +4304,7 @@ run_test "SSL async private: error in resume then fall back to transparent ke -s "Async sign callback: no key matches this certificate." \ -s "Successful connection" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "SSL async private: renegotiation: client-initiated; sign" \ "$P_SRV \ @@ -4315,7 +4315,7 @@ run_test "SSL async private: renegotiation: client-initiated; sign" \ -s "Async sign callback: using key slot " \ -s "Async resume (slot [0-9]): sign done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "SSL async private: renegotiation: server-initiated; sign" \ "$P_SRV \ @@ -4326,7 +4326,7 @@ run_test "SSL async private: renegotiation: server-initiated; sign" \ -s "Async sign callback: using key slot " \ -s "Async resume (slot [0-9]): sign done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "SSL async private: renegotiation: client-initiated; decrypt" \ "$P_SRV \ @@ -4338,7 +4338,7 @@ run_test "SSL async private: renegotiation: client-initiated; decrypt" \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "SSL async private: renegotiation: server-initiated; decrypt" \ "$P_SRV \