eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'development' into iotssl-1941-aria-ciphersuites

Browse source 
* development: (504 commits)
  Fix minor code style issues
  Add the uodate to the soversion to the ChangeLog
  Fix the ChangeLog for clarity, english and credit
  Update version to 2.9.0
  ecp: Fix binary compatibility with group ID
  Changelog entry
  Change accepted ciphersuite versions when parsing server hello
  Remove preprocessor directives around platform_util.h include
  Fix style for mbedtls_mpi_zeroize()
  Improve mbedtls_platform_zeroize() docs
  mbedtls_zeroize -> mbedtls_platform_zeroize in docs
  Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT
  Organize CMakeLists targets in alphabetical order
  Organize output objs in alfabetical order in Makefile
  Regenerate errors after ecp.h updates
  Update ecp.h
  Change variable bytes_written to header_bytes in record decompression
  Update ecp.h
  Update ecp.h
  Update ecp.h
  ...
This commit is contained in:
Manuel Pégourié-Gonnard 2018-05-22 15:58:50 +02:00
commit a3712beb9b
204 changed files with 7933 additions and 4006 deletions
Download patch file Download diff file Expand all files Collapse all files

1
programs/.gitignore vendored
View file

@ -47,6 +47,7 @@ test/ecp-bench
test/selftest
test/ssl_cert_test
test/udp_proxy
test/zeroize
util/pem2der
util/strerror
x509/cert_app

7
programs/Makefile
View file

@ -35,7 +35,7 @@ ifdef SHARED
SHARED_SUFFIX=.$(DLEXT)
endif
else
DLEXT=so
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
endif
@ -67,6 +67,7 @@ APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \
test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \
util/pem2der$(EXEXT) util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \
@ -249,6 +250,10 @@ test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP)
echo " CC test/udp_proxy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/zeroize$(EXEXT): test/zeroize.c $(DEP)
echo " CC test/zeroize.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
util/pem2der$(EXEXT): util/pem2der.c $(DEP)
echo " CC util/pem2der.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

7
programs/pkey/pk_sign.c
View file

@ -29,6 +29,7 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_snprintf snprintf
#define mbedtls_printf printf
#endif
@ -100,8 +101,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
ret = 1;
mbedtls_printf( " failed\n ! Could not open '%s'\n", argv[1] );
mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
goto exit;
}
@ -141,6 +141,7 @@ int main( int argc, char *argv[] )
if( fwrite( buf, 1, olen, f ) != olen )
{
ret = 1;
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
goto exit;
@ -168,7 +169,7 @@ exit:
fflush( stdout ); getchar();
#endif
return( ret );
return( ret ? EXIT_FAILURE : EXIT_SUCCESS );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&

2
programs/ssl/ssl_client1.c
View file

@ -30,7 +30,7 @@
#else
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_time time
#define mbedtls_time time
#define mbedtls_time_t time_t
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf

369
programs/ssl/ssl_client2.c
View file

@ -73,6 +73,7 @@ int main( void )
#define DFL_REQUEST_SIZE -1
#define DFL_DEBUG_LEVEL 0
#define DFL_NBIO 0
#define DFL_EVENT 0
#define DFL_READ_TIMEOUT 0
#define DFL_MAX_RESEND 0
#define DFL_CA_FILE ""
@ -245,24 +246,26 @@ int main( void )
" server_addr=%%s default: given by name\n" \
" server_port=%%d default: 4433\n" \
" request_page=%%s default: \".\"\n" \
" request_size=%%d default: about 34 (basic request)\n" \
" request_size=%%d default: about 34 (basic request)\n" \
" (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" read_timeout=%%d default: 0 ms (no timeout)\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" event=%%d default: 0 (loop)\n" \
" options: 1 (level-triggered, implies nbio=1),\n" \
" read_timeout=%%d default: 0 ms (no timeout)\n" \
" max_resend=%%d default: 0 (no resend on timeout)\n" \
"\n" \
USAGE_DTLS \
"\n" \
" auth_mode=%%s default: (library default: none)\n" \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
USAGE_IO \
"\n" \
USAGE_PSK \
USAGE_ECJPAKE \
"\n" \
" allow_legacy=%%d default: (library default: no)\n" \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
" reconnect=%%d default: 0 (disabled)\n" \
@ -302,7 +305,8 @@ struct options
const char *server_port; /* port on which the ssl service runs */
int debug_level; /* level of debugging */
int nbio; /* should I/O be blocking? */
uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
int event; /* loop or event-driven IO? level or edge triggered? */
uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
int max_resend; /* DTLS times to resend on read timeout */
const char *request_page; /* page on server to request */
int request_size; /* pad request with header to requested size */
@ -353,7 +357,8 @@ static void my_debug( void *ctx, int level,
if( *p == '/' || *p == '\\' )
basename = p + 1;
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str );
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s",
basename, line, level, str );
fflush( (FILE *) ctx );
}
@ -399,7 +404,8 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
/*
* Enabled if debug_level > 1 in code below
*/
static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
static int my_verify( void *data, mbedtls_x509_crt *crt,
int depth, uint32_t *flags )
{
char buf[1024];
((void) data);
@ -436,6 +442,57 @@ static int ssl_sig_hashes_for_test[] = {
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
* Wait for an event from the underlying transport or the timer
* (Used in event-driven IO mode).
*/
#if !defined(MBEDTLS_TIMING_C)
int idle( mbedtls_net_context *fd,
int idle_reason )
#else
int idle( mbedtls_net_context *fd,
mbedtls_timing_delay_context *timer,
int idle_reason )
#endif
{
int ret;
int poll_type = 0;
if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
poll_type = MBEDTLS_NET_POLL_WRITE;
else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
poll_type = MBEDTLS_NET_POLL_READ;
#if !defined(MBEDTLS_TIMING_C)
else
return( 0 );
#endif
while( 1 )
{
/* Check if timer has expired */
#if defined(MBEDTLS_TIMING_C)
if( timer != NULL &&
mbedtls_timing_get_delay( timer ) == 2 )
{
break;
}
#endif /* MBEDTLS_TIMING_C */
/* Check if underlying transport became available */
if( poll_type != 0 )
{
ret = mbedtls_net_poll( fd, poll_type, 0 );
if( ret < 0 )
return( ret );
if( ret == poll_type )
break;
}
}
return( 0 );
}
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
@ -521,6 +578,7 @@ int main( int argc, char *argv[] )
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.nbio = DFL_NBIO;
opt.event = DFL_EVENT;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.max_resend = DFL_MAX_RESEND;
opt.request_page = DFL_REQUEST_PAGE;
@ -594,6 +652,12 @@ int main( int argc, char *argv[] )
if( opt.nbio < 0 || opt.nbio > 2 )
goto usage;
}
else if( strcmp( p, "event" ) == 0 )
{
opt.event = atoi( q );
if( opt.event < 0 || opt.event > 2 )
goto usage;
}
else if( strcmp( p, "read_timeout" ) == 0 )
opt.read_timeout = atoi( q );
else if( strcmp( p, "max_resend" ) == 0 )
@ -638,16 +702,23 @@ int main( int argc, char *argv[] )
}
else if( strcmp( p, "renegotiation" ) == 0 )
{
opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
MBEDTLS_SSL_RENEGOTIATION_DISABLED;
opt.renegotiation = (atoi( q )) ?
MBEDTLS_SSL_RENEGOTIATION_ENABLED :
MBEDTLS_SSL_RENEGOTIATION_DISABLED;
}
else if( strcmp( p, "allow_legacy" ) == 0 )
{
switch( atoi( q ) )
{
case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break;
case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break;
case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break;
case -1:
opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
break;
case 0:
opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
break;
case 1:
opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
break;
default: goto usage;
}
}
@ -704,8 +775,12 @@ int main( int argc, char *argv[] )
{
switch( atoi( q ) )
{
case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break;
case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break;
case 0:
opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
break;
case 1:
opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
break;
default: goto usage;
}
}
@ -864,6 +939,15 @@ int main( int argc, char *argv[] )
goto usage;
}
/* Event-driven IO is incompatible with the above custom
* receive and send functions, as the polling builds on
* refers to the underlying net_context. */
if( opt.event == 1 && opt.nbio != 1 )
{
mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
opt.nbio = 1;
}
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( opt.debug_level );
#endif
@ -871,19 +955,20 @@ int main( int argc, char *argv[] )
if( opt.force_ciphersuite[0] > 0 )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
@ -909,7 +994,7 @@ int main( int argc, char *argv[] )
{
if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
{
mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
mbedtls_printf( "forced RC4 ciphersuite with RC4 disabled\n" );
ret = 2;
goto usage;
}
@ -929,7 +1014,7 @@ int main( int argc, char *argv[] )
if( strlen( opt.psk ) % 2 != 0 )
{
mbedtls_printf("pre-shared key not valid hex\n");
mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
@ -946,7 +1031,7 @@ int main( int argc, char *argv[] )
c -= 'A' - 10;
else
{
mbedtls_printf("pre-shared key not valid hex\n");
mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
psk[ j / 2 ] = c << 4;
@ -960,7 +1045,7 @@ int main( int argc, char *argv[] )
c -= 'A' - 10;
else
{
mbedtls_printf("pre-shared key not valid hex\n");
mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
psk[ j / 2 ] |= c;
@ -1051,11 +1136,12 @@ int main( int argc, char *argv[] )
fflush( stdout );
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret );
goto exit;
}
@ -1093,12 +1179,13 @@ int main( int argc, char *argv[] )
#else
{
ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1121,7 +1208,8 @@ int main( int argc, char *argv[] )
else
#endif
#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
ret = mbedtls_x509_crt_parse( &clicert,
(const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len );
#else
{
@ -1131,7 +1219,8 @@ int main( int argc, char *argv[] )
#endif
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1144,7 +1233,8 @@ int main( int argc, char *argv[] )
else
#endif
#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
#else
{
@ -1154,7 +1244,8 @@ int main( int argc, char *argv[] )
#endif
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1172,11 +1263,13 @@ int main( int argc, char *argv[] )
opt.server_addr, opt.server_port );
fflush( stdout );
if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1186,7 +1279,8 @@ int main( int argc, char *argv[] )
ret = mbedtls_net_set_block( &server_fd );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1203,7 +1297,8 @@ int main( int argc, char *argv[] )
opt.transport,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1226,13 +1321,15 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
ret );
goto exit;
}
#endif
@ -1255,8 +1352,8 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
if( opt.recsplit != DFL_RECSPLIT )
mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
: MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
: MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
#endif
#if defined(MBEDTLS_DHM_C)
@ -1268,7 +1365,8 @@ int main( int argc, char *argv[] )
if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
ret );
goto exit;
}
#endif
@ -1307,7 +1405,8 @@ int main( int argc, char *argv[] )
{
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
ret );
goto exit;
}
}
@ -1326,16 +1425,19 @@ int main( int argc, char *argv[] )
(const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n",
ret );
goto exit;
}
#endif
if( opt.min_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.min_version );
if( opt.max_version != DFL_MAX_VERSION )
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.max_version );
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
if( opt.fallback != DFL_FALLBACK )
@ -1344,14 +1446,16 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
-ret );
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret );
goto exit;
}
#endif
@ -1363,7 +1467,8 @@ int main( int argc, char *argv[] )
(const unsigned char *) opt.ecjpake_pw,
strlen( opt.ecjpake_pw ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
ret );
goto exit;
}
}
@ -1372,7 +1477,8 @@ int main( int argc, char *argv[] )
if( opt.nbio == 2 )
mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
else
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
mbedtls_ssl_set_bio( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
#if defined(MBEDTLS_TIMING_C)
@ -1390,9 +1496,11 @@ int main( int argc, char *argv[] )
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
-ret );
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
mbedtls_printf(
" Unable to verify the server's certificate. "
@ -1404,10 +1512,23 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n" );
goto exit;
}
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
ret = idle( &server_fd, &timer, ret );
#else
ret = idle( &server_fd, ret );
#endif
if( ret != 0 )
goto exit;
}
}
mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
mbedtls_ssl_get_version( &ssl ),
mbedtls_ssl_get_ciphersuite( &ssl ) );
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
mbedtls_printf( " [ Record expansion is %d ]\n", ret );
@ -1435,7 +1556,8 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1454,7 +1576,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( " failed\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
" ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
}
@ -1484,9 +1607,21 @@ int main( int argc, char *argv[] )
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
ret );
goto exit;
}
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &server_fd, &timer, ret );
#else
idle( &server_fd, ret );
#endif
}
}
mbedtls_printf( " ok\n" );
}
@ -1530,27 +1665,54 @@ send_request:
{
for( written = 0, frags = 0; written < len; written += ret, frags++ )
{
while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
<= 0 )
while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
len - written ) ) <= 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
-ret );
goto exit;
}
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &server_fd, &timer, ret );
#else
idle( &server_fd, ret );
#endif
}
}
}
}
else /* Not stream, so datagram */
{
do ret = mbedtls_ssl_write( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
while( 1 )
{
ret = mbedtls_ssl_write( &ssl, buf, len );
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &server_fd, &timer, ret );
#else
idle( &server_fd, ret );
#endif
}
}
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n",
ret );
goto exit;
}
@ -1565,7 +1727,8 @@ send_request:
}
buf[written] = '\0';
mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n",
written, frags, (char *) buf );
/*
* 7. Read the HTTP response
@ -1586,7 +1749,18 @@ send_request:
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE )
{
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &server_fd, &timer, ret );
#else
idle( &server_fd, ret );
#endif
}
continue;
}
if( ret <= 0 )
{
@ -1604,7 +1778,8 @@ send_request:
goto reconnect;
default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
-ret );
goto exit;
}
}
@ -1628,9 +1803,24 @@ send_request:
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
do ret = mbedtls_ssl_read( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
while( 1 )
{
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &server_fd, &timer, ret );
#else
idle( &server_fd, ret );
#endif
}
}
if( ret <= 0 )
{
@ -1671,7 +1861,8 @@ send_request:
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1680,9 +1871,20 @@ send_request:
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
-ret );
goto exit;
}
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &server_fd, &timer, ret );
#else
idle( &server_fd, ret );
#endif
}
}
mbedtls_printf( " ok\n" );
@ -1729,21 +1931,25 @@ reconnect:
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
-ret );
goto exit;
}
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n",
ret );
goto exit;
}
if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
if( ( ret = mbedtls_net_connect( &server_fd,
opt.server_addr, opt.server_port,
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
-ret );
goto exit;
}
@ -1754,7 +1960,7 @@ reconnect:
if( ret != 0 )
{
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
-ret );
-ret );
goto exit;
}
@ -1763,7 +1969,8 @@ reconnect:
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
-ret );
goto exit;
}
}

2
programs/ssl/ssl_mail_client.c
View file

@ -31,7 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_time time
#define mbedtls_time_t time_t
#define mbedtls_time_t time_t
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#endif

2
programs/ssl/ssl_server.c
View file

@ -31,7 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#define mbedtls_time time
#define mbedtls_time_t time_t
#define mbedtls_time_t time_t
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#endif

242
programs/ssl/ssl_server2.c
View file

@ -101,6 +101,7 @@ int main( void )
#define DFL_SERVER_PORT "4433"
#define DFL_DEBUG_LEVEL 0
#define DFL_NBIO 0
#define DFL_EVENT 0
#define DFL_READ_TIMEOUT 0
#define DFL_CA_FILE ""
#define DFL_CA_PATH ""
@ -331,6 +332,8 @@ int main( void )
" debug_level=%%d default: 0 (disabled)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" event=%%d default: 0 (loop)\n" \
" options: 1 (level-triggered, implies nbio=1),\n" \
" read_timeout=%%d default: 0 ms (no timeout)\n" \
"\n" \
USAGE_DTLS \
@ -399,6 +402,7 @@ struct options
const char *server_port; /* port on which the ssl service runs */
int debug_level; /* level of debugging */
int nbio; /* should I/O be blocking? */
int event; /* loop or event-driven IO? level or edge triggered? */
uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
const char *ca_file; /* the file with the CA certificate(s) */
const char *ca_path; /* the path with the CA certificate(s) reside */
@ -837,6 +841,56 @@ static int ssl_sig_hashes_for_test[] = {
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
* Wait for an event from the underlying transport or the timer
* (Used in event-driven IO mode).
*/
#if !defined(MBEDTLS_TIMING_C)
int idle( mbedtls_net_context *fd,
int idle_reason )
#else
int idle( mbedtls_net_context *fd,
mbedtls_timing_delay_context *timer,
int idle_reason )
#endif
{
int ret;
int poll_type = 0;
if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
poll_type = MBEDTLS_NET_POLL_WRITE;
else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
poll_type = MBEDTLS_NET_POLL_READ;
#if !defined(MBEDTLS_TIMING_C)
else
return( 0 );
#endif
while( 1 )
{
/* Check if timer has expired */
#if defined(MBEDTLS_TIMING_C)
if( timer != NULL &&
mbedtls_timing_get_delay( timer ) == 2 )
{
break;
}
#endif /* MBEDTLS_TIMING_C */
/* Check if underlying transport became available */
if( poll_type != 0 )
{
ret = mbedtls_net_poll( fd, poll_type, 0 );
if( ret < 0 )
return( ret );
if( ret == poll_type )
break;
}
}
return( 0 );
}
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
@ -969,6 +1023,7 @@ int main( int argc, char *argv[] )
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.event = DFL_EVENT;
opt.nbio = DFL_NBIO;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.ca_file = DFL_CA_FILE;
@ -1047,6 +1102,12 @@ int main( int argc, char *argv[] )
if( opt.nbio < 0 || opt.nbio > 2 )
goto usage;
}
else if( strcmp( p, "event" ) == 0 )
{
opt.event = atoi( q );
if( opt.event < 0 || opt.event > 2 )
goto usage;
}
else if( strcmp( p, "read_timeout" ) == 0 )
opt.read_timeout = atoi( q );
else if( strcmp( p, "ca_file" ) == 0 )
@ -1088,16 +1149,23 @@ int main( int argc, char *argv[] )
opt.version_suites = q;
else if( strcmp( p, "renegotiation" ) == 0 )
{
opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
MBEDTLS_SSL_RENEGOTIATION_DISABLED;
opt.renegotiation = (atoi( q )) ?
MBEDTLS_SSL_RENEGOTIATION_ENABLED :
MBEDTLS_SSL_RENEGOTIATION_DISABLED;
}
else if( strcmp( p, "allow_legacy" ) == 0 )
{
switch( atoi( q ) )
{
case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break;
case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break;
case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break;
case -1:
opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
break;
case 0:
opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
break;
case 1:
opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
break;
default: goto usage;
}
}
@ -1254,8 +1322,12 @@ int main( int argc, char *argv[] )
{
switch( atoi( q ) )
{
case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break;
case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break;
case 0:
opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
break;
case 1:
opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
break;
default: goto usage;
}
}
@ -1328,6 +1400,15 @@ int main( int argc, char *argv[] )
goto usage;
}
/* Event-driven IO is incompatible with the above custom
* receive and send functions, as the polling builds on
* refers to the underlying net_context. */
if( opt.event == 1 && opt.nbio != 1 )
{
mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
opt.nbio = 1;
}
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( opt.debug_level );
#endif
@ -1335,19 +1416,20 @@ int main( int argc, char *argv[] )
if( opt.force_ciphersuite[0] > 0 )
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
ret = 2;
goto usage;
}
@ -1526,11 +1608,12 @@ int main( int argc, char *argv[] )
fflush( stdout );
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret );
goto exit;
}
@ -1627,7 +1710,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
-ret );
-ret );
goto exit;
}
}
@ -1645,8 +1728,7 @@ int main( int argc, char *argv[] )
strcmp( opt.key_file2, "none" ) != 0 )
{
#if !defined(MBEDTLS_CERTS_C)
mbedtls_printf( "Not certificated or key provided, and \n"
"MBEDTLS_CERTS_C not defined!\n" );
mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" );
goto exit;
#else
#if defined(MBEDTLS_RSA_C)
@ -1654,14 +1736,16 @@ int main( int argc, char *argv[] )
(const unsigned char *) mbedtls_test_srv_crt_rsa,
mbedtls_test_srv_crt_rsa_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
-ret );
goto exit;
}
if( ( ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
-ret );
goto exit;
}
key_cert_init = 2;
@ -1671,14 +1755,16 @@ int main( int argc, char *argv[] )
(const unsigned char *) mbedtls_test_srv_crt_ec,
mbedtls_test_srv_crt_ec_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n",
-ret );
goto exit;
}
if( ( ret = mbedtls_pk_parse_key( &pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
{
mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
-ret );
goto exit;
}
key_cert_init2 = 2;
@ -2088,8 +2174,8 @@ reset:
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
client_ip, cliip_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! "
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
-ret );
goto exit;
}
}
@ -2117,9 +2203,24 @@ handshake:
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
do ret = mbedtls_ssl_handshake( &ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
ret = idle( &client_fd, &timer, ret );
#else
ret = idle( &client_fd, ret );
#endif
if( ret != 0 )
goto reset;
}
}
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
@ -2225,7 +2326,18 @@ data_exchange:
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE )
{
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &client_fd, &timer, ret );
#else
idle( &client_fd, ret );
#endif
}
continue;
}
if( ret <= 0 )
{
@ -2313,9 +2425,40 @@ data_exchange:
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
do ret = mbedtls_ssl_read( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
while( 1 )
{
/* Without the call to `mbedtls_ssl_check_pending`, it might
* happen that the client sends application data in the same
* datagram as the Finished message concluding the handshake.
* In this case, the application data would be ready to be
* processed while the underlying transport wouldn't signal
* any further incoming data.
*
* See the test 'Event-driven I/O: session-id resume, UDP packing'
* in tests/ssl-opt.sh.
*/
/* For event-driven IO, wait for socket to become available */
if( mbedtls_ssl_check_pending( &ssl ) == 0 &&
opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ );
#else
idle( &client_fd, MBEDTLS_ERR_SSL_WANT_READ );
#endif
}
ret = mbedtls_ssl_read( &ssl, buf, len );
/* Note that even if `mbedtls_ssl_check_pending` returns true,
* it can happen that the subsequent call to `mbedtls_ssl_read`
* returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages
* might be discarded (e.g. because they are retransmissions). */
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
}
if( ret <= 0 )
{
@ -2356,6 +2499,16 @@ data_exchange:
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
goto reset;
}
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &client_fd, &timer, ret );
#else
idle( &client_fd, ret );
#endif
}
}
mbedtls_printf( " ok\n" );
@ -2390,14 +2543,39 @@ data_exchange:
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
goto reset;
}
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &client_fd, &timer, ret );
#else
idle( &client_fd, ret );
#endif
}
}
}
}
else /* Not stream, so datagram */
{
do ret = mbedtls_ssl_write( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
while( 1 )
{
ret = mbedtls_ssl_write( &ssl, buf, len );
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
idle( &client_fd, &timer, ret );
#else
idle( &client_fd, ret );
#endif
}
}
if( ret < 0 )
{

3
programs/test/CMakeLists.txt
View file

@ -22,6 +22,9 @@ target_link_libraries(ssl_cert_test ${libs})
add_executable(udp_proxy udp_proxy.c)
target_link_libraries(udp_proxy ${libs})
add_executable(zeroize zeroize.c)
target_link_libraries(zeroize ${libs})
install(TARGETS selftest benchmark ssl_cert_test udp_proxy
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

99
programs/test/benchmark.c
View file

@ -687,13 +687,13 @@ int main( int argc, char *argv[] )
if( todo.dhm )
{
int dhm_sizes[] = { 2048, 3072 };
const unsigned char dhm_P_2048[] =
static const unsigned char dhm_P_2048[] =
MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
const unsigned char dhm_P_3072[] =
static const unsigned char dhm_P_3072[] =
MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN;
const unsigned char dhm_G_2048[] =
static const unsigned char dhm_G_2048[] =
MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
const unsigned char dhm_G_3072[] =
static const unsigned char dhm_G_3072[] =
MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN;
const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
@ -795,9 +795,16 @@ int main( int argc, char *argv[] )
if( todo.ecdh )
{
mbedtls_ecdh_context ecdh;
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
mbedtls_mpi z;
const mbedtls_ecp_curve_info montgomery_curve_list[] = {
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
{ MBEDTLS_ECP_DP_CURVE25519, 0, 0, "Curve25519" },
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
{ MBEDTLS_ECP_DP_CURVE448, 0, 0, "Curve448" },
#endif
{ MBEDTLS_ECP_DP_NONE, 0, 0, 0 }
};
const mbedtls_ecp_curve_info *curve_info;
size_t olen;
@ -826,27 +833,32 @@ int main( int argc, char *argv[] )
mbedtls_ecdh_free( &ecdh );
}
/* Curve25519 needs to be handled separately */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
mbedtls_ecdh_init( &ecdh );
mbedtls_mpi_init( &z );
if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 ||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 )
/* Montgomery curves need to be handled separately */
for ( curve_info = montgomery_curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
mbedtls_exit( 1 );
mbedtls_ecdh_init( &ecdh );
mbedtls_mpi_init( &z );
if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 )
{
mbedtls_exit( 1 );
}
mbedtls_snprintf( title, sizeof(title), "ECDHE-%s",
curve_info->name );
TIME_PUBLIC( title, "handshake",
ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
myrand, NULL );
ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
myrand, NULL ) );
mbedtls_ecdh_free( &ecdh );
mbedtls_mpi_free( &z );
}
TIME_PUBLIC( "ECDHE-Curve25519", "handshake",
ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q,
myrand, NULL );
ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
myrand, NULL ) );
mbedtls_ecdh_free( &ecdh );
mbedtls_mpi_free( &z );
#endif
for( curve_info = mbedtls_ecp_curve_list();
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
@ -872,26 +884,31 @@ int main( int argc, char *argv[] )
mbedtls_ecdh_free( &ecdh );
}
/* Curve25519 needs to be handled separately */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
mbedtls_ecdh_init( &ecdh );
mbedtls_mpi_init( &z );
if( mbedtls_ecp_group_load( &ecdh.grp, MBEDTLS_ECP_DP_CURVE25519 ) != 0 ||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
myrand, NULL ) != 0 ||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 )
/* Montgomery curves need to be handled separately */
for ( curve_info = montgomery_curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++)
{
mbedtls_exit( 1 );
mbedtls_ecdh_init( &ecdh );
mbedtls_mpi_init( &z );
if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 ||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp,
myrand, NULL ) != 0 ||
mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 )
{
mbedtls_exit( 1 );
}
mbedtls_snprintf( title, sizeof(title), "ECDH-%s",
curve_info->name );
TIME_PUBLIC( title, "handshake",
ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
myrand, NULL ) );
mbedtls_ecdh_free( &ecdh );
mbedtls_mpi_free( &z );
}
TIME_PUBLIC( "ECDH-Curve25519", "handshake",
ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d,
myrand, NULL ) );
mbedtls_ecdh_free( &ecdh );
mbedtls_mpi_free( &z );
#endif
}
#endif

250
programs/test/udp_proxy.c
View file

@ -53,6 +53,7 @@ int main( void )
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "mbedtls/ssl.h"
#include "mbedtls/timing.h"
#include <string.h>
@ -74,17 +75,21 @@ int main( void )
#include <unistd.h>
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
/* For gettimeofday() */
#if !defined(_WIN32)
#include <sys/time.h>
#endif
#define MAX_MSG_SIZE 16384 + 2048 /* max record/datagram size */
#define DFL_SERVER_ADDR "localhost"
#define DFL_SERVER_PORT "4433"
#define DFL_LISTEN_ADDR "localhost"
#define DFL_LISTEN_PORT "5556"
#define DFL_PACK 0
#if defined(MBEDTLS_TIMING_C)
#define USAGE_PACK \
" pack=%%d default: 0 (don't pack)\n" \
" options: t > 0 (pack for t milliseconds)\n"
#else
#define USAGE_PACK
#endif
#define USAGE \
"\n usage: udp_proxy param=<>...\n" \
@ -105,9 +110,10 @@ int main( void )
" drop packets larger than N bytes\n" \
" bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
" protect_len=%%d default: (don't protect packets of this size)\n" \
" protect_len=%%d default: (don't protect packets of this size)\n" \
"\n" \
" seed=%%d default: (use current time)\n" \
USAGE_PACK \
"\n"
/*
@ -128,7 +134,8 @@ static struct options
int bad_ad; /* inject corrupted ApplicationData record */
int protect_hvr; /* never drop or delay HelloVerifyRequest */
int protect_len; /* never drop/delay packet of the given size*/
unsigned pack; /* merge packets into single datagram for
* at most \c merge milliseconds if > 0 */
unsigned int seed; /* seed for "random" events */
} opt;
@ -152,6 +159,7 @@ static void get_options( int argc, char *argv[] )
opt.server_port = DFL_SERVER_PORT;
opt.listen_addr = DFL_LISTEN_ADDR;
opt.listen_port = DFL_LISTEN_PORT;
opt.pack = DFL_PACK;
/* Other members default to 0 */
for( i = 1; i < argc; i++ )
@ -193,6 +201,15 @@ static void get_options( int argc, char *argv[] )
if( opt.drop < 0 || opt.drop > 20 || opt.drop == 1 )
exit_usage( p, q );
}
else if( strcmp( p, "pack" ) == 0 )
{
#if defined(MBEDTLS_TIMING_C)
opt.pack = (unsigned) atoi( q );
#else
mbedtls_printf( " option pack only defined if MBEDTLS_TIMING_C is enabled\n" );
exit( 1 );
#endif
}
else if( strcmp( p, "mtu" ) == 0 )
{
opt.mtu = atoi( q );
@ -267,25 +284,122 @@ static const char *msg_type( unsigned char *msg, size_t len )
}
}
#if defined(MBEDTLS_TIMING_C)
/* Return elapsed time in milliseconds since the first call */
static unsigned long ellapsed_time( void )
static unsigned ellapsed_time( void )
{
#if defined(_WIN32)
return( 0 );
#else
static struct timeval ref = { 0, 0 };
struct timeval now;
static int initialized = 0;
static struct mbedtls_timing_hr_time hires;
if( ref.tv_sec == 0 && ref.tv_usec == 0 )
if( initialized == 0 )
{
gettimeofday( &ref, NULL );
(void) mbedtls_timing_get_timer( &hires, 1 );
initialized = 1;
return( 0 );
}
gettimeofday( &now, NULL );
return( 1000 * ( now.tv_sec - ref.tv_sec )
+ ( now.tv_usec - ref.tv_usec ) / 1000 );
#endif
return( mbedtls_timing_get_timer( &hires, 0 ) );
}
typedef struct
{
mbedtls_net_context *ctx;
const char *description;
unsigned packet_lifetime;
unsigned num_datagrams;
unsigned char data[MAX_MSG_SIZE];
size_t len;
} ctx_buffer;
static ctx_buffer outbuf[2];
static int ctx_buffer_flush( ctx_buffer *buf )
{
int ret;
mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n",
ellapsed_time(), buf->description,
(unsigned) buf->len, buf->num_datagrams,
ellapsed_time() - buf->packet_lifetime );
ret = mbedtls_net_send( buf->ctx, buf->data, buf->len );
buf->len = 0;
buf->num_datagrams = 0;
return( ret );
}
static unsigned ctx_buffer_time_remaining( ctx_buffer *buf )
{
unsigned const cur_time = ellapsed_time();
if( buf->num_datagrams == 0 )
return( (unsigned) -1 );
if( cur_time - buf->packet_lifetime >= opt.pack )
return( 0 );
return( opt.pack - ( cur_time - buf->packet_lifetime ) );
}
static int ctx_buffer_append( ctx_buffer *buf,
const unsigned char * data,
size_t len )
{
int ret;
if( len > (size_t) INT_MAX )
return( -1 );
if( len > sizeof( buf->data ) )
{
mbedtls_printf( " ! buffer size %u too large (max %u)\n",
(unsigned) len, (unsigned) sizeof( buf->data ) );
return( -1 );
}
if( sizeof( buf->data ) - buf->len < len )
{
if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
return( ret );
}
memcpy( buf->data + buf->len, data, len );
buf->len += len;
if( ++buf->num_datagrams == 1 )
buf->packet_lifetime = ellapsed_time();
return( (int) len );
}
#endif /* MBEDTLS_TIMING_C */
static int dispatch_data( mbedtls_net_context *ctx,
const unsigned char * data,
size_t len )
{
#if defined(MBEDTLS_TIMING_C)
ctx_buffer *buf = NULL;
if( opt.pack > 0 )
{
if( outbuf[0].ctx == ctx )
buf = &outbuf[0];
else if( outbuf[1].ctx == ctx )
buf = &outbuf[1];
if( buf == NULL )
return( -1 );
return( ctx_buffer_append( buf, data, len ) );
}
#endif /* MBEDTLS_TIMING_C */
return( mbedtls_net_send( ctx, data, len ) );
}
typedef struct
@ -300,12 +414,22 @@ typedef struct
/* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */
void print_packet( const packet *p, const char *why )
{
#if defined(MBEDTLS_TIMING_C)
if( why == NULL )
mbedtls_printf( " %05lu %s %s (%u bytes)\n",
mbedtls_printf( " %05u dispatch %s %s (%u bytes)\n",
ellapsed_time(), p->way, p->type, p->len );
else
mbedtls_printf( " %s %s (%u bytes): %s\n",
mbedtls_printf( " %05u dispatch %s %s (%u bytes): %s\n",
ellapsed_time(), p->way, p->type, p->len, why );
#else
if( why == NULL )
mbedtls_printf( " dispatch %s %s (%u bytes)\n",
p->way, p->type, p->len );
else
mbedtls_printf( " dispatch %s %s (%u bytes): %s\n",
p->way, p->type, p->len, why );
#endif
fflush( stdout );
}
@ -320,20 +444,28 @@ int send_packet( const packet *p, const char *why )
{
unsigned char buf[MAX_MSG_SIZE];
memcpy( buf, p->buf, p->len );
++buf[p->len - 1];
print_packet( p, "corrupted" );
if( ( ret = mbedtls_net_send( dst, buf, p->len ) ) <= 0 )
if( p->len <= 13 )
{
mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
mbedtls_printf( " ! can't corrupt empty AD record" );
}
else
{
++buf[13];
print_packet( p, "corrupted" );
}
if( ( ret = dispatch_data( dst, buf, p->len ) ) <= 0 )
{
mbedtls_printf( " ! dispatch returned %d\n", ret );
return( ret );
}
}
print_packet( p, why );
if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 )
if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 )
{
mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
mbedtls_printf( " ! dispatch returned %d\n", ret );
return( ret );
}
@ -344,9 +476,9 @@ int send_packet( const packet *p, const char *why )
{
print_packet( p, "duplicated" );
if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 )
if( ( ret = dispatch_data( dst, p->buf, p->len ) ) <= 0 )
{
mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
mbedtls_printf( " ! dispatch returned %d\n", ret );
return( ret );
}
}
@ -472,6 +604,12 @@ int main( int argc, char *argv[] )
mbedtls_net_context listen_fd, client_fd, server_fd;
#if defined( MBEDTLS_TIMING_C )
struct timeval tm;
#endif
struct timeval *tm_ptr = NULL;
int nb_fds;
fd_set read_fds;
@ -560,14 +698,65 @@ accept:
nb_fds = listen_fd.fd;
++nb_fds;
#if defined(MBEDTLS_TIMING_C)
if( opt.pack > 0 )
{
outbuf[0].ctx = &server_fd;
outbuf[0].description = "S <- C";
outbuf[0].num_datagrams = 0;
outbuf[0].len = 0;
outbuf[1].ctx = &client_fd;
outbuf[1].description = "S -> C";
outbuf[1].num_datagrams = 0;
outbuf[1].len = 0;
}
#endif /* MBEDTLS_TIMING_C */
while( 1 )
{
#if defined(MBEDTLS_TIMING_C)
if( opt.pack > 0 )
{
unsigned max_wait_server, max_wait_client, max_wait;
max_wait_server = ctx_buffer_time_remaining( &outbuf[0] );
max_wait_client = ctx_buffer_time_remaining( &outbuf[1] );
max_wait = (unsigned) -1;
if( max_wait_server == 0 )
ctx_buffer_flush( &outbuf[0] );
else
max_wait = max_wait_server;
if( max_wait_client == 0 )
ctx_buffer_flush( &outbuf[1] );
else
{
if( max_wait_client < max_wait )
max_wait = max_wait_client;
}
if( max_wait != (unsigned) -1 )
{
tm.tv_sec = max_wait / 1000;
tm.tv_usec = ( max_wait % 1000 ) * 1000;
tm_ptr = &tm;
}
else
{
tm_ptr = NULL;
}
}
#endif /* MBEDTLS_TIMING_C */
FD_ZERO( &read_fds );
FD_SET( server_fd.fd, &read_fds );
FD_SET( client_fd.fd, &read_fds );
FD_SET( listen_fd.fd, &read_fds );
if( ( ret = select( nb_fds, &read_fds, NULL, NULL, NULL ) ) <= 0 )
if( ( ret = select( nb_fds, &read_fds, NULL, NULL, tm_ptr ) ) < 0 )
{
perror( "select" );
goto exit;
@ -589,6 +778,7 @@ accept:
&client_fd, &server_fd ) ) != 0 )
goto accept;
}
}
exit:

117
programs/test/udp_proxy_wrapper.sh Executable file
View file

@ -0,0 +1,117 @@
#!/bin/sh
# -*-sh-basic-offset: 4-*-
# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...]
set -u
MBEDTLS_BASE="$(dirname -- "$0")/../.."
TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy"
SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2"
: ${VERBOSE:=0}
stop_proxy() {
if [ -n "${tpxy_pid:-}" ]; then
echo
echo " * Killing proxy (pid $tpxy_pid) ..."
kill $tpxy_pid
fi
}
stop_server() {
if [ -n "${srv_pid:-}" ]; then
echo
echo " * Killing server (pid $srv_pid) ..."
kill $srv_pid >/dev/null 2>/dev/null
fi
}
cleanup() {
stop_server
stop_proxy
exit 129
}
trap cleanup INT TERM HUP
# Extract the proxy parameters
tpxy_cmd_snippet='"$TPXY_BIN"'
while [ $# -ne 0 ] && [ "$1" != "--" ]; do
tail="$1" quoted=""
while [ -n "$tail" ]; do
case "$tail" in
*\'*) quoted="${quoted}${tail%%\'*}'\\''" tail="${tail#*\'}";;
*) quoted="${quoted}${tail}"; tail=; false;;
esac
done
tpxy_cmd_snippet="$tpxy_cmd_snippet '$quoted'"
shift
done
unset tail quoted
if [ $# -eq 0 ]; then
echo " * No server arguments (must be preceded by \" -- \") - exit"
exit 3
fi
shift
dtls_enabled=
ipv6_in_use=
server_port_orig=
server_addr_orig=
for param; do
case "$param" in
server_port=*) server_port_orig="${param#*=}";;
server_addr=*:*) server_addr_orig="${param#*=}"; ipv6_in_use=1;;
server_addr=*) server_addr_orig="${param#*=}";;
dtls=[!0]*) dtls_enabled=1;;
esac
done
if [ -z "$dtls_enabled" ] || [ -n "$ipv6_in_use" ]; then
echo >&2 "$0: Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..."
if [ $VERBOSE -gt 0 ]; then
echo "[ $SRV_BIN $* ]"
fi
exec "$SRV_BIN" "$@"
fi
if [ -z "$server_port_orig" ]; then
server_port_orig=4433
fi
echo " * Server port: $server_port_orig"
tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_port=\$server_port_orig\""
tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_port=\$server_port\""
if [ -n "$server_addr_orig" ]; then
echo " * Server address: $server_addr_orig"
tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_addr=\$server_addr_orig\""
tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_addr=\$server_addr_orig\""
fi
server_port=$(( server_port_orig + 1 ))
set -- "$@" "server_port=$server_port"
echo " * Intermediate port: $server_port"
echo " * Start proxy in background ..."
if [ $VERBOSE -gt 0 ]; then
echo "[ $tpxy_cmd_snippet ]"
fi
eval exec "$tpxy_cmd_snippet" >/dev/null 2>&1 &
tpxy_pid=$!
if [ $VERBOSE -gt 0 ]; then
echo " * Proxy ID: $TPXY_PID"
fi
echo " * Starting server ..."
if [ $VERBOSE -gt 0 ]; then
echo "[ $SRV_BIN $* ]"
fi
exec "$SRV_BIN" "$@" >&2 &
srv_pid=$!
wait $srv_pid
stop_proxy
return 0

101
programs/test/zeroize.c Normal file
View file

@ -0,0 +1,101 @@
/*
* Zeroize application for debugger-driven testing
*
* This is a simple test application used for debugger-driven testing to check
* whether calls to mbedtls_platform_zeroize() are being eliminated by compiler
* optimizations. This application is used by the GDB script at
* tests/scripts/test_zeroize.gdb under the assumption that the code does not
* change often (as opposed to the library code) because the script sets a
* breakpoint at the last return statement in the main() function of this
* program. The debugger facilities are then used to manually inspect the
* memory and verify that the call to mbedtls_platform_zeroize() was not
* eliminated.
*
* Copyright (C) 2018, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include <stdio.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define mbedtls_printf printf
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#include "mbedtls/platform_util.h"
#define BUFFER_LEN 1024
void usage( void )
{
mbedtls_printf( "Zeroize is a simple program to assist with testing\n" );
mbedtls_printf( "the mbedtls_platform_zeroize() function by using the\n" );
mbedtls_printf( "debugger. This program takes a file as input and\n" );
mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN );
mbedtls_printf( " zeroize <FILE>\n" );
}
int main( int argc, char** argv )
{
int exit_code = MBEDTLS_EXIT_FAILURE;
FILE *fp;
char buf[BUFFER_LEN];
char *p = buf;
char *end = p + BUFFER_LEN;
char c;
if( argc != 2 )
{
mbedtls_printf( "This program takes exactly 1 agument\n" );
usage();
return( exit_code );
}
fp = fopen( argv[1], "r" );
if( fp == NULL )
{
mbedtls_printf( "Could not open file '%s'\n", argv[1] );
return( exit_code );
}
while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
*p++ = c;
*p = '\0';
if( p - buf != 0 )
{
mbedtls_printf( "%s\n", buf );
exit_code = MBEDTLS_EXIT_SUCCESS;
}
else
mbedtls_printf( "The file is empty!\n" );
fclose( fp );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
return( exit_code );
}