Merge pull request #690 from ARMmbed/update-development-restricted-202004329

Merge development into development restricted
This commit is contained in:
Gilles Peskine 2020-04-29 17:18:31 +02:00 committed by GitHub
commit 4926f0dcb3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
185 changed files with 6192 additions and 2364 deletions

View file

@ -1,7 +1,7 @@
Note: This is just a template, so feel free to use/remove the unnecessary things Note: This is just a template, so feel free to use/remove the unnecessary things
### Description ### Description
- Type: Bug | Enhancement\Feature Request | Question - Type: Bug | Enhancement\Feature Request
- Priority: Blocker | Major | Minor - Priority: Blocker | Major | Minor
--------------------------------------------------------------- ---------------------------------------------------------------
@ -38,4 +38,4 @@ Version:
## Question ## Question
**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://forums.mbed.com/c/mbed-tls)** **Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb). If you can't find the answer you're looking for then please use the [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls)**

View file

@ -40,7 +40,27 @@ max-attributes=15
max-module-lines=2000 max-module-lines=2000
[MESSAGES CONTROL] [MESSAGES CONTROL]
disable= # * locally-disabled, locally-enabled: If we disable or enable a message
# locally, it's by design. There's no need to clutter the Pylint output
# with this information.
# * logging-format-interpolation: Pylint warns about things like
# ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``.
# This is of minor utility (mainly a performance gain when there are
# many messages that use formatting and are below the log level).
# Some versions of Pylint (including 1.8, which is the version on
# Ubuntu 18.04) only recognize old-style format strings using '%',
# and complain about something like ``log.info('{}', foo)`` with
# logging-too-many-args (Pylint supports new-style formatting if
# declared globally with logging_format_style under [LOGGING] but
# this requires Pylint >=2.2).
# * no-else-return: Allow the perfectly reasonable idiom
# if condition1:
# return value1
# else:
# return value2
# * unnecessary-pass: If we take the trouble of adding a line with "pass",
# it's because we think the code is clearer that way.
disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass
[REPORTS] [REPORTS]
# Don't diplay statistics. Just the facts. # Don't diplay statistics. Just the facts.

View file

@ -135,7 +135,7 @@ if(CMAKE_COMPILER_IS_GNU)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op")
endif() endif()
if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow -Wformat-signedness")
endif() endif()
set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")

View file

@ -1,12 +1,22 @@
mbed TLS ChangeLog (Sorted per branch, date) mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx = mbed TLS 2.22.0 branch released 2020-04-14
New deprecations New deprecations
* Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the * Deprecate MBEDTLS_SSL_HW_RECORD_ACCEL that enables function hooks in the
SSL module for hardware acceleration of individual records. SSL module for hardware acceleration of individual records.
* Deprecate mbedtls_ssl_get_max_frag_len() in favour of
mbedtls_ssl_get_output_max_frag_len() and
mbedtls_ssl_get_input_max_frag_len() to be more precise about which max
fragment length is desired.
Security Security
* Fix issue in DTLS handling of new associations with the same parameters
(RFC 6347 section 4.2.8): an attacker able to send forged UDP packets to
the server could cause it to drop established associations with
legitimate clients, resulting in a Denial of Service. This could only
happen when MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE was enabled in config.h
(which it is by default).
* Fix side channel in ECC code that allowed an adversary with access to * Fix side channel in ECC code that allowed an adversary with access to
precise enough timing and memory access information (typically an precise enough timing and memory access information (typically an
untrusted operating system attacking a secure enclave) to fully recover untrusted operating system attacking a secure enclave) to fully recover
@ -15,13 +25,27 @@ Security
* Fix a potentially remotely exploitable buffer overread in a * Fix a potentially remotely exploitable buffer overread in a
DTLS client when parsing the Hello Verify Request message. DTLS client when parsing the Hello Verify Request message.
Features
* The new build option MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH automatically
resizes the I/O buffers before and after handshakes, reducing the memory
consumption during application data transfer.
Bugfix Bugfix
* Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
MBEDTLS_SSL_HW_RECORD_ACCEL are enabled. MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
* Remove a spurious check in ssl_parse_client_psk_identity that triggered
a warning with some compilers. Fix contributed by irwir in #2856.
* Fix a function name in a debug message. Contributed by Ercan Ozturk in
#3013.
Changes Changes
* Mbed Crypto is no longer a Git submodule. The crypto part of the library * Mbed Crypto is no longer a Git submodule. The crypto part of the library
is back directly in the present repository. is back directly in the present repository.
* Split mbedtls_ssl_get_max_frag_len() into
mbedtls_ssl_get_output_max_frag_len() and
mbedtls_ssl_get_input_max_frag_len() to ensure that a sufficient input
buffer is allocated by the server (if MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
is defined), regardless of what MFL was configured for it.
= mbed TLS 2.21.0 branch released 2020-02-20 = mbed TLS 2.21.0 branch released 2020-02-20

67
ChangeLog.d/00README.md Normal file
View file

@ -0,0 +1,67 @@
# Pending changelog entry directory
This directory contains changelog entries that have not yet been merged
to the changelog file ([`../ChangeLog`](../ChangeLog)).
## Changelog entry file format
A changelog entry file must have the extension `*.txt` and must have the
following format:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security
* Change description.
* Another change description.
Features
* Yet another change description. This is a long change description that
spans multiple lines.
* Yet again another change description.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The permitted changelog entry categories are as follows:
<!-- Keep this synchronized with STANDARD_CATEGORIES in assemble_changelog.py! -->
API changes
Default behavior changes
Requirement changes
New deprecations
Removals
Features
Security
Bugfix
Changes
Use “Changes” for anything that doesn't fit in the other categories, such as
performance, documentation and test improvements.
## How to write a changelog entry
Each entry starts with three spaces, an asterisk and a space. Continuation
lines start with 5 spaces. Lines wrap at 79 characters.
Write full English sentences with proper capitalization and punctuation. Use
the present tense. Use the imperative where applicable. For example: “Fix a
bug in mbedtls_xxx() ….”
Include GitHub issue numbers where relevant. Use the format “#1234” for an
Mbed TLS issue. Add other external references such as CVE numbers where
applicable.
Credit the author of the contribution if the contribution is not a member of
the Mbed TLS development team. Also credit bug reporters where applicable.
**Explain why, not how**. Remember that the audience is the users of the
library, not its developers. In particular, for a bug fix, explain the
consequences of the bug, not how the bug was fixed. For a new feature, explain
why one might be interested in the feature. For an API change or a deprecation,
explain how to update existing applications.
See [existing entries](../ChangeLog) for examples.
## How `ChangeLog` is updated
Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py)
from a Git working copy
to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file.

4
ChangeLog.d/bugfix.txt Normal file
View file

@ -0,0 +1,4 @@
Bugfix
* Fix the Visual Studio Release x64 build configuration for mbedtls itself.
Completes a previous fix in Mbed TLS 2.19 that only fixed the build for
the example programs. Reported in #1430 and fix contributed by irwir.

View file

@ -0,0 +1,6 @@
Features
* New functions in the error module return constant strings for
high- and low-level error codes, complementing mbedtls_strerror()
which constructs a string for any error code, including compound
ones, but requires a writable buffer. Contributed by Gaurav Aggarwal
in #3176.

View file

@ -0,0 +1,4 @@
Changes
* Fix minor performance issue in operations on Curve25519 caused by using a
suboptimal modular reduction in one place. Found and fix contributed by
Aurelien Jarno in #3209.

View file

@ -0,0 +1,3 @@
Changes
* Fix warnings about signedness issues in format strings. The build is now
clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen in #3153.

View file

@ -0,0 +1,5 @@
Bugfix
* Fix undefined behavior in X.509 certificate parsing if the
pathLenConstraint basic constraint value is equal to INT_MAX.
The actual effect with almost every compiler is the intended
behavior, so this is unlikely to be exploitable anywhere. #3192

View file

@ -0,0 +1,3 @@
Changes
* Combine identical cases in switch statements in md.c. Contributed
by irwir in #3208.

View file

@ -0,0 +1,3 @@
Features
* The new utility programs/ssl/ssl_context_info prints a human-readable
dump of an SSL context saved with mbedtls_ssl_context_save().

View file

@ -0,0 +1,3 @@
Changes
* Simplify a bounds check in ssl_write_certificate_request(). Contributed
by irwir in #3150.

View file

@ -124,8 +124,10 @@ endif
## Editor navigation files ## Editor navigation files
C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
# Exuberant-ctags invocation. Other ctags implementations may require different options.
CTAGS = ctags --langmap=c:+.h.function -o
tags: $(C_SOURCE_FILES) tags: $(C_SOURCE_FILES)
ctags -o $@ $(C_SOURCE_FILES) $(CTAGS) $@ $(C_SOURCE_FILES)
TAGS: $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES)
etags -o $@ $(C_SOURCE_FILES) etags -o $@ $(C_SOURCE_FILES)
GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)

View file

@ -24,7 +24,7 @@
*/ */
/** /**
* @mainpage mbed TLS v2.21.0 source code documentation * @mainpage mbed TLS v2.22.0 source code documentation
* *
* This documentation describes the internal structure of mbed TLS. It was * This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in * automatically generated from specially formatted comment blocks in

View file

@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need # identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces. # to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v2.21.0" PROJECT_NAME = "mbed TLS v2.22.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number. # The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or # This could be handy for archiving the generated documentation or
@ -1594,7 +1594,7 @@ SEARCH_INCLUDES = YES
# contain include files that are not input files but should be processed by # contain include files that are not input files but should be processed by
# the preprocessor. # the preprocessor.
INCLUDE_PATH = INCLUDE_PATH = ../include
# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
# patterns (like *.h and *.hpp) to filter out the header-files in the # patterns (like *.h and *.hpp) to filter out the header-files in the

View file

@ -619,6 +619,23 @@
#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif #endif
#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
!(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
#error "One or more versions of the TLS protocol are enabled " \
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ #if defined(MBEDTLS_SSL_PROTO_DTLS) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_1) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2) !defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -763,6 +780,10 @@
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
#error "MBEDTLS_CERTS_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) #if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites" #error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif #endif

View file

@ -1520,8 +1520,8 @@
/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
* *
* Enable support for Extended Master Secret, aka Session Hash * Enable support for RFC 7627: Session Hash and Extended Master Secret
* (draft-ietf-tls-session-hash-02). * Extension.
* *
* This was introduced as "the proper fix" to the Triple Handshake familiy of * This was introduced as "the proper fix" to the Triple Handshake familiy of
* attacks, but it is recommended to always use it (even if you disable * attacks, but it is recommended to always use it (even if you disable
@ -1539,7 +1539,8 @@
/** /**
* \def MBEDTLS_SSL_FALLBACK_SCSV * \def MBEDTLS_SSL_FALLBACK_SCSV
* *
* Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). * Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
* for Preventing Protocol Downgrade Attacks.
* *
* For servers, it is recommended to always enable this, unless you support * For servers, it is recommended to always enable this, unless you support
* only one version of TLS, or know for sure that none of your clients * only one version of TLS, or know for sure that none of your clients

View file

@ -127,6 +127,36 @@ extern "C" {
*/ */
void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
/**
* \brief Translate the high-level part of an Mbed TLS error code into a string
* representation.
*
* This function returns a const pointer to an un-modifiable string. The caller
* must not try to modify the string. It is intended to be used mostly for
* logging purposes.
*
* \param error_code error code
*
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
const char * mbedtls_high_level_strerr( int error_code );
/**
* \brief Translate the low-level part of an Mbed TLS error code into a string
* representation.
*
* This function returns a const pointer to an un-modifiable string. The caller
* must not try to modify the string. It is intended to be used mostly for
* logging purposes.
*
* \param error_code error code
*
* \return The string representation of the error code, or \c NULL if the error
* code is unknown.
*/
const char * mbedtls_low_level_strerr( int error_code );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View file

@ -2682,6 +2682,9 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
* \note This is mainly useful for clients. Servers will usually * \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead. * want to use \c mbedtls_ssl_conf_psk_cb() instead.
* *
* \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
* takes precedence over a PSK configured by this function.
*
* \warning Currently, clients can only register a single pre-shared key. * \warning Currently, clients can only register a single pre-shared key.
* Calling this function or mbedtls_ssl_conf_psk_opaque() more * Calling this function or mbedtls_ssl_conf_psk_opaque() more
* than once will overwrite values configured in previous calls. * than once will overwrite values configured in previous calls.
@ -2715,6 +2718,10 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
* \note This is mainly useful for clients. Servers will usually * \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead. * want to use \c mbedtls_ssl_conf_psk_cb() instead.
* *
* \note An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in
* the PSK callback takes precedence over an opaque PSK
* configured by this function.
*
* \warning Currently, clients can only register a single pre-shared key. * \warning Currently, clients can only register a single pre-shared key.
* Calling this function or mbedtls_ssl_conf_psk() more than * Calling this function or mbedtls_ssl_conf_psk() more than
* once will overwrite values configured in previous calls. * once will overwrite values configured in previous calls.
@ -2752,6 +2759,9 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
* \note This should only be called inside the PSK callback, * \note This should only be called inside the PSK callback,
* i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
* *
* \note A PSK set by this function takes precedence over a PSK
* configured by \c mbedtls_ssl_conf_psk().
*
* \param ssl The SSL context to configure a PSK for. * \param ssl The SSL context to configure a PSK for.
* \param psk The pointer to the pre-shared key. * \param psk The pointer to the pre-shared key.
* \param psk_len The length of the pre-shared key in bytes. * \param psk_len The length of the pre-shared key in bytes.
@ -2769,6 +2779,9 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
* \note This should only be called inside the PSK callback, * \note This should only be called inside the PSK callback,
* i.e. the function passed to \c mbedtls_ssl_conf_psk_cb(). * i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
* *
* \note An opaque PSK set by this function takes precedence over an
* opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque().
*
* \param ssl The SSL context to configure a PSK for. * \param ssl The SSL context to configure a PSK for.
* \param psk The identifier of the key slot holding the PSK. * \param psk The identifier of the key slot holding the PSK.
* For the duration of the current handshake, the key slot * For the duration of the current handshake, the key slot
@ -2807,9 +2820,14 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
* on the SSL context to set the correct PSK and return \c 0. * on the SSL context to set the correct PSK and return \c 0.
* Any other return value will result in a denied PSK identity. * Any other return value will result in a denied PSK identity.
* *
* \note If you set a PSK callback using this function, then you * \note A dynamic PSK (i.e. set by the PSK callback) takes
* don't need to set a PSK key and identity using * precedence over a static PSK (i.e. set by
* \c mbedtls_ssl_conf_psk(). * \c mbedtls_ssl_conf_psk() or
* \c mbedtls_ssl_conf_psk_opaque()).
* This means that if you set a PSK callback using this
* function, you don't need to set a PSK using
* \c mbedtls_ssl_conf_psk() or
* \c mbedtls_ssl_conf_psk_opaque()).
* *
* \param conf The SSL configuration to register the callback with. * \param conf The SSL configuration to register the callback with.
* \param f_psk The callback for selecting and setting the PSK based * \param f_psk The callback for selecting and setting the PSK based
@ -3523,18 +3541,61 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/** /**
* \brief Return the maximum fragment length (payload, in bytes). * \brief Return the maximum fragment length (payload, in bytes) for
* This is the value negotiated with peer if any, * the output buffer. For the client, this is the configured
* or the locally configured value. * value. For the server, it is the minimum of two - the
* configured value and the negotiated one.
* *
* \sa mbedtls_ssl_conf_max_frag_len() * \sa mbedtls_ssl_conf_max_frag_len()
* \sa mbedtls_ssl_get_max_record_payload() * \sa mbedtls_ssl_get_max_record_payload()
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return Current maximum fragment length. * \return Current maximum fragment length for the output buffer.
*/ */
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ); size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
/**
* \brief Return the maximum fragment length (payload, in bytes) for
* the input buffer. This is the negotiated maximum fragment
* length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN.
* If it is not defined either, the value is 2^14. This function
* works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
*
* \sa mbedtls_ssl_conf_max_frag_len()
* \sa mbedtls_ssl_get_max_record_payload()
*
* \param ssl SSL context
*
* \return Current maximum fragment length for the output buffer.
*/
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
#define MBEDTLS_DEPRECATED
#endif
/**
* \brief This function is a deprecated approach to getting the max
* fragment length. Its an alias for
* \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour
* is the same. See \c mbedtls_ssl_get_output_max_frag_len() for
* more detail.
*
* \sa mbedtls_ssl_get_input_max_frag_len()
* \sa mbedtls_ssl_get_output_max_frag_len()
*
* \param ssl SSL context
*
* \return Current maximum fragment length for the output buffer.
*/
MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
/** /**
@ -3555,7 +3616,8 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
* when record compression is enabled. * when record compression is enabled.
* *
* \sa mbedtls_ssl_set_mtu() * \sa mbedtls_ssl_set_mtu()
* \sa mbedtls_ssl_get_max_frag_len() * \sa mbedtls_ssl_get_output_max_frag_len()
* \sa mbedtls_ssl_get_input_max_frag_len()
* \sa mbedtls_ssl_get_record_expansion() * \sa mbedtls_ssl_get_record_expansion()
* *
* \param ssl SSL context * \param ssl SSL context
@ -3863,8 +3925,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
* or negotiated with the peer), then: * or negotiated with the peer), then:
* - with TLS, less bytes than requested are written. * - with TLS, less bytes than requested are written.
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
* \c mbedtls_ssl_get_max_frag_len() may be used to query the * \c mbedtls_ssl_get_output_max_frag_len() may be used to
* active maximum fragment length. * query the active maximum fragment length.
* *
* \note Attempting to write 0 bytes will result in an empty TLS * \note Attempting to write 0 bytes will result in an empty TLS
* application record being sent. * application record being sent.

View file

@ -260,11 +260,11 @@
static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx ) static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
{ {
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ MBEDTLS_SSL_CID_OUT_LEN_MAX; + MBEDTLS_SSL_CID_OUT_LEN_MAX;
#else #else
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) return (uint32_t) mbedtls_ssl_get_output_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif #endif
} }
@ -272,11 +272,11 @@ static inline uint32_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context
static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx ) static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
{ {
#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
+ MBEDTLS_SSL_CID_IN_LEN_MAX; + MBEDTLS_SSL_CID_IN_LEN_MAX;
#else #else
return (uint32_t) mbedtls_ssl_get_max_frag_len( ctx ) return (uint32_t) mbedtls_ssl_get_input_max_frag_len( ctx )
+ MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
#endif #endif
} }
@ -921,7 +921,60 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
#endif
/**
* Get the first defined PSK by order of precedence:
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
* 2. static PSK configured by \c mbedtls_ssl_conf_psk()
* Return a code and update the pair (PSK, PSK length) passed to this function
*/
static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
const unsigned char **psk, size_t *psk_len )
{
if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
{
*psk = ssl->handshake->psk;
*psk_len = ssl->handshake->psk_len;
}
else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
{
*psk = ssl->conf->psk;
*psk_len = ssl->conf->psk_len;
}
else
{
*psk = NULL;
*psk_len = 0;
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
}
return( 0 );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* Get the first defined opaque PSK by order of precedence:
* 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
* callback
* 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
* Return an opaque PSK
*/
static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk(
const mbedtls_ssl_context *ssl )
{
if( ssl->handshake->psk_opaque != 0 )
return( ssl->handshake->psk_opaque );
if( ssl->conf->psk_opaque != 0 )
return( ssl->conf->psk_opaque );
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_PK_C) #if defined(MBEDTLS_PK_C)
unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );

View file

@ -39,7 +39,7 @@
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 21 #define MBEDTLS_VERSION_MINOR 22
#define MBEDTLS_VERSION_PATCH 0 #define MBEDTLS_VERSION_PATCH 0
/** /**
@ -47,9 +47,9 @@
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x02150000 #define MBEDTLS_VERSION_NUMBER 0x02160000
#define MBEDTLS_VERSION_STRING "2.21.0" #define MBEDTLS_VERSION_STRING "2.22.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.21.0" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.22.0"
#if defined(MBEDTLS_VERSION_C) #if defined(MBEDTLS_VERSION_C)

View file

@ -187,19 +187,19 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto}) add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.21.0 SOVERSION 4) set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4)
target_link_libraries(mbedcrypto ${libs}) target_link_libraries(mbedcrypto ${libs})
target_include_directories(mbedcrypto target_include_directories(mbedcrypto
PUBLIC ${MBEDTLS_DIR}/include/) PUBLIC ${MBEDTLS_DIR}/include/)
add_library(mbedx509 SHARED ${src_x509}) add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.21.0 SOVERSION 1) set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1)
target_link_libraries(mbedx509 ${libs} mbedcrypto) target_link_libraries(mbedx509 ${libs} mbedcrypto)
target_include_directories(mbedx509 target_include_directories(mbedx509
PUBLIC ${MBEDTLS_DIR}/include/) PUBLIC ${MBEDTLS_DIR}/include/)
add_library(mbedtls SHARED ${src_tls}) add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.21.0 SOVERSION 13) set_target_properties(mbedtls PROPERTIES VERSION 2.22.0 SOVERSION 13)
target_link_libraries(mbedtls ${libs} mbedx509) target_link_libraries(mbedtls ${libs} mbedx509)
target_include_directories(mbedtls target_include_directories(mbedtls
PUBLIC ${MBEDTLS_DIR}/include/) PUBLIC ${MBEDTLS_DIR}/include/)

View file

@ -63,48 +63,102 @@ DLEXT = dylib
endif endif
endif endif
OBJS_CRYPTO= aes.o aesni.o arc4.o \ OBJS_CRYPTO= \
aria.o asn1parse.o asn1write.o \ aes.o \
base64.o bignum.o blowfish.o \ aesni.o \
camellia.o ccm.o chacha20.o \ arc4.o \
chachapoly.o cipher.o cipher_wrap.o \ aria.o \
cmac.o ctr_drbg.o des.o \ asn1parse.o \
dhm.o ecdh.o ecdsa.o \ asn1write.o \
ecjpake.o ecp.o \ base64.o \
ecp_curves.o entropy.o entropy_poll.o \ bignum.o \
error.o gcm.o havege.o \ blowfish.o \
camellia.o \
ccm.o \
chacha20.o \
chachapoly.o \
cipher.o \
cipher_wrap.o \
cmac.o \
ctr_drbg.o \
des.o \
dhm.o \
ecdh.o \
ecdsa.o \
ecjpake.o \
ecp.o \
ecp_curves.o \
entropy.o \
entropy_poll.o \
error.o \
gcm.o \
havege.o \
hkdf.o \ hkdf.o \
hmac_drbg.o md.o md2.o \ hmac_drbg.o \
md4.o md5.o \ md.o \
memory_buffer_alloc.o nist_kw.o \ md2.o \
oid.o padlock.o pem.o \ md4.o \
pk.o pk_wrap.o pkcs12.o \ md5.o \
pkcs5.o pkparse.o pkwrite.o \ memory_buffer_alloc.o \
platform.o platform_util.o poly1305.o \ nist_kw.o \
psa_crypto.o psa_crypto_se.o \ oid.o \
padlock.o \
pem.o \
pk.o \
pk_wrap.o \
pkcs12.o \
pkcs5.o \
pkparse.o \
pkwrite.o \
platform.o \
platform_util.o \
poly1305.o \
psa_crypto.o \
psa_crypto_se.o \
psa_crypto_slot_management.o \ psa_crypto_slot_management.o \
psa_crypto_storage.o \ psa_crypto_storage.o \
psa_its_file.o \ psa_its_file.o \
ripemd160.o rsa_internal.o rsa.o \ ripemd160.o \
sha1.o sha256.o sha512.o \ rsa.o \
threading.o timing.o \ rsa_internal.o \
version.o version_features.o \ sha1.o \
xtea.o sha256.o \
sha512.o \
threading.o \
timing.o \
version.o \
version_features.o \
xtea.o \
# This line is intentionally left blank
include ../3rdparty/Makefile.inc include ../3rdparty/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
OBJS_X509= certs.o pkcs11.o x509.o \ OBJS_X509= \
x509_create.o x509_crl.o x509_crt.o \ certs.o \
x509_csr.o x509write_crt.o x509write_csr.o pkcs11.o \
x509.o \
x509_create.o \
x509_crl.o \
x509_crt.o \
x509_csr.o \
x509write_crt.o \
x509write_csr.o \
# This line is intentionally left blank
OBJS_TLS= debug.o net_sockets.o \ OBJS_TLS= \
ssl_cache.o ssl_ciphersuites.o \ debug.o \
ssl_cli.o ssl_cookie.o \ net_sockets.o \
ssl_cache.o \
ssl_ciphersuites.o \
ssl_cli.o \
ssl_cookie.o \
ssl_msg.o \ ssl_msg.o \
ssl_srv.o ssl_ticket.o \ ssl_srv.o \
ssl_tls.o ssl_ticket.o \
ssl_tls.o \
# This line is intentionally left blank
.SILENT: .SILENT:
@ -201,8 +255,6 @@ libmbedcrypto.dll: $(OBJS_CRYPTO)
echo " LD $@" echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS) $(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
libmbedcrypto.$(DLEXT): | libmbedcrypto.a
.c.o: .c.o:
echo " CC $<" echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<

View file

@ -1847,7 +1847,7 @@ int mbedtls_aes_self_test( int verbose )
mode = i & 1; mode = i & 1;
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " AES-ECB-%3d (%s): ", keybits, mbedtls_printf( " AES-ECB-%3u (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memset( buf, 0, 16 ); memset( buf, 0, 16 );
@ -1909,7 +1909,7 @@ int mbedtls_aes_self_test( int verbose )
mode = i & 1; mode = i & 1;
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " AES-CBC-%3d (%s): ", keybits, mbedtls_printf( " AES-CBC-%3u (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memset( iv , 0, 16 ); memset( iv , 0, 16 );
@ -1984,7 +1984,7 @@ int mbedtls_aes_self_test( int verbose )
mode = i & 1; mode = i & 1;
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits, mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memcpy( iv, aes_test_cfb128_iv, 16 ); memcpy( iv, aes_test_cfb128_iv, 16 );
@ -2047,7 +2047,7 @@ int mbedtls_aes_self_test( int verbose )
mode = i & 1; mode = i & 1;
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " AES-OFB-%3d (%s): ", keybits, mbedtls_printf( " AES-OFB-%3u (%s): ", keybits,
( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memcpy( iv, aes_test_ofb_iv, 16 ); memcpy( iv, aes_test_ofb_iv, 16 );

View file

@ -2938,7 +2938,7 @@ int mbedtls_mpi_self_test( int verbose )
cleanup: cleanup:
if( ret != 0 && verbose != 0 ) if( ret != 0 && verbose != 0 )
mbedtls_printf( "Unexpected error, return code = %08X\n", ret ); mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );

View file

@ -784,7 +784,7 @@ static int cmac_test_subkeys( int verbose,
for( i = 0; i < num_tests; i++ ) for( i = 0; i < num_tests; i++ )
{ {
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 ); mbedtls_printf( " %s CMAC subkey #%d: ", testname, i + 1 );
mbedtls_cipher_init( &ctx ); mbedtls_cipher_init( &ctx );
@ -865,7 +865,7 @@ static int cmac_test_wth_cipher( int verbose,
for( i = 0; i < num_tests; i++ ) for( i = 0; i < num_tests; i++ )
{ {
if( verbose != 0 ) if( verbose != 0 )
mbedtls_printf( " %s CMAC #%u: ", testname, i + 1 ); mbedtls_printf( " %s CMAC #%d: ", testname, i + 1 );
if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages,
message_lengths[i], output ) ) != 0 ) message_lengths[i], output ) ) != 0 )
@ -900,7 +900,7 @@ static int test_aes128_cmac_prf( int verbose )
for( i = 0; i < NB_PRF_TESTS; i++ ) for( i = 0; i < NB_PRF_TESTS; i++ )
{ {
mbedtls_printf( " AES CMAC 128 PRF #%u: ", i ); mbedtls_printf( " AES CMAC 128 PRF #%d: ", i );
ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output ); ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output );
if( ret != 0 || if( ret != 0 ||
memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 ) memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )

View file

@ -132,7 +132,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
return; return;
mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n", mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
text, ret, -ret ); text, ret, (unsigned int) -ret );
debug_send_line( ssl, level, file, line, str ); debug_send_line( ssl, level, file, line, str );
} }

View file

@ -2332,7 +2332,7 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA, &CB ) ); MOD_MUL( S->X ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA, &CB ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) );
@ -3156,7 +3156,7 @@ int mbedtls_ecp_self_test( int verbose )
cleanup: cleanup:
if( ret < 0 && verbose != 0 ) if( ret < 0 && verbose != 0 )
mbedtls_printf( "Unexpected error, return code = %08X\n", ret ); mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
mbedtls_ecp_group_free( &grp ); mbedtls_ecp_group_free( &grp );
mbedtls_ecp_point_free( &R ); mbedtls_ecp_point_free( &R );

File diff suppressed because it is too large Load diff

View file

@ -115,7 +115,7 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
n = okm_len / hash_len; n = okm_len / hash_len;
if( (okm_len % hash_len) != 0 ) if( okm_len % hash_len != 0 )
{ {
n++; n++;
} }
@ -131,11 +131,13 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
mbedtls_md_init( &ctx ); mbedtls_md_init( &ctx );
if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 ) if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 )
{ {
goto exit; goto exit;
} }
memset( t, 0, hash_len );
/* /*
* Compute T = T(1) | T(2) | T(3) | ... | T(N) * Compute T = T(1) | T(2) | T(3) | ... | T(N)
* Where T(N) is defined in RFC 5869 Section 2.3 * Where T(N) is defined in RFC 5869 Section 2.3

View file

@ -553,14 +553,12 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
#endif #endif
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA224:
return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
case MBEDTLS_MD_SHA256: case MBEDTLS_MD_SHA256:
return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) ); return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384) #if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384: case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
#endif #endif
case MBEDTLS_MD_SHA512: case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) ); return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
@ -599,14 +597,12 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
#endif #endif
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA224:
return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
case MBEDTLS_MD_SHA256: case MBEDTLS_MD_SHA256:
return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) ); return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384) #if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384: case MBEDTLS_MD_SHA384:
return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
#endif #endif
case MBEDTLS_MD_SHA512: case MBEDTLS_MD_SHA512:
return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) ); return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
@ -856,14 +852,12 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
#endif #endif
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA224:
return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
case MBEDTLS_MD_SHA256: case MBEDTLS_MD_SHA256:
return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) ); return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
#if !defined(MBEDTLS_SHA512_NO_SHA384) #if !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384: case MBEDTLS_MD_SHA384:
return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
#endif #endif
case MBEDTLS_MD_SHA512: case MBEDTLS_MD_SHA512:
return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) ); return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );

View file

@ -761,7 +761,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size,
if( !( oid->p[i] & 0x80 ) ) if( !( oid->p[i] & 0x80 ) )
{ {
/* Last byte */ /* Last byte */
ret = mbedtls_snprintf( p, n, ".%d", value ); ret = mbedtls_snprintf( p, n, ".%u", value );
OID_SAFE_SNPRINTF; OID_SAFE_SNPRINTF;
value = 0; value = 0;
} }

View file

@ -2356,7 +2356,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
unsigned char *end ) unsigned char *end )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t len; uint16_t len;
((void) ssl); ((void) ssl);
/* /*
@ -2373,7 +2373,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
len = (*p)[0] << 8 | (*p)[1]; len = (*p)[0] << 8 | (*p)[1];
*p += 2; *p += 2;
if( end - (*p) < (int) len ) if( end - (*p) < len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) ); "(psk_identity_hint length)" ) );

View file

@ -214,7 +214,7 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
if( max_len > mfl ) if( max_len > mfl )
max_len = mfl; max_len = mfl;
@ -3197,16 +3197,17 @@ static int ssl_check_dtls_clihlo_cookie(
* that looks like a ClientHello. * that looks like a ClientHello.
* *
* - if the input looks like a ClientHello without cookies, * - if the input looks like a ClientHello without cookies,
* send back HelloVerifyRequest, then * send back HelloVerifyRequest, then return 0
* return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
* - if the input looks like a ClientHello with a valid cookie, * - if the input looks like a ClientHello with a valid cookie,
* reset the session of the current context, and * reset the session of the current context, and
* return MBEDTLS_ERR_SSL_CLIENT_RECONNECT * return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
* - if anything goes wrong, return a specific error code * - if anything goes wrong, return a specific error code
* *
* mbedtls_ssl_read_record() will ignore the record if anything else than * This function is called (through ssl_check_client_reconnect()) when an
* MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function * unexpected record is found in ssl_get_next_record(), which will discard the
* cannot not return 0. * record if we return 0, and bubble up the return value otherwise (this
* includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected
* errors, and is the right thing to do in both cases).
*/ */
static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
{ {
@ -3218,6 +3219,8 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
{ {
/* If we can't use cookies to verify reachability of the peer, /* If we can't use cookies to verify reachability of the peer,
* drop the record. */ * drop the record. */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, "
"can't check reconnect validity" ) );
return( 0 ); return( 0 );
} }
@ -3233,16 +3236,23 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{ {
int send_ret;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) );
MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
ssl->out_buf, len );
/* Don't check write errors as we can't do anything here. /* Don't check write errors as we can't do anything here.
* If the error is permanent we'll catch it later, * If the error is permanent we'll catch it later,
* if it's not, then hopefully it'll work next time. */ * if it's not, then hopefully it'll work next time. */
(void) ssl->f_send( ssl->p_bio, ssl->out_buf, len ); send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len );
ret = 0; MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret );
(void) send_ret;
return( 0 );
} }
if( ret == 0 ) if( ret == 0 )
{ {
/* Got a valid cookie, partially reset context */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) );
if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 ) if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
@ -4415,6 +4425,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
ssl->in_msglen = rec.data_len; ssl->in_msglen = rec.data_len;
ret = ssl_check_client_reconnect( ssl ); ret = ssl_check_client_reconnect( ssl );
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
#endif #endif

View file

@ -2841,7 +2841,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info; ssl->handshake->ciphersuite_info;
size_t dn_size, total_dn_size; /* excluding length bytes */ uint16_t dn_size, total_dn_size; /* excluding length bytes */
size_t ct_len, sa_len; /* including length bytes */ size_t ct_len, sa_len; /* including length bytes */
unsigned char *buf, *p; unsigned char *buf, *p;
const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
@ -2969,11 +2969,11 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
while( crt != NULL && crt->version != 0 ) while( crt != NULL && crt->version != 0 )
{ {
dn_size = crt->subject_raw.len; /* It follows from RFC 5280 A.1 that this length
* can be represented in at most 11 bits. */
dn_size = (uint16_t) crt->subject_raw.len;
if( end < p || if( end < p || (size_t)( end - p ) < 2 + (size_t) dn_size )
(size_t)( end - p ) < dn_size ||
(size_t)( end - p ) < 2 + dn_size )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
break; break;
@ -3812,7 +3812,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
const unsigned char *end ) const unsigned char *end )
{ {
int ret = 0; int ret = 0;
size_t n; uint16_t n;
if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 ) if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 )
{ {
@ -3832,7 +3832,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
n = ( (*p)[0] << 8 ) | (*p)[1]; n = ( (*p)[0] << 8 ) | (*p)[1];
*p += 2; *p += 2;
if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) ) if( n == 0 || n > end - *p )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );

View file

@ -1514,9 +1514,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
psk = ssl->conf->psk_opaque; psk = mbedtls_ssl_get_opaque_psk( ssl );
if( handshake->psk_opaque != 0 )
psk = handshake->psk_opaque;
if( hash_alg == MBEDTLS_MD_SHA384 ) if( hash_alg == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
@ -1850,14 +1848,18 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
{ {
unsigned char *p = ssl->handshake->premaster; unsigned char *p = ssl->handshake->premaster;
unsigned char *end = p + sizeof( ssl->handshake->premaster ); unsigned char *end = p + sizeof( ssl->handshake->premaster );
const unsigned char *psk = ssl->conf->psk; const unsigned char *psk = NULL;
size_t psk_len = ssl->conf->psk_len; size_t psk_len = 0;
/* If the psk callback was called, use its result */ if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len )
if( ssl->handshake->psk != NULL ) == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED )
{ {
psk = ssl->handshake->psk; /*
psk_len = ssl->handshake->psk_len; * This should never happen because the existence of a PSK is always
* checked before calling this function
*/
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
/* /*
@ -3673,6 +3675,11 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
/* If the buffers are too small - reallocate */ /* If the buffers are too small - reallocate */
{ {
int modified = 0; int modified = 0;
size_t written_in = 0;
size_t written_out = 0;
if( ssl->in_buf != NULL )
{
written_in = ssl->in_msg - ssl->in_buf;
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN ) if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
{ {
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN, if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
@ -3686,6 +3693,11 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
modified = 1; modified = 1;
} }
} }
}
if( ssl->out_buf != NULL )
{
written_out = ssl->out_msg - ssl->out_buf;
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN ) if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
{ {
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN, if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
@ -3699,10 +3711,15 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
modified = 1; modified = 1;
} }
} }
}
if( modified ) if( modified )
{ {
/* Update pointers here to avoid doing it twice. */ /* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl ); mbedtls_ssl_reset_in_out_pointers( ssl );
/* Fields below might not be properly updated with record
* splitting, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out;
ssl->in_msg = ssl->in_buf + written_in;
} }
} }
#endif #endif
@ -4889,7 +4906,42 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
} }
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
{
size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t read_mfl;
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
{
return ssl_mfl_code_to_length( ssl->conf->mfl_code );
}
/* Check if a smaller max length was negotiated */
if( ssl->session_out != NULL )
{
read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
if( read_mfl < max_len )
{
max_len = read_mfl;
}
}
// During a handshake, use the value being negotiated
if( ssl->session_negotiate != NULL )
{
read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
if( read_mfl < max_len )
{
max_len = read_mfl;
}
}
return( max_len );
}
size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl )
{ {
size_t max_len; size_t max_len;
@ -4914,6 +4966,13 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
return( max_len ); return( max_len );
} }
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
{
return mbedtls_ssl_get_output_max_frag_len( ssl );
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -4946,7 +5005,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
#endif #endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl ); const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
if( max_len > mfl ) if( max_len > mfl )
max_len = mfl; max_len = mfl;
@ -5892,9 +5951,10 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl ); uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
size_t written_in = 0; size_t written_in = 0;
size_t written_out = 0; size_t written_out = 0;
if( ssl->in_buf != NULL && if( ssl->in_buf != NULL )
ssl->in_buf_len > buf_len && {
ssl->in_left < buf_len ) written_in = ssl->in_msg - ssl->in_buf;
if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len )
{ {
written_in = ssl->in_msg - ssl->in_buf; written_in = ssl->in_msg - ssl->in_buf;
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 ) if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
@ -5907,13 +5967,16 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
modified = 1; modified = 1;
} }
} }
}
buf_len = mbedtls_ssl_get_output_buflen( ssl ); buf_len = mbedtls_ssl_get_output_buflen( ssl );
if( ssl->out_buf != NULL && if(ssl->out_buf != NULL )
ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
ssl->out_left < buf_len )
{ {
written_out = ssl->out_msg - ssl->out_buf; written_out = ssl->out_msg - ssl->out_buf;
if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
ssl->out_left < buf_len )
{
if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 ) if( resize_buffer( &ssl->out_buf, buf_len, &ssl->out_buf_len ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) );
@ -5924,6 +5987,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
modified = 1; modified = 1;
} }
} }
}
if( modified ) if( modified )
{ {
/* Update pointers here to avoid doing it twice. */ /* Update pointers here to avoid doing it twice. */

View file

@ -870,7 +870,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s
ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)", ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
md_info ? mbedtls_md_get_name( md_info ) : "???", md_info ? mbedtls_md_get_name( md_info ) : "???",
mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???", mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
pss_opts->expected_salt_len ); (unsigned int) pss_opts->expected_salt_len );
MBEDTLS_X509_SAFE_SNPRINTF; MBEDTLS_X509_SAFE_SNPRINTF;
} }
#else #else
@ -1064,7 +1064,7 @@ cleanup:
mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &clicert );
#else #else
((void) verbose); ((void) verbose);
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */
return( ret ); return( ret );
} }

View file

@ -524,6 +524,12 @@ static int x509_get_basic_constraints( unsigned char **p,
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
/* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
* overflow, which is an undefined behavior. */
if( *max_pathlen == INT_MAX )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
MBEDTLS_ERR_ASN1_INVALID_LENGTH );
(*max_pathlen)++; (*max_pathlen)++;
return( 0 ); return( 0 );

15
programs/.gitignore vendored
View file

@ -12,8 +12,8 @@ hash/sha2sum
pkey/dh_client pkey/dh_client
pkey/dh_genprime pkey/dh_genprime
pkey/dh_server pkey/dh_server
pkey/ecdsa
pkey/ecdh_curve25519 pkey/ecdh_curve25519
pkey/ecdsa
pkey/gen_key pkey/gen_key
pkey/key_app pkey/key_app
pkey/key_app_writer pkey/key_app_writer
@ -30,36 +30,37 @@ pkey/rsa_sign_pss
pkey/rsa_verify pkey/rsa_verify
pkey/rsa_verify_pss pkey/rsa_verify_pss
psa/crypto_examples psa/crypto_examples
psa/key_ladder_demo
psa/psa_constant_names psa/psa_constant_names
psa/psa_constant_names_generated.c psa/psa_constant_names_generated.c
psa/key_ladder_demo
random/gen_entropy random/gen_entropy
random/gen_random_ctr_drbg random/gen_random_ctr_drbg
random/gen_random_havege random/gen_random_havege
ssl/dtls_client ssl/dtls_client
ssl/dtls_server ssl/dtls_server
ssl/mini_client
ssl/ssl_client1 ssl/ssl_client1
ssl/ssl_client2 ssl/ssl_client2
ssl/ssl_context_info
ssl/ssl_fork_server ssl/ssl_fork_server
ssl/ssl_mail_client ssl/ssl_mail_client
ssl/ssl_pthread_server ssl/ssl_pthread_server
ssl/ssl_server ssl/ssl_server
ssl/ssl_server2 ssl/ssl_server2
ssl/mini_client
test/benchmark test/benchmark
test/ecp-bench
test/selftest
test/cpp_dummy_build test/cpp_dummy_build
test/ecp-bench
test/query_compile_time_config
test/selftest
test/ssl_cert_test test/ssl_cert_test
test/udp_proxy test/udp_proxy
test/zeroize test/zeroize
test/query_compile_time_config
util/pem2der util/pem2der
util/strerror util/strerror
x509/cert_app x509/cert_app
x509/cert_req x509/cert_req
x509/crl_app
x509/cert_write x509/cert_write
x509/crl_app
x509/req_app x509/req_app
# generated files # generated files

View file

@ -8,5 +8,5 @@ add_subdirectory(psa)
add_subdirectory(random) add_subdirectory(random)
add_subdirectory(ssl) add_subdirectory(ssl)
add_subdirectory(test) add_subdirectory(test)
add_subdirectory(x509)
add_subdirectory(util) add_subdirectory(util)
add_subdirectory(x509)

View file

@ -53,8 +53,8 @@ endif
APPS = \ APPS = \
aes/aescrypt2$(EXEXT) \ aes/aescrypt2$(EXEXT) \
aes/crypt_and_hash$(EXEXT) \ aes/crypt_and_hash$(EXEXT) \
hash/hello$(EXEXT) \
hash/generic_sum$(EXEXT) \ hash/generic_sum$(EXEXT) \
hash/hello$(EXEXT) \
pkey/dh_client$(EXEXT) \ pkey/dh_client$(EXEXT) \
pkey/dh_genprime$(EXEXT) \ pkey/dh_genprime$(EXEXT) \
pkey/dh_server$(EXEXT) \ pkey/dh_server$(EXEXT) \
@ -68,39 +68,40 @@ APPS = \
pkey/pk_encrypt$(EXEXT) \ pkey/pk_encrypt$(EXEXT) \
pkey/pk_sign$(EXEXT) \ pkey/pk_sign$(EXEXT) \
pkey/pk_verify$(EXEXT) \ pkey/pk_verify$(EXEXT) \
pkey/rsa_genkey$(EXEXT) \
pkey/rsa_decrypt$(EXEXT) \ pkey/rsa_decrypt$(EXEXT) \
pkey/rsa_encrypt$(EXEXT) \ pkey/rsa_encrypt$(EXEXT) \
pkey/rsa_genkey$(EXEXT) \
pkey/rsa_sign$(EXEXT) \ pkey/rsa_sign$(EXEXT) \
pkey/rsa_verify$(EXEXT) \
pkey/rsa_sign_pss$(EXEXT) \ pkey/rsa_sign_pss$(EXEXT) \
pkey/rsa_verify$(EXEXT) \
pkey/rsa_verify_pss$(EXEXT) \ pkey/rsa_verify_pss$(EXEXT) \
psa/crypto_examples$(EXEXT) \ psa/crypto_examples$(EXEXT) \
psa/key_ladder_demo$(EXEXT) \ psa/key_ladder_demo$(EXEXT) \
psa/psa_constant_names$(EXEXT) \ psa/psa_constant_names$(EXEXT) \
random/gen_entropy$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \
random/gen_random_havege$(EXEXT) \
ssl/dtls_client$(EXEXT) \ ssl/dtls_client$(EXEXT) \
ssl/dtls_server$(EXEXT) \ ssl/dtls_server$(EXEXT) \
ssl/mini_client$(EXEXT) \
ssl/ssl_client1$(EXEXT) \ ssl/ssl_client1$(EXEXT) \
ssl/ssl_client2$(EXEXT) \ ssl/ssl_client2$(EXEXT) \
ssl/ssl_context_info$(EXEXT) \
ssl/ssl_fork_server$(EXEXT) \
ssl/ssl_mail_client$(EXEXT) \
ssl/ssl_server$(EXEXT) \ ssl/ssl_server$(EXEXT) \
ssl/ssl_server2$(EXEXT) \ ssl/ssl_server2$(EXEXT) \
ssl/ssl_fork_server$(EXEXT) \
ssl/mini_client$(EXEXT) \
ssl/ssl_mail_client$(EXEXT) \
random/gen_entropy$(EXEXT) \
random/gen_random_havege$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \
test/benchmark$(EXEXT) \ test/benchmark$(EXEXT) \
test/query_compile_time_config$(EXEXT) \
test/selftest$(EXEXT) \ test/selftest$(EXEXT) \
test/udp_proxy$(EXEXT) \ test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \ test/zeroize$(EXEXT) \
test/query_compile_time_config$(EXEXT) \
util/pem2der$(EXEXT) \ util/pem2der$(EXEXT) \
util/strerror$(EXEXT) \ util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) \ x509/cert_app$(EXEXT) \
x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) \ x509/cert_req$(EXEXT) \
x509/cert_write$(EXEXT) \ x509/cert_write$(EXEXT) \
x509/crl_app$(EXEXT) \
x509/req_app$(EXEXT) \ x509/req_app$(EXEXT) \
# End of APPS # End of APPS
@ -282,6 +283,10 @@ ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c test/query_config.c $(DEP)
echo " CC ssl/ssl_server2.c" echo " CC ssl/ssl_server2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.c $(DEP)
echo " CC ssl/ssl_context_info.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP) ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
echo " CC ssl/ssl_fork_server.c" echo " CC ssl/ssl_fork_server.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

View file

@ -118,7 +118,7 @@ int main( int argc, char *argv[] )
ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 ); ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", -ret ); mbedtls_printf( " ! mbedtls_md_setup() returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -298,7 +298,7 @@ int main( int argc, char *argv[] )
if( fread( buffer, 1, n, fin ) != (size_t) n ) if( fread( buffer, 1, n, fin ) != (size_t) n )
{ {
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n ); mbedtls_fprintf( stderr, "fread(%u bytes) failed\n", n );
goto exit; goto exit;
} }
@ -413,7 +413,7 @@ int main( int argc, char *argv[] )
if( fwrite( buffer, 1, n, fout ) != (size_t) n ) if( fwrite( buffer, 1, n, fout ) != (size_t) n )
{ {
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n ); mbedtls_fprintf( stderr, "fwrite(%u bytes) failed\n", n );
goto exit; goto exit;
} }
} }

View file

@ -219,7 +219,7 @@ int main( int argc, char *argv[] )
p = &argv[6][4]; p = &argv[6][4];
keylen = 0; keylen = 0;
while( sscanf( p, "%02X", &n ) > 0 && while( sscanf( p, "%02X", (unsigned int*) &n ) > 0 &&
keylen < (int) sizeof( key ) ) keylen < (int) sizeof( key ) )
{ {
key[keylen++] = (unsigned char) n; key[keylen++] = (unsigned char) n;
@ -417,7 +417,7 @@ int main( int argc, char *argv[] )
( ( filesize - mbedtls_md_get_size( md_info ) ) % ( ( filesize - mbedtls_md_get_size( md_info ) ) %
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 ) mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
{ {
mbedtls_fprintf( stderr, "File content not a multiple of the block size (%d).\n", mbedtls_fprintf( stderr, "File content not a multiple of the block size (%u).\n",
mbedtls_cipher_get_block_size( &cipher_ctx )); mbedtls_cipher_get_block_size( &cipher_ctx ));
goto exit; goto exit;
} }
@ -484,7 +484,7 @@ int main( int argc, char *argv[] )
if( fread( buffer, 1, ilen, fin ) != ilen ) if( fread( buffer, 1, ilen, fin ) != ilen )
{ {
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", mbedtls_fprintf( stderr, "fread(%u bytes) failed\n",
mbedtls_cipher_get_block_size( &cipher_ctx ) ); mbedtls_cipher_get_block_size( &cipher_ctx ) );
goto exit; goto exit;
} }

View file

@ -189,7 +189,7 @@ int main( int argc, char *argv[] )
sig, &sig_len, sig, &sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret );
goto exit; goto exit;
} }
mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len ); mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );

View file

@ -302,7 +302,7 @@ int main( int argc, char *argv[] )
NULL, DEV_RANDOM_THRESHOLD, NULL, DEV_RANDOM_THRESHOLD,
MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 ) MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -315,7 +315,7 @@ int main( int argc, char *argv[] )
(const unsigned char *) pers, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -328,7 +328,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_setup( &key, if( ( ret = mbedtls_pk_setup( &key,
mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 ) mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -339,7 +339,7 @@ int main( int argc, char *argv[] )
opt.rsa_keysize, 65537 ); opt.rsa_keysize, 65537 );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -353,7 +353,7 @@ int main( int argc, char *argv[] )
mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", -ret ); mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int) -ret );
goto exit; goto exit;
} }
} }

View file

@ -187,7 +187,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto cleanup; goto cleanup;
} }
@ -248,7 +248,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto cleanup; goto cleanup;
} }

View file

@ -299,7 +299,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -360,7 +360,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", -ret, buf ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }

View file

@ -100,7 +100,7 @@ int main( int argc, char *argv[] )
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -109,7 +109,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
} }
i = 0; i = 0;
while( fscanf( f, "%02X", &c ) > 0 && while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
i < (int) sizeof( buf ) ) i < (int) sizeof( buf ) )
{ {
buf[i++] = (unsigned char) c; buf[i++] = (unsigned char) c;
@ -142,7 +142,7 @@ int main( int argc, char *argv[] )
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }

View file

@ -98,7 +98,7 @@ int main( int argc, char *argv[] )
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -107,7 +107,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -130,7 +130,7 @@ int main( int argc, char *argv[] )
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }

View file

@ -96,7 +96,7 @@ int main( int argc, char *argv[] )
(const unsigned char *) pers, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -127,7 +127,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen, if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }

View file

@ -86,7 +86,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -123,7 +123,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0, if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
buf, i ) ) != 0 ) buf, i ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;
} }

View file

@ -160,7 +160,7 @@ int main( int argc, char *argv[] )
i = 0; i = 0;
while( fscanf( f, "%02X", &c ) > 0 && while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
i < (int) sizeof( buf ) ) i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c; buf[i++] = (unsigned char) c;

View file

@ -129,7 +129,7 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 ) if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -151,7 +151,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
20, hash, buf ) ) != 0 ) 20, hash, buf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }

View file

@ -114,7 +114,7 @@ int main( int argc, char *argv[] )
} }
i = 0; i = 0;
while( fscanf( f, "%02X", &c ) > 0 && while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
i < (int) sizeof( buf ) ) i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c; buf[i++] = (unsigned char) c;
@ -144,7 +144,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }

View file

@ -101,7 +101,7 @@ int main( void )
status = ( expr ); \ status = ( expr ); \
if( status != PSA_SUCCESS ) \ if( status != PSA_SUCCESS ) \
{ \ { \
printf( "Error %d at line %u: %s\n", \ printf( "Error %d at line %d: %s\n", \
(int) status, \ (int) status, \
__LINE__, \ __LINE__, \
#expr ); \ #expr ); \

View file

@ -80,7 +80,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n", mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n",
ret ); (unsigned int) ret );
goto cleanup; goto cleanup;
} }

View file

@ -8,12 +8,12 @@ set(libs
set(targets set(targets
dtls_client dtls_client
dtls_server dtls_server
mini_client
ssl_client1 ssl_client1
ssl_client2 ssl_client2
ssl_server
ssl_fork_server ssl_fork_server
ssl_mail_client ssl_mail_client
mini_client ssl_server
) )
if(USE_PKCS11_HELPER_LIBRARY) if(USE_PKCS11_HELPER_LIBRARY)
@ -44,6 +44,9 @@ add_executable(ssl_server2 ssl_server2.c)
target_sources(ssl_server2 PUBLIC ../test/query_config.c) target_sources(ssl_server2 PUBLIC ../test/query_config.c)
target_link_libraries(ssl_server2 ${libs}) target_link_libraries(ssl_server2 ${libs})
add_executable(ssl_context_info ssl_context_info.c)
target_link_libraries(ssl_context_info ${libs})
add_executable(ssl_fork_server ssl_fork_server.c) add_executable(ssl_fork_server ssl_fork_server.c)
target_link_libraries(ssl_fork_server ${libs}) target_link_libraries(ssl_fork_server ${libs})

View file

@ -149,7 +149,7 @@ int main( int argc, char *argv[] )
mbedtls_test_cas_pem_len ); mbedtls_test_cas_pem_len );
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -225,7 +225,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -303,7 +303,7 @@ send_request:
goto close_notify; goto close_notify;
default: default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret ); mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
} }

View file

@ -291,7 +291,7 @@ reset:
client_ip, cliip_len ) ) != 0 ) client_ip, cliip_len ) ) != 0 )
{ {
printf( " failed\n ! " printf( " failed\n ! "
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", -ret ); "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -318,7 +318,7 @@ reset:
} }
else if( ret != 0 ) else if( ret != 0 )
{ {
printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
goto reset; goto reset;
} }
@ -351,7 +351,7 @@ reset:
goto close_notify; goto close_notify;
default: default:
printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret ); printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
goto reset; goto reset;
} }
} }

View file

@ -134,7 +134,7 @@ int main( void )
mbedtls_test_cas_pem_len ); mbedtls_test_cas_pem_len );
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -203,7 +203,7 @@ int main( void )
{ {
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
} }

View file

@ -67,6 +67,7 @@ int main( void )
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
#include "mbedtls/timing.h" #include "mbedtls/timing.h"
#include "mbedtls/base64.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h" #include "psa/crypto.h"
@ -139,6 +140,7 @@ int main( void )
#define DFL_EXTENDED_MS -1 #define DFL_EXTENDED_MS -1
#define DFL_ETM -1 #define DFL_ETM -1
#define DFL_SERIALIZE 0 #define DFL_SERIALIZE 0
#define DFL_CONTEXT_FILE ""
#define DFL_EXTENDED_MS_ENFORCE -1 #define DFL_EXTENDED_MS_ENFORCE -1
#define DFL_CA_CALLBACK 0 #define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0 #define DFL_EAP_TLS 0
@ -365,7 +367,12 @@ int main( void )
#define USAGE_SERIALIZATION \ #define USAGE_SERIALIZATION \
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \ " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \ " options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n" " 2 (serialize with re-initialization)\n" \
" context_file=%%s The file path to write a serialized connection\n"\
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
" option: a file path\n"
#else #else
#define USAGE_SERIALIZATION "" #define USAGE_SERIALIZATION ""
#endif #endif
@ -516,6 +523,9 @@ struct options
* during renegotiation */ * during renegotiation */
const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val; /* the CID to use for incoming messages */
int serialize; /* serialize/deserialize connection */ int serialize; /* serialize/deserialize connection */
const char *context_file; /* the file to write a serialized connection
* in the form of base64 code (serialize
* option must be set) */
const char *cid_val_renego; /* the CID to use for incoming messages const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */ * after renegotiation */
int reproducible; /* make communication reproducible */ int reproducible; /* make communication reproducible */
@ -823,7 +833,7 @@ static int ssl_check_record( mbedtls_ssl_context const *ssl,
break; break;
default: default:
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", -ret ); mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret );
return( -1 ); return( -1 );
} }
@ -1067,7 +1077,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
return( ret ); return( ret );
} }
@ -1091,7 +1101,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
return( ret ); return( ret );
} }
@ -1101,7 +1111,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
return( ret ); return( ret );
} }
mbedtls_printf( "(%s) Peer CID (length %u Bytes): ", mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
@ -1310,6 +1320,7 @@ int main( int argc, char *argv[] )
opt.etm = DFL_ETM; opt.etm = DFL_ETM;
opt.dgram_packing = DFL_DGRAM_PACKING; opt.dgram_packing = DFL_DGRAM_PACKING;
opt.serialize = DFL_SERIALIZE; opt.serialize = DFL_SERIALIZE;
opt.context_file = DFL_CONTEXT_FILE;
opt.eap_tls = DFL_EAP_TLS; opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE; opt.reproducible = DFL_REPRODUCIBLE;
opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog = DFL_NSS_KEYLOG;
@ -1707,6 +1718,10 @@ int main( int argc, char *argv[] )
if( opt.serialize < 0 || opt.serialize > 2) if( opt.serialize < 0 || opt.serialize > 2)
goto usage; goto usage;
} }
else if( strcmp( p, "context_file") == 0 )
{
opt.context_file = q;
}
else if( strcmp( p, "eap_tls" ) == 0 ) else if( strcmp( p, "eap_tls" ) == 0 )
{ {
opt.eap_tls = atoi( q ); opt.eap_tls = atoi( q );
@ -1998,7 +2013,7 @@ int main( int argc, char *argv[] )
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2009,7 +2024,7 @@ int main( int argc, char *argv[] )
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2067,7 +2082,7 @@ int main( int argc, char *argv[] )
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2102,7 +2117,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2127,7 +2142,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2164,7 +2179,7 @@ int main( int argc, char *argv[] )
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2175,7 +2190,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2193,7 +2208,7 @@ int main( int argc, char *argv[] )
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2234,7 +2249,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2432,7 +2447,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2512,7 +2527,7 @@ int main( int argc, char *argv[] )
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
-ret ); (unsigned int) -ret );
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
mbedtls_printf( mbedtls_printf(
" Unable to verify the server's certificate. " " Unable to verify the server's certificate. "
@ -2553,8 +2568,10 @@ int main( int argc, char *argv[] )
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" ); mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum fragment length is %u ]\n", mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) ); (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
@ -2582,7 +2599,7 @@ int main( int argc, char *argv[] )
!= 0 ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2603,7 +2620,7 @@ int main( int argc, char *argv[] )
sizeof( eap_tls_iv ) ) ) != 0 ) sizeof( eap_tls_iv ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2650,7 +2667,7 @@ int main( int argc, char *argv[] )
&session_data_len ) ) != 0 ) &session_data_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2659,7 +2676,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 ) if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2810,7 +2827,7 @@ send_request:
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2938,7 +2955,7 @@ send_request:
default: default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -3002,7 +3019,7 @@ send_request:
goto close_notify; goto close_notify;
default: default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -3030,7 +3047,7 @@ send_request:
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3041,7 +3058,7 @@ send_request:
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3075,7 +3092,7 @@ send_request:
if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3093,17 +3110,67 @@ send_request:
buf_len, &buf_len ) ) != 0 ) buf_len, &buf_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/* Save serialized context to the 'opt.context_file' as a base64 code */
if( 0 < strlen( opt.context_file ) )
{
FILE *b64_file;
uint8_t *b64_buf;
size_t b64_len;
mbedtls_printf( " . Save serialized context to a file... " );
mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
{
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
"the base64 code\n" );
goto exit;
}
if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
context_buf, buf_len ) ) != 0 )
{
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
"-0x%x\n", (unsigned int) -ret );
mbedtls_free( b64_buf );
goto exit;
}
if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
{
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
opt.context_file );
mbedtls_free( b64_buf );
goto exit;
}
if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
{
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
(long) b64_len );
mbedtls_free( b64_buf );
fclose( b64_file );
goto exit;
}
mbedtls_free( b64_buf );
fclose( b64_file );
mbedtls_printf( "ok\n" );
}
if( opt.serialize == 1 ) if( opt.serialize == 1 )
{ {
/* nothing to do here, done by context_save() already */ /* nothing to do here, done by context_save() already */
mbedtls_printf( " . Context has been reset... ok" ); mbedtls_printf( " . Context has been reset... ok\n" );
} }
if( opt.serialize == 2 ) if( opt.serialize == 2 )
@ -3117,7 +3184,7 @@ send_request:
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned " mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3144,7 +3211,7 @@ send_request:
buf_len ) ) != 0 ) buf_len ) ) != 0 )
{ {
mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3216,7 +3283,7 @@ reconnect:
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3227,7 +3294,7 @@ reconnect:
session_data_len ) ) != 0 ) session_data_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -3235,7 +3302,7 @@ reconnect:
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 ) if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3245,7 +3312,7 @@ reconnect:
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3256,7 +3323,7 @@ reconnect:
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3267,7 +3334,7 @@ reconnect:
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -3286,7 +3353,7 @@ exit:
{ {
char error_buf[100]; char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 ); mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf ); mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
} }
#endif #endif

File diff suppressed because it is too large Load diff

View file

@ -309,7 +309,7 @@ reset:
break; break;
default: default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
break; break;
} }

View file

@ -63,6 +63,7 @@ int main( void )
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
#include "mbedtls/timing.h" #include "mbedtls/timing.h"
#include "mbedtls/base64.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h" #include "psa/crypto.h"
@ -172,6 +173,7 @@ int main( void )
#define DFL_EXTENDED_MS -1 #define DFL_EXTENDED_MS -1
#define DFL_ETM -1 #define DFL_ETM -1
#define DFL_SERIALIZE 0 #define DFL_SERIALIZE 0
#define DFL_CONTEXT_FILE ""
#define DFL_EXTENDED_MS_ENFORCE -1 #define DFL_EXTENDED_MS_ENFORCE -1
#define DFL_CA_CALLBACK 0 #define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0 #define DFL_EAP_TLS 0
@ -451,7 +453,12 @@ int main( void )
#define USAGE_SERIALIZATION \ #define USAGE_SERIALIZATION \
" serialize=%%d default: 0 (do not serialize/deserialize)\n" \ " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
" options: 1 (serialize)\n" \ " options: 1 (serialize)\n" \
" 2 (serialize with re-initialization)\n" " 2 (serialize with re-initialization)\n" \
" context_file=%%s The file path to write a serialized connection\n"\
" in the form of base64 code (serialize option\n" \
" must be set)\n" \
" default: \"\" (do nothing)\n" \
" option: a file path\n"
#else #else
#define USAGE_SERIALIZATION "" #define USAGE_SERIALIZATION ""
#endif #endif
@ -617,6 +624,9 @@ struct options
* during renegotiation */ * during renegotiation */
const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val; /* the CID to use for incoming messages */
int serialize; /* serialize/deserialize connection */ int serialize; /* serialize/deserialize connection */
const char *context_file; /* the file to write a serialized connection
* in the form of base64 code (serialize
* option must be set) */
const char *cid_val_renego; /* the CID to use for incoming messages const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */ * after renegotiation */
int reproducible; /* make communication reproducible */ int reproducible; /* make communication reproducible */
@ -922,7 +932,7 @@ static int ssl_check_record( mbedtls_ssl_context const *ssl,
break; break;
default: default:
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", -ret ); mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret );
return( -1 ); return( -1 );
} }
@ -1710,7 +1720,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
return( ret ); return( ret );
} }
@ -1984,6 +1994,7 @@ int main( int argc, char *argv[] )
opt.extended_ms = DFL_EXTENDED_MS; opt.extended_ms = DFL_EXTENDED_MS;
opt.etm = DFL_ETM; opt.etm = DFL_ETM;
opt.serialize = DFL_SERIALIZE; opt.serialize = DFL_SERIALIZE;
opt.context_file = DFL_CONTEXT_FILE;
opt.eap_tls = DFL_EAP_TLS; opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE; opt.reproducible = DFL_REPRODUCIBLE;
opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog = DFL_NSS_KEYLOG;
@ -2406,6 +2417,10 @@ int main( int argc, char *argv[] )
if( opt.serialize < 0 || opt.serialize > 2) if( opt.serialize < 0 || opt.serialize > 2)
goto usage; goto usage;
} }
else if( strcmp( p, "context_file") == 0 )
{
opt.context_file = q;
}
else if( strcmp( p, "eap_tls" ) == 0 ) else if( strcmp( p, "eap_tls" ) == 0 )
{ {
opt.eap_tls = atoi( q ); opt.eap_tls = atoi( q );
@ -2740,7 +2755,7 @@ int main( int argc, char *argv[] )
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2751,7 +2766,7 @@ int main( int argc, char *argv[] )
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2808,7 +2823,7 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_CERTS_C */ #endif /* MBEDTLS_CERTS_C */
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2827,7 +2842,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 ) if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2836,7 +2851,7 @@ int main( int argc, char *argv[] )
key_cert_init++; key_cert_init++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2852,7 +2867,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 ) if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2862,7 +2877,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -2889,7 +2904,7 @@ int main( int argc, char *argv[] )
mbedtls_test_srv_crt_rsa_len ) ) != 0 ) mbedtls_test_srv_crt_rsa_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
if( ( ret = mbedtls_pk_parse_key( &pkey, if( ( ret = mbedtls_pk_parse_key( &pkey,
@ -2897,7 +2912,7 @@ int main( int argc, char *argv[] )
mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 ) mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
key_cert_init = 2; key_cert_init = 2;
@ -2908,7 +2923,7 @@ int main( int argc, char *argv[] )
mbedtls_test_srv_crt_ec_len ) ) != 0 ) mbedtls_test_srv_crt_ec_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
if( ( ret = mbedtls_pk_parse_key( &pkey2, if( ( ret = mbedtls_pk_parse_key( &pkey2,
@ -2916,7 +2931,7 @@ int main( int argc, char *argv[] )
mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 ) mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
key_cert_init2 = 2; key_cert_init2 = 2;
@ -2936,7 +2951,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 ) if( ( ret = mbedtls_dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n", mbedtls_printf( " failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2973,7 +2988,7 @@ int main( int argc, char *argv[] )
opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 ) MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -2990,7 +3005,7 @@ int main( int argc, char *argv[] )
opt.transport, opt.transport,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3049,7 +3064,7 @@ int main( int argc, char *argv[] )
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -3375,7 +3390,7 @@ int main( int argc, char *argv[] )
strlen( opt.psk_identity ) ); strlen( opt.psk_identity ) );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret ); mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -3416,7 +3431,7 @@ int main( int argc, char *argv[] )
#endif #endif
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - ret ); mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
#endif #endif
@ -3429,7 +3444,7 @@ int main( int argc, char *argv[] )
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3514,7 +3529,7 @@ reset:
} }
#endif #endif
mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3524,7 +3539,7 @@ reset:
ret = mbedtls_net_set_block( &client_fd ); ret = mbedtls_net_set_block( &client_fd );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3537,7 +3552,7 @@ reset:
client_ip, cliip_len ) ) != 0 ) client_ip, cliip_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
} }
@ -3600,7 +3615,7 @@ handshake:
} }
else if( ret != 0 ) else if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
@ -3633,8 +3648,10 @@ handshake:
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" ); mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum fragment length is %u ]\n", mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) ); (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
(unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
@ -3692,7 +3709,7 @@ handshake:
!= 0 ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3713,7 +3730,7 @@ handshake:
sizeof( eap_tls_iv ) ) ) != 0 ) sizeof( eap_tls_iv ) ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
-ret ); (unsigned int) -ret );
goto exit; goto exit;
} }
@ -3804,7 +3821,7 @@ data_exchange:
goto reset; goto reset;
default: default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
goto reset; goto reset;
} }
} }
@ -3850,7 +3867,7 @@ data_exchange:
} }
larger_buf[ori_len + extra_len] = '\0'; larger_buf[ori_len + extra_len] = '\0';
mbedtls_printf( " %u bytes read (%u + %u)\n\n%s\n", mbedtls_printf( " %d bytes read (%d + %d)\n\n%s\n",
ori_len + extra_len, ori_len, extra_len, ori_len + extra_len, ori_len, extra_len,
(char *) larger_buf ); (char *) larger_buf );
@ -3918,7 +3935,7 @@ data_exchange:
goto close_notify; goto close_notify;
default: default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
goto reset; goto reset;
} }
} }
@ -4075,7 +4092,7 @@ data_exchange:
if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -4093,13 +4110,63 @@ data_exchange:
buf_len, &buf_len ) ) != 0 ) buf_len, &buf_len ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/* Save serialized context to the 'opt.context_file' as a base64 code */
if( 0 < strlen( opt.context_file ) )
{
FILE *b64_file;
uint8_t *b64_buf;
size_t b64_len;
mbedtls_printf( " . Save serialized context to a file... " );
mbedtls_base64_encode( NULL, 0, &b64_len, context_buf, buf_len );
if( ( b64_buf = mbedtls_calloc( 1, b64_len ) ) == NULL )
{
mbedtls_printf( "failed\n ! Couldn't allocate buffer for "
"the base64 code\n" );
goto exit;
}
if( ( ret = mbedtls_base64_encode( b64_buf, b64_len, &b64_len,
context_buf, buf_len ) ) != 0 )
{
mbedtls_printf( "failed\n ! mbedtls_base64_encode returned "
"-0x%x\n", (unsigned int) -ret );
mbedtls_free( b64_buf );
goto exit;
}
if( ( b64_file = fopen( opt.context_file, "w" ) ) == NULL )
{
mbedtls_printf( "failed\n ! Cannot open '%s' for writing.\n",
opt.context_file );
mbedtls_free( b64_buf );
goto exit;
}
if( b64_len != fwrite( b64_buf, 1, b64_len, b64_file ) )
{
mbedtls_printf( "failed\n ! fwrite(%ld bytes) failed\n",
(long) b64_len );
mbedtls_free( b64_buf );
fclose( b64_file );
goto exit;
}
mbedtls_free( b64_buf );
fclose( b64_file );
mbedtls_printf( "ok\n" );
}
/* /*
* This simulates a workflow where you have a long-lived server * This simulates a workflow where you have a long-lived server
* instance, potentially with a pool of ssl_context objects, and you * instance, potentially with a pool of ssl_context objects, and you
@ -4110,7 +4177,7 @@ data_exchange:
if( opt.serialize == 1 ) if( opt.serialize == 1 )
{ {
/* nothing to do here, done by context_save() already */ /* nothing to do here, done by context_save() already */
mbedtls_printf( " . Context has been reset... ok" ); mbedtls_printf( " . Context has been reset... ok\n" );
} }
/* /*
@ -4132,7 +4199,7 @@ data_exchange:
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned " mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -4165,7 +4232,7 @@ data_exchange:
buf_len ) ) != 0 ) buf_len ) ) != 0 )
{ {
mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned " mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
"-0x%x\n\n", -ret ); "-0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -4208,7 +4275,7 @@ exit:
{ {
char error_buf[100]; char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 ); mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf ); mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf );
} }
#endif #endif

View file

@ -112,7 +112,7 @@ int main( void )
mbedtls_printf( "FAILED: %s\n", tmp ); mbedtls_printf( "FAILED: %s\n", tmp );
#else #else
#define PRINT_ERROR \ #define PRINT_ERROR \
mbedtls_printf( "FAILED: -0x%04x\n", -ret ); mbedtls_printf( "FAILED: -0x%04x\n", (unsigned int) -ret );
#endif #endif
#define TIME_AND_TSC( TITLE, CODE ) \ #define TIME_AND_TSC( TITLE, CODE ) \
@ -150,6 +150,16 @@ do { \
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
/* How much space to reserve for the title when printing heap usage results.
* Updated manually as the output of the following command:
*
* sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
* awk '{print length+2}' | sort -rn | head -n1
*
* This computes the maximum length of a title +2 (because we appends "/s").
* (If the value is too small, the only consequence is poor alignement.) */
#define TITLE_SPACE 16
#define MEMORY_MEASURE_INIT \ #define MEMORY_MEASURE_INIT \
size_t max_used, max_blocks, max_bytes; \ size_t max_used, max_blocks, max_bytes; \
size_t prv_used, prv_blocks; \ size_t prv_used, prv_blocks; \
@ -158,7 +168,8 @@ do { \
#define MEMORY_MEASURE_PRINT( title_len ) \ #define MEMORY_MEASURE_PRINT( title_len ) \
mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \ mbedtls_memory_buffer_alloc_max_get( &max_used, &max_blocks ); \
for( ii = 12 - (title_len); ii != 0; ii-- ) mbedtls_printf( " " ); \ ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
while( ii-- ) mbedtls_printf( " " ); \
max_used -= prv_used; \ max_used -= prv_used; \
max_blocks -= prv_blocks; \ max_blocks -= prv_blocks; \
max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \

View file

@ -133,6 +133,7 @@ int main( void )
" modifying CID in first instance of the packet.\n" \ " modifying CID in first instance of the packet.\n" \
" protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \ " protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
" protect_len=%%d default: (don't protect packets of this size)\n" \ " protect_len=%%d default: (don't protect packets of this size)\n" \
" inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \
"\n" \ "\n" \
" seed=%%d default: (use current time)\n" \ " seed=%%d default: (use current time)\n" \
USAGE_PACK \ USAGE_PACK \
@ -166,6 +167,7 @@ static struct options
unsigned bad_cid; /* inject corrupted CID record */ unsigned bad_cid; /* inject corrupted CID record */
int protect_hvr; /* never drop or delay HelloVerifyRequest */ int protect_hvr; /* never drop or delay HelloVerifyRequest */
int protect_len; /* never drop/delay packet of the given size*/ int protect_len; /* never drop/delay packet of the given size*/
int inject_clihlo; /* inject fake ClientHello after handshake */
unsigned pack; /* merge packets into single datagram for unsigned pack; /* merge packets into single datagram for
* at most \c merge milliseconds if > 0 */ * at most \c merge milliseconds if > 0 */
unsigned int seed; /* seed for "random" events */ unsigned int seed; /* seed for "random" events */
@ -314,6 +316,12 @@ static void get_options( int argc, char *argv[] )
if( opt.protect_len < 0 ) if( opt.protect_len < 0 )
exit_usage( p, q ); exit_usage( p, q );
} }
else if( strcmp( p, "inject_clihlo" ) == 0 )
{
opt.inject_clihlo = atoi( q );
if( opt.inject_clihlo < 0 || opt.inject_clihlo > 1 )
exit_usage( p, q );
}
else if( strcmp( p, "seed" ) == 0 ) else if( strcmp( p, "seed" ) == 0 )
{ {
opt.seed = atoi( q ); opt.seed = atoi( q );
@ -448,7 +456,7 @@ static int ctx_buffer_append( ctx_buffer *buf,
{ {
if( ( ret = ctx_buffer_flush( buf ) ) <= 0 ) if( ( ret = ctx_buffer_flush( buf ) ) <= 0 )
{ {
mbedtls_printf( "ctx_buffer_flush failed with -%#04x", -ret ); mbedtls_printf( "ctx_buffer_flush failed with -%#04x", (unsigned int) -ret );
return( ret ); return( ret );
} }
} }
@ -487,7 +495,7 @@ static int dispatch_data( mbedtls_net_context *ctx,
ret = mbedtls_net_send( ctx, data, len ); ret = mbedtls_net_send( ctx, data, len );
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_printf( "net_send returned -%#04x\n", -ret ); mbedtls_printf( "net_send returned -%#04x\n", (unsigned int) -ret );
} }
return( ret ); return( ret );
} }
@ -523,11 +531,41 @@ void print_packet( const packet *p, const char *why )
fflush( stdout ); fflush( stdout );
} }
/*
* In order to test the server's behaviour when receiving a ClientHello after
* the connection is established (this could be a hard reset from the client,
* but the server must not drop the existing connection before establishing
* client reachability, see RFC 6347 Section 4.2.8), we memorize the first
* ClientHello we see (which can't have a cookie), then replay it after the
* first ApplicationData record - then we're done.
*
* This is controlled by the inject_clihlo option.
*
* We want an explicit state and a place to store the packet.
*/
typedef enum {
ICH_INIT, /* haven't seen the first ClientHello yet */
ICH_CACHED, /* cached the initial ClientHello */
ICH_INJECTED, /* ClientHello already injected, done */
} inject_clihlo_state_t;
static inject_clihlo_state_t inject_clihlo_state;
static packet initial_clihlo;
int send_packet( const packet *p, const char *why ) int send_packet( const packet *p, const char *why )
{ {
int ret; int ret;
mbedtls_net_context *dst = p->dst; mbedtls_net_context *dst = p->dst;
/* save initial ClientHello? */
if( opt.inject_clihlo != 0 &&
inject_clihlo_state == ICH_INIT &&
strcmp( p->type, "ClientHello" ) == 0 )
{
memcpy( &initial_clihlo, p, sizeof( packet ) );
inject_clihlo_state = ICH_CACHED;
}
/* insert corrupted CID record? */ /* insert corrupted CID record? */
if( opt.bad_cid != 0 && if( opt.bad_cid != 0 &&
strcmp( p->type, "CID" ) == 0 && strcmp( p->type, "CID" ) == 0 &&
@ -592,6 +630,23 @@ int send_packet( const packet *p, const char *why )
} }
} }
/* Inject ClientHello after first ApplicationData */
if( opt.inject_clihlo != 0 &&
inject_clihlo_state == ICH_CACHED &&
strcmp( p->type, "ApplicationData" ) == 0 )
{
print_packet( &initial_clihlo, "injected" );
if( ( ret = dispatch_data( dst, initial_clihlo.buf,
initial_clihlo.len ) ) <= 0 )
{
mbedtls_printf( " ! dispatch returned %d\n", ret );
return( ret );
}
inject_clihlo_state = ICH_INJECTED;
}
return( 0 ); return( 0 );
} }
@ -944,7 +999,7 @@ exit:
{ {
char error_buf[100]; char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 ); mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf( "Last error was: -0x%04X - %s\n\n", - ret, error_buf ); mbedtls_printf( "Last error was: -0x%04X - %s\n\n", (unsigned int) -ret, error_buf );
fflush( stdout ); fflush( stdout );
} }
#endif #endif

View file

@ -79,7 +79,7 @@ int main( int argc, char *argv[] )
{ {
char error_buf[200]; char error_buf[200];
mbedtls_strerror( val, error_buf, 200 ); mbedtls_strerror( val, error_buf, 200 );
mbedtls_printf("Last error was: -0x%04x - %s\n\n", (int) -val, error_buf ); mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf );
} }
#if defined(_WIN32) #if defined(_WIN32)

View file

@ -258,7 +258,7 @@ int main( int argc, char *argv[] )
{ {
if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 ) if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -268,7 +268,7 @@ int main( int argc, char *argv[] )
{ {
if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 ) if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }
@ -282,7 +282,7 @@ int main( int argc, char *argv[] )
{ {
if( ( ret = mbedtls_x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 ) if( ( ret = mbedtls_x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
} }

View file

@ -507,7 +507,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_mpi_read_string " mbedtls_printf( " failed\n ! mbedtls_mpi_read_string "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -527,7 +527,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file " mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -537,7 +537,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -561,7 +561,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file " mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -571,7 +571,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -596,7 +596,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -612,7 +612,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
"returned -x%02x - %s\n\n", -ret, buf ); "returned -x%02x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -646,7 +646,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name " mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -654,7 +654,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name " mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -669,7 +669,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial " mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -678,7 +678,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity " mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -696,7 +696,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints " mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -716,7 +716,7 @@ int main( int argc, char *argv[] )
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject" mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject"
"_key_identifier returned -0x%04x - %s\n\n", "_key_identifier returned -0x%04x - %s\n\n",
-ret, buf ); (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -735,7 +735,7 @@ int main( int argc, char *argv[] )
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_" mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_"
"key_identifier returned -0x%04x - %s\n\n", "key_identifier returned -0x%04x - %s\n\n",
-ret, buf ); (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -754,7 +754,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage " mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -772,7 +772,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type " mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
"returned -0x%04x - %s\n\n", -ret, buf ); "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit; goto exit;
} }
@ -790,7 +790,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n", mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n",
-ret, buf ); (unsigned int) -ret, buf );
goto exit; goto exit;
} }

View file

@ -29,7 +29,7 @@ from types import SimpleNamespace
import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
class AbiChecker(object): class AbiChecker:
"""API and ABI checker.""" """API and ABI checker."""
def __init__(self, old_version, new_version, configuration): def __init__(self, old_version, new_version, configuration):

505
scripts/assemble_changelog.py Executable file
View file

@ -0,0 +1,505 @@
#!/usr/bin/env python3
"""Assemble Mbed TLS change log entries into the change log file.
Add changelog entries to the first level-2 section.
Create a new level-2 section for unreleased changes if needed.
Remove the input files unless --keep-entries is specified.
In each level-3 section, entries are sorted in chronological order
(oldest first). From oldest to newest:
* Merged entry files are sorted according to their merge date (date of
the merge commit that brought the commit that created the file into
the target branch).
* Committed but unmerged entry files are sorted according to the date
of the commit that adds them.
* Uncommitted entry files are sorted according to their modification time.
You must run this program from within a git working directory.
"""
# Copyright (C) 2019, Arm Limited, All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
import argparse
from collections import OrderedDict, namedtuple
import datetime
import functools
import glob
import os
import re
import subprocess
import sys
class InputFormatError(Exception):
def __init__(self, filename, line_number, message, *args, **kwargs):
message = '{}:{}: {}'.format(filename, line_number,
message.format(*args, **kwargs))
super().__init__(message)
class CategoryParseError(Exception):
def __init__(self, line_offset, error_message):
self.line_offset = line_offset
self.error_message = error_message
super().__init__('{}: {}'.format(line_offset, error_message))
class LostContent(Exception):
def __init__(self, filename, line):
message = ('Lost content from {}: "{}"'.format(filename, line))
super().__init__(message)
# The category names we use in the changelog.
# If you edit this, update ChangeLog.d/README.md.
STANDARD_CATEGORIES = (
b'API changes',
b'Default behavior changes',
b'Requirement changes',
b'New deprecations',
b'Removals',
b'Features',
b'Security',
b'Bugfix',
b'Changes',
)
CategoryContent = namedtuple('CategoryContent', [
'name', 'title_line', # Title text and line number of the title
'body', 'body_line', # Body text and starting line number of the body
])
class ChangelogFormat:
"""Virtual class documenting how to write a changelog format class."""
@classmethod
def extract_top_version(cls, changelog_file_content):
"""Split out the top version section.
If the top version is already released, create a new top
version section for an unreleased version.
Return ``(header, top_version_title, top_version_body, trailer)``
where the "top version" is the existing top version section if it's
for unreleased changes, and a newly created section otherwise.
To assemble the changelog after modifying top_version_body,
concatenate the four pieces.
"""
raise NotImplementedError
@classmethod
def version_title_text(cls, version_title):
"""Return the text of a formatted version section title."""
raise NotImplementedError
@classmethod
def split_categories(cls, version_body):
"""Split a changelog version section body into categories.
Return a list of `CategoryContent` the name is category title
without any formatting.
"""
raise NotImplementedError
@classmethod
def format_category(cls, title, body):
"""Construct the text of a category section from its title and body."""
raise NotImplementedError
class TextChangelogFormat(ChangelogFormat):
"""The traditional Mbed TLS changelog format."""
_unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx'
@classmethod
def is_released_version(cls, title):
# Look for an incomplete release date
return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title)
_top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
re.DOTALL)
@classmethod
def extract_top_version(cls, changelog_file_content):
"""A version section starts with a line starting with '='."""
m = re.search(cls._top_version_re, changelog_file_content)
top_version_start = m.start(1)
top_version_end = m.end(2)
top_version_title = m.group(1)
top_version_body = m.group(2)
if cls.is_released_version(top_version_title):
top_version_end = top_version_start
top_version_title = cls._unreleased_version_text + b'\n\n'
top_version_body = b''
return (changelog_file_content[:top_version_start],
top_version_title, top_version_body,
changelog_file_content[top_version_end:])
@classmethod
def version_title_text(cls, version_title):
return re.sub(br'\n.*', version_title, re.DOTALL)
_category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE)
@classmethod
def split_categories(cls, version_body):
"""A category title is a line with the title in column 0."""
if not version_body:
return []
title_matches = list(re.finditer(cls._category_title_re, version_body))
if not title_matches or title_matches[0].start() != 0:
# There is junk before the first category.
raise CategoryParseError(0, 'Junk found where category expected')
title_starts = [m.start(1) for m in title_matches]
body_starts = [m.end(0) for m in title_matches]
body_ends = title_starts[1:] + [len(version_body)]
bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n'
for (body_start, body_end) in zip(body_starts, body_ends)]
title_lines = [version_body[:pos].count(b'\n') for pos in title_starts]
body_lines = [version_body[:pos].count(b'\n') for pos in body_starts]
return [CategoryContent(title_match.group(1), title_line,
body, body_line)
for title_match, title_line, body, body_line
in zip(title_matches, title_lines, bodies, body_lines)]
@classmethod
def format_category(cls, title, body):
# `split_categories` ensures that each body ends with a newline.
# Make sure that there is additionally a blank line between categories.
if not body.endswith(b'\n\n'):
body += b'\n'
return title + b'\n' + body
class ChangeLog:
"""An Mbed TLS changelog.
A changelog file consists of some header text followed by one or
more version sections. The version sections are in reverse
chronological order. Each version section consists of a title and a body.
The body of a version section consists of zero or more category
subsections. Each category subsection consists of a title and a body.
A changelog entry file has the same format as the body of a version section.
A `ChangelogFormat` object defines the concrete syntax of the changelog.
Entry files must have the same format as the changelog file.
"""
# Only accept dotted version numbers (e.g. "3.1", not "3").
# Refuse ".x" in a version number where x is a letter: this indicates
# a version that is not yet released. Something like "3.1a" is accepted.
_version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
_incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
def add_categories_from_text(self, filename, line_offset,
text, allow_unknown_category):
"""Parse a version section or entry file."""
try:
categories = self.format.split_categories(text)
except CategoryParseError as e:
raise InputFormatError(filename, line_offset + e.line_offset,
e.error_message)
for category in categories:
if not allow_unknown_category and \
category.name not in self.categories:
raise InputFormatError(filename,
line_offset + category.title_line,
'Unknown category: "{}"',
category.name.decode('utf8'))
self.categories[category.name] += category.body
def __init__(self, input_stream, changelog_format):
"""Create a changelog object.
Populate the changelog object from the content of the file
input_stream.
"""
self.format = changelog_format
whole_file = input_stream.read()
(self.header,
self.top_version_title, top_version_body,
self.trailer) = self.format.extract_top_version(whole_file)
# Split the top version section into categories.
self.categories = OrderedDict()
for category in STANDARD_CATEGORIES:
self.categories[category] = b''
offset = (self.header + self.top_version_title).count(b'\n') + 1
self.add_categories_from_text(input_stream.name, offset,
top_version_body, True)
def add_file(self, input_stream):
"""Add changelog entries from a file.
"""
self.add_categories_from_text(input_stream.name, 1,
input_stream.read(), False)
def write(self, filename):
"""Write the changelog to the specified file.
"""
with open(filename, 'wb') as out:
out.write(self.header)
out.write(self.top_version_title)
for title, body in self.categories.items():
if not body:
continue
out.write(self.format.format_category(title, body))
out.write(self.trailer)
@functools.total_ordering
class EntryFileSortKey:
"""This classes defines an ordering on changelog entry files: older < newer.
* Merged entry files are sorted according to their merge date (date of
the merge commit that brought the commit that created the file into
the target branch).
* Committed but unmerged entry files are sorted according to the date
of the commit that adds them.
* Uncommitted entry files are sorted according to their modification time.
This class assumes that the file is in a git working directory with
the target branch checked out.
"""
# Categories of files. A lower number is considered older.
MERGED = 0
COMMITTED = 1
LOCAL = 2
@staticmethod
def creation_hash(filename):
"""Return the git commit id at which the given file was created.
Return None if the file was never checked into git.
"""
hashes = subprocess.check_output(['git', 'log', '--format=%H',
'--follow',
'--', filename])
m = re.search(b'(.+)$', hashes)
if not m:
# The git output is empty. This means that the file was
# never checked in.
return None
# The last commit in the log is the oldest one, which is when the
# file was created.
return m.group(0)
@staticmethod
def list_merges(some_hash, target, *options):
"""List merge commits from some_hash to target.
Pass options to git to select which commits are included.
"""
text = subprocess.check_output(['git', 'rev-list',
'--merges', *options,
b'..'.join([some_hash, target])])
return text.rstrip(b'\n').split(b'\n')
@classmethod
def merge_hash(cls, some_hash):
"""Return the git commit id at which the given commit was merged.
Return None if the given commit was never merged.
"""
target = b'HEAD'
# List the merges from some_hash to the target in two ways.
# The ancestry list is the ones that are both descendants of
# some_hash and ancestors of the target.
ancestry = frozenset(cls.list_merges(some_hash, target,
'--ancestry-path'))
# The first_parents list only contains merges that are directly
# on the target branch. We want it in reverse order (oldest first).
first_parents = cls.list_merges(some_hash, target,
'--first-parent', '--reverse')
# Look for the oldest merge commit that's both on the direct path
# and directly on the target branch. That's the place where some_hash
# was merged on the target branch. See
# https://stackoverflow.com/questions/8475448/find-merge-commit-which-include-a-specific-commit
for commit in first_parents:
if commit in ancestry:
return commit
return None
@staticmethod
def commit_timestamp(commit_id):
"""Return the timestamp of the given commit."""
text = subprocess.check_output(['git', 'show', '-s',
'--format=%ct',
commit_id])
return datetime.datetime.utcfromtimestamp(int(text))
@staticmethod
def file_timestamp(filename):
"""Return the modification timestamp of the given file."""
mtime = os.stat(filename).st_mtime
return datetime.datetime.fromtimestamp(mtime)
def __init__(self, filename):
"""Determine position of the file in the changelog entry order.
This constructor returns an object that can be used with comparison
operators, with `sort` and `sorted`, etc. Older entries are sorted
before newer entries.
"""
self.filename = filename
creation_hash = self.creation_hash(filename)
if not creation_hash:
self.category = self.LOCAL
self.datetime = self.file_timestamp(filename)
return
merge_hash = self.merge_hash(creation_hash)
if not merge_hash:
self.category = self.COMMITTED
self.datetime = self.commit_timestamp(creation_hash)
return
self.category = self.MERGED
self.datetime = self.commit_timestamp(merge_hash)
def sort_key(self):
""""Return a concrete sort key for this entry file sort key object.
``ts1 < ts2`` is implemented as ``ts1.sort_key() < ts2.sort_key()``.
"""
return (self.category, self.datetime, self.filename)
def __eq__(self, other):
return self.sort_key() == other.sort_key()
def __lt__(self, other):
return self.sort_key() < other.sort_key()
def check_output(generated_output_file, main_input_file, merged_files):
"""Make sanity checks on the generated output.
The intent of these sanity checks is to have reasonable confidence
that no content has been lost.
The sanity check is that every line that is present in an input file
is also present in an output file. This is not perfect but good enough
for now.
"""
generated_output = set(open(generated_output_file, 'rb'))
for line in open(main_input_file, 'rb'):
if line not in generated_output:
raise LostContent('original file', line)
for merged_file in merged_files:
for line in open(merged_file, 'rb'):
if line not in generated_output:
raise LostContent(merged_file, line)
def finish_output(changelog, output_file, input_file, merged_files):
"""Write the changelog to the output file.
The input file and the list of merged files are used only for sanity
checks on the output.
"""
if os.path.exists(output_file) and not os.path.isfile(output_file):
# The output is a non-regular file (e.g. pipe). Write to it directly.
output_temp = output_file
else:
# The output is a regular file. Write to a temporary file,
# then move it into place atomically.
output_temp = output_file + '.tmp'
changelog.write(output_temp)
check_output(output_temp, input_file, merged_files)
if output_temp != output_file:
os.rename(output_temp, output_file)
def remove_merged_entries(files_to_remove):
for filename in files_to_remove:
os.remove(filename)
def list_files_to_merge(options):
"""List the entry files to merge, oldest first.
"Oldest" is defined by `EntryFileSortKey`.
"""
files_to_merge = glob.glob(os.path.join(options.dir, '*.txt'))
files_to_merge.sort(key=EntryFileSortKey)
return files_to_merge
def merge_entries(options):
"""Merge changelog entries into the changelog file.
Read the changelog file from options.input.
Read entries to merge from the directory options.dir.
Write the new changelog to options.output.
Remove the merged entries if options.keep_entries is false.
"""
with open(options.input, 'rb') as input_file:
changelog = ChangeLog(input_file, TextChangelogFormat)
files_to_merge = list_files_to_merge(options)
if not files_to_merge:
sys.stderr.write('There are no pending changelog entries.\n')
return
for filename in files_to_merge:
with open(filename, 'rb') as input_file:
changelog.add_file(input_file)
finish_output(changelog, options.output, options.input, files_to_merge)
if not options.keep_entries:
remove_merged_entries(files_to_merge)
def show_file_timestamps(options):
"""List the files to merge and their timestamp.
This is only intended for debugging purposes.
"""
files = list_files_to_merge(options)
for filename in files:
ts = EntryFileSortKey(filename)
print(ts.category, ts.datetime, filename)
def set_defaults(options):
"""Add default values for missing options."""
output_file = getattr(options, 'output', None)
if output_file is None:
options.output = options.input
if getattr(options, 'keep_entries', None) is None:
options.keep_entries = (output_file is not None)
def main():
"""Command line entry point."""
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument('--dir', '-d', metavar='DIR',
default='ChangeLog.d',
help='Directory to read entries from'
' (default: ChangeLog.d)')
parser.add_argument('--input', '-i', metavar='FILE',
default='ChangeLog',
help='Existing changelog file to read from and augment'
' (default: ChangeLog)')
parser.add_argument('--keep-entries',
action='store_true', dest='keep_entries', default=None,
help='Keep the files containing entries'
' (default: remove them if --output/-o is not specified)')
parser.add_argument('--no-keep-entries',
action='store_false', dest='keep_entries',
help='Remove the files containing entries after they are merged'
' (default: remove them if --output/-o is not specified)')
parser.add_argument('--output', '-o', metavar='FILE',
help='Output changelog file'
' (default: overwrite the input)')
parser.add_argument('--list-files-only',
action='store_true',
help=('Only list the files that would be processed '
'(with some debugging information)'))
options = parser.parse_args()
set_defaults(options)
if options.list_files_only:
show_file_timestamps(options)
return
merge_entries(options)
if __name__ == '__main__':
main()

View file

@ -283,9 +283,13 @@ class ConfigFile(Config):
def __init__(self, filename=None): def __init__(self, filename=None):
"""Read the Mbed TLS configuration file.""" """Read the Mbed TLS configuration file."""
if filename is None: if filename is None:
for filename in self.default_path: for candidate in self.default_path:
if os.path.lexists(filename): if os.path.lexists(candidate):
filename = candidate
break break
else:
raise Exception('Mbed TLS configuration file not found',
self.default_path)
super().__init__() super().__init__()
self.filename = filename self.filename = filename
self.current_section = 'header' self.current_section = 'header'
@ -448,7 +452,7 @@ if __name__ == '__main__':
value = config[args.symbol] value = config[args.symbol]
if value: if value:
sys.stdout.write(value + '\n') sys.stdout.write(value + '\n')
return args.symbol not in config return 0 if args.symbol in config else 1
elif args.command == 'set': elif args.command == 'set':
if not args.force and args.symbol not in config.settings: if not args.force and args.symbol not in config.settings:
sys.stderr.write("A #define for the symbol {} " sys.stderr.write("A #define for the symbol {} "
@ -461,6 +465,7 @@ if __name__ == '__main__':
else: else:
config.adapt(args.adapter) config.adapt(args.adapter)
config.write(args.write) config.write(args.write)
return 0
# Import modules only used by main only if main is defined and called. # Import modules only used by main only if main is defined and called.
# pylint: disable=wrong-import-position # pylint: disable=wrong-import-position

View file

@ -42,10 +42,60 @@
HEADER_INCLUDED HEADER_INCLUDED
const char * mbedtls_high_level_strerr( int error_code )
{
int high_level_error_code;
const char *error_description = NULL;
if( error_code < 0 )
error_code = -error_code;
/* Extract the high-level part from the error code. */
high_level_error_code = error_code & 0xFF80;
switch( high_level_error_code )
{
/* Begin Auto-Generated Code. */
HIGH_LEVEL_CODE_CHECKS
/* End Auto-Generated Code. */
default:
break;
}
return error_description;
}
const char * mbedtls_low_level_strerr( int error_code )
{
int low_level_error_code;
const char *error_description = NULL;
if( error_code < 0 )
error_code = -error_code;
/* Extract the low-level part from the error code. */
low_level_error_code = error_code & ~0xFF80;
switch( low_level_error_code )
{
/* Begin Auto-Generated Code. */
LOW_LEVEL_CODE_CHECKS
/* End Auto-Generated Code. */
default:
break;
}
return error_description;
}
void mbedtls_strerror( int ret, char *buf, size_t buflen ) void mbedtls_strerror( int ret, char *buf, size_t buflen )
{ {
size_t len; size_t len;
int use_ret; int use_ret;
const char * high_level_error_description = NULL;
const char * low_level_error_description = NULL;
if( buflen == 0 ) if( buflen == 0 )
return; return;
@ -59,14 +109,20 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
{ {
use_ret = ret & 0xFF80; use_ret = ret & 0xFF80;
// High level error codes // Translate high level error code.
// high_level_error_description = mbedtls_high_level_strerr( ret );
// BEGIN generated code
HIGH_LEVEL_CODE_CHECKS
// END generated code
if( strlen( buf ) == 0 ) if( high_level_error_description == NULL )
mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret );
else
mbedtls_snprintf( buf, buflen, "%s", high_level_error_description );
#if defined(MBEDTLS_SSL_TLS_C)
// Early return in case of a fatal error - do not try to translate low
// level code.
if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE))
return;
#endif /* MBEDTLS_SSL_TLS_C */
} }
use_ret = ret & ~0xFF80; use_ret = ret & ~0xFF80;
@ -90,16 +146,13 @@ HIGH_LEVEL_CODE_CHECKS
buflen -= len + 3; buflen -= len + 3;
} }
// Low level error codes // Translate low level error code.
// low_level_error_description = mbedtls_low_level_strerr( ret );
// BEGIN generated code
LOW_LEVEL_CODE_CHECKS
// END generated code
if( strlen( buf ) != 0 ) if( low_level_error_description == NULL )
return; mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret );
else
mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret ); mbedtls_snprintf( buf, buflen, "%s", low_level_error_description );
} }
#else /* MBEDTLS_ERROR_C */ #else /* MBEDTLS_ERROR_C */

View file

@ -18,7 +18,8 @@
<Platform>x64</Platform> <Platform>x64</Platform>
</ProjectConfiguration> </ProjectConfiguration>
</ItemGroup> </ItemGroup>
<ItemGroup> <SOURCES> <ItemGroup>
<SOURCES>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj"> <ProjectReference Include="mbedTLS.vcxproj">

View file

@ -45,7 +45,6 @@
<UseDebugLibraries>false</UseDebugLibraries> <UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization> <WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet> <CharacterSet>Unicode</CharacterSet>
<PlatformToolset>Windows7.1SDK</PlatformToolset>
</PropertyGroup> </PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings"> <ImportGroup Label="ExtensionSettings">

View file

@ -160,19 +160,9 @@ foreach my $line (@matches)
${$old_define} = $define_name; ${$old_define} = $define_name;
} }
if ($error_name eq "MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE") ${$code_check} .= "${white_space}case -($error_name):\n".
{ "${white_space} error_description = \"$module_name - $description\";\n".
${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n". "${white_space} break;\n"
"${white_space}\{\n".
"${white_space} mbedtls_snprintf( buf, buflen, \"$module_name - $description\" );\n".
"${white_space} return;\n".
"${white_space}}\n"
}
else
{
${$code_check} .= "${white_space}if( use_ret == -($error_name) )\n".
"${white_space} mbedtls_snprintf( buf, buflen, \"$module_name - $description\" );\n"
}
}; };
if ($ll_old_define ne "") if ($ll_old_define ne "")

View file

@ -125,10 +125,10 @@ sub gen_app {
$path =~ s!/!\\!g; $path =~ s!/!\\!g;
(my $appname = $path) =~ s/.*\\//; (my $appname = $path) =~ s/.*\\//;
my $srcs = "\n <ClCompile Include=\"..\\..\\programs\\$path.c\" \/>\r"; my $srcs = "<ClCompile Include=\"..\\..\\programs\\$path.c\" \/>";
if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
$appname eq "query_compile_time_config" ) { $appname eq "query_compile_time_config" ) {
$srcs .= "\n <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>\r"; $srcs .= "\r\n <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>";
} }
my $content = $template; my $content = $template;

View file

@ -67,9 +67,9 @@ if(MSVC)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC) endif(MSVC)
add_test_suite(aes aes.ecb)
add_test_suite(aes aes.cbc) add_test_suite(aes aes.cbc)
add_test_suite(aes aes.cfb) add_test_suite(aes aes.cfb)
add_test_suite(aes aes.ecb)
add_test_suite(aes aes.ofb) add_test_suite(aes aes.ofb)
add_test_suite(aes aes.rest) add_test_suite(aes aes.rest)
add_test_suite(aes aes.xts) add_test_suite(aes aes.xts)
@ -107,12 +107,12 @@ add_test_suite(ecjpake)
add_test_suite(ecp) add_test_suite(ecp)
add_test_suite(entropy) add_test_suite(entropy)
add_test_suite(error) add_test_suite(error)
add_test_suite(gcm gcm.aes128_en)
add_test_suite(gcm gcm.aes192_en)
add_test_suite(gcm gcm.aes256_en)
add_test_suite(gcm gcm.aes128_de) add_test_suite(gcm gcm.aes128_de)
add_test_suite(gcm gcm.aes128_en)
add_test_suite(gcm gcm.aes192_de) add_test_suite(gcm gcm.aes192_de)
add_test_suite(gcm gcm.aes192_en)
add_test_suite(gcm gcm.aes256_de) add_test_suite(gcm gcm.aes256_de)
add_test_suite(gcm gcm.aes256_en)
add_test_suite(gcm gcm.camellia) add_test_suite(gcm gcm.camellia)
add_test_suite(gcm gcm.misc) add_test_suite(gcm gcm.misc)
add_test_suite(hkdf) add_test_suite(hkdf)
@ -127,10 +127,10 @@ add_test_suite(mpi)
add_test_suite(nist_kw) add_test_suite(nist_kw)
add_test_suite(oid) add_test_suite(oid)
add_test_suite(pem) add_test_suite(pem)
add_test_suite(pk)
add_test_suite(pkcs1_v15) add_test_suite(pkcs1_v15)
add_test_suite(pkcs1_v21) add_test_suite(pkcs1_v21)
add_test_suite(pkcs5) add_test_suite(pkcs5)
add_test_suite(pk)
add_test_suite(pkparse) add_test_suite(pkparse)
add_test_suite(pkwrite) add_test_suite(pkwrite)
add_test_suite(poly1305) add_test_suite(poly1305)
@ -144,14 +144,14 @@ add_test_suite(psa_crypto_se_driver_hal)
add_test_suite(psa_crypto_se_driver_hal_mocks) add_test_suite(psa_crypto_se_driver_hal_mocks)
add_test_suite(psa_crypto_slot_management) add_test_suite(psa_crypto_slot_management)
add_test_suite(psa_its) add_test_suite(psa_its)
add_test_suite(rsa)
add_test_suite(shax) add_test_suite(shax)
add_test_suite(ssl) add_test_suite(ssl)
add_test_suite(timing) add_test_suite(timing)
add_test_suite(rsa)
add_test_suite(version) add_test_suite(version)
add_test_suite(xtea)
add_test_suite(x509parse) add_test_suite(x509parse)
add_test_suite(x509write) add_test_suite(x509write)
add_test_suite(xtea)
# Make scripts and data files needed for testing available in an # Make scripts and data files needed for testing available in an
# out-of-source build. # out-of-source build.

431
tests/context-info.sh Executable file
View file

@ -0,0 +1,431 @@
#!/bin/sh
# context-info.sh
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2012-2020, ARM Limited, All Rights Reserved
#
# This program is intended for testing the ssl_context_info program
#
set -eu
if ! cd "$(dirname "$0")"; then
exit 125
fi
# Variables
THIS_SCRIPT_NAME=$(basename "$0")
PROG_PATH="../programs/ssl/ssl_context_info"
OUT_FILE="ssl_context_info.log"
IN_DIR="data_files/base64"
USE_VALGRIND=0
T_COUNT=0
T_PASSED=0
T_FAILED=0
# Functions
print_usage() {
echo "Usage: $0 [options]"
printf " -h|--help\tPrint this help.\n"
printf " -m|--memcheck\tUse valgrind to check the memory.\n"
}
# Print test name <name>
print_name() {
printf "%s %.*s " "$1" $(( 71 - ${#1} )) \
"........................................................................"
}
# Print header to the test output file <test name> <file path> <test command>
print_header()
{
date="$(date)"
echo "******************************************************************" > $2
echo "* File created by: $THIS_SCRIPT_NAME" >> $2
echo "* Test name: $1" >> $2
echo "* Date: $date" >> $2
echo "* Command: $3" >> $2
echo "******************************************************************" >> $2
echo "" >> $2
}
# Print footer at the end of file <file path>
print_footer()
{
echo "" >> $1
echo "******************************************************************" >> $1
echo "* End command" >> $1
echo "******************************************************************" >> $1
echo "" >> $1
}
# Use the arguments of this script
get_options() {
while [ $# -gt 0 ]; do
case "$1" in
-h|--help)
print_usage
exit 0
;;
-m|--memcheck)
USE_VALGRIND=1
;;
*)
echo "Unknown argument: '$1'"
print_usage
exit 1
;;
esac
shift
done
}
# Current test failed
fail()
{
T_FAILED=$(( $T_FAILED + 1))
FAIL_OUT="Fail.$T_FAILED""_$OUT_FILE"
echo "FAIL"
echo " Error: $1"
cp -f "$OUT_FILE" "$FAIL_OUT"
echo "Error: $1" >> "$FAIL_OUT"
}
# Current test passed
pass()
{
T_PASSED=$(( $T_PASSED + 1))
echo "PASS"
}
# Usage: run_test <name> <input file with b64 code> [ -arg <extra arguments for tested program> ] [option [...]]
# Options: -m <pattern that MUST be present in the output of tested program>
# -n <pattern that must NOT be present in the output of tested program>
# -u <pattern that must be UNIQUE in the output of tested program>
run_test()
{
TEST_NAME="$1"
RUN_CMD="$PROG_PATH -f $IN_DIR/$2"
if [ "-arg" = "$3" ]; then
RUN_CMD="$RUN_CMD $4"
shift 4
else
shift 2
fi
# prepend valgrind to our commands if active
if [ "$USE_VALGRIND" -gt 0 ]; then
RUN_CMD="valgrind --leak-check=full $RUN_CMD"
fi
T_COUNT=$(( $T_COUNT + 1))
print_name "$TEST_NAME"
# run tested program
print_header "$TEST_NAME" "$OUT_FILE" "$RUN_CMD"
eval "$RUN_CMD" >> "$OUT_FILE" 2>&1
print_footer "$OUT_FILE"
# check valgrind's results
if [ "$USE_VALGRIND" -gt 0 ]; then
if ! ( grep -F 'All heap blocks were freed -- no leaks are possible' "$OUT_FILE" &&
grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$OUT_FILE" ) > /dev/null
then
fail "Memory error detected"
return
fi
fi
# check other assertions
# lines beginning with == are added by valgrind, ignore them, because we already checked them before
# lines with 'Serious error when reading debug info', are valgrind issues as well
# lines beginning with * are added by this script, ignore too
while [ $# -gt 0 ]
do
case $1 in
"-m")
if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then :; else
fail "pattern '$2' MUST be present in the output"
return
fi
;;
"-n")
if grep -v '^==' "$OUT_FILE" | grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" >/dev/null; then
fail "pattern '$2' MUST NOT be present in the output"
return
fi
;;
"-u")
if [ $(grep -v '^==' "$OUT_FILE"| grep -v 'Serious error when reading debug info' | grep -v "^*" | grep "$2" | wc -l) -ne 1 ]; then
fail "lines following pattern '$2' must be once in the output"
return
fi
;;
*)
echo "Unknown test: $1" >&2
exit 1
esac
shift 2
done
rm -f "$OUT_FILE"
pass
}
get_options "$@"
# Tests
run_test "Default configuration, server" \
"srv_def.txt" \
-n "ERROR" \
-u "major.* 2$" \
-u "minor.* 21$" \
-u "path.* 0$" \
-u "MBEDTLS_HAVE_TIME$" \
-u "MBEDTLS_X509_CRT_PARSE_C$" \
-u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
-u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
-u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-u "MBEDTLS_SSL_ALPN$" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
-u "cipher flags.* 0x00$" \
-u "Message-Digest.* SHA256$" \
-u "compression.* disabled$" \
-u "DTLS datagram packing.* enabled$" \
-n "Certificate" \
-n "bytes left to analyze from context"
run_test "Default configuration, client" \
"cli_def.txt" \
-n "ERROR" \
-u "major.* 2$" \
-u "minor.* 21$" \
-u "path.* 0$" \
-u "MBEDTLS_HAVE_TIME$" \
-u "MBEDTLS_X509_CRT_PARSE_C$" \
-u "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
-u "MBEDTLS_SSL_TRUNCATED_HMAC$" \
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
-u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-u "MBEDTLS_SSL_ALPN$" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
-u "cipher flags.* 0x00$" \
-u "Message-Digest.* SHA256$" \
-u "compression.* disabled$" \
-u "DTLS datagram packing.* enabled$" \
-u "cert. version .* 3$" \
-u "serial number.* 02$" \
-u "issuer name.* C=NL, O=PolarSSL, CN=PolarSSL Test CA$" \
-u "subject name.* C=NL, O=PolarSSL, CN=localhost$" \
-u "issued on.* 2019-02-10 14:44:06$" \
-u "expires on.* 2029-02-10 14:44:06$" \
-u "signed using.* RSA with SHA-256$" \
-u "RSA key size.* 2048 bits$" \
-u "basic constraints.* CA=false$" \
-n "bytes left to analyze from context"
run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \
"srv_ciphersuite.txt" \
-n "ERROR" \
-u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \
"cli_ciphersuite.txt" \
-n "ERROR" \
-u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \
run_test "No packing, server" \
"srv_no_packing.txt" \
-n "ERROR" \
-u "DTLS datagram packing.* disabled"
run_test "No packing, client" \
"cli_no_packing.txt" \
-n "ERROR" \
-u "DTLS datagram packing.* disabled"
run_test "DTLS CID, server" \
"srv_cid.txt" \
-n "ERROR" \
-u "in CID.* DE AD" \
-u "out CID.* BE EF"
run_test "DTLS CID, client" \
"cli_cid.txt" \
-n "ERROR" \
-u "in CID.* BE EF" \
-u "out CID.* DE AD"
run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, server" \
"srv_no_mfl.txt" \
-n "ERROR" \
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
run_test "No MBEDTLS_SSL_MAX_FRAGMENT_LENGTH, client" \
"cli_no_mfl.txt" \
-n "ERROR" \
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
run_test "No MBEDTLS_SSL_ALPN, server" \
"srv_no_alpn.txt" \
-n "ERROR" \
-n "MBEDTLS_SSL_ALPN"
run_test "No MBEDTLS_SSL_ALPN, client" \
"cli_no_alpn.txt" \
-n "ERROR" \
-n "MBEDTLS_SSL_ALPN"
run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, server" \
"srv_no_keep_cert.txt" \
-arg "--keep-peer-cert=0" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
-u "cipher flags.* 0x00" \
-u "compression.* disabled" \
-u "DTLS datagram packing.* enabled" \
-n "ERROR"
run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, client" \
"cli_no_keep_cert.txt" \
-arg "--keep-peer-cert=0" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
-u "cipher flags.* 0x00" \
-u "compression.* disabled" \
-u "DTLS datagram packing.* enabled" \
-n "ERROR"
run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, server" \
"srv_no_keep_cert.txt" \
-m "Deserializing" \
-m "ERROR"
run_test "No MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, negative, client" \
"cli_no_keep_cert.txt" \
-m "Deserializing" \
-m "ERROR"
run_test "Minimal configuration, server" \
"srv_min_cfg.txt" \
-n "ERROR" \
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
-n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
-n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-n "MBEDTLS_SSL_ALPN$" \
run_test "Minimal configuration, client" \
"cli_min_cfg.txt" \
-n "ERROR" \
-n "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH$" \
-n "MBEDTLS_SSL_TRUNCATED_HMAC$" \
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
-n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-n "MBEDTLS_SSL_ALPN$" \
run_test "MTU=10000" \
"mtu_10000.txt" \
-n "ERROR" \
-u "MTU.* 10000$"
run_test "MFL=1024" \
"mfl_1024.txt" \
-n "ERROR" \
-u "MFL.* 1024$"
run_test "Older version (v2.19.1)" \
"v2.19.1.txt" \
-n "ERROR" \
-u "major.* 2$" \
-u "minor.* 19$" \
-u "path.* 1$" \
-u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \
-u "Message-Digest.* SHA256$" \
-u "compression.* disabled$" \
-u "serial number.* 01:70:AF:40:B4:E6$" \
-u "issuer name.* CN=ca$" \
-u "subject name.* L=160001, OU=acc1, CN=device01$" \
-u "issued on.* 2020-03-06 09:50:18$" \
-u "expires on.* 2056-02-26 09:50:18$" \
-u "signed using.* ECDSA with SHA256$" \
-u "lifetime.* 0 sec.$" \
-u "MFL.* none$" \
-u "negotiate truncated HMAC.* disabled$" \
-u "Encrypt-then-MAC.* enabled$" \
-u "DTLS datagram packing.* enabled$" \
-u "verify result.* 0x00000000$" \
-n "bytes left to analyze from context"
run_test "Wrong base64 format" \
"def_bad_b64.txt" \
-m "ERROR" \
-u "The length of the base64 code found should be a multiple of 4" \
-n "bytes left to analyze from context"
run_test "Too much data at the beginning of base64 code" \
"def_b64_too_big_1.txt" \
-m "ERROR" \
-n "The length of the base64 code found should be a multiple of 4" \
run_test "Too much data in the middle of base64 code" \
"def_b64_too_big_2.txt" \
-m "ERROR" \
-n "The length of the base64 code found should be a multiple of 4" \
run_test "Too much data at the end of base64 code" \
"def_b64_too_big_3.txt" \
-m "ERROR" \
-n "The length of the base64 code found should be a multiple of 4" \
-u "bytes left to analyze from context"
run_test "Empty file as input" \
"empty.txt" \
-u "Finished. No valid base64 code found"
run_test "Not empty file without base64 code" \
"../../context-info.sh" \
-n "Deserializing"
run_test "Binary file instead of text file" \
"../../../programs/ssl/ssl_context_info" \
-m "ERROR" \
-u "Too many bad symbols detected. File check aborted" \
-n "Deserializing"
# End of tests
if [ $T_FAILED -eq 0 ]; then
printf "\nPASSED ( $T_COUNT tests )\n"
else
printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n"
fi
exit $T_FAILED

View file

@ -0,0 +1,2 @@
// Client, CID 0xBEEF
AhUAAH8AAA8AAAQ8AAAAAF6MZUPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABh7h8/aprLN1fS0KwLkZzKcsa5LNtDW7sYu7d1z7fNetuRjLJpX/A1mTSqeBY7li8AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRZtK1pHRuu/Uw+Y91KCaqMAHKWeVJvuqjiTaElrahsx+HYoZ1+8i5BMY1NOL/y4TR9qZdxY+7NvNrEdEoFgcI/DqUN0aKs0zAIPmk92pFnjnbro5LxWRm3JbtIFcG6PdN+9aAbISrewt6EERIPhS45aH+Si08NLrvM+CcEBfqBBqOD+4LCZqT8nDBtALJyRqiykibsAAFRgAAAAF6MZUNak74BhbcgvZ2M8WhZKjQyCix7GJzRs4SqnD7iXoxlQ7YXjsVI0K/xyMOJPkT9ZcPEi/2jHGIte1ZduW4Cvu8C3q0AAAAAAAAAAAAAAAIAAAAAAAAABwAAAQAAAAAAAwAAAA==

View file

@ -0,0 +1,2 @@
// TLS-RSA-WITH-AES-256-CCM-8
AhUAAH8AAA4AAAQ8AAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQBiQTa148x1XQyGt9vU2JxAHIZ9HxLR87PewpTaslP0qJ4FK6cibG/U4ACVriGQMpNkJo6xRRn5dGyKE5L5iqcLQZ4zwcJT50NYlVQqzlXPArOaAzjVAX4k+TwL/VmNepmn3wvregAADeiGsvvbaAw2P9fhCgwX6Bm0YNzkWQsNwWENa6GoZLzvMM51G44611fFnKoAAFRgAAAAF6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==

View file

@ -0,0 +1,2 @@
// Client context with default MbedTLS configuration
AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==

View file

@ -0,0 +1,2 @@
// Minimal configuration
AhUAAAMAAAAAAAOeAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLdei2ZSQwLppTqzs7kieOYQR6DjJItmQ0N/RS3+zTr9wF6LZlL6SQpLewmyja7jXyOWuUqJ6zJQ5b7FfA4PxthlAAABAAAAAAACAAA=

View file

@ -0,0 +1,3 @@
// Without MBEDTLS_SSL_ALPN
AhUAAH8AAAYAAAQ8AAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQVUI/Wwt3q4XiqL74wCmkhAHKj0YgCvjZi3GKw0s7PJqjZzzLt+OuroC8Q2XeDf5nKKk8jkolZ+dXUftsPPizFgb2hGuYa4NhxXjiGlUpFEoXm7r78SwGfWxRgH5vJk6W3TdodkxTZkjMoWjlC2PANOHPeClw0szBmly7+s89LFZqnCXgyxE8xlv+l5IYSEPSj7UsmAAFRgAAAAF6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA

View file

@ -0,0 +1,2 @@
// Without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
AhUAAAMAAAAAAACCAAAAAF6MKhTMqAAgSKCqXrcrmjqOBpxsGO3itQB09YgsSJwXmZB12QlB+wwhiof0mzAN0hupkLxu4Yyc9SgyFoEDPKJk8TiRo8bO2rkEfPItB5lUFkJwzdeuGVMAAAAABiCAy8MWqlj4vnIv0mswJvB35hyCOYWZ+fcZ6t5LzZgXPl6MKhRs69b+psiGUAo8OK3fU4HKOHNdi36tk22+ScctXowqFEyvzGcvbtI0VfWLKlOlDv+SwC08ZdCNa+RBZ/AAAAEAAAAAAAIAAA==

View file

@ -0,0 +1,2 @@
// Without MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
AhUAAHcAAA4AAAQ6AAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJMiPbE45oAjg9Rx0iVnQDg2AHHKrrmSMTfVijgZbdL/ZFWYvFMioa7uqW0NmA0bSTxcsieRarndOq5fIdEIzmAgGkdaxJaGNDT105gwwIzUnLRapgP6H6IImSMFPXVp3Zks0zFfrq7aQnQMgc8o5kPqWq1/eYfdq8lysTO8Rgliv96lA/pe1SQmPL1mdChAwCa/4XEAAVGAAABeiwyzXGz4yPwEgvq/TWq0dZXvD6mzEbAty1oZJIvRpl6LDLOyQ94MIvSKw7OH4mg+DNL+ZW0xzQbKQalloUG6AAAAAAAAAAAAAAABAAAAAAAAAAMAAAEAAAAAAAIAAAA=

View file

@ -0,0 +1,2 @@
// Without DTLS packing
AhUAAH8AAA4AAAQ8AAAAAF6LCM/MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfl0tXNmshIQEqiEflQGnVUKkIFl1on/Mu0pjWes3XwQgdwmy9xMzpVyYU5gBOsOEAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRTvlE7NmNNLDESUBoGC+K2AHIKA+/lhdRVF4YcMvvqCBYFB5tj0oyCikftfjNbvjl9YPGqcRXk664YieWv/pz8U1FOENipbjXF9lFhgedG2Xanh/2FwHX5txYiHIJxJeLEKCXp5Sjt9XBvQsrryxLyX9l+zkLKm7bCAcrfk4h/YoqxecAI63isG9vnrS7o07iD/3mOAAFRgAAAAF6LCM+1uRpyaoyfzuNGBJK9DgBWIWtrPpu7KM8qsC/FXosIz/YIPhveZ8Z4IR0g/McAMQwzQoK5tScSE0DD3BwAAAAAAAAAAAAAAAEAAAAAAAAAAwEAAQAAAAAAAgAAAA==

View file

@ -0,0 +1,2 @@
// Context with added '1234' at the begining to simulate too much data in the base64 code
1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==

View file

@ -0,0 +1,2 @@
// Context with added '1234' in the middle of code to simulate too much data
AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7m1234gM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==

View file

@ -0,0 +1,2 @@
// Context with added '1234' before '==' add the end to simulate too much data in the base64 code
AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA1234==

View file

@ -0,0 +1,2 @@
// Context with added extra 'A' before '==' add the end to simulate bad length of base64 code
AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAAA==

View file

View file

@ -0,0 +1,2 @@
// MFL=1024
AhUAAH8AAA4AAABtAAAAAF6K+GLMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHeeQKPVt9RpB8nLTB6C2AhxRzB0r/OBbXbMPm6jb1rkR+qrXZAUFRvGfGxlqqGWwAAACAAAAAAAAAAAAAAAIAAV6K+GJIXNnpKTr9HZQW6WEH7YSYhhRRqOO6xvf8QL6/Xor4YhOxOJYk23w3AwDvVAofeWnVAfJnExe5ipdSxnAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA===

View file

@ -0,0 +1,2 @@
// MTU=10000
AhUAAH8AAA4AAABtAAAAAF6LDkzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx06kxYooMLGPyUMoB46EF2zTJzmZEM4le5aKihcHpFEfgrX/eWQZFWa7cak79ihwAAACAAAAAAAAAAAAAAAAAAV6LDkz9bigMk9q0WiDmgYhX8ppbfgbtMCfruvVQNiFWXosOTJ3R2+J+TaSChmjtS8sD+y1Zruhe/SJE7y9D+5YAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAicQAA==

View file

@ -0,0 +1,2 @@
// Server, CID 0xDEAD
AhUAAH8AAA8AAABtAAAAAF6MZUPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABh7h8/aprLN1fS0KwLkZzKcsa5LNtDW7sYu7d1z7fNetuRjLJpX/A1mTSqeBY7li8AAACAAAAAAAAAAAAAAAAAAV6MZUNak74BhbcgvZ2M8WhZKjQyCix7GJzRs4SqnD7iXoxlQ7YXjsVI0K/xyMOJPkT9ZcPEi/2jHGIte1ZduW4C3q0Cvu8AAAAAAAAAAAAAAAIAAAAAAAAABwAAAQAAAAAAAwAAAA==

View file

@ -0,0 +1,2 @@
// TLS-RSA-WITH-AES-256-CCM-8
AhUAAH8AAA4AAABtAAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAACAAAAAAAAAAAAAAAAAAV6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==

View file

@ -0,0 +1,2 @@
// Server context with default MbedTLS configuration
AhUAAH8AAA4AAABtAAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAACAAAAAAAAAAAAAAAAAAV6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==

View file

@ -0,0 +1,2 @@
// Minimal configuration
AhUAAAMAAAAAAABjAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAACAAAAAXotmUkMC6aU6s7O5InjmEEeg4ySLZkNDf0Ut/s06/cBei2ZS+kkKS3sJso2u418jlrlKiesyUOW+xXwOD8bYZQAAAQAAAAAAAgAA

View file

@ -0,0 +1,2 @@
// Without MBEDTLS_SSL_ALPN
AhUAAH8AAAYAAABtAAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAACAAAAAAAAAAAAAAAAAAV6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA

Some files were not shown because too many files have changed in this diff Show more