eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'development_3.0' into drop_old_tls_options

Browse source
This commit is contained in:
Mateusz Starzyk 2021-04-15 13:55:20 +02:00
commit c301bd56f0
278 changed files with 23729 additions and 8655 deletions
Download patch file Download diff file Expand all files Collapse all files

91
programs/ssl/ssl_server2.c
View file

@ -1279,8 +1279,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
rng_context_t rng;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
#if defined(MBEDTLS_TIMING_C)
@ -1367,6 +1366,10 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_MEMORY_DEBUG */
#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
#if defined(MBEDTLS_TEST_HOOKS)
test_hooks_init( );
#endif /* MBEDTLS_TEST_HOOKS */
/*
* Make sure memory references are valid in case we exit early.
*/
@ -1374,7 +1377,7 @@ int main( int argc, char *argv[] )
mbedtls_net_init( &listen_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
rng_init( &rng );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &srvcert );
@ -1410,7 +1413,10 @@ int main( int argc, char *argv[] )
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
#endif
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
mbedtls_test_enable_insecure_external_rng( );
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#if !defined(_WIN32)
/* Abort cleanly on SIGTERM and SIGINT */
@ -2258,31 +2264,9 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_entropy_init( &entropy );
if (opt.reproducible)
{
srand( 1 );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
(unsigned int) -ret );
goto exit;
}
}
else
{
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
(unsigned int) -ret );
goto exit;
}
}
ret = rng_seed( &rng, opt.reproducible, pers );
if( ret != 0 )
goto exit;
mbedtls_printf( " ok\n" );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -2305,7 +2289,6 @@ int main( int argc, char *argv[] )
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
{
#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
@ -2327,12 +2310,6 @@ int main( int argc, char *argv[] )
break;
}
}
#else
{
ret = 1;
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif /* MBEDTLS_CERTS_C */
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
@ -2408,10 +2385,6 @@ int main( int argc, char *argv[] )
strcmp( opt.crt_file2, "none" ) != 0 &&
strcmp( opt.key_file2, "none" ) != 0 )
{
#if !defined(MBEDTLS_CERTS_C)
mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" );
goto exit;
#else
#if defined(MBEDTLS_RSA_C)
if( ( ret = mbedtls_x509_crt_parse( &srvcert,
(const unsigned char *) mbedtls_test_srv_crt_rsa,
@ -2450,7 +2423,6 @@ int main( int argc, char *argv[] )
}
key_cert_init2 = 2;
#endif /* MBEDTLS_ECDSA_C */
#endif /* MBEDTLS_CERTS_C */
}
mbedtls_printf( " ok\n" );
@ -2669,9 +2641,9 @@ int main( int argc, char *argv[] )
#else
fprintf( stderr, "Warning: reproducible option used without constant time\n" );
#endif
#endif
#endif /* MBEDTLS_HAVE_TIME */
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_rng( &conf, rng_get, &rng );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
@ -2690,7 +2662,7 @@ int main( int argc, char *argv[] )
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
{
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
mbedtls_ctr_drbg_random, &ctr_drbg,
rng_get, &rng,
MBEDTLS_CIPHER_AES_256_GCM,
opt.ticket_timeout ) ) != 0 )
{
@ -2712,7 +2684,7 @@ int main( int argc, char *argv[] )
if( opt.cookies > 0 )
{
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
rng_get, &rng ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
goto exit;
@ -2856,8 +2828,8 @@ int main( int argc, char *argv[] )
ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
- opt.async_private_error :
opt.async_private_error );
ssl_async_keys.f_rng = mbedtls_ctr_drbg_random;
ssl_async_keys.p_rng = &ctr_drbg;
ssl_async_keys.f_rng = rng_get;
ssl_async_keys.p_rng = &rng;
mbedtls_ssl_conf_async_private_cb( &conf,
sign,
decrypt,
@ -3955,8 +3927,7 @@ exit:
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
rng_free( &rng );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
@ -3976,12 +3947,32 @@ exit:
mbedtls_free( context_buf );
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free( );
#endif
#if defined(MBEDTLS_TEST_HOOKS)
/* Let test hooks detect errors such as resource leaks.
* Don't do it in query_config mode, because some test code prints
* information to stdout and this gets mixed with the regular output. */
if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
{
if( test_hooks_failure_detected( ) )
{
if( ret == 0 )
ret = 1;
mbedtls_printf( "Test hooks detected errors.\n" );
}
}
test_hooks_free( );
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_memory_buffer_alloc_status();
#endif
mbedtls_memory_buffer_alloc_free();
#endif
#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
{