Merge remote-tracking branch 'public/pr/2850' into baremetal

This commit is contained in:
Simon Butcher 2019-10-29 14:24:33 +00:00
commit 2f99f3d8a2
4 changed files with 475 additions and 319 deletions

View file

@ -45,6 +45,8 @@
#define MBEDTLS_PK_C #define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_PARSE_C
#define MBEDTLS_ENTROPY_MAX_SOURCES 1
#define MBEDTLS_SSL_CONF_SINGLE_EC #define MBEDTLS_SSL_CONF_SINGLE_EC
#define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1 #define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23 #define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23

View file

@ -45,4 +45,7 @@
#undef MBEDTLS_NO_PLATFORM_ENTROPY #undef MBEDTLS_NO_PLATFORM_ENTROPY
#undef MBEDTLS_ENTROPY_MAX_SOURCES
#define MBEDTLS_ENTROPY_MAX_SOURCES 3
#endif /* MBEDTLS_BAREMETAL_USER_CONFIG_H */ #endif /* MBEDTLS_BAREMETAL_USER_CONFIG_H */

View file

@ -948,7 +948,8 @@ int main( int argc, char *argv[] )
io_ctx_t io_ctx; io_ctx_t io_ctx;
#endif #endif
unsigned char buf[MAX_REQUEST_SIZE + 1]; unsigned char *buf = NULL;
unsigned int main_buf_len = 0;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char psk[MBEDTLS_PSK_MAX_LEN]; unsigned char psk[MBEDTLS_PSK_MAX_LEN];
@ -975,14 +976,14 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif #endif
mbedtls_entropy_context entropy; mbedtls_entropy_context *entropy = NULL;
#if defined(MBEDTLS_CTR_DRBG_C) #if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context *ctr_drbg = NULL;
#else #else
mbedtls_hmac_drbg_context hmac_drbg; mbedtls_hmac_drbg_context *hmac_drbg = NULL;
#endif #endif
mbedtls_ssl_context ssl; mbedtls_ssl_context *ssl;
mbedtls_ssl_config conf; mbedtls_ssl_config *conf;
mbedtls_ssl_session saved_session; mbedtls_ssl_session saved_session;
unsigned char *session_data = NULL; unsigned char *session_data = NULL;
size_t session_data_len = 0; size_t session_data_len = 0;
@ -991,9 +992,9 @@ int main( int argc, char *argv[] )
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
uint32_t flags; uint32_t flags;
mbedtls_x509_crt cacert; mbedtls_x509_crt *cacert = NULL;
mbedtls_x509_crt clicert; mbedtls_x509_crt *clicert = NULL;
mbedtls_pk_context pkey; mbedtls_pk_context *pkey = NULL;
#endif #endif
char *p, *q; char *p, *q;
const int *list; const int *list;
@ -1002,22 +1003,52 @@ int main( int argc, char *argv[] )
size_t context_buf_len; size_t context_buf_len;
#endif #endif
ssl = mbedtls_calloc( 1, sizeof( *ssl ) );
conf = mbedtls_calloc( 1, sizeof( *conf ) );
entropy = mbedtls_calloc( 1, sizeof( *entropy ) );
#if defined(MBEDTLS_CTR_DRBG_C)
ctr_drbg = mbedtls_calloc( 1, sizeof( *ctr_drbg ) );
#else
hmac_drbg = mbedtls_calloc( 1, sizeof( *hmac_drbg ) );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
cacert = mbedtls_calloc( 1, sizeof( *cacert ) );
clicert = mbedtls_calloc( 1, sizeof( *clicert ) );
pkey = mbedtls_calloc( 1, sizeof( *pkey ) );
#endif
if( ssl == NULL || entropy == NULL ||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
cacert == NULL ||
clicert== NULL || pkey == NULL ||
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
ctr_drbg == NULL ||
#else
hmac_drbg == NULL ||
#endif
conf == NULL)
{
goto exit;
}
/* /*
* Make sure memory references are valid. * Make sure memory references are valid.
*/ */
mbedtls_net_init( &server_fd ); mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( conf );
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
#if defined(MBEDTLS_CTR_DRBG_C) #if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ctr_drbg_init( ctr_drbg );
#else #else
mbedtls_hmac_drbg_init( &hmac_drbg ); mbedtls_hmac_drbg_init( hmac_drbg );
#endif /* MBEDTLS_CTR_DRBG_C */ #endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( cacert );
mbedtls_x509_crt_init( &clicert ); mbedtls_x509_crt_init( clicert );
mbedtls_pk_init( &pkey ); mbedtls_pk_init( pkey );
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
memset( (void * ) alpn_list, 0, sizeof( alpn_list ) ); memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
@ -1504,6 +1535,27 @@ int main( int argc, char *argv[] )
goto usage; goto usage;
} }
/* try to use as small buf from the heap as possible */
if( opt.request_size <= 0 )
{
main_buf_len = MBEDTLS_SSL_MAX_CONTENT_LEN + 1;
}
else if( opt.request_size < (int)sizeof(GET_REQUEST) )
{
main_buf_len = sizeof(GET_REQUEST) + 1;
}
else
{
main_buf_len = opt.request_size + 1;
}
buf = mbedtls_calloc( 1, main_buf_len );
if( buf == NULL )
{
mbedtls_printf( "buf allocation failed!\n" );
goto exit;
}
/* Event-driven IO is incompatible with the above custom /* Event-driven IO is incompatible with the above custom
* receive and send functions, as the polling builds on * receive and send functions, as the polling builds on
* refers to the underlying net_context. */ * refers to the underlying net_context. */
@ -1717,10 +1769,10 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Seeding the random number generator..." ); mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout ); fflush( stdout );
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( entropy );
#if defined(MBEDTLS_CTR_DRBG_C) #if defined(MBEDTLS_CTR_DRBG_C)
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, if( ( ret = mbedtls_ctr_drbg_seed( ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers, entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@ -1728,11 +1780,11 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
#else /* MBEDTLS_CTR_DRBG_C */ #else /* MBEDTLS_CTR_DRBG_C */
if( ( ret = mbedtls_hmac_drbg_seed( &hmac_drbg, if( ( ret = mbedtls_hmac_drbg_seed( hmac_drbg,
mbedtls_md_info_from_type( mbedtls_md_info_from_type(
available_hashes[0] ), available_hashes[0] ),
mbedtls_entropy_func, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers, entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@ -1758,9 +1810,9 @@ int main( int argc, char *argv[] )
else else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_path ) ) if( strlen( opt.ca_path ) )
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ); ret = mbedtls_x509_crt_parse_path( cacert, opt.ca_path );
else if( strlen( opt.ca_file ) ) else if( strlen( opt.ca_file ) )
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); ret = mbedtls_x509_crt_parse_file( cacert, opt.ca_file );
else else
#endif #endif
#if defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_CERTS_C)
@ -1768,7 +1820,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ ) for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
{ {
ret = mbedtls_x509_crt_parse( &cacert, ret = mbedtls_x509_crt_parse( cacert,
(const unsigned char *) mbedtls_test_cas[i], (const unsigned char *) mbedtls_test_cas[i],
mbedtls_test_cas_len[i] ); mbedtls_test_cas_len[i] );
if( ret != 0 ) if( ret != 0 )
@ -1778,7 +1830,7 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_PEM_PARSE_C */ #endif /* MBEDTLS_PEM_PARSE_C */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ ) for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{ {
ret = mbedtls_x509_crt_parse_der( &cacert, ret = mbedtls_x509_crt_parse_der_nocopy( cacert,
(const unsigned char *) mbedtls_test_cas_der[i], (const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i] ); mbedtls_test_cas_der_len[i] );
if( ret != 0 ) if( ret != 0 )
@ -1813,13 +1865,19 @@ int main( int argc, char *argv[] )
else else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.crt_file ) ) if( strlen( opt.crt_file ) )
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file ); ret = mbedtls_x509_crt_parse_file( clicert, opt.crt_file );
else else
#endif #endif
#if defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_CERTS_C)
ret = mbedtls_x509_crt_parse( &clicert, #if defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_x509_crt_parse( clicert,
(const unsigned char *) mbedtls_test_cli_crt, (const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len ); mbedtls_test_cli_crt_len );
#else
ret = mbedtls_x509_crt_parse_der_nocopy( clicert,
(const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len );
#endif
#else #else
{ {
ret = 1; ret = 1;
@ -1838,11 +1896,11 @@ int main( int argc, char *argv[] )
else else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) ) if( strlen( opt.key_file ) )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); ret = mbedtls_pk_parse_keyfile( pkey, opt.key_file, "" );
else else
#endif #endif
#if defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_CERTS_C)
ret = mbedtls_pk_parse_key( &pkey, ret = mbedtls_pk_parse_key( pkey,
(const unsigned char *) mbedtls_test_cli_key, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 ); mbedtls_test_cli_key_len, NULL, 0 );
#else #else
@ -1901,7 +1959,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up the SSL/TLS structure..." ); mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_ssl_config_defaults( &conf, if( ( ret = mbedtls_ssl_config_defaults( conf,
MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_IS_CLIENT,
opt.transport, opt.transport,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
@ -1917,14 +1975,14 @@ int main( int argc, char *argv[] )
if( opt.allow_sha1 > 0 ) if( opt.allow_sha1 > 0 )
{ {
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ); crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test ); mbedtls_ssl_conf_cert_profile( conf, &crt_profile_for_test );
#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH) #if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
mbedtls_ssl_conf_sig_hashes( &conf, available_hashes ); mbedtls_ssl_conf_sig_hashes( conf, available_hashes );
#endif #endif
} }
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) #if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); mbedtls_ssl_conf_verify( conf, my_verify, NULL );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
@ -1943,10 +2001,10 @@ int main( int argc, char *argv[] )
} }
if( opt.cid_enabled == 1 ) if( opt.cid_enabled == 1 )
ret = mbedtls_ssl_conf_cid( &conf, cid_len, ret = mbedtls_ssl_conf_cid( conf, cid_len,
MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ); MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
else else
ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len, ret = mbedtls_ssl_conf_cid( conf, cid_renego_len,
MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ); MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
if( ret != 0 ) if( ret != 0 )
@ -1961,19 +2019,19 @@ int main( int argc, char *argv[] )
!MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */ !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
if( opt.auth_mode != DFL_AUTH_MODE ) if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode ); mbedtls_ssl_conf_authmode( conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, mbedtls_ssl_conf_handshake_timeout( conf, opt.hs_to_min,
opt.hs_to_max ); opt.hs_to_max );
if( opt.dgram_packing != DFL_DGRAM_PACKING ) if( opt.dgram_packing != DFL_DGRAM_PACKING )
mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing ); mbedtls_ssl_set_datagram_packing( ssl, opt.dgram_packing );
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_max_frag_len( conf, opt.mfl_code ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
ret ); ret );
@ -1983,39 +2041,39 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC ) if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); mbedtls_ssl_conf_truncated_hmac( conf, opt.trunc_hmac );
#endif #endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) && \ !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET) !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS ) if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms ); mbedtls_ssl_conf_extended_master_secret( conf, opt.extended_ms );
if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE ) if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE )
mbedtls_ssl_conf_extended_master_secret_enforce( &conf, mbedtls_ssl_conf_extended_master_secret_enforce( conf,
opt.enforce_extended_master_secret ); opt.enforce_extended_master_secret );
#endif #endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM ) if( opt.etm != DFL_ETM )
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm ); mbedtls_ssl_conf_encrypt_then_mac( conf, opt.etm );
#endif #endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
if( opt.recsplit != DFL_RECSPLIT ) if( opt.recsplit != DFL_RECSPLIT )
mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit mbedtls_ssl_conf_cbc_record_splitting( conf, opt.recsplit
? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
: MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
#endif #endif
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)
if( opt.dhmlen != DFL_DHMLEN ) if( opt.dhmlen != DFL_DHMLEN )
mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen ); mbedtls_ssl_conf_dhm_min_bitlen( conf, opt.dhmlen );
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_alpn_protocols( conf, alpn_list ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
ret ); ret );
@ -2025,58 +2083,58 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_CTR_DRBG_C) #if defined(MBEDTLS_CTR_DRBG_C)
#if !defined(MBEDTLS_SSL_CONF_RNG) #if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( conf, mbedtls_ctr_drbg_random, ctr_drbg );
#else #else
rng_ctx_global = &ctr_drbg; rng_ctx_global = ctr_drbg;
#endif #endif
#else /* MBEDTLS_CTR_DRBG_C */ #else /* MBEDTLS_CTR_DRBG_C */
#if !defined(MBEDTLS_SSL_CONF_RNG) #if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng( &conf, mbedtls_hmac_drbg_random, &hmac_drbg ); mbedtls_ssl_conf_rng( conf, mbedtls_hmac_drbg_random, hmac_drbg );
#else #else
rng_ctx_global = &hmac_drbg; rng_ctx_global = hmac_drbg;
#endif #endif
#endif /* MBEDTLS_CTR_DRBG_C */ #endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DEBUG_C) #if defined(MBEDTLS_DEBUG_C)
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( conf, my_debug, stdout );
#endif #endif
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT) #if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); mbedtls_ssl_conf_read_timeout( conf, opt.read_timeout );
#endif #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_conf_session_tickets( &conf, opt.tickets ); mbedtls_ssl_conf_session_tickets( conf, opt.tickets );
#endif #endif
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); mbedtls_ssl_conf_ciphersuites( conf, opt.force_ciphersuite );
#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
#if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_ARC4_C)
if( opt.arc4 != DFL_ARC4 ) if( opt.arc4 != DFL_ARC4 )
mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 ); mbedtls_ssl_conf_arc4_support( conf, opt.arc4 );
#endif #endif
#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) #if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION)
if( opt.allow_legacy != DFL_ALLOW_LEGACY ) if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy ); mbedtls_ssl_conf_legacy_renegotiation( conf, opt.allow_legacy );
#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */ #endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation ); mbedtls_ssl_conf_renegotiation( conf, opt.renegotiation );
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if( strcmp( opt.ca_path, "none" ) != 0 && if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 ) strcmp( opt.ca_file, "none" ) != 0 )
{ {
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); mbedtls_ssl_conf_ca_chain( conf, cacert, NULL );
} }
if( strcmp( opt.crt_file, "none" ) != 0 && if( strcmp( opt.crt_file, "none" ) != 0 &&
strcmp( opt.key_file, "none" ) != 0 ) strcmp( opt.key_file, "none" ) != 0 )
{ {
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_own_cert( conf, clicert, pkey ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
ret ); ret );
@ -2090,13 +2148,13 @@ int main( int argc, char *argv[] )
if( opt.curves != NULL && if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 ) strcmp( opt.curves, "default" ) != 0 )
{ {
mbedtls_ssl_conf_curves( &conf, curve_list ); mbedtls_ssl_conf_curves( conf, curve_list );
} }
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */ #endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len, if( ( ret = mbedtls_ssl_conf_psk( conf, psk, psk_len,
(const unsigned char *) opt.psk_identity, (const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 ) strlen( opt.psk_identity ) ) ) != 0 )
{ {
@ -2111,20 +2169,20 @@ int main( int argc, char *argv[] )
!defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) || \ !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) || \
!defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
if( opt.min_version != DFL_MIN_VERSION ) if( opt.min_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_conf_min_version( conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.min_version ); opt.min_version );
if( opt.max_version != DFL_MAX_VERSION ) if( opt.max_version != DFL_MAX_VERSION )
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, mbedtls_ssl_conf_max_version( conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.max_version ); opt.max_version );
#endif #endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
if( opt.fallback != DFL_FALLBACK ) if( opt.fallback != DFL_FALLBACK )
mbedtls_ssl_conf_fallback( &conf, opt.fallback ); mbedtls_ssl_conf_fallback( conf, opt.fallback );
#endif #endif
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( ssl, conf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
-ret ); -ret );
@ -2132,7 +2190,7 @@ int main( int argc, char *argv[] )
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) if( ( ret = mbedtls_ssl_set_hostname( ssl, opt.server_name ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret ); ret );
@ -2143,7 +2201,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( opt.ecjpake_pw != DFL_ECJPAKE_PW ) if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
{ {
if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl, if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( ssl,
(const unsigned char *) opt.ecjpake_pw, (const unsigned char *) opt.ecjpake_pw,
strlen( opt.ecjpake_pw ) ) ) != 0 ) strlen( opt.ecjpake_pw ) ) ) != 0 )
{ {
@ -2157,18 +2215,18 @@ int main( int argc, char *argv[] )
#if !defined(MBEDTLS_SSL_CONF_RECV) && \ #if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \ !defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT) !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
io_ctx.ssl = &ssl; io_ctx.ssl = ssl;
io_ctx.net = &server_fd; io_ctx.net = &server_fd;
mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb, mbedtls_ssl_set_bio( ssl, &io_ctx, send_cb, recv_cb,
opt.nbio == 0 ? recv_timeout_cb : NULL ); opt.nbio == 0 ? recv_timeout_cb : NULL );
#else #else
mbedtls_ssl_set_bio_ctx( &ssl, &server_fd ); mbedtls_ssl_set_bio_ctx( ssl, &server_fd );
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled, if( ( ret = mbedtls_ssl_set_cid( ssl, opt.cid_enabled,
cid, cid_len ) ) != 0 ) cid, cid_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
@ -2180,16 +2238,16 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU ) if( opt.dtls_mtu != DFL_DTLS_MTU )
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu ); mbedtls_ssl_set_mtu( ssl, opt.dtls_mtu );
#endif #endif
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ #if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \
!defined(MBEDTLS_SSL_CONF_GET_TIMER) !defined(MBEDTLS_SSL_CONF_GET_TIMER)
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, mbedtls_ssl_set_timer_cb( ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay ); mbedtls_timing_get_delay );
#else #else
mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer ); mbedtls_ssl_set_timer_cb_ctx( ssl, &timer );
#endif #endif
#endif #endif
@ -2206,7 +2264,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Performing the SSL/TLS handshake..." ); mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout ); fflush( stdout );
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@ -2245,23 +2303,23 @@ int main( int argc, char *argv[] )
} }
mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n", mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_version( ssl ),
mbedtls_ssl_get_ciphersuite( &ssl ) ); mbedtls_ssl_get_ciphersuite( ssl ) );
if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 ) if( ( ret = mbedtls_ssl_get_record_expansion( ssl ) ) >= 0 )
mbedtls_printf( " [ Record expansion is %d ]\n", ret ); mbedtls_printf( " [ Record expansion is %d ]\n", ret );
else else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" ); mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum fragment length is %u ]\n", mbedtls_printf( " [ Maximum fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) ); (unsigned int) mbedtls_ssl_get_max_frag_len( ssl ) );
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
{ {
const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl ); const char *alp = mbedtls_ssl_get_alpn_protocol( ssl );
mbedtls_printf( " [ Application Layer Protocol is %s ]\n", mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
alp ? alp : "(none)" ); alp ? alp : "(none)" );
} }
@ -2283,7 +2341,7 @@ int main( int argc, char *argv[] )
} }
/* get size of the buffer needed */ /* get size of the buffer needed */
mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ), mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( ssl ),
NULL, 0, &session_data_len ); NULL, 0, &session_data_len );
session_data = mbedtls_calloc( 1, session_data_len ); session_data = mbedtls_calloc( 1, session_data_len );
if( session_data == NULL ) if( session_data == NULL )
@ -2295,7 +2353,7 @@ int main( int argc, char *argv[] )
} }
/* actually save session data */ /* actually save session data */
if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ), if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( ssl ),
session_data, session_data_len, session_data, session_data_len,
&session_data_len ) ) != 0 ) &session_data_len ) ) != 0 )
{ {
@ -2306,7 +2364,7 @@ int main( int argc, char *argv[] )
} }
else else
{ {
if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) if( ( ret = mbedtls_ssl_get_session( ssl, &saved_session ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
-ret ); -ret );
@ -2329,7 +2387,7 @@ int main( int argc, char *argv[] )
*/ */
mbedtls_printf( " . Verifying peer X.509 certificate..." ); mbedtls_printf( " . Verifying peer X.509 certificate..." );
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
{ {
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
char vrfy_buf[512]; char vrfy_buf[512];
@ -2355,13 +2413,13 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ret = report_cid_usage( &ssl, "initial handshake" ); ret = report_cid_usage( ssl, "initial handshake" );
if( ret != 0 ) if( ret != 0 )
goto exit; goto exit;
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{ {
if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego, if( ( ret = mbedtls_ssl_set_cid( ssl, opt.cid_enabled_renego,
cid_renego, cid_renego,
cid_renego_len ) ) != 0 ) cid_renego_len ) ) != 0 )
{ {
@ -2381,7 +2439,7 @@ int main( int argc, char *argv[] )
*/ */
mbedtls_printf( " . Performing renegotiation..." ); mbedtls_printf( " . Performing renegotiation..." );
fflush( stdout ); fflush( stdout );
while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_renegotiate( ssl ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@ -2413,7 +2471,7 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
ret = report_cid_usage( &ssl, "after renegotiation" ); ret = report_cid_usage( ssl, "after renegotiation" );
if( ret != 0 ) if( ret != 0 )
goto exit; goto exit;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@ -2426,7 +2484,7 @@ send_request:
mbedtls_printf( " > Write to server:" ); mbedtls_printf( " > Write to server:" );
fflush( stdout ); fflush( stdout );
len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST, len = mbedtls_snprintf( (char *) buf, main_buf_len - 1, GET_REQUEST,
opt.request_page ); opt.request_page );
tail_len = (int) strlen( GET_REQUEST_END ); tail_len = (int) strlen( GET_REQUEST_END );
@ -2438,7 +2496,7 @@ send_request:
len += opt.request_size - len - tail_len; len += opt.request_size - len - tail_len;
} }
strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 ); strncpy( (char *) buf + len, GET_REQUEST_END, main_buf_len - len - 1 );
len += tail_len; len += tail_len;
/* Truncate if request size is smaller than the "natural" size */ /* Truncate if request size is smaller than the "natural" size */
@ -2459,7 +2517,7 @@ send_request:
do do
{ {
while( ( ret = mbedtls_ssl_write( &ssl, buf + written, while( ( ret = mbedtls_ssl_write( ssl, buf + written,
len - written ) ) < 0 ) len - written ) ) < 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
@ -2491,7 +2549,7 @@ send_request:
{ {
while( 1 ) while( 1 )
{ {
ret = mbedtls_ssl_write( &ssl, buf, len ); ret = mbedtls_ssl_write( ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
@ -2554,9 +2612,9 @@ send_request:
{ {
do do
{ {
len = sizeof( buf ) - 1; len = main_buf_len - 1;
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, main_buf_len );
ret = mbedtls_ssl_read( &ssl, buf, len ); ret = mbedtls_ssl_read( ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
@ -2616,12 +2674,12 @@ send_request:
} }
else /* Not stream, so datagram */ else /* Not stream, so datagram */
{ {
len = sizeof( buf ) - 1; len = main_buf_len - 1;
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, main_buf_len );
while( 1 ) while( 1 )
{ {
ret = mbedtls_ssl_read( &ssl, buf, len ); ret = mbedtls_ssl_read( ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
@ -2685,14 +2743,14 @@ send_request:
memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) if( ( ret = mbedtls_ssl_session_reset( ssl ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
-ret ); -ret );
goto exit; goto exit;
} }
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@ -2729,7 +2787,7 @@ send_request:
mbedtls_printf( " . Serializing live connection..." ); mbedtls_printf( " . Serializing live connection..." );
ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len ); ret = mbedtls_ssl_context_save( ssl, NULL, 0, &buf_len );
if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
@ -2747,7 +2805,7 @@ send_request:
} }
context_buf_len = buf_len; context_buf_len = buf_len;
if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, if( ( ret = mbedtls_ssl_context_save( ssl, context_buf,
buf_len, &buf_len ) ) != 0 ) buf_len, &buf_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
@ -2768,11 +2826,11 @@ send_request:
{ {
mbedtls_printf( " . Freeing and reinitializing context..." ); mbedtls_printf( " . Freeing and reinitializing context..." );
mbedtls_ssl_free( &ssl ); mbedtls_ssl_free( ssl );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( ssl );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( ssl, conf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned " mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", -ret );
@ -2782,20 +2840,20 @@ send_request:
#if !defined(MBEDTLS_SSL_CONF_RECV) && \ #if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \ !defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT) !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb, mbedtls_ssl_set_bio( ssl, &io_ctx, send_cb, recv_cb,
opt.nbio == 0 ? recv_timeout_cb : NULL ); opt.nbio == 0 ? recv_timeout_cb : NULL );
#else #else
mbedtls_ssl_set_bio_ctx( &ssl, &server_fd ); mbedtls_ssl_set_bio_ctx( ssl, &server_fd );
#endif #endif
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \ #if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \
!defined(MBEDTLS_SSL_CONF_GET_TIMER) !defined(MBEDTLS_SSL_CONF_GET_TIMER)
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_ssl_set_timer_cb( ssl, &timer,
mbedtls_timing_set_delay, mbedtls_timing_set_delay,
mbedtls_timing_get_delay ); mbedtls_timing_get_delay );
#else #else
mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer ); mbedtls_ssl_set_timer_cb_ctx( ssl, &timer );
#endif #endif
#endif /* MBEDTLS_TIMING_C */ #endif /* MBEDTLS_TIMING_C */
@ -2804,7 +2862,7 @@ send_request:
mbedtls_printf( " . Deserializing connection..." ); mbedtls_printf( " . Deserializing connection..." );
if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, if( ( ret = mbedtls_ssl_context_load( ssl, context_buf,
buf_len ) ) != 0 ) buf_len ) ) != 0 )
{ {
mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
@ -2835,7 +2893,7 @@ close_notify:
fflush( stdout ); fflush( stdout );
/* No error checking, the connection might be closed already */ /* No error checking, the connection might be closed already */
do ret = mbedtls_ssl_close_notify( &ssl ); do ret = mbedtls_ssl_close_notify( ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE ); while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
ret = 0; ret = 0;
@ -2863,7 +2921,7 @@ reconnect:
memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) if( ( ret = mbedtls_ssl_session_reset( ssl ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
-ret ); -ret );
@ -2883,7 +2941,7 @@ reconnect:
} }
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION) #if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) if( ( ret = mbedtls_ssl_set_session( ssl, &saved_session ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
-ret ); -ret );
@ -2912,7 +2970,7 @@ reconnect:
goto exit; goto exit;
} }
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@ -2933,6 +2991,7 @@ reconnect:
* Cleanup and exit * Cleanup and exit
*/ */
exit: exit:
#ifdef MBEDTLS_ERROR_C #ifdef MBEDTLS_ERROR_C
if( ret != 0 ) if( ret != 0 )
{ {
@ -2945,19 +3004,19 @@ exit:
mbedtls_net_free( &server_fd ); mbedtls_net_free( &server_fd );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( clicert );
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( cacert );
mbedtls_pk_free( &pkey ); mbedtls_pk_free( pkey );
#endif #endif
mbedtls_ssl_session_free( &saved_session ); mbedtls_ssl_session_free( &saved_session );
mbedtls_ssl_free( &ssl ); mbedtls_ssl_free( ssl );
mbedtls_ssl_config_free( &conf ); mbedtls_ssl_config_free( conf );
#if defined(MBEDTLS_CTR_DRBG_C) #if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_ctr_drbg_free( ctr_drbg );
#else #else
mbedtls_hmac_drbg_free( &hmac_drbg ); mbedtls_hmac_drbg_free( hmac_drbg );
#endif #endif
mbedtls_entropy_free( &entropy ); mbedtls_entropy_free( entropy );
if( session_data != NULL ) if( session_data != NULL )
mbedtls_platform_zeroize( session_data, session_data_len ); mbedtls_platform_zeroize( session_data, session_data_len );
mbedtls_free( session_data ); mbedtls_free( session_data );
@ -2967,6 +3026,20 @@ exit:
mbedtls_free( context_buf ); mbedtls_free( context_buf );
#endif #endif
mbedtls_free( ssl );
mbedtls_free( conf );
mbedtls_free( entropy );
mbedtls_free( buf );
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_free( ctr_drbg );
#else
mbedtls_free( hmac_drbg );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_free( cacert );
mbedtls_free( clicert );
mbedtls_free( pkey );
#endif
#if defined(_WIN32) #if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" ); mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar(); fflush( stdout ); getchar();

File diff suppressed because it is too large Load diff