Merge remote-tracking branch 'origin/pr/2681' into development
* origin/pr/2681:
unconditional mbedtls_ssl_conf_rng
Adding usage and removing dummy random
comment alignment
Commit to C90 style
Adds missing ret definition
More clarity for ifdef orders
Only warns if MBEDTLS_HAVE_TIME
Option used added in string
Code review
Style fixes
SSL reproducible test mode
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 515a42d..8f7586c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -131,6 +131,7 @@
#define DFL_ETM -1
#define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0
+#define DFL_REPRODUCIBLE 0
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
@@ -313,6 +314,9 @@
#define USAGE_ETM ""
#endif
+#define USAGE_REPRODUCIBLE \
+ " reproducible=0/1 default: 0 (disabled)\n"
+
#if defined(MBEDTLS_SSL_RENEGOTIATION)
#define USAGE_RENEGO \
" renegotiation=%%d default: 0 (disabled)\n" \
@@ -384,6 +388,7 @@
USAGE_FALLBACK \
USAGE_EMS \
USAGE_ETM \
+ USAGE_REPRODUCIBLE \
USAGE_CURVES \
USAGE_RECSPLIT \
USAGE_DHMLEN \
@@ -484,6 +489,7 @@
const char *cid_val; /* the CID to use for incoming messages */
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
+ int reproducible; /* make communication reproducible */
} opt;
int query_config( const char *config );
@@ -540,6 +546,28 @@
fflush( (FILE *) ctx );
}
+
+mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
+{
+ (void) time;
+ return 0x5af2a056;
+}
+
+int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+ int ret;
+ (void) data;
+
+ ret = mbedtls_entropy_func( data, output, len );
+ for ( i = 0; i < len; i++ )
+ {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return( ret );
+}
+
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates )
@@ -1027,6 +1055,7 @@
opt.etm = DFL_ETM;
opt.dgram_packing = DFL_DGRAM_PACKING;
opt.eap_tls = DFL_EAP_TLS;
+ opt.reproducible = DFL_REPRODUCIBLE;
for( i = 1; i < argc; i++ )
{
@@ -1413,6 +1442,10 @@
if( opt.eap_tls < 0 || opt.eap_tls > 1 )
goto usage;
}
+ else if( strcmp( p, "reproducible" ) == 0 )
+ {
+ opt.reproducible = 1;
+ }
else
goto usage;
}
@@ -1665,13 +1698,28 @@
fflush( stdout );
mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+ if (opt.reproducible)
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
- -ret );
- goto exit;
+ srand( 1 );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
+ }
+ else
+ {
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
}
mbedtls_printf( " ok\n" );
@@ -1964,6 +2012,16 @@
}
#endif
+ if (opt.reproducible)
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ mbedtls_platform_set_time( dummy_constant_time );
+#else
+ fprintf( stderr, "Warning: reproducible option used without constant time\n" );
+#endif
+#endif
+ }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3c75c65..c671fde 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -173,6 +173,7 @@
#define DFL_ETM -1
#define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0
+#define DFL_REPRODUCIBLE 0
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -403,6 +404,9 @@
#define USAGE_ETM ""
#endif
+#define USAGE_REPRODUCIBLE \
+ " reproducible=0/1 default: 0 (disabled)\n"
+
#if defined(MBEDTLS_SSL_RENEGOTIATION)
#define USAGE_RENEGO \
" renegotiation=%%d default: 0 (disabled)\n" \
@@ -471,6 +475,7 @@
"\n" \
USAGE_TICKETS \
USAGE_EAP_TLS \
+ USAGE_REPRODUCIBLE \
USAGE_CACHE \
USAGE_MAX_FRAG_LEN \
USAGE_TRUNC_HMAC \
@@ -599,6 +604,7 @@
const char *cid_val; /* the CID to use for incoming messages */
const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */
+ int reproducible; /* make communication reproducible */
} opt;
int query_config( const char *config );
@@ -654,6 +660,26 @@
fflush( (FILE *) ctx );
}
+mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
+{
+ (void) time;
+ return 0x5af2a056;
+}
+
+int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+ int ret;
+ (void) data;
+
+ ret = mbedtls_entropy_func( data, output, len );
+ for (i = 0; i < len; i++ ) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return( ret );
+}
+
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates)
@@ -1730,6 +1756,7 @@
opt.extended_ms = DFL_EXTENDED_MS;
opt.etm = DFL_ETM;
opt.eap_tls = DFL_EAP_TLS;
+ opt.reproducible = DFL_REPRODUCIBLE;
for( i = 1; i < argc; i++ )
{
@@ -2148,6 +2175,10 @@
if( opt.eap_tls < 0 || opt.eap_tls > 1 )
goto usage;
}
+ else if( strcmp( p, "reproducible" ) == 0 )
+ {
+ opt.reproducible = 1;
+ }
else
goto usage;
}
@@ -2448,13 +2479,28 @@
fflush( stdout );
mbedtls_entropy_init( &entropy );
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
- strlen( pers ) ) ) != 0 )
+ if (opt.reproducible)
{
- mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
- -ret );
- goto exit;
+ srand( 1 );
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
+ }
+ else
+ {
+ if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ -ret );
+ goto exit;
+ }
}
mbedtls_printf( " ok\n" );
@@ -2786,6 +2832,16 @@
}
#endif
+ if (opt.reproducible)
+ {
+#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ mbedtls_platform_set_time( dummy_constant_time );
+#else
+ fprintf( stderr, "Warning: reproducible option used without constant time\n" );
+#endif
+#endif
+ }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );