From 0ea3cfe5bf2f1de2119761e90760d06a37321aa9 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 29 May 2019 13:33:32 +0300 Subject: [PATCH 01/18] Add option for serialization in ssl_client/server2 --- programs/ssl/ssl_client2.c | 10 ++++++++++ programs/ssl/ssl_server2.c | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index bbd4d2555..9d556268d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -122,6 +122,7 @@ int main( void ) #define DFL_FALLBACK -1 #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 +#define DFL_SERIALIZE 0 #define DFL_EXTENDED_MS_ENFORCE -1 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " @@ -343,6 +344,7 @@ int main( void ) " configuration macro is defined and 1\n" \ " otherwise. The expansion of the macro\n" \ " is printed if it is defined\n" \ + " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ " acceptable ciphersuite names:\n" #define ALPN_LIST_SIZE 10 @@ -419,6 +421,7 @@ struct options int cid_enabled_renego; /* whether to use the CID extension or not * during renegotiation */ const char *cid_val; /* the CID to use for incoming messages */ + int serialize; /* serialize/deserialize connection */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ } opt; @@ -832,6 +835,7 @@ int main( int argc, char *argv[] ) opt.enforce_extended_master_secret = DFL_EXTENDED_MS_ENFORCE; opt.etm = DFL_ETM; opt.dgram_packing = DFL_DGRAM_PACKING; + opt.serialize = DFL_SERIALIZE; for( i = 1; i < argc; i++ ) { @@ -1215,6 +1219,12 @@ int main( int argc, char *argv[] ) { return query_config( q ); } + else if( strcmp( p, "serialize") == 0 ) + { + opt.serialize = atoi( q ); + if( opt.serialize < 0 || opt.serialize > 1) + goto usage; + } else goto usage; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b048bc7bd..f09b4041c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -163,6 +163,7 @@ int main( void ) #define DFL_DGRAM_PACKING 1 #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 +#define DFL_SERIALIZE 0 #define DFL_EXTENDED_MS_ENFORCE -1 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -445,6 +446,7 @@ int main( void ) " configuration macro is defined and 1\n" \ " otherwise. The expansion of the macro\n" \ " is printed if it is defined\n" \ + " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ " acceptable ciphersuite names:\n" @@ -542,6 +544,7 @@ struct options int cid_enabled_renego; /* whether to use the CID extension or not * during renegotiation */ const char *cid_val; /* the CID to use for incoming messages */ + int serialize; /* serialize/deserialize connection */ const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ } opt; @@ -1500,6 +1503,7 @@ int main( int argc, char *argv[] ) opt.extended_ms = DFL_EXTENDED_MS; opt.enforce_extended_master_secret = DFL_EXTENDED_MS_ENFORCE; opt.etm = DFL_ETM; + opt.serialize = DFL_SERIALIZE; for( i = 1; i < argc; i++ ) { @@ -1917,6 +1921,12 @@ int main( int argc, char *argv[] ) { return query_config( q ); } + else if( strcmp( p, "serialize") == 0 ) + { + opt.serialize = atoi( q ); + if( opt.serialize < 0 || opt.serialize > 1) + goto usage; + } else goto usage; } From d736d086184da3abd6bbb8e63d4818bbb59cc64d Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 29 May 2019 15:15:08 +0300 Subject: [PATCH 02/18] Serialization/deserialization in ssl_client2 --- programs/ssl/ssl_client2.c | 51 +++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9d556268d..81f3f750d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2353,7 +2353,56 @@ send_request: } /* - * 7c. Continue doing data exchanges? + * 7c. Simulate serialize/deserialize and go back to data exchange + */ + if( opt.serialize != 0) + { + size_t len; + unsigned char *buf = NULL; + + opt.serialize = 0; + mbedtls_printf( " Serializing live connection..." ); + + if( ( ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len) ) != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned -0x%x\n\n", -ret ); + + goto exit; + } + + if( ( buf = mbedtls_calloc(1, len) ) == NULL ) + { + mbedtls_printf( " failed\n ! Couldn't allocate buffer for serialized context" ); + + goto exit; + } + + if( ( ret = mbedtls_ssl_context_save( &ssl, buf, len, &len ) ) != 0 ) + { + mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned -0x%x\n\n", -ret ); + + goto exit; + } + + mbedtls_ssl_free( &ssl ); + + mbedtls_printf( " Deserializing connection..." ); + + mbedtls_ssl_init( &ssl ); + + if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) + { + mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned -0x%x\n\n", -ret ); + + goto exit; + } + + goto send_request; + } + + + /* + * 7d. Continue doing data exchanges? */ if( --opt.exchanges > 0 ) goto send_request; From 654e8de163025c81ce2eabfe0ed581b436d0f69e Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 29 May 2019 15:40:49 +0300 Subject: [PATCH 03/18] Rely on opt.exchanges for sending after serialization --- programs/ssl/ssl_client2.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 81f3f750d..79900becb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2396,8 +2396,6 @@ send_request: goto exit; } - - goto send_request; } From f457293b57917aa9848af62d4d93ee7a3bbb90ad Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Wed, 29 May 2019 15:41:21 +0300 Subject: [PATCH 04/18] Serialize/deserialize for ssl_server2 --- programs/ssl/ssl_server2.c | 48 +++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f09b4041c..7af5c68ae 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3338,7 +3338,53 @@ data_exchange: ret = 0; /* - * 7b. Continue doing data exchanges? + * 7b. Simulate serialize/deserialize and go back to data exchange + */ + if( opt.serialize != 0) + { + size_t len; + unsigned char *buf = NULL; + + opt.serialize = 0; + mbedtls_printf( " Serializing live connection..." ); + + if( ( ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len) ) != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned -0x%x\n\n", -ret ); + + goto exit; + } + + if( ( buf = mbedtls_calloc(1, len) ) == NULL ) + { + mbedtls_printf( " failed\n ! Couldn't allocate buffer for serialized context" ); + + goto exit; + } + + if( ( ret = mbedtls_ssl_context_save( &ssl, buf, len, &len ) ) != 0 ) + { + mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned -0x%x\n\n", -ret ); + + goto exit; + } + + mbedtls_ssl_free( &ssl ); + + mbedtls_printf( " Deserializing connection..." ); + + mbedtls_ssl_init( &ssl ); + + if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) + { + mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned -0x%x\n\n", -ret ); + + goto exit; + } + } + + /* + * 7c. Continue doing data exchanges? */ if( --exchanges_left > 0 ) goto data_exchange; From cf1b6724c9683ea6d8918f40412370f09a8d23a8 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 4 Jun 2019 11:06:31 +0300 Subject: [PATCH 05/18] Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag --- programs/ssl/ssl_client2.c | 12 ++++++++++-- programs/ssl/ssl_server2.c | 11 ++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 79900becb..2026f83c2 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -280,6 +280,13 @@ int main( void ) #define USAGE_ECRESTART "" #endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#define USAGE_SERIALIZATION \ + " serialize=%%d default: 0 (do not serialize/deserialize)\n" +#else +#define USAGE_SERIALIZATION "" +#endif + #define USAGE \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -344,7 +351,7 @@ int main( void ) " configuration macro is defined and 1\n" \ " otherwise. The expansion of the macro\n" \ " is printed if it is defined\n" \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ + USAGE_SERIALIZATION \ " acceptable ciphersuite names:\n" #define ALPN_LIST_SIZE 10 @@ -2355,6 +2362,7 @@ send_request: /* * 7c. Simulate serialize/deserialize and go back to data exchange */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if( opt.serialize != 0) { size_t len; @@ -2397,7 +2405,7 @@ send_request: goto exit; } } - +#endif /* * 7d. Continue doing data exchanges? diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7af5c68ae..5c640ab78 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -385,6 +385,13 @@ int main( void ) #define USAGE_CURVES "" #endif +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#define USAGE_SERIALIZATION \ + " serialize=%%d default: 0 (do not serialize/deserialize)\n" +#else +#define USAGE_SERIALIZATION "" +#endif + #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -446,7 +453,7 @@ int main( void ) " configuration macro is defined and 1\n" \ " otherwise. The expansion of the macro\n" \ " is printed if it is defined\n" \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ + USAGE_SERIALIZATION \ " acceptable ciphersuite names:\n" @@ -3340,6 +3347,7 @@ data_exchange: /* * 7b. Simulate serialize/deserialize and go back to data exchange */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if( opt.serialize != 0) { size_t len; @@ -3382,6 +3390,7 @@ data_exchange: goto exit; } } +#endif /* * 7c. Continue doing data exchanges? From fa45e6005e9a23c09e52a12a7018d5bca2d7ecad Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 4 Jun 2019 11:33:23 +0300 Subject: [PATCH 06/18] Add serialization tests to ssl-opt.sh --- tests/ssl-opt.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ba099183..f55cc172f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1112,6 +1112,32 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ -S "dumping 'expected mac' (20 bytes)" \ -s "dumping 'expected mac' (10 bytes)" +# Tests for Context serialization + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, client serializes/deserializes" + "$P_SRV serialize=0 exchanges=2" \ + "$P_CLI serialize=1 exchanges=2" \ + 0 \ + -c "Deserializing connection..." + -S "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, server serializes/deserializes" + "$P_SRV serialize=1 exchanges=2" \ + "$P_CLI serialize=0 exchanges=2" \ + 0 \ + -C "Deserializing connection..." + -s "Deserializing connection..." + +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "Context serialization, both serialize/deserialize" + "$P_SRV serialize=1 exchanges=2" \ + "$P_CLI serialize=1 exchanges=2" \ + 0 \ + -c "Deserializing connection..." + -s "Deserializing connection..." + # Tests for DTLS Connection ID extension # So far, the CID API isn't implemented, so we can't From dcfc2a736455d4c39353360fa8111fb3ce08a34b Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 4 Jun 2019 15:18:19 +0300 Subject: [PATCH 07/18] Add missing slashes to tests --- tests/ssl-opt.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f55cc172f..c5b76640e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1115,27 +1115,27 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ # Tests for Context serialization requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes/deserializes" +run_test "Context serialization, client serializes/deserializes" \ "$P_SRV serialize=0 exchanges=2" \ "$P_CLI serialize=1 exchanges=2" \ 0 \ - -c "Deserializing connection..." + -c "Deserializing connection..." \ -S "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes/deserializes" +run_test "Context serialization, server serializes/deserializes" \ "$P_SRV serialize=1 exchanges=2" \ "$P_CLI serialize=0 exchanges=2" \ 0 \ - -C "Deserializing connection..." + -C "Deserializing connection..." \ -s "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize/deserialize" +run_test "Context serialization, both serialize/deserialize" \ "$P_SRV serialize=1 exchanges=2" \ "$P_CLI serialize=1 exchanges=2" \ 0 \ - -c "Deserializing connection..." + -c "Deserializing connection..." \ -s "Deserializing connection..." # Tests for DTLS Connection ID extension From cc281b8a549a7bb0e0c0c8b23efaaa7699974424 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 4 Jun 2019 15:21:13 +0300 Subject: [PATCH 08/18] ssl-opt.sh tests for serialization are currently using stub implementation --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c5b76640e..3a1b60f7e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1115,7 +1115,7 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ # Tests for Context serialization requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, client serializes/deserializes" \ +run_test "(STUB) Context serialization, client serializes/deserializes" \ "$P_SRV serialize=0 exchanges=2" \ "$P_CLI serialize=1 exchanges=2" \ 0 \ @@ -1123,7 +1123,7 @@ run_test "Context serialization, client serializes/deserializes" \ -S "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, server serializes/deserializes" \ +run_test "(STUB) Context serialization, server serializes/deserializes" \ "$P_SRV serialize=1 exchanges=2" \ "$P_CLI serialize=0 exchanges=2" \ 0 \ @@ -1131,7 +1131,7 @@ run_test "Context serialization, server serializes/deserializes" \ -s "Deserializing connection..." requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "Context serialization, both serialize/deserialize" \ +run_test "(STUB) Context serialization, both serialize/deserialize" \ "$P_SRV serialize=1 exchanges=2" \ "$P_CLI serialize=1 exchanges=2" \ 0 \ From 38061f4a179db9db2fcb4f1ae0c8e12156249eeb Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 4 Jun 2019 15:22:55 +0300 Subject: [PATCH 09/18] Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test --- programs/ssl/ssl_client2.c | 4 ---- programs/ssl/ssl_server2.c | 4 ---- 2 files changed, 8 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2026f83c2..03fcfb52a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2392,12 +2392,8 @@ send_request: goto exit; } - mbedtls_ssl_free( &ssl ); - mbedtls_printf( " Deserializing connection..." ); - mbedtls_ssl_init( &ssl ); - if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned -0x%x\n\n", -ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5c640ab78..c1e749f94 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3377,12 +3377,8 @@ data_exchange: goto exit; } - mbedtls_ssl_free( &ssl ); - mbedtls_printf( " Deserializing connection..." ); - mbedtls_ssl_init( &ssl ); - if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned -0x%x\n\n", -ret ); From 5737ec97a620b45784cf6fdab5774a399869af74 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 4 Jun 2019 15:36:18 +0300 Subject: [PATCH 10/18] Address review comments for code-style issues --- programs/ssl/ssl_client2.c | 19 ++++++++++++------- programs/ssl/ssl_server2.c | 17 +++++++++++------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 03fcfb52a..4235913f0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2371,23 +2371,27 @@ send_request: opt.serialize = 0; mbedtls_printf( " Serializing live connection..." ); - if( ( ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len) ) != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) + if( ( ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len ) ) + != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " + "-0x%x\n\n", -ret ); goto exit; } - if( ( buf = mbedtls_calloc(1, len) ) == NULL ) + if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) { - mbedtls_printf( " failed\n ! Couldn't allocate buffer for serialized context" ); + mbedtls_printf( " failed\n ! Couldn't allocate buffer for " + "serialized context" ); goto exit; } if( ( ret = mbedtls_ssl_context_save( &ssl, buf, len, &len ) ) != 0 ) { - mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned -0x%x\n\n", -ret ); + mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned " + "-0x%x\n\n", -ret ); goto exit; } @@ -2396,12 +2400,13 @@ send_request: if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) { - mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned -0x%x\n\n", -ret ); + mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " + "-0x%x\n\n", -ret ); goto exit; } } -#endif +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ /* * 7d. Continue doing data exchanges? diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c1e749f94..7b2c18453 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3356,23 +3356,27 @@ data_exchange: opt.serialize = 0; mbedtls_printf( " Serializing live connection..." ); - if( ( ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len) ) != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) + if( ( ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len ) ) + != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " + "-0x%x\n\n", -ret ); goto exit; } if( ( buf = mbedtls_calloc(1, len) ) == NULL ) { - mbedtls_printf( " failed\n ! Couldn't allocate buffer for serialized context" ); + mbedtls_printf( " failed\n ! Couldn't allocate buffer for " + "serialized context" ); goto exit; } if( ( ret = mbedtls_ssl_context_save( &ssl, buf, len, &len ) ) != 0 ) { - mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned -0x%x\n\n", -ret ); + mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned " + "-0x%x\n\n", -ret ); goto exit; } @@ -3381,12 +3385,13 @@ data_exchange: if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) { - mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned -0x%x\n\n", -ret ); + mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " + "-0x%x\n\n", -ret ); goto exit; } } -#endif +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ /* * 7c. Continue doing data exchanges? From f4f8ed7e82abe68c5ba7ab2e0431907bf7eb511c Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Tue, 4 Jun 2019 16:03:28 +0300 Subject: [PATCH 11/18] Allow stub implementation of the context_save for now --- programs/ssl/ssl_client2.c | 7 +++++-- programs/ssl/ssl_server2.c | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 4235913f0..415caa0cb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2371,8 +2371,11 @@ send_request: opt.serialize = 0; mbedtls_printf( " Serializing live connection..." ); - if( ( ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len ) ) - != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) + ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len ); + + /* Allow stub implementation returning 0 for now */ + if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL && + ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7b2c18453..6103688b2 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3356,8 +3356,11 @@ data_exchange: opt.serialize = 0; mbedtls_printf( " Serializing live connection..." ); - if( ( ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len ) ) - != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) + ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len ); + + /* Allow stub implementation returning 0 for now */ + if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL && + ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); From bff4a91827eb1d064d239495072b922ab1e05c33 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 6 Jun 2019 10:23:16 +0300 Subject: [PATCH 12/18] Fix spacing --- programs/ssl/ssl_server2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 6103688b2..b954a2ca0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3368,7 +3368,7 @@ data_exchange: goto exit; } - if( ( buf = mbedtls_calloc(1, len) ) == NULL ) + if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) { mbedtls_printf( " failed\n ! Couldn't allocate buffer for " "serialized context" ); From b5ff6a4ced964b43ef8096812d9fbfa3305b8ea2 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 6 Jun 2019 10:40:52 +0300 Subject: [PATCH 13/18] Add option for ssl-context re-initialization flow --- programs/ssl/ssl_client2.c | 30 +++++++++++++++++++++++++++--- programs/ssl/ssl_server2.c | 29 ++++++++++++++++++++++++++--- 2 files changed, 53 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 415caa0cb..fd4e1803b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -282,7 +282,9 @@ int main( void ) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #define USAGE_SERIALIZATION \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" + " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ + " options: 1 (serialize)\n" \ + " 2 (serialize with re-initialization)\n" #else #define USAGE_SERIALIZATION "" #endif @@ -1229,7 +1231,7 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "serialize") == 0 ) { opt.serialize = atoi( q ); - if( opt.serialize < 0 || opt.serialize > 1) + if( opt.serialize < 0 || opt.serialize > 2) goto usage; } else @@ -2363,7 +2365,7 @@ send_request: * 7c. Simulate serialize/deserialize and go back to data exchange */ #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if( opt.serialize != 0) + if( opt.serialize != 0 ) { size_t len; unsigned char *buf = NULL; @@ -2399,6 +2401,28 @@ send_request: goto exit; } + if( opt.serialize == 2 ) + { + mbedtls_ssl_free( &ssl ); + + mbedtls_ssl_init( &ssl ); + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", + -ret ); + goto exit; + } + + if( opt.nbio == 2 ) + mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL ); + else + mbedtls_ssl_set_bio( &ssl, &server_fd, + mbedtls_net_send, mbedtls_net_recv, + opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); + + } + mbedtls_printf( " Deserializing connection..." ); if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b954a2ca0..ac956813e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -387,7 +387,9 @@ int main( void ) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #define USAGE_SERIALIZATION \ - " serialize=%%d default: 0 (do not serialize/deserialize)\n" + " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ + " options: 1 (serialize)\n" \ + " 2 (serialize with re-initialization)\n" #else #define USAGE_SERIALIZATION "" #endif @@ -1931,7 +1933,7 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "serialize") == 0 ) { opt.serialize = atoi( q ); - if( opt.serialize < 0 || opt.serialize > 1) + if( opt.serialize < 0 || opt.serialize > 2) goto usage; } else @@ -3348,7 +3350,7 @@ data_exchange: * 7b. Simulate serialize/deserialize and go back to data exchange */ #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if( opt.serialize != 0) + if( opt.serialize != 0 ) { size_t len; unsigned char *buf = NULL; @@ -3384,6 +3386,27 @@ data_exchange: goto exit; } + if( opt.serialize == 2 ) + { + mbedtls_ssl_free( &ssl ); + + mbedtls_ssl_init( &ssl ); + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", + -ret ); + goto exit; + } + + if( opt.nbio == 2 ) + mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL ); + else + mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, + opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); + + } + mbedtls_printf( " Deserializing connection..." ); if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) From 8a91c0650a960cfe49fcae1ec1471d08f2ca2182 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 6 Jun 2019 10:44:14 +0300 Subject: [PATCH 14/18] Add tests for re-init flow for context serialization --- tests/ssl-opt.sh | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3a1b60f7e..7294ffcfe 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1114,30 +1114,60 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ # Tests for Context serialization +skip_next_test requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "(STUB) Context serialization, client serializes/deserializes" \ +run_test "(STUB) Context serialization, client serializes" \ "$P_SRV serialize=0 exchanges=2" \ "$P_CLI serialize=1 exchanges=2" \ 0 \ -c "Deserializing connection..." \ -S "Deserializing connection..." +skip_next_test requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "(STUB) Context serialization, server serializes/deserializes" \ +run_test "(STUB) Context serialization, server serializes" \ "$P_SRV serialize=1 exchanges=2" \ "$P_CLI serialize=0 exchanges=2" \ 0 \ -C "Deserializing connection..." \ -s "Deserializing connection..." +skip_next_test requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION -run_test "(STUB) Context serialization, both serialize/deserialize" \ +run_test "(STUB) Context serialization, both serialize" \ "$P_SRV serialize=1 exchanges=2" \ "$P_CLI serialize=1 exchanges=2" \ 0 \ -c "Deserializing connection..." \ -s "Deserializing connection..." +skip_next_test +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "(STUB) Context serialization, re-init, client serializes" \ + "$P_SRV serialize=0 exchanges=2" \ + "$P_CLI serialize=2 exchanges=2" \ + 0 \ + -c "Deserializing connection..." \ + -S "Deserializing connection..." + +skip_next_test +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "(STUB) Context serialization, re-init, server serializes" \ + "$P_SRV serialize=2 exchanges=2" \ + "$P_CLI serialize=0 exchanges=2" \ + 0 \ + -C "Deserializing connection..." \ + -s "Deserializing connection..." + +skip_next_test +requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION +run_test "(STUB) Context serialization, re-init, both serialize" \ + "$P_SRV serialize=2 exchanges=2" \ + "$P_CLI serialize=2 exchanges=2" \ + 0 \ + -c "Deserializing connection..." \ + -s "Deserializing connection..." + # Tests for DTLS Connection ID extension # So far, the CID API isn't implemented, so we can't From 034ae84601ccc48ac1750fb51e750afe6a0037d3 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 6 Jun 2019 15:10:07 +0300 Subject: [PATCH 15/18] Fix compiler warnings --- programs/ssl/ssl_client2.c | 12 ++++++------ programs/ssl/ssl_server2.c | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index fd4e1803b..9a040953f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2367,13 +2367,13 @@ send_request: #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if( opt.serialize != 0 ) { - size_t len; - unsigned char *buf = NULL; + size_t buf_len; + unsigned char *context_buf = NULL; opt.serialize = 0; mbedtls_printf( " Serializing live connection..." ); - ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len ); + ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len ); /* Allow stub implementation returning 0 for now */ if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL && @@ -2385,7 +2385,7 @@ send_request: goto exit; } - if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) + if( ( context_buf = mbedtls_calloc( 1, buf_len ) ) == NULL ) { mbedtls_printf( " failed\n ! Couldn't allocate buffer for " "serialized context" ); @@ -2393,7 +2393,7 @@ send_request: goto exit; } - if( ( ret = mbedtls_ssl_context_save( &ssl, buf, len, &len ) ) != 0 ) + if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, buf_len, &buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); @@ -2425,7 +2425,7 @@ send_request: mbedtls_printf( " Deserializing connection..." ); - if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) + if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " "-0x%x\n\n", -ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ac956813e..0d2b305af 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3352,13 +3352,13 @@ data_exchange: #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if( opt.serialize != 0 ) { - size_t len; - unsigned char *buf = NULL; + size_t buf_len; + unsigned char *context_buf = NULL; opt.serialize = 0; mbedtls_printf( " Serializing live connection..." ); - ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &len ); + ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len ); /* Allow stub implementation returning 0 for now */ if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL && @@ -3370,7 +3370,7 @@ data_exchange: goto exit; } - if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) + if( ( context_buf = mbedtls_calloc( 1, buf_len ) ) == NULL ) { mbedtls_printf( " failed\n ! Couldn't allocate buffer for " "serialized context" ); @@ -3378,7 +3378,7 @@ data_exchange: goto exit; } - if( ( ret = mbedtls_ssl_context_save( &ssl, buf, len, &len ) ) != 0 ) + if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, buf_len, &buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); @@ -3409,7 +3409,7 @@ data_exchange: mbedtls_printf( " Deserializing connection..." ); - if( ( ret = mbedtls_ssl_context_load( &ssl, buf, len ) ) != 0 ) + if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " "-0x%x\n\n", -ret ); From 85c238018e033368ef60332ddaac7fb754f4af1a Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Fri, 7 Jun 2019 08:39:24 +0300 Subject: [PATCH 16/18] Fix spacing --- programs/ssl/ssl_client2.c | 4 ++-- programs/ssl/ssl_server2.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9a040953f..4f300295a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -283,8 +283,8 @@ int main( void ) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #define USAGE_SERIALIZATION \ " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ - " options: 1 (serialize)\n" \ - " 2 (serialize with re-initialization)\n" + " options: 1 (serialize)\n" \ + " 2 (serialize with re-initialization)\n" #else #define USAGE_SERIALIZATION "" #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0d2b305af..45860e776 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -388,8 +388,8 @@ int main( void ) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #define USAGE_SERIALIZATION \ " serialize=%%d default: 0 (do not serialize/deserialize)\n" \ - " options: 1 (serialize)\n" \ - " 2 (serialize with re-initialization)\n" + " options: 1 (serialize)\n" \ + " 2 (serialize with re-initialization)\n" #else #define USAGE_SERIALIZATION "" #endif From 29a15c2de5281d4c4dc9d385f82b17a2b2beabfa Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 13 Jun 2019 11:45:06 +0300 Subject: [PATCH 17/18] Set timer callbacks with serialization --- programs/ssl/ssl_client2.c | 5 +++++ programs/ssl/ssl_server2.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 4f300295a..ccf379ef8 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2421,6 +2421,11 @@ send_request: mbedtls_net_send, mbedtls_net_recv, opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); +#if defined(MBEDTLS_TIMING_C) + if( opt.nbio != 0 && opt.read_timeout != 0 ) + mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, + mbedtls_timing_get_delay ); +#endif /* MBEDTLS_TIMING_C */ } mbedtls_printf( " Deserializing connection..." ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 45860e776..685439743 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3405,6 +3405,11 @@ data_exchange: mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); +#if defined(MBEDTLS_TIMING_C) + if( opt.nbio != 0 && opt.read_timeout != 0 ) + mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, + mbedtls_timing_get_delay ); +#endif /* MBEDTLS_TIMING_C */ } mbedtls_printf( " Deserializing connection..." ); From 8b2608b6c2a5368ff09f35e41d294fd4de592be0 Mon Sep 17 00:00:00 2001 From: Jarno Lamsa Date: Thu, 13 Jun 2019 12:22:50 +0300 Subject: [PATCH 18/18] Fix style issues --- programs/ssl/ssl_client2.c | 22 +++++++++++++--------- programs/ssl/ssl_server2.c | 23 ++++++++++++++--------- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ccf379ef8..9e0dea23e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2393,7 +2393,8 @@ send_request: goto exit; } - if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, buf_len, &buf_len ) ) != 0 ) + if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, + buf_len, &buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); @@ -2409,28 +2410,31 @@ send_request: if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", - -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned " + " -0x%x\n\n", -ret ); goto exit; } if( opt.nbio == 2 ) - mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, + NULL ); else mbedtls_ssl_set_bio( &ssl, &server_fd, - mbedtls_net_send, mbedtls_net_recv, - opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); + mbedtls_net_send, mbedtls_net_recv, + opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); #if defined(MBEDTLS_TIMING_C) if( opt.nbio != 0 && opt.read_timeout != 0 ) - mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay ); + mbedtls_ssl_set_timer_cb( &ssl, &timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay ); #endif /* MBEDTLS_TIMING_C */ } mbedtls_printf( " Deserializing connection..." ); - if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, buf_len ) ) != 0 ) + if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, + buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " "-0x%x\n\n", -ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 685439743..31bc0374e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3378,7 +3378,8 @@ data_exchange: goto exit; } - if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, buf_len, &buf_len ) ) != 0 ) + if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, + buf_len, &buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); @@ -3394,27 +3395,31 @@ data_exchange: if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", - -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned " + "-0x%x\n\n", -ret ); goto exit; } if( opt.nbio == 2 ) - mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, + NULL ); else - mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, - opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); + mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, + mbedtls_net_recv, + opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); #if defined(MBEDTLS_TIMING_C) if( opt.nbio != 0 && opt.read_timeout != 0 ) - mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay ); + mbedtls_ssl_set_timer_cb( &ssl, &timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay ); #endif /* MBEDTLS_TIMING_C */ } mbedtls_printf( " Deserializing connection..." ); - if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, buf_len ) ) != 0 ) + if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, + buf_len ) ) != 0 ) { mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " "-0x%x\n\n", -ret );