mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-12-24 17:41:01 +03:00
Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
@@ -30,14 +30,14 @@
|
||||
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C)
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
|
||||
mbedtls_exit( 0 );
|
||||
mbedtls_printf("MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -72,17 +72,17 @@ int main( void )
|
||||
#define DEBUG_LEVEL 0
|
||||
|
||||
|
||||
static void my_debug( void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str )
|
||||
static void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
{
|
||||
((void) level);
|
||||
|
||||
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
|
||||
fflush( (FILE *) ctx );
|
||||
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
|
||||
fflush((FILE *) ctx);
|
||||
}
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int ret, len;
|
||||
mbedtls_net_context server_fd;
|
||||
@@ -102,217 +102,213 @@ int main( int argc, char *argv[] )
|
||||
((void) argv);
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
mbedtls_debug_set_threshold( DEBUG_LEVEL );
|
||||
mbedtls_debug_set_threshold(DEBUG_LEVEL);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* 0. Initialize the RNG and the session data
|
||||
*/
|
||||
mbedtls_net_init( &server_fd );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
mbedtls_net_init(&server_fd);
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
mbedtls_x509_crt_init(&cacert);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
mbedtls_printf( "\n . Seeding the random number generator..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("\n . Seeding the random number generator...");
|
||||
fflush(stdout);
|
||||
|
||||
mbedtls_entropy_init( &entropy );
|
||||
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
|
||||
mbedtls_entropy_init(&entropy);
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 0. Load certificates
|
||||
*/
|
||||
mbedtls_printf( " . Loading the CA root certificate ..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Loading the CA root certificate ...");
|
||||
fflush(stdout);
|
||||
|
||||
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len );
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
|
||||
ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len);
|
||||
if (ret < 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok (%d skipped)\n", ret );
|
||||
mbedtls_printf(" ok (%d skipped)\n", ret);
|
||||
|
||||
/*
|
||||
* 1. Start the connection
|
||||
*/
|
||||
mbedtls_printf( " . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT);
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_connect( &server_fd, SERVER_ADDR,
|
||||
SERVER_PORT, MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_connect(&server_fd, SERVER_ADDR,
|
||||
SERVER_PORT, MBEDTLS_NET_PROTO_UDP)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 2. Setup stuff
|
||||
*/
|
||||
mbedtls_printf( " . Setting up the DTLS structure..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Setting up the DTLS structure...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* OPTIONAL is usually a bad choice for security, but makes interop easier
|
||||
* in this simplified example, in which the ca chain is hardcoded.
|
||||
* Production code should set a proper ca chain and use REQUIRED. */
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
|
||||
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
||||
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
|
||||
mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
|
||||
mbedtls_ssl_set_bio(&ssl, &server_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
|
||||
|
||||
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
||||
mbedtls_timing_get_delay );
|
||||
mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
|
||||
mbedtls_timing_get_delay);
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 4. Handshake
|
||||
*/
|
||||
mbedtls_printf( " . Performing the DTLS handshake..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Performing the DTLS handshake...");
|
||||
fflush(stdout);
|
||||
|
||||
do ret = mbedtls_ssl_handshake( &ssl );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
do {
|
||||
ret = mbedtls_ssl_handshake(&ssl);
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 5. Verify the server certificate
|
||||
*/
|
||||
mbedtls_printf( " . Verifying peer X.509 certificate..." );
|
||||
mbedtls_printf(" . Verifying peer X.509 certificate...");
|
||||
|
||||
/* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the
|
||||
* handshake would not succeed if the peer's cert is bad. Even if we used
|
||||
* MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
|
||||
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
|
||||
{
|
||||
if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
|
||||
char vrfy_buf[512];
|
||||
|
||||
mbedtls_printf( " failed\n" );
|
||||
mbedtls_printf(" failed\n");
|
||||
|
||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
|
||||
mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
|
||||
|
||||
mbedtls_printf( "%s\n", vrfy_buf );
|
||||
mbedtls_printf("%s\n", vrfy_buf);
|
||||
} else {
|
||||
mbedtls_printf(" ok\n");
|
||||
}
|
||||
else
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
* 6. Write the echo request
|
||||
*/
|
||||
send_request:
|
||||
mbedtls_printf( " > Write to server:" );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" > Write to server:");
|
||||
fflush(stdout);
|
||||
|
||||
len = sizeof( MESSAGE ) - 1;
|
||||
len = sizeof(MESSAGE) - 1;
|
||||
|
||||
do ret = mbedtls_ssl_write( &ssl, (unsigned char *) MESSAGE, len );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
do {
|
||||
ret = mbedtls_ssl_write(&ssl, (unsigned char *) MESSAGE, len);
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
if (ret < 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " %d bytes written\n\n%s\n\n", len, MESSAGE );
|
||||
mbedtls_printf(" %d bytes written\n\n%s\n\n", len, MESSAGE);
|
||||
|
||||
/*
|
||||
* 7. Read the echo response
|
||||
*/
|
||||
mbedtls_printf( " < Read from server:" );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" < Read from server:");
|
||||
fflush(stdout);
|
||||
|
||||
len = sizeof( buf ) - 1;
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
len = sizeof(buf) - 1;
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
do ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
do {
|
||||
ret = mbedtls_ssl_read(&ssl, buf, len);
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
switch( ret )
|
||||
{
|
||||
if (ret <= 0) {
|
||||
switch (ret) {
|
||||
case MBEDTLS_ERR_SSL_TIMEOUT:
|
||||
mbedtls_printf( " timeout\n\n" );
|
||||
if( retry_left-- > 0 )
|
||||
mbedtls_printf(" timeout\n\n");
|
||||
if (retry_left-- > 0) {
|
||||
goto send_request;
|
||||
}
|
||||
goto exit;
|
||||
|
||||
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
|
||||
mbedtls_printf( " connection was closed gracefully\n" );
|
||||
mbedtls_printf(" connection was closed gracefully\n");
|
||||
ret = 0;
|
||||
goto close_notify;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
|
||||
mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " %d bytes read\n\n%s\n\n", len, buf );
|
||||
mbedtls_printf(" %d bytes read\n\n%s\n\n", len, buf);
|
||||
|
||||
/*
|
||||
* 8. Done, cleanly close the connection
|
||||
*/
|
||||
close_notify:
|
||||
mbedtls_printf( " . Closing the connection..." );
|
||||
mbedtls_printf(" . Closing the connection...");
|
||||
|
||||
/* No error checking, the connection might be closed already */
|
||||
do ret = mbedtls_ssl_close_notify( &ssl );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
do {
|
||||
ret = mbedtls_ssl_close_notify(&ssl);
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
ret = 0;
|
||||
|
||||
mbedtls_printf( " done\n" );
|
||||
mbedtls_printf(" done\n");
|
||||
|
||||
/*
|
||||
* 9. Final clean-ups and exit
|
||||
@@ -320,32 +316,32 @@ close_notify:
|
||||
exit:
|
||||
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
if( ret != 0 )
|
||||
{
|
||||
if (ret != 0) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf( "Last error was: %d - %s\n\n", ret, error_buf );
|
||||
mbedtls_strerror(ret, error_buf, 100);
|
||||
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_net_free( &server_fd );
|
||||
mbedtls_net_free(&server_fd);
|
||||
|
||||
mbedtls_x509_crt_free( &cacert );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
mbedtls_x509_crt_free(&cacert);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf( " + Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
mbedtls_printf(" + Press Enter to exit this program.\n");
|
||||
fflush(stdout); getchar();
|
||||
#endif
|
||||
|
||||
/* Shell can not handle large exit numbers -> 1 for errors */
|
||||
if( ret < 0 )
|
||||
if (ret < 0) {
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
mbedtls_exit( ret );
|
||||
mbedtls_exit(ret);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
|
||||
MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
|
||||
|
||||
@@ -41,15 +41,15 @@
|
||||
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
|
||||
!defined(MBEDTLS_TIMING_C)
|
||||
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
|
||||
"MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
|
||||
"MBEDTLS_TIMING_C not defined.\n" );
|
||||
mbedtls_exit( 0 );
|
||||
printf("MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
|
||||
"MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
|
||||
"MBEDTLS_TIMING_C not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -80,17 +80,17 @@ int main( void )
|
||||
#define DEBUG_LEVEL 0
|
||||
|
||||
|
||||
static void my_debug( void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str )
|
||||
static void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
{
|
||||
((void) level);
|
||||
|
||||
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
|
||||
fflush( (FILE *) ctx );
|
||||
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
|
||||
fflush((FILE *) ctx);
|
||||
}
|
||||
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
int ret, len;
|
||||
mbedtls_net_context listen_fd, client_fd;
|
||||
@@ -111,274 +111,260 @@ int main( void )
|
||||
mbedtls_ssl_cache_context cache;
|
||||
#endif
|
||||
|
||||
mbedtls_net_init( &listen_fd );
|
||||
mbedtls_net_init( &client_fd );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_ssl_cookie_init( &cookie_ctx );
|
||||
mbedtls_net_init(&listen_fd);
|
||||
mbedtls_net_init(&client_fd);
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
mbedtls_ssl_cookie_init(&cookie_ctx);
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_init( &cache );
|
||||
mbedtls_ssl_cache_init(&cache);
|
||||
#endif
|
||||
mbedtls_x509_crt_init( &srvcert );
|
||||
mbedtls_pk_init( &pkey );
|
||||
mbedtls_entropy_init( &entropy );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
mbedtls_x509_crt_init(&srvcert);
|
||||
mbedtls_pk_init(&pkey);
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
mbedtls_debug_set_threshold( DEBUG_LEVEL );
|
||||
mbedtls_debug_set_threshold(DEBUG_LEVEL);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* 1. Load the certificates and private RSA key
|
||||
*/
|
||||
printf( "\n . Loading the server cert. and key..." );
|
||||
fflush( stdout );
|
||||
printf("\n . Loading the server cert. and key...");
|
||||
fflush(stdout);
|
||||
|
||||
/*
|
||||
* This demonstration program uses embedded test certificates.
|
||||
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
|
||||
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
|
||||
*/
|
||||
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
|
||||
mbedtls_test_srv_crt_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
|
||||
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
|
||||
mbedtls_test_srv_crt_len);
|
||||
if (ret != 0) {
|
||||
printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
|
||||
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len);
|
||||
if (ret != 0) {
|
||||
printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||
mbedtls_test_srv_key_len, NULL, 0 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
|
||||
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||
mbedtls_test_srv_key_len, NULL, 0);
|
||||
if (ret != 0) {
|
||||
printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 2. Setup the "listening" UDP socket
|
||||
*/
|
||||
printf( " . Bind on udp/*/4433 ..." );
|
||||
fflush( stdout );
|
||||
printf(" . Bind on udp/*/4433 ...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_bind(&listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP)) != 0) {
|
||||
printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 3. Seed the RNG
|
||||
*/
|
||||
printf( " . Seeding the random number generator..." );
|
||||
fflush( stdout );
|
||||
printf(" . Seeding the random number generator...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 4. Setup stuff
|
||||
*/
|
||||
printf( " . Setting up the DTLS data..." );
|
||||
fflush( stdout );
|
||||
printf(" . Setting up the DTLS data...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
|
||||
mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_conf_session_cache( &conf, &cache,
|
||||
mbedtls_ssl_conf_session_cache(&conf, &cache,
|
||||
mbedtls_ssl_cache_get,
|
||||
mbedtls_ssl_cache_set );
|
||||
mbedtls_ssl_cache_set);
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
|
||||
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
|
||||
printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
||||
printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
&cookie_ctx );
|
||||
mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
&cookie_ctx);
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
|
||||
printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
|
||||
mbedtls_timing_get_delay );
|
||||
mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
|
||||
mbedtls_timing_get_delay);
|
||||
|
||||
printf( " ok\n" );
|
||||
printf(" ok\n");
|
||||
|
||||
reset:
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
if( ret != 0 )
|
||||
{
|
||||
if (ret != 0) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
printf("Last error was: %d - %s\n\n", ret, error_buf );
|
||||
mbedtls_strerror(ret, error_buf, 100);
|
||||
printf("Last error was: %d - %s\n\n", ret, error_buf);
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_net_free( &client_fd );
|
||||
mbedtls_net_free(&client_fd);
|
||||
|
||||
mbedtls_ssl_session_reset( &ssl );
|
||||
mbedtls_ssl_session_reset(&ssl);
|
||||
|
||||
/*
|
||||
* 3. Wait until a client connects
|
||||
*/
|
||||
printf( " . Waiting for a remote connection ..." );
|
||||
fflush( stdout );
|
||||
printf(" . Waiting for a remote connection ...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
|
||||
client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
|
||||
client_ip, sizeof(client_ip), &cliip_len)) != 0) {
|
||||
printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* For HelloVerifyRequest cookies */
|
||||
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
|
||||
client_ip, cliip_len ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! "
|
||||
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret );
|
||||
if ((ret = mbedtls_ssl_set_client_transport_id(&ssl,
|
||||
client_ip, cliip_len)) != 0) {
|
||||
printf(" failed\n ! "
|
||||
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
|
||||
mbedtls_ssl_set_bio(&ssl, &client_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
|
||||
|
||||
printf( " ok\n" );
|
||||
printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 5. Handshake
|
||||
*/
|
||||
printf( " . Performing the DTLS handshake..." );
|
||||
fflush( stdout );
|
||||
printf(" . Performing the DTLS handshake...");
|
||||
fflush(stdout);
|
||||
|
||||
do ret = mbedtls_ssl_handshake( &ssl );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
do {
|
||||
ret = mbedtls_ssl_handshake(&ssl);
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
|
||||
{
|
||||
printf( " hello verification requested\n" );
|
||||
if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
|
||||
printf(" hello verification requested\n");
|
||||
ret = 0;
|
||||
goto reset;
|
||||
}
|
||||
else if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||
} else if (ret != 0) {
|
||||
printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
|
||||
goto reset;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 6. Read the echo Request
|
||||
*/
|
||||
printf( " < Read from client:" );
|
||||
fflush( stdout );
|
||||
printf(" < Read from client:");
|
||||
fflush(stdout);
|
||||
|
||||
len = sizeof( buf ) - 1;
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
len = sizeof(buf) - 1;
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
do ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
do {
|
||||
ret = mbedtls_ssl_read(&ssl, buf, len);
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
switch( ret )
|
||||
{
|
||||
if (ret <= 0) {
|
||||
switch (ret) {
|
||||
case MBEDTLS_ERR_SSL_TIMEOUT:
|
||||
printf( " timeout\n\n" );
|
||||
printf(" timeout\n\n");
|
||||
goto reset;
|
||||
|
||||
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
|
||||
printf( " connection was closed gracefully\n" );
|
||||
printf(" connection was closed gracefully\n");
|
||||
ret = 0;
|
||||
goto close_notify;
|
||||
|
||||
default:
|
||||
printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
|
||||
printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret);
|
||||
goto reset;
|
||||
}
|
||||
}
|
||||
|
||||
len = ret;
|
||||
printf( " %d bytes read\n\n%s\n\n", len, buf );
|
||||
printf(" %d bytes read\n\n%s\n\n", len, buf);
|
||||
|
||||
/*
|
||||
* 7. Write the 200 Response
|
||||
*/
|
||||
printf( " > Write to client:" );
|
||||
fflush( stdout );
|
||||
printf(" > Write to client:");
|
||||
fflush(stdout);
|
||||
|
||||
do ret = mbedtls_ssl_write( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
do {
|
||||
ret = mbedtls_ssl_write(&ssl, buf, len);
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
|
||||
if( ret < 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
if (ret < 0) {
|
||||
printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
len = ret;
|
||||
printf( " %d bytes written\n\n%s\n\n", len, buf );
|
||||
printf(" %d bytes written\n\n%s\n\n", len, buf);
|
||||
|
||||
/*
|
||||
* 8. Done, cleanly close the connection
|
||||
*/
|
||||
close_notify:
|
||||
printf( " . Closing the connection..." );
|
||||
printf(" . Closing the connection...");
|
||||
|
||||
/* No error checking, the connection might be closed already */
|
||||
do ret = mbedtls_ssl_close_notify( &ssl );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
do {
|
||||
ret = mbedtls_ssl_close_notify(&ssl);
|
||||
} while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
|
||||
ret = 0;
|
||||
|
||||
printf( " done\n" );
|
||||
printf(" done\n");
|
||||
|
||||
goto reset;
|
||||
|
||||
@@ -388,38 +374,38 @@ close_notify:
|
||||
exit:
|
||||
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
if( ret != 0 )
|
||||
{
|
||||
if (ret != 0) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
printf( "Last error was: %d - %s\n\n", ret, error_buf );
|
||||
mbedtls_strerror(ret, error_buf, 100);
|
||||
printf("Last error was: %d - %s\n\n", ret, error_buf);
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_net_free( &client_fd );
|
||||
mbedtls_net_free( &listen_fd );
|
||||
mbedtls_net_free(&client_fd);
|
||||
mbedtls_net_free(&listen_fd);
|
||||
|
||||
mbedtls_x509_crt_free( &srvcert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ssl_cookie_free( &cookie_ctx );
|
||||
mbedtls_x509_crt_free(&srvcert);
|
||||
mbedtls_pk_free(&pkey);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ssl_cookie_free(&cookie_ctx);
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_free( &cache );
|
||||
mbedtls_ssl_cache_free(&cache);
|
||||
#endif
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
|
||||
#if defined(_WIN32)
|
||||
printf( " Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
printf(" Press Enter to exit this program.\n");
|
||||
fflush(stdout); getchar();
|
||||
#endif
|
||||
|
||||
/* Shell can not handle large exit numbers -> 1 for errors */
|
||||
if( ret < 0 )
|
||||
if (ret < 0) {
|
||||
ret = 1;
|
||||
}
|
||||
|
||||
mbedtls_exit( ret );
|
||||
mbedtls_exit(ret);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
|
||||
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
|
||||
|
||||
@@ -44,12 +44,12 @@
|
||||
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
|
||||
!defined(UNIX)
|
||||
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
|
||||
"not defined.\n");
|
||||
mbedtls_exit( 0 );
|
||||
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
|
||||
"not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -141,8 +141,7 @@ const unsigned char ca_cert[] = {
|
||||
};
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
enum exit_codes
|
||||
{
|
||||
enum exit_codes {
|
||||
exit_ok = 0,
|
||||
ctr_drbg_seed_failed,
|
||||
ssl_config_defaults_failed,
|
||||
@@ -156,7 +155,7 @@ enum exit_codes
|
||||
};
|
||||
|
||||
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
int ret = exit_ok;
|
||||
mbedtls_net_context server_fd;
|
||||
@@ -169,62 +168,57 @@ int main( void )
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
/*
|
||||
* 0. Initialize and setup stuff
|
||||
*/
|
||||
mbedtls_net_init( &server_fd );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_net_init(&server_fd);
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_x509_crt_init( &ca );
|
||||
mbedtls_x509_crt_init(&ca);
|
||||
#endif
|
||||
|
||||
mbedtls_entropy_init( &entropy );
|
||||
if( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers, strlen( pers ) ) != 0 )
|
||||
{
|
||||
mbedtls_entropy_init(&entropy);
|
||||
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers, strlen(pers)) != 0) {
|
||||
ret = ctr_drbg_seed_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
|
||||
{
|
||||
if (mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
|
||||
ret = ssl_config_defaults_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
|
||||
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
|
||||
mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
|
||||
(const unsigned char *) psk_id, sizeof(psk_id) - 1);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( mbedtls_x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 )
|
||||
{
|
||||
if (mbedtls_x509_crt_parse_der(&ca, ca_cert, sizeof(ca_cert)) != 0) {
|
||||
ret = x509_crt_parse_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &ca, NULL );
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
mbedtls_ssl_conf_ca_chain(&conf, &ca, NULL);
|
||||
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||
#endif
|
||||
|
||||
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
|
||||
{
|
||||
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
|
||||
ret = ssl_setup_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
|
||||
{
|
||||
if (mbedtls_ssl_set_hostname(&ssl, HOSTNAME) != 0) {
|
||||
ret = hostname_failed;
|
||||
goto exit;
|
||||
}
|
||||
@@ -233,7 +227,7 @@ int main( void )
|
||||
/*
|
||||
* 1. Start the connection
|
||||
*/
|
||||
memset( &addr, 0, sizeof( addr ) );
|
||||
memset(&addr, 0, sizeof(addr));
|
||||
addr.sin_family = AF_INET;
|
||||
|
||||
ret = 1; /* for endianness detection */
|
||||
@@ -241,23 +235,20 @@ int main( void )
|
||||
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
|
||||
ret = 0;
|
||||
|
||||
if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
|
||||
{
|
||||
if ((server_fd.fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
|
||||
ret = socket_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( connect( server_fd.fd,
|
||||
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
|
||||
{
|
||||
if (connect(server_fd.fd,
|
||||
(const struct sockaddr *) &addr, sizeof(addr)) < 0) {
|
||||
ret = connect_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
||||
|
||||
if( mbedtls_ssl_handshake( &ssl ) != 0 )
|
||||
{
|
||||
if (mbedtls_ssl_handshake(&ssl) != 0) {
|
||||
ret = ssl_handshake_failed;
|
||||
goto exit;
|
||||
}
|
||||
@@ -265,26 +256,25 @@ int main( void )
|
||||
/*
|
||||
* 2. Write the GET request and close the connection
|
||||
*/
|
||||
if( mbedtls_ssl_write( &ssl, (const unsigned char *) GET_REQUEST,
|
||||
sizeof( GET_REQUEST ) - 1 ) <= 0 )
|
||||
{
|
||||
if (mbedtls_ssl_write(&ssl, (const unsigned char *) GET_REQUEST,
|
||||
sizeof(GET_REQUEST) - 1) <= 0) {
|
||||
ret = ssl_write_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_close_notify( &ssl );
|
||||
mbedtls_ssl_close_notify(&ssl);
|
||||
|
||||
exit:
|
||||
mbedtls_net_free( &server_fd );
|
||||
mbedtls_net_free(&server_fd);
|
||||
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_x509_crt_free( &ca );
|
||||
mbedtls_x509_crt_free(&ca);
|
||||
#endif
|
||||
|
||||
mbedtls_exit( ret );
|
||||
mbedtls_exit(ret);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -30,14 +30,14 @@
|
||||
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
|
||||
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
||||
"not defined.\n");
|
||||
mbedtls_exit( 0 );
|
||||
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
||||
"not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -58,17 +58,17 @@ int main( void )
|
||||
#define DEBUG_LEVEL 1
|
||||
|
||||
|
||||
static void my_debug( void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str )
|
||||
static void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
{
|
||||
((void) level);
|
||||
|
||||
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
|
||||
fflush( (FILE *) ctx );
|
||||
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
|
||||
fflush((FILE *) ctx);
|
||||
}
|
||||
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
int ret = 1, len;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
@@ -84,221 +84,209 @@ int main( void )
|
||||
mbedtls_x509_crt cacert;
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
mbedtls_debug_set_threshold( DEBUG_LEVEL );
|
||||
mbedtls_debug_set_threshold(DEBUG_LEVEL);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* 0. Initialize the RNG and the session data
|
||||
*/
|
||||
mbedtls_net_init( &server_fd );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
mbedtls_net_init(&server_fd);
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
mbedtls_x509_crt_init(&cacert);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
mbedtls_printf( "\n . Seeding the random number generator..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("\n . Seeding the random number generator...");
|
||||
fflush(stdout);
|
||||
|
||||
mbedtls_entropy_init( &entropy );
|
||||
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
|
||||
mbedtls_entropy_init(&entropy);
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 0. Initialize certificates
|
||||
*/
|
||||
mbedtls_printf( " . Loading the CA root certificate ..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Loading the CA root certificate ...");
|
||||
fflush(stdout);
|
||||
|
||||
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len );
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
|
||||
ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len);
|
||||
if (ret < 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok (%d skipped)\n", ret );
|
||||
mbedtls_printf(" ok (%d skipped)\n", ret);
|
||||
|
||||
/*
|
||||
* 1. Start the connection
|
||||
*/
|
||||
mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT);
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
|
||||
SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
|
||||
SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 2. Setup stuff
|
||||
*/
|
||||
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Setting up the SSL/TLS structure...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/* OPTIONAL is not optimal for security,
|
||||
* but makes interop easier in this simplified example */
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
||||
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
||||
|
||||
/*
|
||||
* 4. Handshake
|
||||
*/
|
||||
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Performing the SSL/TLS handshake...");
|
||||
fflush(stdout);
|
||||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 5. Verify the server certificate
|
||||
*/
|
||||
mbedtls_printf( " . Verifying peer X.509 certificate..." );
|
||||
mbedtls_printf(" . Verifying peer X.509 certificate...");
|
||||
|
||||
/* In real life, we probably want to bail out when ret != 0 */
|
||||
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
|
||||
{
|
||||
if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
|
||||
char vrfy_buf[512];
|
||||
|
||||
mbedtls_printf( " failed\n" );
|
||||
mbedtls_printf(" failed\n");
|
||||
|
||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
|
||||
mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
|
||||
|
||||
mbedtls_printf( "%s\n", vrfy_buf );
|
||||
mbedtls_printf("%s\n", vrfy_buf);
|
||||
} else {
|
||||
mbedtls_printf(" ok\n");
|
||||
}
|
||||
else
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
* 3. Write the GET request
|
||||
*/
|
||||
mbedtls_printf( " > Write to server:" );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" > Write to server:");
|
||||
fflush(stdout);
|
||||
|
||||
len = sprintf( (char *) buf, GET_REQUEST );
|
||||
len = sprintf((char *) buf, GET_REQUEST);
|
||||
|
||||
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );
|
||||
mbedtls_printf(" %d bytes written\n\n%s", len, (char *) buf);
|
||||
|
||||
/*
|
||||
* 7. Read the HTTP response
|
||||
*/
|
||||
mbedtls_printf( " < Read from server:" );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" < Read from server:");
|
||||
fflush(stdout);
|
||||
|
||||
do
|
||||
{
|
||||
len = sizeof( buf ) - 1;
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
do {
|
||||
len = sizeof(buf) - 1;
|
||||
memset(buf, 0, sizeof(buf));
|
||||
ret = mbedtls_ssl_read(&ssl, buf, len);
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
|
||||
break;
|
||||
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
|
||||
if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
|
||||
break;
|
||||
}
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
mbedtls_printf( "\n\nEOF\n\n" );
|
||||
if (ret < 0) {
|
||||
mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret);
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
mbedtls_printf("\n\nEOF\n\n");
|
||||
break;
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
|
||||
}
|
||||
while( 1 );
|
||||
mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
|
||||
} while (1);
|
||||
|
||||
mbedtls_ssl_close_notify( &ssl );
|
||||
mbedtls_ssl_close_notify(&ssl);
|
||||
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
if( exit_code != MBEDTLS_EXIT_SUCCESS )
|
||||
{
|
||||
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
|
||||
mbedtls_strerror(ret, error_buf, 100);
|
||||
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_net_free( &server_fd );
|
||||
mbedtls_net_free(&server_fd);
|
||||
|
||||
mbedtls_x509_crt_free( &cacert );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
mbedtls_x509_crt_free(&cacert);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf( " + Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
mbedtls_printf(" + Press Enter to exit this program.\n");
|
||||
fflush(stdout); getchar();
|
||||
#endif
|
||||
|
||||
mbedtls_exit( exit_code );
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
|
||||
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -31,24 +31,24 @@
|
||||
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
|
||||
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C)
|
||||
int main( int argc, char *argv[] )
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
((void) argc);
|
||||
((void) argv);
|
||||
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
|
||||
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
||||
mbedtls_exit( 0 );
|
||||
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#elif defined(_WIN32)
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
|
||||
"to work correctly.\n");
|
||||
mbedtls_exit( 0 );
|
||||
"to work correctly.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -75,17 +75,17 @@ int main( void )
|
||||
#define DEBUG_LEVEL 0
|
||||
|
||||
|
||||
static void my_debug( void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str )
|
||||
static void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
{
|
||||
((void) level);
|
||||
|
||||
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
|
||||
fflush( (FILE *) ctx );
|
||||
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
|
||||
fflush((FILE *) ctx);
|
||||
}
|
||||
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
int ret = 1, len, cnt = 0, pid;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
@@ -100,126 +100,117 @@ int main( void )
|
||||
mbedtls_x509_crt srvcert;
|
||||
mbedtls_pk_context pkey;
|
||||
|
||||
mbedtls_net_init( &listen_fd );
|
||||
mbedtls_net_init( &client_fd );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_entropy_init( &entropy );
|
||||
mbedtls_pk_init( &pkey );
|
||||
mbedtls_x509_crt_init( &srvcert );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
mbedtls_net_init(&listen_fd);
|
||||
mbedtls_net_init(&client_fd);
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_pk_init(&pkey);
|
||||
mbedtls_x509_crt_init(&srvcert);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
signal( SIGCHLD, SIG_IGN );
|
||||
signal(SIGCHLD, SIG_IGN);
|
||||
|
||||
/*
|
||||
* 0. Initial seeding of the RNG
|
||||
*/
|
||||
mbedtls_printf( "\n . Initial seeding of the random generator..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("\n . Initial seeding of the random generator...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 1. Load the certificates and private RSA key
|
||||
*/
|
||||
mbedtls_printf( " . Loading the server cert. and key..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Loading the server cert. and key...");
|
||||
fflush(stdout);
|
||||
|
||||
/*
|
||||
* This demonstration program uses embedded test certificates.
|
||||
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
|
||||
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
|
||||
*/
|
||||
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
|
||||
mbedtls_test_srv_crt_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret );
|
||||
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
|
||||
mbedtls_test_srv_crt_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret );
|
||||
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||
mbedtls_test_srv_key_len, NULL, 0 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret );
|
||||
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||
mbedtls_test_srv_key_len, NULL, 0);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 1b. Prepare SSL configuration
|
||||
*/
|
||||
mbedtls_printf( " . Configuring SSL..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Configuring SSL...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_ssl_config_defaults returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
|
||||
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 2. Setup the listening TCP socket
|
||||
*/
|
||||
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Bind on https://localhost:4433/ ...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_net_bind returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_net_bind returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
while( 1 )
|
||||
{
|
||||
while (1) {
|
||||
/*
|
||||
* 3. Wait until a client connects
|
||||
*/
|
||||
mbedtls_net_init( &client_fd );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_net_init(&client_fd);
|
||||
mbedtls_ssl_init(&ssl);
|
||||
|
||||
mbedtls_printf( " . Waiting for a remote connection ...\n" );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Waiting for a remote connection ...\n");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
|
||||
NULL, 0, NULL ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_net_accept returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
|
||||
NULL, 0, NULL)) != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_net_accept returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
@@ -227,113 +218,104 @@ int main( void )
|
||||
* 3.5. Forking server thread
|
||||
*/
|
||||
|
||||
mbedtls_printf( " . Forking to handle connection ..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Forking to handle connection ...");
|
||||
fflush(stdout);
|
||||
|
||||
pid = fork();
|
||||
|
||||
if( pid < 0 )
|
||||
{
|
||||
mbedtls_printf(" failed! fork returned %d\n\n", pid );
|
||||
if (pid < 0) {
|
||||
mbedtls_printf(" failed! fork returned %d\n\n", pid);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( pid != 0 )
|
||||
{
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_net_close( &client_fd );
|
||||
if (pid != 0) {
|
||||
mbedtls_printf(" ok\n");
|
||||
mbedtls_net_close(&client_fd);
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
|
||||
(const unsigned char *) "parent",
|
||||
6 ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
|
||||
(const unsigned char *) "parent",
|
||||
6)) != 0) {
|
||||
mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
mbedtls_net_close( &listen_fd );
|
||||
mbedtls_net_close(&listen_fd);
|
||||
|
||||
pid = getpid();
|
||||
|
||||
/*
|
||||
* 4. Setup stuff
|
||||
*/
|
||||
mbedtls_printf( "pid %d: Setting up the SSL data.\n", pid );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("pid %d: Setting up the SSL data.\n", pid);
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
|
||||
(const unsigned char *) "child",
|
||||
5 ) ) != 0 )
|
||||
{
|
||||
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
|
||||
(const unsigned char *) "child",
|
||||
5)) != 0) {
|
||||
mbedtls_printf(
|
||||
"pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
|
||||
pid, ret );
|
||||
"pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
|
||||
pid, ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
|
||||
mbedtls_printf(
|
||||
"pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
|
||||
pid, ret );
|
||||
"pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
|
||||
pid, ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
||||
|
||||
mbedtls_printf( "pid %d: SSL setup ok\n", pid );
|
||||
mbedtls_printf("pid %d: SSL setup ok\n", pid);
|
||||
|
||||
/*
|
||||
* 5. Handshake
|
||||
*/
|
||||
mbedtls_printf( "pid %d: Performing the SSL/TLS handshake.\n", pid );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("pid %d: Performing the SSL/TLS handshake.\n", pid);
|
||||
fflush(stdout);
|
||||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(
|
||||
"pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n",
|
||||
pid, ret );
|
||||
"pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n",
|
||||
pid, ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( "pid %d: SSL handshake ok\n", pid );
|
||||
mbedtls_printf("pid %d: SSL handshake ok\n", pid);
|
||||
|
||||
/*
|
||||
* 6. Read the HTTP Request
|
||||
*/
|
||||
mbedtls_printf( "pid %d: Start reading from client.\n", pid );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("pid %d: Start reading from client.\n", pid);
|
||||
fflush(stdout);
|
||||
|
||||
do
|
||||
{
|
||||
len = sizeof( buf ) - 1;
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
do {
|
||||
len = sizeof(buf) - 1;
|
||||
memset(buf, 0, sizeof(buf));
|
||||
ret = mbedtls_ssl_read(&ssl, buf, len);
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
switch( ret )
|
||||
{
|
||||
if (ret <= 0) {
|
||||
switch (ret) {
|
||||
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
|
||||
mbedtls_printf( "pid %d: connection was closed gracefully\n", pid );
|
||||
mbedtls_printf("pid %d: connection was closed gracefully\n", pid);
|
||||
break;
|
||||
|
||||
case MBEDTLS_ERR_NET_CONN_RESET:
|
||||
mbedtls_printf( "pid %d: connection was reset by peer\n", pid );
|
||||
mbedtls_printf("pid %d: connection was reset by peer\n", pid);
|
||||
break;
|
||||
|
||||
default:
|
||||
mbedtls_printf( "pid %d: mbedtls_ssl_read returned %d\n", pid, ret );
|
||||
mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret);
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -341,70 +323,66 @@ int main( void )
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( "pid %d: %d bytes read\n\n%s", pid, len, (char *) buf );
|
||||
mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf);
|
||||
|
||||
if( ret > 0 )
|
||||
if (ret > 0) {
|
||||
break;
|
||||
}
|
||||
while( 1 );
|
||||
}
|
||||
} while (1);
|
||||
|
||||
/*
|
||||
* 7. Write the 200 Response
|
||||
*/
|
||||
mbedtls_printf( "pid %d: Start writing to client.\n", pid );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("pid %d: Start writing to client.\n", pid);
|
||||
fflush(stdout);
|
||||
|
||||
len = sprintf( (char *) buf, HTTP_RESPONSE,
|
||||
mbedtls_ssl_get_ciphersuite( &ssl ) );
|
||||
len = sprintf((char *) buf, HTTP_RESPONSE,
|
||||
mbedtls_ssl_get_ciphersuite(&ssl));
|
||||
|
||||
while( cnt++ < 100 )
|
||||
{
|
||||
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
|
||||
{
|
||||
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
|
||||
{
|
||||
while (cnt++ < 100) {
|
||||
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
|
||||
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
|
||||
mbedtls_printf(
|
||||
"pid %d: Write failed! peer closed the connection\n\n", pid );
|
||||
"pid %d: Write failed! peer closed the connection\n\n", pid);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(
|
||||
"pid %d: Write failed! mbedtls_ssl_write returned %d\n\n",
|
||||
pid, ret );
|
||||
"pid %d: Write failed! mbedtls_ssl_write returned %d\n\n",
|
||||
pid, ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
len = ret;
|
||||
mbedtls_printf( "pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf );
|
||||
mbedtls_printf("pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf);
|
||||
|
||||
mbedtls_net_usleep( 1000000 );
|
||||
mbedtls_net_usleep(1000000);
|
||||
}
|
||||
|
||||
mbedtls_ssl_close_notify( &ssl );
|
||||
mbedtls_ssl_close_notify(&ssl);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
mbedtls_net_free( &client_fd );
|
||||
mbedtls_net_free( &listen_fd );
|
||||
mbedtls_net_free(&client_fd);
|
||||
mbedtls_net_free(&listen_fd);
|
||||
|
||||
mbedtls_x509_crt_free( &srvcert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
mbedtls_x509_crt_free(&srvcert);
|
||||
mbedtls_pk_free(&pkey);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf( " Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
mbedtls_printf(" Press Enter to exit this program.\n");
|
||||
fflush(stdout); getchar();
|
||||
#endif
|
||||
|
||||
mbedtls_exit( exit_code );
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -33,15 +33,15 @@
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
|
||||
!defined(MBEDTLS_PEM_PARSE_C)
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
|
||||
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
|
||||
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
||||
mbedtls_exit( 0 );
|
||||
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
|
||||
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -80,20 +80,20 @@ int main( void )
|
||||
|
||||
mbedtls_threading_mutex_t debug_mutex;
|
||||
|
||||
static void my_mutexed_debug( void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str )
|
||||
static void my_mutexed_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
{
|
||||
long int thread_id = (long int) pthread_self();
|
||||
|
||||
mbedtls_mutex_lock( &debug_mutex );
|
||||
mbedtls_mutex_lock(&debug_mutex);
|
||||
|
||||
((void) level);
|
||||
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: [ #%ld ] %s",
|
||||
file, line, thread_id, str );
|
||||
fflush( (FILE *) ctx );
|
||||
mbedtls_fprintf((FILE *) ctx, "%s:%04d: [ #%ld ] %s",
|
||||
file, line, thread_id, str);
|
||||
fflush((FILE *) ctx);
|
||||
|
||||
mbedtls_mutex_unlock( &debug_mutex );
|
||||
mbedtls_mutex_unlock(&debug_mutex);
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
@@ -111,7 +111,7 @@ typedef struct {
|
||||
static thread_info_t base_info;
|
||||
static pthread_info_t threads[MAX_NUM_THREADS];
|
||||
|
||||
static void *handle_ssl_connection( void *data )
|
||||
static void *handle_ssl_connection(void *data)
|
||||
{
|
||||
int ret, len;
|
||||
thread_info_t *thread_info = (thread_info_t *) data;
|
||||
@@ -121,190 +121,178 @@ static void *handle_ssl_connection( void *data )
|
||||
mbedtls_ssl_context ssl;
|
||||
|
||||
/* Make sure memory references are valid */
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_init(&ssl);
|
||||
|
||||
mbedtls_printf( " [ #%ld ] Setting up SSL/TLS data\n", thread_id );
|
||||
mbedtls_printf(" [ #%ld ] Setting up SSL/TLS data\n", thread_id);
|
||||
|
||||
/*
|
||||
* 4. Get the SSL context ready
|
||||
*/
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
|
||||
thread_id, ( unsigned int ) -ret );
|
||||
if ((ret = mbedtls_ssl_setup(&ssl, thread_info->config)) != 0) {
|
||||
mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
|
||||
thread_id, (unsigned int) -ret);
|
||||
goto thread_exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
mbedtls_ssl_set_bio(&ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
||||
|
||||
/*
|
||||
* 5. Handshake
|
||||
*/
|
||||
mbedtls_printf( " [ #%ld ] Performing the SSL/TLS handshake\n", thread_id );
|
||||
mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id);
|
||||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
|
||||
thread_id, ( unsigned int ) -ret );
|
||||
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
|
||||
thread_id, (unsigned int) -ret);
|
||||
goto thread_exit;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( " [ #%ld ] ok\n", thread_id );
|
||||
mbedtls_printf(" [ #%ld ] ok\n", thread_id);
|
||||
|
||||
/*
|
||||
* 6. Read the HTTP Request
|
||||
*/
|
||||
mbedtls_printf( " [ #%ld ] < Read from client\n", thread_id );
|
||||
mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id);
|
||||
|
||||
do
|
||||
{
|
||||
len = sizeof( buf ) - 1;
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
do {
|
||||
len = sizeof(buf) - 1;
|
||||
memset(buf, 0, sizeof(buf));
|
||||
ret = mbedtls_ssl_read(&ssl, buf, len);
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
switch( ret )
|
||||
{
|
||||
if (ret <= 0) {
|
||||
switch (ret) {
|
||||
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
|
||||
mbedtls_printf( " [ #%ld ] connection was closed gracefully\n",
|
||||
thread_id );
|
||||
mbedtls_printf(" [ #%ld ] connection was closed gracefully\n",
|
||||
thread_id);
|
||||
goto thread_exit;
|
||||
|
||||
case MBEDTLS_ERR_NET_CONN_RESET:
|
||||
mbedtls_printf( " [ #%ld ] connection was reset by peer\n",
|
||||
thread_id );
|
||||
mbedtls_printf(" [ #%ld ] connection was reset by peer\n",
|
||||
thread_id);
|
||||
goto thread_exit;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
|
||||
thread_id, ( unsigned int ) -ret );
|
||||
mbedtls_printf(" [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
|
||||
thread_id, (unsigned int) -ret);
|
||||
goto thread_exit;
|
||||
}
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
|
||||
thread_id, len, (char *) buf );
|
||||
mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
|
||||
thread_id, len, (char *) buf);
|
||||
|
||||
if( ret > 0 )
|
||||
if (ret > 0) {
|
||||
break;
|
||||
}
|
||||
while( 1 );
|
||||
}
|
||||
} while (1);
|
||||
|
||||
/*
|
||||
* 7. Write the 200 Response
|
||||
*/
|
||||
mbedtls_printf( " [ #%ld ] > Write to client:\n", thread_id );
|
||||
mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id);
|
||||
|
||||
len = sprintf( (char *) buf, HTTP_RESPONSE,
|
||||
mbedtls_ssl_get_ciphersuite( &ssl ) );
|
||||
len = sprintf((char *) buf, HTTP_RESPONSE,
|
||||
mbedtls_ssl_get_ciphersuite(&ssl));
|
||||
|
||||
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
|
||||
{
|
||||
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
|
||||
{
|
||||
mbedtls_printf( " [ #%ld ] failed: peer closed the connection\n",
|
||||
thread_id );
|
||||
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
|
||||
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
|
||||
mbedtls_printf(" [ #%ld ] failed: peer closed the connection\n",
|
||||
thread_id);
|
||||
goto thread_exit;
|
||||
}
|
||||
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
|
||||
thread_id, ( unsigned int ) ret );
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
|
||||
thread_id, (unsigned int) ret);
|
||||
goto thread_exit;
|
||||
}
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
|
||||
thread_id, len, (char *) buf );
|
||||
mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
|
||||
thread_id, len, (char *) buf);
|
||||
|
||||
mbedtls_printf( " [ #%ld ] . Closing the connection...", thread_id );
|
||||
mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id);
|
||||
|
||||
while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
|
||||
thread_id, ( unsigned int ) ret );
|
||||
while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
|
||||
thread_id, (unsigned int) ret);
|
||||
goto thread_exit;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
ret = 0;
|
||||
|
||||
thread_exit:
|
||||
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
if( ret != 0 )
|
||||
{
|
||||
if (ret != 0) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_strerror(ret, error_buf, 100);
|
||||
mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n",
|
||||
thread_id, ( unsigned int ) -ret, error_buf );
|
||||
thread_id, (unsigned int) -ret, error_buf);
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_net_free( client_fd );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_net_free(client_fd);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
|
||||
thread_info->thread_complete = 1;
|
||||
|
||||
return( NULL );
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int thread_create( mbedtls_net_context *client_fd )
|
||||
static int thread_create(mbedtls_net_context *client_fd)
|
||||
{
|
||||
int ret, i;
|
||||
|
||||
/*
|
||||
* Find in-active or finished thread slot
|
||||
*/
|
||||
for( i = 0; i < MAX_NUM_THREADS; i++ )
|
||||
{
|
||||
if( threads[i].active == 0 )
|
||||
for (i = 0; i < MAX_NUM_THREADS; i++) {
|
||||
if (threads[i].active == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
if( threads[i].data.thread_complete == 1 )
|
||||
{
|
||||
mbedtls_printf( " [ main ] Cleaning up thread %d\n", i );
|
||||
pthread_join(threads[i].thread, NULL );
|
||||
memset( &threads[i], 0, sizeof(pthread_info_t) );
|
||||
if (threads[i].data.thread_complete == 1) {
|
||||
mbedtls_printf(" [ main ] Cleaning up thread %d\n", i);
|
||||
pthread_join(threads[i].thread, NULL);
|
||||
memset(&threads[i], 0, sizeof(pthread_info_t));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if( i == MAX_NUM_THREADS )
|
||||
return( -1 );
|
||||
if (i == MAX_NUM_THREADS) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Fill thread-info for thread
|
||||
*/
|
||||
memcpy( &threads[i].data, &base_info, sizeof(base_info) );
|
||||
memcpy(&threads[i].data, &base_info, sizeof(base_info));
|
||||
threads[i].active = 1;
|
||||
memcpy( &threads[i].data.client_fd, client_fd, sizeof( mbedtls_net_context ) );
|
||||
memcpy(&threads[i].data.client_fd, client_fd, sizeof(mbedtls_net_context));
|
||||
|
||||
if( ( ret = pthread_create( &threads[i].thread, NULL, handle_ssl_connection,
|
||||
&threads[i].data ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
if ((ret = pthread_create(&threads[i].thread, NULL, handle_ssl_connection,
|
||||
&threads[i].data)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
return 0;
|
||||
}
|
||||
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
int ret;
|
||||
mbedtls_net_context listen_fd, client_fd;
|
||||
@@ -324,166 +312,156 @@ int main( void )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
|
||||
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_init( &cache );
|
||||
mbedtls_ssl_cache_init(&cache);
|
||||
#endif
|
||||
|
||||
mbedtls_x509_crt_init( &srvcert );
|
||||
mbedtls_x509_crt_init( &cachain );
|
||||
mbedtls_x509_crt_init(&srvcert);
|
||||
mbedtls_x509_crt_init(&cachain);
|
||||
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
memset( threads, 0, sizeof(threads) );
|
||||
mbedtls_net_init( &listen_fd );
|
||||
mbedtls_net_init( &client_fd );
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
memset(threads, 0, sizeof(threads));
|
||||
mbedtls_net_init(&listen_fd);
|
||||
mbedtls_net_init(&client_fd);
|
||||
|
||||
mbedtls_mutex_init( &debug_mutex );
|
||||
mbedtls_mutex_init(&debug_mutex);
|
||||
|
||||
base_info.config = &conf;
|
||||
|
||||
/*
|
||||
* We use only a single entropy source that is used in all the threads.
|
||||
*/
|
||||
mbedtls_entropy_init( &entropy );
|
||||
mbedtls_entropy_init(&entropy);
|
||||
|
||||
/*
|
||||
* 1. Load the certificates and private RSA key
|
||||
*/
|
||||
mbedtls_printf( "\n . Loading the server cert. and key..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("\n . Loading the server cert. and key...");
|
||||
fflush(stdout);
|
||||
|
||||
/*
|
||||
* This demonstration program uses embedded test certificates.
|
||||
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
|
||||
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
|
||||
*/
|
||||
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
|
||||
mbedtls_test_srv_crt_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
|
||||
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
|
||||
mbedtls_test_srv_crt_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_x509_crt_parse( &cachain, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
|
||||
ret = mbedtls_x509_crt_parse(&cachain, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_pk_init( &pkey );
|
||||
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||
mbedtls_test_srv_key_len, NULL, 0 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
|
||||
mbedtls_pk_init(&pkey);
|
||||
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||
mbedtls_test_srv_key_len, NULL, 0);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 1b. Seed the random number generator
|
||||
*/
|
||||
mbedtls_printf( " . Seeding the random number generator..." );
|
||||
mbedtls_printf(" . Seeding the random number generator...");
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
|
||||
( unsigned int ) -ret );
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 1c. Prepare SSL configuration
|
||||
*/
|
||||
mbedtls_printf( " . Setting up the SSL data...." );
|
||||
mbedtls_printf(" . Setting up the SSL data....");
|
||||
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
|
||||
( unsigned int ) -ret );
|
||||
if ((ret = mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
|
||||
mbedtls_printf(" failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_mutexed_debug, stdout );
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||
mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout);
|
||||
|
||||
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
|
||||
* MBEDTLS_THREADING_C is set.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_conf_session_cache( &conf, &cache,
|
||||
mbedtls_ssl_conf_session_cache(&conf, &cache,
|
||||
mbedtls_ssl_cache_get,
|
||||
mbedtls_ssl_cache_set );
|
||||
mbedtls_ssl_cache_set);
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
mbedtls_ssl_conf_ca_chain(&conf, &cachain, NULL);
|
||||
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 2. Setup the listening TCP socket
|
||||
*/
|
||||
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Bind on https://localhost:4433/ ...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
reset:
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
if( ret != 0 )
|
||||
{
|
||||
if (ret != 0) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", ( unsigned int ) -ret,
|
||||
error_buf );
|
||||
mbedtls_strerror(ret, error_buf, 100);
|
||||
mbedtls_printf(" [ main ] Last error was: -0x%04x - %s\n", (unsigned int) -ret,
|
||||
error_buf);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* 3. Wait until a client connects
|
||||
*/
|
||||
mbedtls_printf( " [ main ] Waiting for a remote connection\n" );
|
||||
mbedtls_printf(" [ main ] Waiting for a remote connection\n");
|
||||
|
||||
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
|
||||
NULL, 0, NULL ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n",
|
||||
( unsigned int ) ret );
|
||||
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
|
||||
NULL, 0, NULL)) != 0) {
|
||||
mbedtls_printf(" [ main ] failed: mbedtls_net_accept returned -0x%04x\n",
|
||||
(unsigned int) ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " [ main ] ok\n" );
|
||||
mbedtls_printf( " [ main ] Creating a new thread\n" );
|
||||
mbedtls_printf(" [ main ] ok\n");
|
||||
mbedtls_printf(" [ main ] Creating a new thread\n");
|
||||
|
||||
if( ( ret = thread_create( &client_fd ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret );
|
||||
mbedtls_net_free( &client_fd );
|
||||
if ((ret = thread_create(&client_fd)) != 0) {
|
||||
mbedtls_printf(" [ main ] failed: thread_create returned %d\n", ret);
|
||||
mbedtls_net_free(&client_fd);
|
||||
goto reset;
|
||||
}
|
||||
|
||||
@@ -491,29 +469,29 @@ reset:
|
||||
goto reset;
|
||||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &srvcert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
mbedtls_x509_crt_free(&srvcert);
|
||||
mbedtls_pk_free(&pkey);
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_free( &cache );
|
||||
mbedtls_ssl_cache_free(&cache);
|
||||
#endif
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
|
||||
mbedtls_net_free( &listen_fd );
|
||||
mbedtls_net_free(&listen_fd);
|
||||
|
||||
mbedtls_mutex_free( &debug_mutex );
|
||||
mbedtls_mutex_free(&debug_mutex);
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
mbedtls_memory_buffer_alloc_free();
|
||||
#endif
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf( " Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
mbedtls_printf(" Press Enter to exit this program.\n");
|
||||
fflush(stdout); getchar();
|
||||
#endif
|
||||
|
||||
mbedtls_exit( ret );
|
||||
mbedtls_exit(ret);
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
|
||||
|
||||
@@ -31,14 +31,14 @@
|
||||
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_PEM_PARSE_C)
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
|
||||
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
||||
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
||||
mbedtls_exit( 0 );
|
||||
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
||||
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -70,17 +70,17 @@ int main( void )
|
||||
#define DEBUG_LEVEL 0
|
||||
|
||||
|
||||
static void my_debug( void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str )
|
||||
static void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
{
|
||||
((void) level);
|
||||
|
||||
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
|
||||
fflush( (FILE *) ctx );
|
||||
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
|
||||
fflush((FILE *) ctx);
|
||||
}
|
||||
|
||||
int main( void )
|
||||
int main(void)
|
||||
{
|
||||
int ret, len;
|
||||
mbedtls_net_context listen_fd, client_fd;
|
||||
@@ -97,205 +97,191 @@ int main( void )
|
||||
mbedtls_ssl_cache_context cache;
|
||||
#endif
|
||||
|
||||
mbedtls_net_init( &listen_fd );
|
||||
mbedtls_net_init( &client_fd );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_net_init(&listen_fd);
|
||||
mbedtls_net_init(&client_fd);
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_init( &cache );
|
||||
mbedtls_ssl_cache_init(&cache);
|
||||
#endif
|
||||
mbedtls_x509_crt_init( &srvcert );
|
||||
mbedtls_pk_init( &pkey );
|
||||
mbedtls_entropy_init( &entropy );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
mbedtls_x509_crt_init(&srvcert);
|
||||
mbedtls_pk_init(&pkey);
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
mbedtls_debug_set_threshold( DEBUG_LEVEL );
|
||||
mbedtls_debug_set_threshold(DEBUG_LEVEL);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* 1. Load the certificates and private RSA key
|
||||
*/
|
||||
mbedtls_printf( "\n . Loading the server cert. and key..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf("\n . Loading the server cert. and key...");
|
||||
fflush(stdout);
|
||||
|
||||
/*
|
||||
* This demonstration program uses embedded test certificates.
|
||||
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
|
||||
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
|
||||
*/
|
||||
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
|
||||
mbedtls_test_srv_crt_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
|
||||
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
|
||||
mbedtls_test_srv_crt_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
|
||||
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||
mbedtls_test_srv_key_len, NULL, 0 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
|
||||
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||
mbedtls_test_srv_key_len, NULL, 0);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 2. Setup the listening TCP socket
|
||||
*/
|
||||
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Bind on https://localhost:4433/ ...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 3. Seed the RNG
|
||||
*/
|
||||
mbedtls_printf( " . Seeding the random number generator..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Seeding the random number generator...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 4. Setup stuff
|
||||
*/
|
||||
mbedtls_printf( " . Setting up the SSL data...." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Setting up the SSL data....");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_conf_session_cache( &conf, &cache,
|
||||
mbedtls_ssl_conf_session_cache(&conf, &cache,
|
||||
mbedtls_ssl_cache_get,
|
||||
mbedtls_ssl_cache_set );
|
||||
mbedtls_ssl_cache_set);
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
|
||||
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
reset:
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
if( ret != 0 )
|
||||
{
|
||||
if (ret != 0) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
|
||||
mbedtls_strerror(ret, error_buf, 100);
|
||||
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_net_free( &client_fd );
|
||||
mbedtls_net_free(&client_fd);
|
||||
|
||||
mbedtls_ssl_session_reset( &ssl );
|
||||
mbedtls_ssl_session_reset(&ssl);
|
||||
|
||||
/*
|
||||
* 3. Wait until a client connects
|
||||
*/
|
||||
mbedtls_printf( " . Waiting for a remote connection ..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Waiting for a remote connection ...");
|
||||
fflush(stdout);
|
||||
|
||||
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
|
||||
NULL, 0, NULL ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
|
||||
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
|
||||
NULL, 0, NULL)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 5. Handshake
|
||||
*/
|
||||
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" . Performing the SSL/TLS handshake...");
|
||||
fflush(stdout);
|
||||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
|
||||
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret);
|
||||
goto reset;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
/*
|
||||
* 6. Read the HTTP Request
|
||||
*/
|
||||
mbedtls_printf( " < Read from client:" );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" < Read from client:");
|
||||
fflush(stdout);
|
||||
|
||||
do
|
||||
{
|
||||
len = sizeof( buf ) - 1;
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
do {
|
||||
len = sizeof(buf) - 1;
|
||||
memset(buf, 0, sizeof(buf));
|
||||
ret = mbedtls_ssl_read(&ssl, buf, len);
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
switch( ret )
|
||||
{
|
||||
if (ret <= 0) {
|
||||
switch (ret) {
|
||||
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
|
||||
mbedtls_printf( " connection was closed gracefully\n" );
|
||||
mbedtls_printf(" connection was closed gracefully\n");
|
||||
break;
|
||||
|
||||
case MBEDTLS_ERR_NET_CONN_RESET:
|
||||
mbedtls_printf( " connection was reset by peer\n" );
|
||||
mbedtls_printf(" connection was reset by peer\n");
|
||||
break;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
|
||||
mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -303,53 +289,48 @@ reset:
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
|
||||
mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
|
||||
|
||||
if( ret > 0 )
|
||||
if (ret > 0) {
|
||||
break;
|
||||
}
|
||||
while( 1 );
|
||||
}
|
||||
} while (1);
|
||||
|
||||
/*
|
||||
* 7. Write the 200 Response
|
||||
*/
|
||||
mbedtls_printf( " > Write to client:" );
|
||||
fflush( stdout );
|
||||
mbedtls_printf(" > Write to client:");
|
||||
fflush(stdout);
|
||||
|
||||
len = sprintf( (char *) buf, HTTP_RESPONSE,
|
||||
mbedtls_ssl_get_ciphersuite( &ssl ) );
|
||||
len = sprintf((char *) buf, HTTP_RESPONSE,
|
||||
mbedtls_ssl_get_ciphersuite(&ssl));
|
||||
|
||||
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
|
||||
{
|
||||
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
|
||||
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
|
||||
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
|
||||
mbedtls_printf(" failed\n ! peer closed the connection\n\n");
|
||||
goto reset;
|
||||
}
|
||||
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
|
||||
mbedtls_printf(" %d bytes written\n\n%s\n", len, (char *) buf);
|
||||
|
||||
mbedtls_printf( " . Closing the connection..." );
|
||||
mbedtls_printf(" . Closing the connection...");
|
||||
|
||||
while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
|
||||
while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret);
|
||||
goto reset;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
ret = 0;
|
||||
goto reset;
|
||||
@@ -357,33 +338,32 @@ reset:
|
||||
exit:
|
||||
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
if( ret != 0 )
|
||||
{
|
||||
if (ret != 0) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
|
||||
mbedtls_strerror(ret, error_buf, 100);
|
||||
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_net_free( &client_fd );
|
||||
mbedtls_net_free( &listen_fd );
|
||||
mbedtls_net_free(&client_fd);
|
||||
mbedtls_net_free(&listen_fd);
|
||||
|
||||
mbedtls_x509_crt_free( &srvcert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_x509_crt_free(&srvcert);
|
||||
mbedtls_pk_free(&pkey);
|
||||
mbedtls_ssl_free(&ssl);
|
||||
mbedtls_ssl_config_free(&conf);
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_free( &cache );
|
||||
mbedtls_ssl_cache_free(&cache);
|
||||
#endif
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf( " Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
mbedtls_printf(" Press Enter to exit this program.\n");
|
||||
fflush(stdout); getchar();
|
||||
#endif
|
||||
|
||||
mbedtls_exit( ret );
|
||||
mbedtls_exit(ret);
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
|
||||
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -25,44 +25,43 @@
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
int eap_tls_key_derivation( void *p_expkey,
|
||||
const unsigned char *ms,
|
||||
const unsigned char *kb,
|
||||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type )
|
||||
int eap_tls_key_derivation(void *p_expkey,
|
||||
const unsigned char *ms,
|
||||
const unsigned char *kb,
|
||||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type)
|
||||
{
|
||||
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
|
||||
eap_tls_keys *keys = (eap_tls_keys *) p_expkey;
|
||||
|
||||
( ( void ) kb );
|
||||
memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
|
||||
memcpy( keys->randbytes, client_random, 32 );
|
||||
memcpy( keys->randbytes + 32, server_random, 32 );
|
||||
((void) kb);
|
||||
memcpy(keys->master_secret, ms, sizeof(keys->master_secret));
|
||||
memcpy(keys->randbytes, client_random, 32);
|
||||
memcpy(keys->randbytes + 32, server_random, 32);
|
||||
keys->tls_prf_type = tls_prf_type;
|
||||
|
||||
if( opt.debug_level > 2 )
|
||||
{
|
||||
mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
|
||||
mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
|
||||
mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
|
||||
if (opt.debug_level > 2) {
|
||||
mbedtls_printf("exported maclen is %u\n", (unsigned) maclen);
|
||||
mbedtls_printf("exported keylen is %u\n", (unsigned) keylen);
|
||||
mbedtls_printf("exported ivlen is %u\n", (unsigned) ivlen);
|
||||
}
|
||||
return( 0 );
|
||||
return 0;
|
||||
}
|
||||
|
||||
int nss_keylog_export( void *p_expkey,
|
||||
const unsigned char *ms,
|
||||
const unsigned char *kb,
|
||||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type )
|
||||
int nss_keylog_export(void *p_expkey,
|
||||
const unsigned char *ms,
|
||||
const unsigned char *kb,
|
||||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type)
|
||||
{
|
||||
char nss_keylog_line[ 200 ];
|
||||
char nss_keylog_line[200];
|
||||
size_t const client_random_len = 32;
|
||||
size_t const master_secret_len = 48;
|
||||
size_t len = 0;
|
||||
@@ -77,138 +76,134 @@ int nss_keylog_export( void *p_expkey,
|
||||
((void) server_random);
|
||||
((void) tls_prf_type);
|
||||
|
||||
len += sprintf( nss_keylog_line + len,
|
||||
"%s", "CLIENT_RANDOM " );
|
||||
len += sprintf(nss_keylog_line + len,
|
||||
"%s", "CLIENT_RANDOM ");
|
||||
|
||||
for( j = 0; j < client_random_len; j++ )
|
||||
{
|
||||
len += sprintf( nss_keylog_line + len,
|
||||
"%02x", client_random[j] );
|
||||
for (j = 0; j < client_random_len; j++) {
|
||||
len += sprintf(nss_keylog_line + len,
|
||||
"%02x", client_random[j]);
|
||||
}
|
||||
|
||||
len += sprintf( nss_keylog_line + len, " " );
|
||||
len += sprintf(nss_keylog_line + len, " ");
|
||||
|
||||
for( j = 0; j < master_secret_len; j++ )
|
||||
{
|
||||
len += sprintf( nss_keylog_line + len,
|
||||
"%02x", ms[j] );
|
||||
for (j = 0; j < master_secret_len; j++) {
|
||||
len += sprintf(nss_keylog_line + len,
|
||||
"%02x", ms[j]);
|
||||
}
|
||||
|
||||
len += sprintf( nss_keylog_line + len, "\n" );
|
||||
nss_keylog_line[ len ] = '\0';
|
||||
len += sprintf(nss_keylog_line + len, "\n");
|
||||
nss_keylog_line[len] = '\0';
|
||||
|
||||
mbedtls_printf( "\n" );
|
||||
mbedtls_printf( "---------------- NSS KEYLOG -----------------\n" );
|
||||
mbedtls_printf( "%s", nss_keylog_line );
|
||||
mbedtls_printf( "---------------------------------------------\n" );
|
||||
mbedtls_printf("\n");
|
||||
mbedtls_printf("---------------- NSS KEYLOG -----------------\n");
|
||||
mbedtls_printf("%s", nss_keylog_line);
|
||||
mbedtls_printf("---------------------------------------------\n");
|
||||
|
||||
if( opt.nss_keylog_file != NULL )
|
||||
{
|
||||
if (opt.nss_keylog_file != NULL) {
|
||||
FILE *f;
|
||||
|
||||
if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL )
|
||||
{
|
||||
if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) {
|
||||
ret = -1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( fwrite( nss_keylog_line, 1, len, f ) != len )
|
||||
{
|
||||
if (fwrite(nss_keylog_line, 1, len, f) != len) {
|
||||
ret = -1;
|
||||
fclose( f );
|
||||
fclose(f);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
fclose(f);
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( nss_keylog_line,
|
||||
sizeof( nss_keylog_line ) );
|
||||
return( ret );
|
||||
mbedtls_platform_zeroize(nss_keylog_line,
|
||||
sizeof(nss_keylog_line));
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined( MBEDTLS_SSL_DTLS_SRTP )
|
||||
int dtls_srtp_key_derivation( void *p_expkey,
|
||||
const unsigned char *ms,
|
||||
const unsigned char *kb,
|
||||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type )
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
int dtls_srtp_key_derivation(void *p_expkey,
|
||||
const unsigned char *ms,
|
||||
const unsigned char *kb,
|
||||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type)
|
||||
{
|
||||
dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
|
||||
dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey;
|
||||
|
||||
( ( void ) kb );
|
||||
memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
|
||||
memcpy( keys->randbytes, client_random, 32 );
|
||||
memcpy( keys->randbytes + 32, server_random, 32 );
|
||||
((void) kb);
|
||||
memcpy(keys->master_secret, ms, sizeof(keys->master_secret));
|
||||
memcpy(keys->randbytes, client_random, 32);
|
||||
memcpy(keys->randbytes + 32, server_random, 32);
|
||||
keys->tls_prf_type = tls_prf_type;
|
||||
|
||||
if( opt.debug_level > 2 )
|
||||
{
|
||||
mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
|
||||
mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
|
||||
mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
|
||||
if (opt.debug_level > 2) {
|
||||
mbedtls_printf("exported maclen is %u\n", (unsigned) maclen);
|
||||
mbedtls_printf("exported keylen is %u\n", (unsigned) keylen);
|
||||
mbedtls_printf("exported ivlen is %u\n", (unsigned) ivlen);
|
||||
}
|
||||
return( 0 );
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
|
||||
int ssl_check_record( mbedtls_ssl_context const *ssl,
|
||||
unsigned char const *buf, size_t len )
|
||||
int ssl_check_record(mbedtls_ssl_context const *ssl,
|
||||
unsigned char const *buf, size_t len)
|
||||
{
|
||||
int my_ret = 0, ret_cr1, ret_cr2;
|
||||
unsigned char *tmp_buf;
|
||||
|
||||
/* Record checking may modify the input buffer,
|
||||
* so make a copy. */
|
||||
tmp_buf = mbedtls_calloc( 1, len );
|
||||
if( tmp_buf == NULL )
|
||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||
memcpy( tmp_buf, buf, len );
|
||||
tmp_buf = mbedtls_calloc(1, len);
|
||||
if (tmp_buf == NULL) {
|
||||
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
}
|
||||
memcpy(tmp_buf, buf, len);
|
||||
|
||||
ret_cr1 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
|
||||
if( ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
|
||||
{
|
||||
ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
|
||||
if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) {
|
||||
/* Test-only: Make sure that mbedtls_ssl_check_record()
|
||||
* doesn't alter state. */
|
||||
memcpy( tmp_buf, buf, len ); /* Restore buffer */
|
||||
ret_cr2 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
|
||||
if( ret_cr2 != ret_cr1 )
|
||||
{
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() returned inconsistent results.\n" );
|
||||
memcpy(tmp_buf, buf, len); /* Restore buffer */
|
||||
ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
|
||||
if (ret_cr2 != ret_cr1) {
|
||||
mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n");
|
||||
my_ret = -1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
switch( ret_cr1 )
|
||||
{
|
||||
switch (ret_cr1) {
|
||||
case 0:
|
||||
break;
|
||||
|
||||
case MBEDTLS_ERR_SSL_INVALID_RECORD:
|
||||
if( opt.debug_level > 1 )
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() detected invalid record.\n" );
|
||||
if (opt.debug_level > 1) {
|
||||
mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n");
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_ERR_SSL_INVALID_MAC:
|
||||
if( opt.debug_level > 1 )
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() detected unauthentic record.\n" );
|
||||
if (opt.debug_level > 1) {
|
||||
mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n");
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD:
|
||||
if( opt.debug_level > 1 )
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() detected unexpected record.\n" );
|
||||
if (opt.debug_level > 1) {
|
||||
mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n");
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret_cr1 );
|
||||
mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n",
|
||||
(unsigned int) -ret_cr1);
|
||||
my_ret = -1;
|
||||
goto cleanup;
|
||||
}
|
||||
@@ -217,74 +212,78 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
|
||||
}
|
||||
|
||||
cleanup:
|
||||
mbedtls_free( tmp_buf );
|
||||
mbedtls_free(tmp_buf);
|
||||
|
||||
return( my_ret );
|
||||
return my_ret;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
|
||||
|
||||
int recv_cb( void *ctx, unsigned char *buf, size_t len )
|
||||
int recv_cb(void *ctx, unsigned char *buf, size_t len)
|
||||
{
|
||||
io_ctx_t *io_ctx = (io_ctx_t*) ctx;
|
||||
io_ctx_t *io_ctx = (io_ctx_t *) ctx;
|
||||
size_t recv_len;
|
||||
int ret;
|
||||
|
||||
if( opt.nbio == 2 )
|
||||
ret = delayed_recv( io_ctx->net, buf, len );
|
||||
else
|
||||
ret = mbedtls_net_recv( io_ctx->net, buf, len );
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
if (opt.nbio == 2) {
|
||||
ret = delayed_recv(io_ctx->net, buf, len);
|
||||
} else {
|
||||
ret = mbedtls_net_recv(io_ctx->net, buf, len);
|
||||
}
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
recv_len = (size_t) ret;
|
||||
|
||||
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
|
||||
/* Here's the place to do any datagram/record checking
|
||||
* in between receiving the packet from the underlying
|
||||
* transport and passing it on to the TLS stack. */
|
||||
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
|
||||
if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
|
||||
return( -1 );
|
||||
if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
|
||||
return -1;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
|
||||
}
|
||||
|
||||
return( (int) recv_len );
|
||||
return (int) recv_len;
|
||||
}
|
||||
|
||||
int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
|
||||
uint32_t timeout )
|
||||
int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len,
|
||||
uint32_t timeout)
|
||||
{
|
||||
io_ctx_t *io_ctx = (io_ctx_t*) ctx;
|
||||
io_ctx_t *io_ctx = (io_ctx_t *) ctx;
|
||||
int ret;
|
||||
size_t recv_len;
|
||||
|
||||
ret = mbedtls_net_recv_timeout( io_ctx->net, buf, len, timeout );
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout);
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
recv_len = (size_t) ret;
|
||||
|
||||
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
|
||||
/* Here's the place to do any datagram/record checking
|
||||
* in between receiving the packet from the underlying
|
||||
* transport and passing it on to the TLS stack. */
|
||||
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
|
||||
if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
|
||||
return( -1 );
|
||||
if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
|
||||
return -1;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
|
||||
}
|
||||
|
||||
return( (int) recv_len );
|
||||
return (int) recv_len;
|
||||
}
|
||||
|
||||
int send_cb( void *ctx, unsigned char const *buf, size_t len )
|
||||
int send_cb(void *ctx, unsigned char const *buf, size_t len)
|
||||
{
|
||||
io_ctx_t *io_ctx = (io_ctx_t*) ctx;
|
||||
io_ctx_t *io_ctx = (io_ctx_t *) ctx;
|
||||
|
||||
if( opt.nbio == 2 )
|
||||
return( delayed_send( io_ctx->net, buf, len ) );
|
||||
if (opt.nbio == 2) {
|
||||
return delayed_send(io_ctx->net, buf, len);
|
||||
}
|
||||
|
||||
return( mbedtls_net_send( io_ctx->net, buf, len ) );
|
||||
return mbedtls_net_send(io_ctx->net, buf, len);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
||||
@@ -28,24 +28,26 @@
|
||||
|
||||
#if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
|
||||
|
||||
void my_debug( void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str )
|
||||
void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
{
|
||||
const char *p, *basename;
|
||||
|
||||
/* Extract basename from file */
|
||||
for( p = basename = file; *p != '\0'; p++ )
|
||||
if( *p == '/' || *p == '\\' )
|
||||
for (p = basename = file; *p != '\0'; p++) {
|
||||
if (*p == '/' || *p == '\\') {
|
||||
basename = p + 1;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s",
|
||||
basename, line, level, str );
|
||||
fflush( (FILE *) ctx );
|
||||
mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s",
|
||||
basename, line, level, str);
|
||||
fflush((FILE *) ctx);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
|
||||
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
|
||||
{
|
||||
(void) time;
|
||||
return 0x5af2a056;
|
||||
@@ -53,74 +55,72 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
static int dummy_entropy( void *data, unsigned char *output, size_t len )
|
||||
static int dummy_entropy(void *data, unsigned char *output, size_t len)
|
||||
{
|
||||
size_t i;
|
||||
int ret;
|
||||
(void) data;
|
||||
|
||||
ret = mbedtls_entropy_func( data, output, len );
|
||||
for( i = 0; i < len; i++ )
|
||||
{
|
||||
ret = mbedtls_entropy_func(data, output, len);
|
||||
for (i = 0; i < len; i++) {
|
||||
//replace result with pseudo random
|
||||
output[i] = (unsigned char) rand();
|
||||
}
|
||||
return( ret );
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
void rng_init( rng_context_t *rng )
|
||||
void rng_init(rng_context_t *rng)
|
||||
{
|
||||
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
(void) rng;
|
||||
psa_crypto_init( );
|
||||
psa_crypto_init();
|
||||
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_init( &rng->drbg );
|
||||
mbedtls_ctr_drbg_init(&rng->drbg);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_init( &rng->drbg );
|
||||
mbedtls_hmac_drbg_init(&rng->drbg);
|
||||
#else
|
||||
#error "No DRBG available"
|
||||
#endif
|
||||
|
||||
mbedtls_entropy_init( &rng->entropy );
|
||||
mbedtls_entropy_init(&rng->entropy);
|
||||
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
|
||||
}
|
||||
|
||||
int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
|
||||
int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( reproducible )
|
||||
{
|
||||
mbedtls_fprintf( stderr,
|
||||
"MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" );
|
||||
return( -1 );
|
||||
if (reproducible) {
|
||||
mbedtls_fprintf(stderr,
|
||||
"MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
/* The PSA crypto RNG does its own seeding. */
|
||||
(void) rng;
|
||||
(void) pers;
|
||||
if( reproducible )
|
||||
{
|
||||
mbedtls_fprintf( stderr,
|
||||
"The PSA RNG does not support reproducible mode.\n" );
|
||||
return( -1 );
|
||||
if (reproducible) {
|
||||
mbedtls_fprintf(stderr,
|
||||
"The PSA RNG does not support reproducible mode.\n");
|
||||
return -1;
|
||||
}
|
||||
return( 0 );
|
||||
return 0;
|
||||
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
|
||||
int ( *f_entropy )( void *, unsigned char *, size_t ) =
|
||||
( reproducible ? dummy_entropy : mbedtls_entropy_func );
|
||||
int (*f_entropy)(void *, unsigned char *, size_t) =
|
||||
(reproducible ? dummy_entropy : mbedtls_entropy_func);
|
||||
|
||||
if ( reproducible )
|
||||
srand( 1 );
|
||||
if (reproducible) {
|
||||
srand(1);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
int ret = mbedtls_ctr_drbg_seed( &rng->drbg,
|
||||
f_entropy, &rng->entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) );
|
||||
int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
|
||||
f_entropy, &rng->entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers));
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
|
||||
@@ -129,61 +129,60 @@ int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
|
||||
#else
|
||||
#error "No message digest available for HMAC_DRBG"
|
||||
#endif
|
||||
int ret = mbedtls_hmac_drbg_seed( &rng->drbg,
|
||||
mbedtls_md_info_from_type( md_type ),
|
||||
f_entropy, &rng->entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) );
|
||||
int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
|
||||
mbedtls_md_info_from_type(md_type),
|
||||
f_entropy, &rng->entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers));
|
||||
#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
|
||||
#error "No DRBG available"
|
||||
#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
|
||||
(unsigned int) -ret );
|
||||
return( ret );
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
|
||||
(unsigned int) -ret);
|
||||
return ret;
|
||||
}
|
||||
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
|
||||
|
||||
return( 0 );
|
||||
return 0;
|
||||
}
|
||||
|
||||
void rng_free( rng_context_t *rng )
|
||||
void rng_free(rng_context_t *rng)
|
||||
{
|
||||
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
(void) rng;
|
||||
/* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
|
||||
* This is ok because none of our applications try to do any crypto after
|
||||
* deinitializing the RNG. */
|
||||
mbedtls_psa_crypto_free( );
|
||||
mbedtls_psa_crypto_free();
|
||||
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
mbedtls_ctr_drbg_free( &rng->drbg );
|
||||
mbedtls_ctr_drbg_free(&rng->drbg);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
mbedtls_hmac_drbg_free( &rng->drbg );
|
||||
mbedtls_hmac_drbg_free(&rng->drbg);
|
||||
#else
|
||||
#error "No DRBG available"
|
||||
#endif
|
||||
|
||||
mbedtls_entropy_free( &rng->entropy );
|
||||
mbedtls_entropy_free(&rng->entropy);
|
||||
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
|
||||
}
|
||||
|
||||
int rng_get( void *p_rng, unsigned char *output, size_t output_len )
|
||||
int rng_get(void *p_rng, unsigned char *output, size_t output_len)
|
||||
{
|
||||
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
(void) p_rng;
|
||||
return( mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
|
||||
output, output_len ) );
|
||||
return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
|
||||
output, output_len);
|
||||
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
|
||||
rng_context_t *rng = p_rng;
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||
return( mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) );
|
||||
return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
|
||||
#elif defined(MBEDTLS_HMAC_DRBG_C)
|
||||
return( mbedtls_hmac_drbg_random( &rng->drbg, output, output_len ) );
|
||||
return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
|
||||
#else
|
||||
#error "No DRBG available"
|
||||
#endif
|
||||
@@ -192,8 +191,8 @@ int rng_get( void *p_rng, unsigned char *output, size_t output_len )
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
int ca_callback( void *data, mbedtls_x509_crt const *child,
|
||||
mbedtls_x509_crt **candidates )
|
||||
int ca_callback(void *data, mbedtls_x509_crt const *child,
|
||||
mbedtls_x509_crt **candidates)
|
||||
{
|
||||
int ret = 0;
|
||||
mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
|
||||
@@ -209,25 +208,21 @@ int ca_callback( void *data, mbedtls_x509_crt const *child,
|
||||
* and parent `Subject` field or matching key identifiers. */
|
||||
((void) child);
|
||||
|
||||
first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
||||
if( first == NULL )
|
||||
{
|
||||
first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
|
||||
if (first == NULL) {
|
||||
ret = -1;
|
||||
goto exit;
|
||||
}
|
||||
mbedtls_x509_crt_init( first );
|
||||
mbedtls_x509_crt_init(first);
|
||||
|
||||
if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
|
||||
{
|
||||
if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
|
||||
ret = -1;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
while( ca->next != NULL )
|
||||
{
|
||||
while (ca->next != NULL) {
|
||||
ca = ca->next;
|
||||
if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
|
||||
{
|
||||
if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
|
||||
ret = -1;
|
||||
goto exit;
|
||||
}
|
||||
@@ -235,122 +230,123 @@ int ca_callback( void *data, mbedtls_x509_crt const *child,
|
||||
|
||||
exit:
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_x509_crt_free( first );
|
||||
mbedtls_free( first );
|
||||
if (ret != 0) {
|
||||
mbedtls_x509_crt_free(first);
|
||||
mbedtls_free(first);
|
||||
first = NULL;
|
||||
}
|
||||
|
||||
*candidates = first;
|
||||
return( ret );
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
|
||||
|
||||
int delayed_recv( void *ctx, unsigned char *buf, size_t len )
|
||||
int delayed_recv(void *ctx, unsigned char *buf, size_t len)
|
||||
{
|
||||
static int first_try = 1;
|
||||
int ret;
|
||||
|
||||
if( first_try )
|
||||
{
|
||||
if (first_try) {
|
||||
first_try = 0;
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
return MBEDTLS_ERR_SSL_WANT_READ;
|
||||
}
|
||||
|
||||
ret = mbedtls_net_recv( ctx, buf, len );
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ )
|
||||
ret = mbedtls_net_recv(ctx, buf, len);
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ) {
|
||||
first_try = 1; /* Next call will be a new operation */
|
||||
return( ret );
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int delayed_send( void *ctx, const unsigned char *buf, size_t len )
|
||||
int delayed_send(void *ctx, const unsigned char *buf, size_t len)
|
||||
{
|
||||
static int first_try = 1;
|
||||
int ret;
|
||||
|
||||
if( first_try )
|
||||
{
|
||||
if (first_try) {
|
||||
first_try = 0;
|
||||
return( MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
return MBEDTLS_ERR_SSL_WANT_WRITE;
|
||||
}
|
||||
|
||||
ret = mbedtls_net_send( ctx, buf, len );
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
ret = mbedtls_net_send(ctx, buf, len);
|
||||
if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
first_try = 1; /* Next call will be a new operation */
|
||||
return( ret );
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_TIMING_C)
|
||||
int idle( mbedtls_net_context *fd,
|
||||
int idle_reason )
|
||||
int idle(mbedtls_net_context *fd,
|
||||
int idle_reason)
|
||||
#else
|
||||
int idle( mbedtls_net_context *fd,
|
||||
mbedtls_timing_delay_context *timer,
|
||||
int idle_reason )
|
||||
int idle(mbedtls_net_context *fd,
|
||||
mbedtls_timing_delay_context *timer,
|
||||
int idle_reason)
|
||||
#endif
|
||||
{
|
||||
int ret;
|
||||
int poll_type = 0;
|
||||
|
||||
if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) {
|
||||
poll_type = MBEDTLS_NET_POLL_WRITE;
|
||||
else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
|
||||
} else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) {
|
||||
poll_type = MBEDTLS_NET_POLL_READ;
|
||||
}
|
||||
#if !defined(MBEDTLS_TIMING_C)
|
||||
else
|
||||
return( 0 );
|
||||
else {
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
while( 1 )
|
||||
{
|
||||
while (1) {
|
||||
/* Check if timer has expired */
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
if( timer != NULL &&
|
||||
mbedtls_timing_get_delay( timer ) == 2 )
|
||||
{
|
||||
if (timer != NULL &&
|
||||
mbedtls_timing_get_delay(timer) == 2) {
|
||||
break;
|
||||
}
|
||||
#endif /* MBEDTLS_TIMING_C */
|
||||
|
||||
/* Check if underlying transport became available */
|
||||
if( poll_type != 0 )
|
||||
{
|
||||
ret = mbedtls_net_poll( fd, poll_type, 0 );
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
if( ret == poll_type )
|
||||
if (poll_type != 0) {
|
||||
ret = mbedtls_net_poll(fd, poll_type, 0);
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
if (ret == poll_type) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
|
||||
void test_hooks_init( void )
|
||||
void test_hooks_init(void)
|
||||
{
|
||||
mbedtls_test_info_reset( );
|
||||
mbedtls_test_info_reset();
|
||||
|
||||
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
||||
mbedtls_test_mutex_usage_init( );
|
||||
mbedtls_test_mutex_usage_init();
|
||||
#endif
|
||||
}
|
||||
|
||||
int test_hooks_failure_detected( void )
|
||||
int test_hooks_failure_detected(void)
|
||||
{
|
||||
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
||||
/* Errors are reported via mbedtls_test_info. */
|
||||
mbedtls_test_mutex_usage_check( );
|
||||
mbedtls_test_mutex_usage_check();
|
||||
#endif
|
||||
|
||||
if( mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS )
|
||||
return( 1 );
|
||||
return( 0 );
|
||||
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void test_hooks_free( void )
|
||||
void test_hooks_free(void)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
@@ -32,13 +32,13 @@
|
||||
|
||||
#undef HAVE_RNG
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
|
||||
( defined(MBEDTLS_USE_PSA_CRYPTO) || \
|
||||
defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) )
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) || \
|
||||
defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
|
||||
#define HAVE_RNG
|
||||
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
|
||||
#define HAVE_RNG
|
||||
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \
|
||||
( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C) )
|
||||
(defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C))
|
||||
#define HAVE_RNG
|
||||
#endif
|
||||
|
||||
@@ -88,14 +88,13 @@
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
|
||||
typedef struct eap_tls_keys
|
||||
{
|
||||
typedef struct eap_tls_keys {
|
||||
unsigned char master_secret[48];
|
||||
unsigned char randbytes[64];
|
||||
mbedtls_tls_prf_types tls_prf_type;
|
||||
} eap_tls_keys;
|
||||
|
||||
#if defined( MBEDTLS_SSL_DTLS_SRTP )
|
||||
#if defined(MBEDTLS_SSL_DTLS_SRTP)
|
||||
|
||||
/* Supported SRTP mode needs a maximum of :
|
||||
* - 16 bytes for key (AES-128)
|
||||
@@ -104,8 +103,7 @@ typedef struct eap_tls_keys
|
||||
*/
|
||||
#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60
|
||||
|
||||
typedef struct dtls_srtp_keys
|
||||
{
|
||||
typedef struct dtls_srtp_keys {
|
||||
unsigned char master_secret[48];
|
||||
unsigned char randbytes[64];
|
||||
mbedtls_tls_prf_types tls_prf_type;
|
||||
@@ -115,18 +113,17 @@ typedef struct dtls_srtp_keys
|
||||
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
typedef struct
|
||||
{
|
||||
typedef struct {
|
||||
mbedtls_ssl_context *ssl;
|
||||
mbedtls_net_context *net;
|
||||
} io_ctx_t;
|
||||
|
||||
void my_debug( void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str );
|
||||
void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str);
|
||||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
|
||||
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@@ -156,8 +153,7 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
|
||||
|
||||
/** A context for random number generation (RNG).
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
typedef struct {
|
||||
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||
unsigned char dummy;
|
||||
#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
|
||||
@@ -177,7 +173,7 @@ typedef struct
|
||||
* This function only initializes the memory used by the RNG context.
|
||||
* Before using the RNG, it must be seeded with rng_seed().
|
||||
*/
|
||||
void rng_init( rng_context_t *rng );
|
||||
void rng_init(rng_context_t *rng);
|
||||
|
||||
/* Seed the random number generator.
|
||||
*
|
||||
@@ -193,14 +189,14 @@ void rng_init( rng_context_t *rng );
|
||||
*
|
||||
* return 0 on success, a negative value on error.
|
||||
*/
|
||||
int rng_seed( rng_context_t *rng, int reproducible, const char *pers );
|
||||
int rng_seed(rng_context_t *rng, int reproducible, const char *pers);
|
||||
|
||||
/** Deinitialize the RNG. Free any embedded resource.
|
||||
*
|
||||
* \param rng The RNG context to deinitialize. It must have been
|
||||
* initialized with rng_init().
|
||||
*/
|
||||
void rng_free( rng_context_t *rng );
|
||||
void rng_free(rng_context_t *rng);
|
||||
|
||||
/** Generate random data.
|
||||
*
|
||||
@@ -215,7 +211,7 @@ void rng_free( rng_context_t *rng );
|
||||
* \return \c 0 on success.
|
||||
* \return An Mbed TLS error code on error.
|
||||
*/
|
||||
int rng_get( void *p_rng, unsigned char *output, size_t output_len );
|
||||
int rng_get(void *p_rng, unsigned char *output, size_t output_len);
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
/* The test implementation of the PSA external RNG is insecure. When
|
||||
@@ -226,31 +222,31 @@ int rng_get( void *p_rng, unsigned char *output, size_t output_len );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
int ca_callback( void *data, mbedtls_x509_crt const *child,
|
||||
mbedtls_x509_crt **candidates );
|
||||
int ca_callback(void *data, mbedtls_x509_crt const *child,
|
||||
mbedtls_x509_crt **candidates);
|
||||
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
|
||||
|
||||
/*
|
||||
* Test recv/send functions that make sure each try returns
|
||||
* WANT_READ/WANT_WRITE at least once before succeeding
|
||||
*/
|
||||
int delayed_recv( void *ctx, unsigned char *buf, size_t len );
|
||||
int delayed_send( void *ctx, const unsigned char *buf, size_t len );
|
||||
int delayed_recv(void *ctx, unsigned char *buf, size_t len);
|
||||
int delayed_send(void *ctx, const unsigned char *buf, size_t len);
|
||||
|
||||
/*
|
||||
* Wait for an event from the underlying transport or the timer
|
||||
* (Used in event-driven IO mode).
|
||||
*/
|
||||
int idle( mbedtls_net_context *fd,
|
||||
int idle(mbedtls_net_context *fd,
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
mbedtls_timing_delay_context *timer,
|
||||
mbedtls_timing_delay_context *timer,
|
||||
#endif
|
||||
int idle_reason );
|
||||
int idle_reason);
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
/** Initialize whatever test hooks are enabled by the compile-time
|
||||
* configuration and make sense for the TLS test programs. */
|
||||
void test_hooks_init( void );
|
||||
void test_hooks_init(void);
|
||||
|
||||
/** Check if any test hooks detected a problem.
|
||||
*
|
||||
@@ -268,14 +264,14 @@ void test_hooks_init( void );
|
||||
* \return Nonzero if a problem was detected.
|
||||
* \c 0 if no problem was detected.
|
||||
*/
|
||||
int test_hooks_failure_detected( void );
|
||||
int test_hooks_failure_detected(void);
|
||||
|
||||
/** Free any resources allocated for the sake of test hooks.
|
||||
*
|
||||
* Call this at the end of the program so that resource leak analyzers
|
||||
* don't complain.
|
||||
*/
|
||||
void test_hooks_free( void );
|
||||
void test_hooks_free(void);
|
||||
|
||||
#endif /* !MBEDTLS_TEST_HOOKS */
|
||||
|
||||
|
||||
Reference in New Issue
Block a user