Change hardcoded error values in ssl-opt to take in the PSA error alias
ssl-opt checks for specific error code values in the output, but as
MBEDTLS_ERR_ECP_IN_PROGRESS is becoming an alias of PSA_OPERATION_INCOMPLETE
then this hardcoded value will change.
Therefore allow the result to be either the old mbedtls error, or the new PSA
error, as not to break the CI.
Signed-off-by: Felix Conway <felix.conway@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index cd1cae0..6eefd95 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9412,10 +9412,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1" \
0 \
- -C "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
+ -C "x509_verify_cert.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_sign.*\(4b00\|-248\)"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -9425,10 +9425,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=0" \
0 \
- -C "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
+ -C "x509_verify_cert.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_sign.*\(4b00\|-248\)"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
@@ -9438,10 +9438,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=65535" \
0 \
- -C "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
+ -C "x509_verify_cert.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_sign.*\(4b00\|-248\)"
# The following test cases for restartable ECDH come in two variants:
# * The "(USE_PSA)" variant expects the current behavior, which is the behavior
@@ -9466,10 +9466,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00"
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_sign.*\(4b00\|-248\)"
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
@@ -9481,10 +9481,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00"
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_sign.*\(4b00\|-248\)"
# This works the same with & without USE_PSA as we never get to ECDH:
# we abort as soon as we determined the cert is bad.
@@ -9498,10 +9498,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000" \
1 \
- -c "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00" \
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_sign.*\(4b00\|-248\)" \
-c "! The certificate is not correctly signed by the trusted CA" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
@@ -9518,10 +9518,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=optional" \
0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00" \
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
-c "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
@@ -9538,10 +9538,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=optional" \
0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00" \
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
-c "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
@@ -9558,10 +9558,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=none" \
0 \
- -C "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00" \
+ -C "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
-C "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
@@ -9578,10 +9578,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=none" \
0 \
- -C "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00" \
+ -C "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
-C "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
@@ -9596,10 +9596,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00"
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_sign.*\(4b00\|-248\)"
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
@@ -9611,10 +9611,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -c "mbedtls_pk_sign.*4b00"
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_sign.*\(4b00\|-248\)"
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
@@ -9625,10 +9625,10 @@
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
debug_level=1 ec_max_ops=1000" \
0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -c "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_sign.*\(4b00\|-248\)"
# With USE_PSA enabled we expect only partial restartable behaviour:
@@ -9640,10 +9640,10 @@
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
debug_level=1 ec_max_ops=1000" \
0 \
- -c "x509_verify_cert.*4b00" \
- -c "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
+ -c "x509_verify_cert.*\(4b00\|-248\)" \
+ -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_sign.*\(4b00\|-248\)"
# Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no
# restartable behaviour at all (not even client auth).
@@ -9657,10 +9657,10 @@
key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
- -C "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00"
+ -C "x509_verify_cert.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
+ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
+ -C "mbedtls_pk_sign.*\(4b00\|-248\)"
# Tests of asynchronous private key support in SSL