The race goes this way:
1. ssl_recv() succeeds (ie no signal received yet)
2. processing the message leads to aborting handshake with ret != 0
3. reset ret if we were signaled
4. print error if ret is still non-zero
5. go back to net_accept() which can be interrupted by a signal
We print the error message only if the signal is received between steps 3 and
5, not when it arrives between steps 1 and 3.
This can cause failures in ssl-opt.sh where we check for the presence of "Last
error was..." in the server's output: if we perform step 2, the client will be
notified and exit, then ssl-opt.sh will send SIGTERM to the server, but if it
didn't get a chance to run and pass step 3 in the meantime, we're in trouble.
The purpose of step 3 was to avoid spurious "Last error" messages in the
output so that ssl-opt.sh can check for a successful run by the absence of
that message. However, it is enough to suppress that message when the last
error we get is the one we expect from being interrupted by a signal - doing
more could hide real errors.
Also, improve the messages printed when interrupted to make it easier to
distinguish the two cases - this could be used in a testing script wanted to
check that the server doesn't see the client as disconnecting unexpectedly.
Change function in tests named mbedtls_entropy_func to
mbedtls_test_entropy_func to avoid getting error from the linker when
calling the mbedtls_entropy_func elsewhere.
This commit allows users to provide alternative implementations of the
ECJPAKE interface through the configuration option MBEDTLS_ECJPAKE_ALT.
When set, the user must add `ecjpake_alt.h` declaring the same
interface as `ecjpake.h`, as well as add some compilation unit which
implements the functionality. This is in line with the preexisting
support for alternative implementations of other modules.
Remove the copyright block from the Doxygen comments, to clean up the
detailed description in the generated Doxygen output. Also, add \file and
\brief tags to all headers in doxygen/input.
Use the updated names for the new functions (xxx_ret instead of xxx_ext).
List the new deprecations in the appropriate sections.
Credit the independent report of the misuse of zeroizing to reset a
hash context in entropy.c.
New macro MBEDTLS_PK_OPAQUE_INFO_1 to initialize mbedtls_pk_info_t structures.
Document that this macro must be used in engine implementations for forward
compatibility. Use this macro rather than accessing the structure directly
in tests and in the sample engine to set a good example.
New functions to write a representation of an elliptic curve group and
point according to X9.62 and RFC5480: ECParameters as OID and ECPoint
as octet string.
Change the documentation of mbedtls_pk_rsa and mbedtls_pk_ec to
require that mbedtls_pk_get_type returns a corresponding transparent
key time.
Change the implementation of mbedtls_pk_rsa and mbedtls_pk_ec to
return NULL if called with an argument that is not suitable, rather
than returning an invalid pointer.
Add a new key pair object type: MBEDTLS_PK_OPAQUE, intended for
implementations of asymmetric cryptography operations that call an
external cryptographic module.
External cryptographic module engines must implement the API described
by a mbedtls_pk_info_t structure and, usually, a custom setup function.
Document the fields of the mbedtls_pk_info_t structure and the
requirements on a PK engine. Also document non-obvious aspects of the
behavior of the pk interface functions on opaque keys.
Change the interface of check_pair_func to take a pointer to a full
mbedtls_pk_context as its pub argument, and not just the data part of
the context. This is necessary because when prv is opaque, pub may
legitimately be of a different type (typically prv would be opaque and
pub would be transparent).
This is in preparation to adding support for opaque keys in the pk layer. The
header files are for use as follows:
* pk.h for users of the pk interface.
* pk_info.h for implementers of opaque key engines.
* pk_internal.h only inside libmbedcrypto to implement built-in pk types.
Expose a function mbedtls_pk_signature_size to calculate the maximum
size of a signature made with a given key. Document that this is the
buffer size that mbedtls_pk_sign requires.
Add a corresponding field signature_size_func to the mbedtls_pk_info
structure.
