Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED

SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2022-10-12 10:17:25 -04:00
parent 2d637c4cbb
commit 6ee1e20d7f
2 changed files with 43 additions and 62 deletions

View file

@ -120,7 +120,7 @@ int main( void )
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n" #define GET_REQUEST_END "\r\n\r\n"
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#define USAGE_CONTEXT_CRT_CB \ #define USAGE_CONTEXT_CRT_CB \
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \ " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
" to the SSL configuration of the SSL context.\n" \ " to the SSL configuration of the SSL context.\n" \
@ -129,8 +129,8 @@ int main( void )
" - 1: Use CRT callback bound to SSL context\n" " - 1: Use CRT callback bound to SSL context\n"
#else #else
#define USAGE_CONTEXT_CRT_CB "" #define USAGE_CONTEXT_CRT_CB ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
#define USAGE_IO \ #define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
@ -148,10 +148,10 @@ int main( void )
#define USAGE_IO \ #define USAGE_IO \
" No file operations available (MBEDTLS_FS_IO not defined)\n" " No file operations available (MBEDTLS_FS_IO not defined)\n"
#endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_FS_IO */
#else /* MBEDTLS_X509_CRT_PARSE_C */ #else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#define USAGE_IO "" #define USAGE_IO ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#define USAGE_KEY_OPAQUE \ #define USAGE_KEY_OPAQUE \
" key_opaque=%%d Handle your private key as if it were opaque\n" \ " key_opaque=%%d Handle your private key as if it were opaque\n" \
" default: 0 (disabled)\n" " default: 0 (disabled)\n"
@ -768,9 +768,6 @@ int main( int argc, char *argv[] )
psa_status_t status; psa_status_t status;
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
rng_context_t rng; rng_context_t rng;
mbedtls_ssl_context ssl; mbedtls_ssl_context ssl;
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
@ -780,17 +777,16 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context timer; mbedtls_timing_delay_context timer;
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
uint32_t flags; uint32_t flags;
#endif
mbedtls_x509_crt cacert; mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert; mbedtls_x509_crt clicert;
mbedtls_pk_context pkey; mbedtls_pk_context pkey;
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
#endif #endif
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
char *p, *q; char *p, *q;
const int *list; const int *list;
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
@ -831,7 +827,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
rng_init( &rng ); rng_init( &rng );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert ); mbedtls_x509_crt_init( &clicert );
mbedtls_pk_init( &pkey ); mbedtls_pk_init( &pkey );
@ -1031,7 +1027,7 @@ int main( int argc, char *argv[] )
opt.key_file = q; opt.key_file = q;
else if( strcmp( p, "key_pwd" ) == 0 ) else if( strcmp( p, "key_pwd" ) == 0 )
opt.key_pwd = q; opt.key_pwd = q;
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
else if( strcmp( p, "key_opaque" ) == 0 ) else if( strcmp( p, "key_opaque" ) == 0 )
opt.key_opaque = atoi( q ); opt.key_opaque = atoi( q );
#endif #endif
@ -1709,7 +1705,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* /*
* 1.1. Load the trusted CA * 1.1. Load the trusted CA
*/ */
@ -1831,7 +1827,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( " ok (key type: %s)\n", mbedtls_printf( " ok (key type: %s)\n",
strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ? strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
mbedtls_pk_get_name( &pkey ) : "none" ); mbedtls_pk_get_name( &pkey ) : "none" );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/* /*
* 2. Setup stuff * 2. Setup stuff
@ -1849,7 +1845,6 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* The default algorithms profile disables SHA-1, but our tests still /* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. */ rely on it heavily. */
@ -1864,7 +1859,6 @@ int main( int argc, char *argv[] )
memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 ) if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
@ -2001,7 +1995,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation ); mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( strcmp( opt.ca_path, "none" ) != 0 && if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 ) strcmp( opt.ca_file, "none" ) != 0 )
{ {
@ -2022,7 +2016,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
if( opt.curves != NULL && if( opt.curves != NULL &&
@ -2110,7 +2104,7 @@ int main( int argc, char *argv[] )
} }
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
@ -2133,11 +2127,10 @@ int main( int argc, char *argv[] )
} }
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( opt.context_crt_cb == 1 ) if( opt.context_crt_cb == 1 )
mbedtls_ssl_set_verify( &ssl, my_verify, NULL ); mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
io_ctx.ssl = &ssl; io_ctx.ssl = &ssl;
io_ctx.net = &server_fd; io_ctx.net = &server_fd;
@ -2458,8 +2451,7 @@ int main( int argc, char *argv[] )
} }
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* /*
* 5. Verify the server certificate * 5. Verify the server certificate
*/ */
@ -2482,7 +2474,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Peer certificate information ...\n" ); mbedtls_printf( " . Peer certificate information ...\n" );
mbedtls_printf( "%s\n", peer_crt_info ); mbedtls_printf( "%s\n", peer_crt_info );
#endif /* !MBEDTLS_X509_REMOVE_INFO */ #endif /* !MBEDTLS_X509_REMOVE_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ret = report_cid_usage( &ssl, "initial handshake" ); ret = report_cid_usage( &ssl, "initial handshake" );
@ -2857,10 +2849,9 @@ send_request:
mbedtls_printf( " . Restarting connection from same port..." ); mbedtls_printf( " . Restarting connection from same port..." );
fflush( stdout ); fflush( stdout );
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{ {
@ -3094,10 +3085,9 @@ reconnect:
mbedtls_printf( " . Reconnecting with saved session..." ); mbedtls_printf( " . Reconnecting with saved session..." );
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{ {
@ -3201,14 +3191,14 @@ exit:
mbedtls_free( context_buf ); mbedtls_free( context_buf );
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &clicert );
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &cacert );
mbedtls_pk_free( &pkey ); mbedtls_pk_free( &pkey );
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key( key_slot ); psa_destroy_key( key_slot );
#endif #endif
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO) defined(MBEDTLS_USE_PSA_CRYPTO)

View file

@ -175,7 +175,7 @@ int main( void )
*/ */
#define DFL_IO_BUF_LEN 200 #define DFL_IO_BUF_LEN 200
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
#define USAGE_IO \ #define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
@ -206,8 +206,8 @@ int main( void )
#endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_FS_IO */
#else #else
#define USAGE_IO "" #define USAGE_IO ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#define USAGE_KEY_OPAQUE \ #define USAGE_KEY_OPAQUE \
" key_opaque=%%d Handle your private keys as if they were opaque\n" \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \
" default: 0 (disabled)\n" " default: 0 (disabled)\n"
@ -1444,10 +1444,6 @@ int main( int argc, char *argv[] )
mbedtls_ssl_cookie_ctx cookie_ctx; mbedtls_ssl_cookie_ctx cookie_ctx;
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
mbedtls_ssl_context ssl; mbedtls_ssl_context ssl;
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
@ -1456,13 +1452,14 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned char renego_period[8] = { 0 }; unsigned char renego_period[8] = { 0 };
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
uint32_t flags; uint32_t flags;
mbedtls_x509_crt cacert; mbedtls_x509_crt cacert;
mbedtls_x509_crt srvcert; mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey; mbedtls_pk_context pkey;
mbedtls_x509_crt srvcert2; mbedtls_x509_crt srvcert2;
mbedtls_pk_context pkey2; mbedtls_pk_context pkey2;
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
@ -1471,7 +1468,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
ssl_async_key_context_t ssl_async_keys; ssl_async_key_context_t ssl_async_keys;
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
mbedtls_dhm_context dhm; mbedtls_dhm_context dhm;
#endif #endif
@ -1553,7 +1550,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
rng_init( &rng ); rng_init( &rng );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &srvcert ); mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey ); mbedtls_pk_init( &pkey );
@ -1782,7 +1779,7 @@ int main( int argc, char *argv[] )
opt.key_file = q; opt.key_file = q;
else if( strcmp( p, "key_pwd" ) == 0 ) else if( strcmp( p, "key_pwd" ) == 0 )
opt.key_pwd = q; opt.key_pwd = q;
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
else if( strcmp( p, "key_opaque" ) == 0 ) else if( strcmp( p, "key_opaque" ) == 0 )
opt.key_opaque = atoi( q ); opt.key_opaque = atoi( q );
#endif #endif
@ -2586,7 +2583,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* /*
* 1.1. Load the trusted CA * 1.1. Load the trusted CA
*/ */
@ -2794,7 +2791,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( " ok (key types: %s, %s)\n", mbedtls_printf( " ok (key types: %s, %s)\n",
key_cert_init ? mbedtls_pk_get_name( &pkey ) : "none", key_cert_init ? mbedtls_pk_get_name( &pkey ) : "none",
key_cert_init2 ? mbedtls_pk_get_name( &pkey2 ) : "none" ); key_cert_init2 ? mbedtls_pk_get_name( &pkey2 ) : "none" );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
if( opt.dhm_file != NULL ) if( opt.dhm_file != NULL )
@ -2844,7 +2841,6 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* The default algorithms profile disables SHA-1, but our tests still /* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. Hence we allow it here. A real-world server rely on it heavily. Hence we allow it here. A real-world server
@ -2856,7 +2852,6 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test ); mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
} }
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
if( opt.auth_mode != DFL_AUTH_MODE ) if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode ); mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
@ -2864,15 +2859,13 @@ int main( int argc, char *argv[] )
if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST ) if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list ); mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
/* exercise setting DN hints for server certificate request /* exercise setting DN hints for server certificate request
* (Intended for use where the client cert expected has been signed by * (Intended for use where the client cert expected has been signed by
* a specific CA which is an intermediate in a CA chain, not the root) */ * a specific CA which is an intermediate in a CA chain, not the root) */
if( opt.cert_req_dn_hint == 2 && key_cert_init2 ) if( opt.cert_req_dn_hint == 2 && key_cert_init2 )
mbedtls_ssl_conf_dn_hints( &conf, &srvcert2 ); mbedtls_ssl_conf_dn_hints( &conf, &srvcert2 );
#endif #endif
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
@ -3109,7 +3102,7 @@ int main( int argc, char *argv[] )
} }
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( strcmp( opt.ca_path, "none" ) != 0 && if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 ) strcmp( opt.ca_file, "none" ) != 0 )
{ {
@ -3198,7 +3191,7 @@ int main( int argc, char *argv[] )
&ssl_async_keys ); &ssl_async_keys );
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(SNI_OPTION) #if defined(SNI_OPTION)
if( opt.sni != NULL ) if( opt.sni != NULL )
@ -3492,9 +3485,8 @@ reset:
} }
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* exercise setting DN hints for server certificate request /* exercise setting DN hints for server certificate request
* (Intended for use where the client cert expected has been signed by * (Intended for use where the client cert expected has been signed by
* a specific CA which is an intermediate in a CA chain, not the root) * a specific CA which is an intermediate in a CA chain, not the root)
@ -3503,7 +3495,6 @@ reset:
if( opt.cert_req_dn_hint == 3 && key_cert_init2 ) if( opt.cert_req_dn_hint == 3 && key_cert_init2 )
mbedtls_ssl_set_hs_dn_hints( &ssl, &srvcert2 ); mbedtls_ssl_set_hs_dn_hints( &ssl, &srvcert2 );
#endif #endif
#endif
#endif #endif
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
@ -3552,7 +3543,7 @@ handshake:
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
{ {
char vrfy_buf[512]; char vrfy_buf[512];
@ -3607,7 +3598,7 @@ handshake:
} }
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/* /*
* 5. Verify the client certificate * 5. Verify the client certificate
*/ */
@ -3636,7 +3627,7 @@ handshake:
mbedtls_printf( "%s\n", crt_buf ); mbedtls_printf( "%s\n", crt_buf );
} }
#endif /* MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_X509_REMOVE_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
if( opt.eap_tls != 0 ) if( opt.eap_tls != 0 )
{ {
@ -4330,7 +4321,7 @@ exit:
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret ); mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crt_free( &srvcert ); mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey ); mbedtls_pk_free( &pkey );