From cd05f0b9e5e656af26e2d54477ef2b4f766f5174 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 3 May 2022 10:28:37 +0200 Subject: [PATCH] Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected Signed-off-by: Neil Armstrong --- library/ssl_tls12_client.c | 31 ++++------- library/ssl_tls12_server.c | 19 ++----- tests/ssl-opt.sh | 102 ------------------------------------- 3 files changed, 13 insertions(+), 139 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 0d2bd0e96f..e15444218d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -3046,11 +3046,6 @@ ecdh_calc_secret: /* Write the ECDH computation length before the ECDH computation */ MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 ); pms += zlen_size + zlen; - - /* In case of opaque psk skip writting psk to pms. - * Opaque key will be handled later. */ - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "skip PMS generation for opaque ECDHE-PSK" ) ); } else #endif /* MBEDTLS_USE_PSA_CRYPTO && @@ -3164,26 +3159,18 @@ ecdh_calc_secret: #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "skip PMS generation for opaque PSK" ) ); - } - else - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "skip PMS generation for opaque RSA-PSK" ) ); - } - else + if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK && + ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK ) #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, - "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); + if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, + ciphersuite_info->key_exchange ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_psk_derive_premaster", ret ); + return( ret ); + } } } else diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index f7cceedb9f..0c8f0f5ee1 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3983,18 +3983,14 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* For opaque PSKs, we perform the PSK-to-MS derivation automatically - * and skip the intermediate PMS. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) ); -#else +#if !defined(MBEDTLS_USE_PSA_CRYPTO) if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); return( ret ); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ @@ -4026,18 +4022,14 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( ret ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* For opaque PSKs, we perform the PSK-to-MS derivation automatically - * and skip the intermediate PMS. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque RSA-PSK" ) ); -#else +#if !defined(MBEDTLS_USE_PSA_CRYPTO) if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); return( ret ); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ @@ -4147,9 +4139,6 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 ); psm += zlen_size + zlen; - /* In case of opaque psk skip writting psk to pms. - * Opaque key will be handled later. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque ECDHE-PSK" ) ); #else /* MBEDTLS_USE_PSA_CRYPTO */ if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) { diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index dcee5df609..64d1aac64b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6399,8 +6399,6 @@ run_test "PSK callback: opaque psk on client, no callback" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque PSK"\ - -S "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6414,8 +6412,6 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque PSK"\ - -S "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6429,8 +6425,6 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque PSK"\ - -S "skip PMS generation for opaque PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6444,8 +6438,6 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque PSK"\ - -S "skip PMS generation for opaque PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6459,8 +6451,6 @@ run_test "PSK callback: opaque rsa-psk on client, no callback" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque RSA-PSK"\ - -S "skip PMS generation for opaque RSA-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6474,8 +6464,6 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque RSA-PSK"\ - -S "skip PMS generation for opaque RSA-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6489,8 +6477,6 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque RSA-PSK"\ - -S "skip PMS generation for opaque RSA-PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6504,8 +6490,6 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque RSA-PSK"\ - -S "skip PMS generation for opaque RSA-PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6519,8 +6503,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque ECDHE-PSK"\ - -S "skip PMS generation for opaque ECDHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6534,8 +6516,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque ECDHE-PSK"\ - -S "skip PMS generation for opaque ECDHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6549,8 +6529,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque ECDHE-PSK"\ - -S "skip PMS generation for opaque ECDHE-PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6564,8 +6542,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque ECDHE-PSK"\ - -S "skip PMS generation for opaque ECDHE-PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6579,8 +6555,6 @@ run_test "PSK callback: opaque dhe-psk on client, no callback" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque DHE-PSK"\ - -S "skip PMS generation for opaque DHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6594,8 +6568,6 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque DHE-PSK"\ - -S "skip PMS generation for opaque DHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6609,8 +6581,6 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque DHE-PSK"\ - -S "skip PMS generation for opaque DHE-PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6624,8 +6594,6 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123 psk_opaque=1" \ 0 \ - -c "skip PMS generation for opaque DHE-PSK"\ - -S "skip PMS generation for opaque DHE-PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6639,8 +6607,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123" \ 0 \ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6654,8 +6620,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123" \ 0 \ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6672,8 +6636,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6688,8 +6650,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6701,8 +6661,6 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123" \ 0 \ - -C "skip PMS generation for opaque RSA-PSK"\ - -s "skip PMS generation for opaque RSA-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6716,8 +6674,6 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123" \ 0 \ - -C "skip PMS generation for opaque RSA-PSK"\ - -s "skip PMS generation for opaque RSA-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6734,8 +6690,6 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque RSA-PSK"\ - -s "skip PMS generation for opaque RSA-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6750,8 +6704,6 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque RSA-PSK"\ - -s "skip PMS generation for opaque RSA-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6763,8 +6715,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123" \ 0 \ - -C "skip PMS generation for opaque ECDHE-PSK"\ - -s "skip PMS generation for opaque ECDHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6778,8 +6728,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123" \ 0 \ - -C "skip PMS generation for opaque ECDHE-PSK"\ - -s "skip PMS generation for opaque ECDHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6796,8 +6744,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque ECDHE-PSK"\ - -s "skip PMS generation for opaque ECDHE-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6812,8 +6758,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque ECDHE-PSK"\ - -s "skip PMS generation for opaque ECDHE-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6825,8 +6769,6 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123" \ 0 \ - -C "skip PMS generation for opaque DHE-PSK"\ - -s "skip PMS generation for opaque DHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6840,8 +6782,6 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=foo psk=abc123" \ 0 \ - -C "skip PMS generation for opaque DHE-PSK"\ - -s "skip PMS generation for opaque DHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6858,8 +6798,6 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque DHE-PSK"\ - -s "skip PMS generation for opaque DHE-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6874,8 +6812,6 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque DHE-PSK"\ - -s "skip PMS generation for opaque DHE-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6887,8 +6823,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6902,8 +6836,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6920,8 +6852,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6936,8 +6866,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6949,8 +6877,6 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque RSA-PSK"\ - -s "skip PMS generation for opaque RSA-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6964,8 +6890,6 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque RSA-PSK"\ - -s "skip PMS generation for opaque RSA-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -6982,8 +6906,6 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque RSA-PSK"\ - -s "skip PMS generation for opaque RSA-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -6998,8 +6920,6 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque RSA-PSK"\ - -s "skip PMS generation for opaque RSA-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -7011,8 +6931,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque ECDHE-PSK"\ - -s "skip PMS generation for opaque ECDHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -7026,8 +6944,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque ECDHE-PSK"\ - -s "skip PMS generation for opaque ECDHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -7044,8 +6960,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque ECDHE-PSK"\ - -s "skip PMS generation for opaque ECDHE-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -7060,8 +6974,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque ECDHE-PSK"\ - -s "skip PMS generation for opaque ECDHE-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -7073,8 +6985,6 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque DHE-PSK"\ - -s "skip PMS generation for opaque DHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -7088,8 +6998,6 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque DHE-PSK"\ - -s "skip PMS generation for opaque DHE-PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -7106,8 +7014,6 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque DHE-PSK"\ - -s "skip PMS generation for opaque DHE-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -7122,8 +7028,6 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -C "skip PMS generation for opaque DHE-PSK"\ - -s "skip PMS generation for opaque DHE-PSK"\ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -7135,8 +7039,6 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -7150,8 +7052,6 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque PSK"\ - -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -7165,7 +7065,6 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \ @@ -7179,7 +7078,6 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -C "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ -S "SSL - The handshake negotiation failed" \