yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-30 23:11:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename MBEDTLS_SSL_ASYNC_PRIVATE_C to MBEDTLS_SSL_ASYNC_PRIVATE

Browse source 
This is an optional feature, not a module of its own, so don't call it
MBEDTLS_xxx_C and put it in the appropriate section of config.h.
This commit is contained in:
Gilles Peskine 2018-04-24 13:09:22 +02:00
parent f112725487
commit b74a1c73b1
8 changed files with 84 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
include/mbedtls/config.h
View file

@ -1128,6 +1128,17 @@
*/ */
#define MBEDTLS_SSL_ALL_ALERT_MESSAGES #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
/**
* \def MBEDTLS_SSL_ASYNC_PRIVATE
*
* Enable asynchronous external private key operations in SSL. This allows
* you to configure an SSL connection to call an external cryptographic
* module to perform private key operations instead of performing the
* operation inside the library.
*
*/
//#define MBEDTLS_SSL_ASYNC_PRIVATE
/** /**
* \def MBEDTLS_SSL_DEBUG_ALL * \def MBEDTLS_SSL_DEBUG_ALL
* *
@ -2472,17 +2483,6 @@
*/ */
#define MBEDTLS_SHA512_C #define MBEDTLS_SHA512_C
/**
* \def MBEDTLS_SSL_ASYNC_PRIVATE_C
*
* Enable asynchronous external private key operations in SSL. This allows
* you to configure an SSL connection to call an external cryptographic
* module to perform private key operations instead of performing the
* operation inside the library.
*
*/
//#define MBEDTLS_SSL_ASYNC_PRIVATE_C
/** /**
* \def MBEDTLS_SSL_CACHE_C * \def MBEDTLS_SSL_CACHE_C
* *

12
include/mbedtls/ssl.h
View file

@ -537,7 +537,7 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx,
*/ */
typedef int mbedtls_ssl_get_timer_t( void * ctx ); typedef int mbedtls_ssl_get_timer_t( void * ctx );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** /**
* \brief Callback type: start external signature operation * \brief Callback type: start external signature operation
@ -692,7 +692,7 @@ typedef int mbedtls_ssl_async_resume_t( void *connection_ctx,
*/ */
typedef void mbedtls_ssl_async_cancel_t( void *connection_ctx, typedef void mbedtls_ssl_async_cancel_t( void *connection_ctx,
void *operation_ctx ); void *operation_ctx );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/* Defined below */ /* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session; typedef struct mbedtls_ssl_session mbedtls_ssl_session;
@ -826,7 +826,7 @@ struct mbedtls_ssl_config
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */ mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */ mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */ mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
@ -834,7 +834,7 @@ struct mbedtls_ssl_config
mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */ mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */ mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
void *p_async_connection_ctx; /*!< connection context for asynchronous operation callbacks */ void *p_async_connection_ctx; /*!< connection context for asynchronous operation callbacks */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
const int *sig_hashes; /*!< allowed signature hashes */ const int *sig_hashes; /*!< allowed signature hashes */
@ -1482,7 +1482,7 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
void *p_export_keys ); void *p_export_keys );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/** /**
* \brief Configure asynchronous private key operation callbacks. * \brief Configure asynchronous private key operation callbacks.
* *
@ -1514,7 +1514,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_resume_t *f_async_resume,
mbedtls_ssl_async_cancel_t *f_async_cancel, mbedtls_ssl_async_cancel_t *f_async_cancel,
void *connection_ctx ); void *connection_ctx );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/** /**
* \brief Callback type: generate a cookie * \brief Callback type: generate a cookie

4
include/mbedtls/ssl_internal.h
View file

@ -243,9 +243,9 @@ struct mbedtls_ssl_handshake_params
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
void *p_async_operation_ctx; /*!< asynchronous operation context */ void *p_async_operation_ctx; /*!< asynchronous operation context */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */

34
library/ssl_srv.c
View file

@ -2835,7 +2835,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \ #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) defined(MBEDTLS_SSL_ASYNC_PRIVATE)
static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
size_t *signature_len ) size_t *signature_len )
{ {
@ -2853,7 +2853,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && #endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */ defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
/* Prepare the ServerKeyExchange message, up to and including /* Prepare the ServerKeyExchange message, up to and including
calculating the signature if any, but excluding formatting the calculating the signature if any, but excluding formatting the
@ -3164,7 +3164,7 @@ curve_matching_done:
} }
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_sign_start != NULL ) if( ssl->conf->f_async_sign_start != NULL )
{ {
ret = ssl->conf->f_async_sign_start( ret = ssl->conf->f_async_sign_start(
@ -3186,7 +3186,7 @@ curve_matching_done:
return( ret ); return( ret );
} }
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( mbedtls_ssl_own_key( ssl ) == NULL ) if( mbedtls_ssl_own_key( ssl ) == NULL )
{ {
@ -3248,7 +3248,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \ #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/* If we have already prepared the message and there is an ongoing /* If we have already prepared the message and there is an ongoing
signature operation, resume signing. */ signature operation, resume signing. */
if( ssl->handshake->p_async_operation_ctx != NULL ) if( ssl->handshake->p_async_operation_ctx != NULL )
@ -3258,7 +3258,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
} }
else else
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && #endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) */ defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
{ {
/* ServerKeyExchange is needed. Prepare the message. */ /* ServerKeyExchange is needed. Prepare the message. */
ret = ssl_prepare_server_key_exchange( ssl, &signature_len ); ret = ssl_prepare_server_key_exchange( ssl, &signature_len );
@ -3379,7 +3379,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char *
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
unsigned char *peer_pms, unsigned char *peer_pms,
size_t *peer_pmslen, size_t *peer_pmslen,
@ -3395,7 +3395,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret ); MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret );
return( ret ); return( ret );
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
const unsigned char *p, const unsigned char *p,
@ -3409,7 +3409,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk; mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk;
size_t len = mbedtls_pk_get_len( public_key ); size_t len = mbedtls_pk_get_len( public_key );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
/* If we have already started decoding the message and there is an ongoing /* If we have already started decoding the message and there is an ongoing
decryption operation, resume signing. */ decryption operation, resume signing. */
if( ssl->handshake->p_async_operation_ctx != NULL ) if( ssl->handshake->p_async_operation_ctx != NULL )
@ -3418,7 +3418,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
return( ssl_resume_decrypt_pms( ssl, return( ssl_resume_decrypt_pms( ssl,
peer_pms, peer_pmslen, peer_pmssize ) ); peer_pms, peer_pmslen, peer_pmssize ) );
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/* /*
* Prepare to decrypt the premaster using own private RSA key * Prepare to decrypt the premaster using own private RSA key
@ -3445,7 +3445,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
/* /*
* Decrypt the premaster secret * Decrypt the premaster secret
*/ */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_decrypt_start != NULL ) if( ssl->conf->f_async_decrypt_start != NULL )
{ {
ret = ssl->conf->f_async_decrypt_start( ret = ssl->conf->f_async_decrypt_start(
@ -3470,7 +3470,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_RSA ) ) if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_RSA ) )
{ {
@ -3503,10 +3503,10 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
&peer_pmslen, &peer_pmslen,
sizeof( peer_pms ) ); sizeof( peer_pms ) );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
return( ret ); return( ret );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/* /*
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
@ -3644,7 +3644,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) && \ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \
( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ) defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) )
if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
@ -3770,7 +3770,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
{ {
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if ( ssl->handshake->p_async_operation_ctx != NULL ) if ( ssl->handshake->p_async_operation_ctx != NULL )
{ {
/* There is an asynchronous operation in progress to /* There is an asynchronous operation in progress to
@ -3782,7 +3782,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
p += ssl->conf->psk_identity_len + 2; p += ssl->conf->psk_identity_len + 2;
} }
else else
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );

8
library/ssl_tls.c
View file

@ -6478,7 +6478,7 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
} }
#endif #endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
void mbedtls_ssl_conf_async_private_cb( void mbedtls_ssl_conf_async_private_cb(
mbedtls_ssl_config *conf, mbedtls_ssl_config *conf,
mbedtls_ssl_async_sign_t *f_async_sign, mbedtls_ssl_async_sign_t *f_async_sign,
@ -6493,7 +6493,7 @@ void mbedtls_ssl_conf_async_private_cb(
conf->f_async_cancel = f_async_cancel; conf->f_async_cancel = f_async_cancel;
conf->p_async_connection_ctx = connection_ctx; conf->p_async_connection_ctx = connection_ctx;
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/* /*
* SSL get accessors * SSL get accessors
@ -7495,14 +7495,14 @@ void mbedtls_ssl_handshake_free( const mbedtls_ssl_config *conf,
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( conf->f_async_cancel != NULL && if( conf->f_async_cancel != NULL &&
handshake->p_async_operation_ctx != NULL ) handshake->p_async_operation_ctx != NULL )
{ {
conf->f_async_cancel( conf->p_async_connection_ctx, conf->f_async_cancel( conf->p_async_connection_ctx,
handshake->p_async_operation_ctx ); handshake->p_async_operation_ctx );
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
mbedtls_free( handshake->verify_cookie ); mbedtls_free( handshake->verify_cookie );

6
library/version_features.c
View file

@ -402,6 +402,9 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
"MBEDTLS_SSL_ALL_ALERT_MESSAGES", "MBEDTLS_SSL_ALL_ALERT_MESSAGES",
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
"MBEDTLS_SSL_ASYNC_PRIVATE",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_DEBUG_ALL) #if defined(MBEDTLS_SSL_DEBUG_ALL)
"MBEDTLS_SSL_DEBUG_ALL", "MBEDTLS_SSL_DEBUG_ALL",
#endif /* MBEDTLS_SSL_DEBUG_ALL */ #endif /* MBEDTLS_SSL_DEBUG_ALL */
@ -648,9 +651,6 @@ static const char *features[] = {
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
"MBEDTLS_SHA512_C", "MBEDTLS_SHA512_C",
#endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
"MBEDTLS_SSL_ASYNC_PRIVATE_C",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
"MBEDTLS_SSL_CACHE_C", "MBEDTLS_SSL_CACHE_C",
#endif /* MBEDTLS_SSL_CACHE_C */ #endif /* MBEDTLS_SSL_CACHE_C */

34
programs/ssl/ssl_server2.c
View file

@ -200,7 +200,7 @@ int main( void )
#define USAGE_IO "" #define USAGE_IO ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#define USAGE_SSL_ASYNC \ #define USAGE_SSL_ASYNC \
" async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \ " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
" async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \ " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
@ -210,7 +210,7 @@ int main( void )
" 1=start, 2=cancel, 3=resume, 4=pk, negative=first time only)" " 1=start, 2=cancel, 3=resume, 4=pk, negative=first time only)"
#else #else
#define USAGE_SSL_ASYNC "" #define USAGE_SSL_ASYNC ""
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK \ #define USAGE_PSK \
@ -862,7 +862,7 @@ static int ssl_sig_hashes_for_test[] = {
}; };
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
typedef struct typedef struct
{ {
mbedtls_x509_crt *cert; mbedtls_x509_crt *cert;
@ -1054,7 +1054,7 @@ static void ssl_async_cancel( void *connection_ctx_arg,
mbedtls_printf( "Async cancel callback.\n" ); mbedtls_printf( "Async cancel callback.\n" );
mbedtls_free( ctx ); mbedtls_free( ctx );
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/* /*
* Wait for an event from the underlying transport or the timer * Wait for an event from the underlying transport or the timer
@ -1144,9 +1144,9 @@ int main( int argc, char *argv[] )
mbedtls_x509_crt srvcert2; mbedtls_x509_crt srvcert2;
mbedtls_pk_context pkey2; mbedtls_pk_context pkey2;
int key_cert_init = 0, key_cert_init2 = 0; int key_cert_init = 0, key_cert_init2 = 0;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
ssl_async_key_context_t ssl_async_keys; ssl_async_key_context_t ssl_async_keys;
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
mbedtls_dhm_context dhm; mbedtls_dhm_context dhm;
@ -1346,7 +1346,7 @@ int main( int argc, char *argv[] )
opt.key_file2 = q; opt.key_file2 = q;
else if( strcmp( p, "dhm_file" ) == 0 ) else if( strcmp( p, "dhm_file" ) == 0 )
opt.dhm_file = q; opt.dhm_file = q;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
else if( strcmp( p, "async_operations" ) == 0 ) else if( strcmp( p, "async_operations" ) == 0 )
opt.async_operations = q; opt.async_operations = q;
else if( strcmp( p, "async_private_delay1" ) == 0 ) else if( strcmp( p, "async_private_delay1" ) == 0 )
@ -1364,7 +1364,7 @@ int main( int argc, char *argv[] )
} }
opt.async_private_error = n; opt.async_private_error = n;
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
else if( strcmp( p, "psk" ) == 0 ) else if( strcmp( p, "psk" ) == 0 )
opt.psk = q; opt.psk = q;
else if( strcmp( p, "psk_identity" ) == 0 ) else if( strcmp( p, "psk_identity" ) == 0 )
@ -2261,14 +2261,14 @@ int main( int argc, char *argv[] )
if( key_cert_init ) if( key_cert_init )
{ {
mbedtls_pk_context *pk = &pkey; mbedtls_pk_context *pk = &pkey;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay1 >= 0 ) if( opt.async_private_delay1 >= 0 )
{ {
ssl_async_set_key( &ssl_async_keys, &srvcert, pk, ssl_async_set_key( &ssl_async_keys, &srvcert, pk,
opt.async_private_delay1 ); opt.async_private_delay1 );
pk = NULL; pk = NULL;
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, pk ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, pk ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
@ -2278,14 +2278,14 @@ int main( int argc, char *argv[] )
if( key_cert_init2 ) if( key_cert_init2 )
{ {
mbedtls_pk_context *pk = &pkey2; mbedtls_pk_context *pk = &pkey2;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay2 >= 0 ) if( opt.async_private_delay2 >= 0 )
{ {
ssl_async_set_key( &ssl_async_keys, &srvcert2, pk, ssl_async_set_key( &ssl_async_keys, &srvcert2, pk,
opt.async_private_delay2 ); opt.async_private_delay2 );
pk = NULL; pk = NULL;
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, pk ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, pk ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
@ -2293,7 +2293,7 @@ int main( int argc, char *argv[] )
} }
} }
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_operations[0] != '-' ) if( opt.async_operations[0] != '-' )
{ {
mbedtls_ssl_async_sign_t *sign = NULL; mbedtls_ssl_async_sign_t *sign = NULL;
@ -2323,7 +2323,7 @@ int main( int argc, char *argv[] )
ssl_async_cancel, ssl_async_cancel,
&ssl_async_keys ); &ssl_async_keys );
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(SNI_OPTION) #if defined(SNI_OPTION)
@ -2500,14 +2500,14 @@ handshake:
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{ {
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS && if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL ) ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL )
{ {
mbedtls_printf( " cancelling on injected error\n" ); mbedtls_printf( " cancelling on injected error\n" );
break; break;
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE_C */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@ -2549,7 +2549,7 @@ handshake:
} }
#endif #endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_error < 0 ) if( opt.async_private_error < 0 )
/* Injected error only the first time round, to test reset */ /* Injected error only the first time round, to test reset */
ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE; ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE;

48
tests/ssl-opt.sh
View file

@ -4069,7 +4069,7 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \
# Tests of asynchronous private key support in SSL # Tests of asynchronous private key support in SSL
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: sign, delay=0" \ run_test "SSL async private: sign, delay=0" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=0 async_private_delay2=0" \ async_operations=s async_private_delay1=0 async_private_delay2=0" \
@ -4078,7 +4078,7 @@ run_test "SSL async private: sign, delay=0" \
-s "Async sign callback: using key slot " \ -s "Async sign callback: using key slot " \
-s "Async resume (slot [0-9]): sign done, status=0" -s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: sign, delay=1" \ run_test "SSL async private: sign, delay=1" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1" \ async_operations=s async_private_delay1=1 async_private_delay2=1" \
@ -4088,7 +4088,7 @@ run_test "SSL async private: sign, delay=1" \
-s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): call 0 more times." \
-s "Async resume (slot [0-9]): sign done, status=0" -s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt, delay=0" \ run_test "SSL async private: decrypt, delay=0" \
"$P_SRV \ "$P_SRV \
async_operations=d async_private_delay1=0 async_private_delay2=0" \ async_operations=d async_private_delay1=0 async_private_delay2=0" \
@ -4097,7 +4097,7 @@ run_test "SSL async private: decrypt, delay=0" \
-s "Async decrypt callback: using key slot " \ -s "Async decrypt callback: using key slot " \
-s "Async resume (slot [0-9]): decrypt done, status=0" -s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt, delay=1" \ run_test "SSL async private: decrypt, delay=1" \
"$P_SRV \ "$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \ async_operations=d async_private_delay1=1 async_private_delay2=1" \
@ -4107,7 +4107,7 @@ run_test "SSL async private: decrypt, delay=1" \
-s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): call 0 more times." \
-s "Async resume (slot [0-9]): decrypt done, status=0" -s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt RSA-PSK, delay=0" \ run_test "SSL async private: decrypt RSA-PSK, delay=0" \
"$P_SRV psk=abc123 \ "$P_SRV psk=abc123 \
async_operations=d async_private_delay1=0 async_private_delay2=0" \ async_operations=d async_private_delay1=0 async_private_delay2=0" \
@ -4117,7 +4117,7 @@ run_test "SSL async private: decrypt RSA-PSK, delay=0" \
-s "Async decrypt callback: using key slot " \ -s "Async decrypt callback: using key slot " \
-s "Async resume (slot [0-9]): decrypt done, status=0" -s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt RSA-PSK, delay=1" \ run_test "SSL async private: decrypt RSA-PSK, delay=1" \
"$P_SRV psk=abc123 \ "$P_SRV psk=abc123 \
async_operations=d async_private_delay1=1 async_private_delay2=1" \ async_operations=d async_private_delay1=1 async_private_delay2=1" \
@ -4128,7 +4128,7 @@ run_test "SSL async private: decrypt RSA-PSK, delay=1" \
-s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): call 0 more times." \
-s "Async resume (slot [0-9]): decrypt done, status=0" -s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: sign callback not present" \ run_test "SSL async private: sign callback not present" \
"$P_SRV \ "$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \ async_operations=d async_private_delay1=1 async_private_delay2=1" \
@ -4141,7 +4141,7 @@ run_test "SSL async private: sign callback not present" \
-s "Async resume (slot [0-9]): decrypt done, status=0" \ -s "Async resume (slot [0-9]): decrypt done, status=0" \
-s "Successful connection" -s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt callback not present" \ run_test "SSL async private: decrypt callback not present" \
"$P_SRV debug_level=1 \ "$P_SRV debug_level=1 \
async_operations=s async_private_delay1=1 async_private_delay2=1" \ async_operations=s async_private_delay1=1 async_private_delay2=1" \
@ -4155,7 +4155,7 @@ run_test "SSL async private: decrypt callback not present" \
-s "Successful connection" -s "Successful connection"
# key1: ECDSA, key2: RSA; use key1 from slot 0 # key1: ECDSA, key2: RSA; use key1 from slot 0
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: slot 0 used with key1" \ run_test "SSL async private: slot 0 used with key1" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 \ async_operations=s async_private_delay1=1 \
@ -4168,7 +4168,7 @@ run_test "SSL async private: slot 0 used with key1" \
-s "Async resume (slot 0): sign done, status=0" -s "Async resume (slot 0): sign done, status=0"
# key1: ECDSA, key2: RSA; use key2 from slot 0 # key1: ECDSA, key2: RSA; use key2 from slot 0
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: slot 0 used with key2" \ run_test "SSL async private: slot 0 used with key2" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay2=1 \ async_operations=s async_private_delay2=1 \
@ -4181,7 +4181,7 @@ run_test "SSL async private: slot 0 used with key2" \
-s "Async resume (slot 0): sign done, status=0" -s "Async resume (slot 0): sign done, status=0"
# key1: ECDSA, key2: RSA; use key2 from slot 1 # key1: ECDSA, key2: RSA; use key2 from slot 1
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: slot 1 used" \ run_test "SSL async private: slot 1 used" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1\ async_operations=s async_private_delay1=1 async_private_delay2=1\
@ -4194,7 +4194,7 @@ run_test "SSL async private: slot 1 used" \
-s "Async resume (slot 1): sign done, status=0" -s "Async resume (slot 1): sign done, status=0"
# key1: ECDSA, key2: RSA; use key2 directly # key1: ECDSA, key2: RSA; use key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: fall back to transparent key" \ run_test "SSL async private: fall back to transparent key" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 \ async_operations=s async_private_delay1=1 \
@ -4204,7 +4204,7 @@ run_test "SSL async private: fall back to transparent key" \
0 \ 0 \
-s "Async sign callback: no key matches this certificate." -s "Async sign callback: no key matches this certificate."
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in start" \ run_test "SSL async private: error in start" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \ async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4215,7 +4215,7 @@ run_test "SSL async private: error in start" \
-S "Async resume" \ -S "Async resume" \
-s "! mbedtls_ssl_handshake returned" -s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: cancel after start" \ run_test "SSL async private: cancel after start" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \ async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4226,7 +4226,7 @@ run_test "SSL async private: cancel after start" \
-S "Async resume" \ -S "Async resume" \
-s "Async cancel" -s "Async cancel"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in resume" \ run_test "SSL async private: error in resume" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \ async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4237,7 +4237,7 @@ run_test "SSL async private: error in resume" \
-s "Async resume callback: injected error" \ -s "Async resume callback: injected error" \
-s "! mbedtls_ssl_handshake returned" -s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in pk" \ run_test "SSL async private: error in pk" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \ async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4248,7 +4248,7 @@ run_test "SSL async private: error in pk" \
-s "Async resume callback: sign done but injected error" \ -s "Async resume callback: sign done but injected error" \
-s "! mbedtls_ssl_handshake returned" -s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: cancel after start then operate correctly" \ run_test "SSL async private: cancel after start then operate correctly" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \ async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4260,7 +4260,7 @@ run_test "SSL async private: cancel after start then operate correctly" \
-s "Async resume" \ -s "Async resume" \
-s "Successful connection" -s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in resume then operate correctly" \ run_test "SSL async private: error in resume then operate correctly" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \ async_operations=s async_private_delay1=1 async_private_delay2=1 \
@ -4272,7 +4272,7 @@ run_test "SSL async private: error in resume then operate correctly" \
-s "Successful connection" -s "Successful connection"
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: cancel after start then fall back to transparent key" \ run_test "SSL async private: cancel after start then fall back to transparent key" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-2 \ async_operations=s async_private_delay1=1 async_private_error=-2 \
@ -4289,7 +4289,7 @@ run_test "SSL async private: cancel after start then fall back to transparent
-s "Successful connection" -s "Successful connection"
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: error in resume then fall back to transparent key" \ run_test "SSL async private: error in resume then fall back to transparent key" \
"$P_SRV \ "$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-3 \ async_operations=s async_private_delay1=1 async_private_error=-3 \
@ -4304,7 +4304,7 @@ run_test "SSL async private: error in resume then fall back to transparent ke
-s "Async sign callback: no key matches this certificate." \ -s "Async sign callback: no key matches this certificate." \
-s "Successful connection" -s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "SSL async private: renegotiation: client-initiated; sign" \ run_test "SSL async private: renegotiation: client-initiated; sign" \
"$P_SRV \ "$P_SRV \
@ -4315,7 +4315,7 @@ run_test "SSL async private: renegotiation: client-initiated; sign" \
-s "Async sign callback: using key slot " \ -s "Async sign callback: using key slot " \
-s "Async resume (slot [0-9]): sign done, status=0" -s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "SSL async private: renegotiation: server-initiated; sign" \ run_test "SSL async private: renegotiation: server-initiated; sign" \
"$P_SRV \ "$P_SRV \
@ -4326,7 +4326,7 @@ run_test "SSL async private: renegotiation: server-initiated; sign" \
-s "Async sign callback: using key slot " \ -s "Async sign callback: using key slot " \
-s "Async resume (slot [0-9]): sign done, status=0" -s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "SSL async private: renegotiation: client-initiated; decrypt" \ run_test "SSL async private: renegotiation: client-initiated; decrypt" \
"$P_SRV \ "$P_SRV \
@ -4338,7 +4338,7 @@ run_test "SSL async private: renegotiation: client-initiated; decrypt" \
-s "Async decrypt callback: using key slot " \ -s "Async decrypt callback: using key slot " \
-s "Async resume (slot [0-9]): decrypt done, status=0" -s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
run_test "SSL async private: renegotiation: server-initiated; decrypt" \ run_test "SSL async private: renegotiation: server-initiated; decrypt" \
"$P_SRV \ "$P_SRV \