Merge branch 'development' into dtls
* development: (100 commits)
Update Changelog for the mem-measure branch
Fix issues introduced when rebasing
Fix compile error in memory_buffer_alloc_selftest
Code cosmetics
Add curve25519 to ecc-heap.sh
Add curve25519 to the benchmark program
Fix compile issue when buffer_alloc not available
New script ecc-heap.sh
Fix unused variable issue in some configs
Rm usunused member in private struct
Add heap usage for PK in benchmark
Use memory_buffer_alloc() in benchmark if available
Only define mode_func if mode is enabled (CBC etc)
PKCS8 encrypted key depend on PKCS5 or PKCS12
Disable SRV_C for client measurement
Output stack+heap usage with massif
Enable NIST_OPTIM by default for config-suite-b
Refactor memory.sh
Adapt memory.sh to config-suite-b
Adapt mini-client for config-suite-b.h
...
Conflicts:
ChangeLog
include/polarssl/net.h
library/Makefile
library/error.c
library/ssl_tls.c
programs/Makefile
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
tests/Makefile
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index a608687..a2f5dc2 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -13,6 +13,7 @@
ssl_server
ssl_fork_server
ssl_mail_client
+ mini_client
)
if(USE_PKCS11_HELPER_LIBRARY)
@@ -47,6 +48,9 @@
add_executable(ssl_mail_client ssl_mail_client.c)
target_link_libraries(ssl_mail_client ${libs})
+add_executable(mini_client mini_client.c)
+target_link_libraries(mini_client ${libs})
+
if(THREADS_FOUND)
add_executable(ssl_pthread_server ssl_pthread_server.c)
target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
new file mode 100644
index 0000000..a06d345
--- /dev/null
+++ b/programs/ssl/mini_client.c
@@ -0,0 +1,270 @@
+/*
+ * Minimal SSL client, used for memory measurements.
+ * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h)
+ *
+ * Copyright (C) 2014, ARM Limited, All Rights Reserved
+ *
+ * This file is part of mbed TLS (https://polarssl.org)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#if !defined(POLARSSL_CONFIG_FILE)
+#include "polarssl/config.h"
+#else
+#include POLARSSL_CONFIG_FILE
+#endif
+
+/*
+ * We're creating and connecting the socket "manually" rather than using the
+ * NET module, in order to avoid the overhead of getaddrinfo() which tends to
+ * dominate memory usage in small configurations. For the sake of simplicity,
+ * only a Unix version is implemented.
+ */
+#if defined(unix) || defined(__unix__) || defined(__unix)
+#define UNIX
+#endif
+
+#if !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_SSL_CLI_C) || \
+ !defined(UNIX)
+#if defined(POLARSSL_PLATFORM_C)
+#include "polarssl/platform.h"
+#else
+#include <stdio.h>
+#define polarssl_printf printf
+#endif
+int main( void )
+{
+ polarssl_printf( "POLARSSL_CTR_DRBG_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_SSL_CLI_C and/or UNIX "
+ "not defined.\n");
+ return( 0 );
+}
+#else
+
+#include <string.h>
+
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+/*
+ * Hardcoded values for server host and port
+ */
+#define PORT_BE 0x1151 /* 4433 */
+#define PORT_LE 0x5111
+#define ADDR_BE 0x7f000001 /* 127.0.0.1 */
+#define ADDR_LE 0x0100007f
+#define HOSTNAME "localhost" /* for cert verification if enabled */
+
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+const char *pers = "mini_client";
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/* This is tests/data_files/test-ca2.crt, a CA using EC secp384r1 */
+const unsigned char ca_cert[] = {
+ 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x01, 0xd7, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8,
+ 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
+ 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c,
+ 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c,
+ 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45,
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x39,
+ 0x32, 0x34, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x32,
+ 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a,
+ 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c,
+ 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c,
+ 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45,
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22,
+ 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f,
+ 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e,
+ 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95,
+ 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95,
+ 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a,
+ 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2,
+ 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47,
+ 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66,
+ 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x81, 0xa0, 0x30, 0x81, 0x9d, 0x30, 0x1d,
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, 0x6d, 0x20,
+ 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24,
+ 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23,
+ 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01,
+ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb,
+ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30,
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61,
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04,
+ 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20,
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09,
+ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0c, 0x06,
+ 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+ 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03,
+ 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xb4, 0x62, 0x73, 0x56,
+ 0x28, 0x95, 0x00, 0x7d, 0x78, 0x12, 0x26, 0xd2, 0x71, 0x7b, 0x19, 0xf8,
+ 0x8a, 0x98, 0x3e, 0x92, 0xfe, 0x33, 0x9e, 0xe4, 0x79, 0xd2, 0xfe, 0x7a,
+ 0xb7, 0x87, 0x74, 0x3c, 0x2b, 0xb8, 0xd7, 0x69, 0x94, 0x0b, 0xa3, 0x67,
+ 0x77, 0xb8, 0xb3, 0xbe, 0xd1, 0x36, 0x32, 0x02, 0x31, 0x00, 0xfd, 0x67,
+ 0x9c, 0x94, 0x23, 0x67, 0xc0, 0x56, 0xba, 0x4b, 0x33, 0x15, 0x00, 0xc6,
+ 0xe3, 0xcc, 0x31, 0x08, 0x2c, 0x9c, 0x8b, 0xda, 0xa9, 0x75, 0x23, 0x2f,
+ 0xb8, 0x28, 0xe7, 0xf2, 0x9c, 0x14, 0x3a, 0x40, 0x01, 0x5c, 0xaf, 0x0c,
+ 0xb2, 0xcf, 0x74, 0x7f, 0x30, 0x9f, 0x08, 0x43, 0xad, 0x20,
+};
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
+enum exit_codes
+{
+ exit_ok = 0,
+ ctr_drbg_init_failed,
+ ssl_init_failed,
+ socket_failed,
+ connect_failed,
+ x509_crt_parse_failed,
+ ssl_handshake_failed,
+ ssl_write_failed,
+};
+
+int main( void )
+{
+ int ret = exit_ok;
+ int server_fd = -1;
+ struct sockaddr_in addr;
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_crt ca;
+#endif
+
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
+ ssl_context ssl;
+
+ /*
+ * 0. Initialize and setup stuff
+ */
+ memset( &ssl, 0, sizeof( ssl_context ) );
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_crt_init( &ca );
+#endif
+
+ entropy_init( &entropy );
+ if( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ {
+ ret = ssl_init_failed;
+ goto exit;
+ }
+
+ if( ssl_init( &ssl ) != 0 )
+ {
+ ret = ssl_init_failed;
+ goto exit;
+ }
+
+ ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
+
+ ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
+
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ ssl_set_psk( &ssl, psk, sizeof( psk ),
+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+#endif
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ if( x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 )
+ {
+ ret = x509_crt_parse_failed;
+ goto exit;
+ }
+
+ ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
+ ssl_set_authmode( &ssl, SSL_VERIFY_REQUIRED );
+#endif
+
+ /*
+ * 1. Start the connection
+ */
+ memset( &addr, 0, sizeof( addr ) );
+ addr.sin_family = AF_INET;
+
+ ret = 1; /* for endianness detection */
+ addr.sin_port = *((char *) &ret) == ret ? PORT_LE : PORT_BE;
+ addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
+ ret = 0;
+
+ if( ( server_fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
+ {
+ ret = socket_failed;
+ goto exit;
+ }
+
+ if( connect( server_fd,
+ (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
+ {
+ ret = connect_failed;
+ goto exit;
+ }
+
+ ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd );
+
+ if( ssl_handshake( &ssl ) != 0 )
+ {
+ ret = ssl_handshake_failed;
+ goto exit;
+ }
+
+ /*
+ * 2. Write the GET request and close the connection
+ */
+ if( ssl_write( &ssl, (const unsigned char *) GET_REQUEST,
+ sizeof( GET_REQUEST ) - 1 ) <= 0 )
+ {
+ ret = ssl_write_failed;
+ goto exit;
+ }
+
+ ssl_close_notify( &ssl );
+
+exit:
+ if( server_fd != -1 )
+ net_close( server_fd );
+
+ ssl_free( &ssl );
+ ctr_drbg_free( &ctr_drbg );
+ entropy_free( &entropy );
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ x509_crt_free( &ca );
+#endif
+
+ return( ret );
+}
+#endif
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index d0bc7f5..c5ed4c3 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -29,13 +29,15 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_printf printf
+#include <stdio.h>
#define polarssl_fprintf fprintf
+#define polarssl_printf printf
#endif
-#include <string.h>
-#include <stdio.h>
-
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \
+ defined(POLARSSL_NET_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_CTR_DRBG_C) && defined(POLARSSL_X509_CRT_PARSE_C)
#include "polarssl/net.h"
#include "polarssl/debug.h"
#include "polarssl/ssl.h"
@@ -44,15 +46,22 @@
#include "polarssl/error.h"
#include "polarssl/certs.h"
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define SERVER_PORT 4433
+#define SERVER_NAME "localhost"
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+#define DEBUG_LEVEL 1
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
@@ -61,13 +70,6 @@
return( 0 );
}
#else
-
-#define SERVER_PORT 4433
-#define SERVER_NAME "localhost"
-#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
-
-#define DEBUG_LEVEL 1
-
static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
@@ -76,7 +78,7 @@
fflush( (FILE *) ctx );
}
-int main( int argc, char *argv[] )
+int main( void )
{
int ret, len, server_fd = -1;
unsigned char buf[1024];
@@ -87,9 +89,6 @@
ssl_context ssl;
x509_crt cacert;
- ((void) argc);
- ((void) argv);
-
#if defined(POLARSSL_DEBUG_C)
debug_set_threshold( DEBUG_LEVEL );
#endif
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index c84980c..2f40fec 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -29,30 +29,16 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
+#include <stdio.h>
#define polarssl_printf printf
#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
#endif
-#if !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
- !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
-#include <stdio.h>
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- polarssl_printf("POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
- return( 0 );
-}
-#else
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-
+#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \
+ defined(POLARSSL_NET_C) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/entropy.h"
@@ -62,6 +48,11 @@
#include "polarssl/error.h"
#include "polarssl/debug.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(POLARSSL_TIMING_C)
#include "polarssl/timing.h"
#endif
@@ -113,138 +104,6 @@
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
-/*
- * global options
- */
-struct options
-{
- const char *server_name; /* hostname of the server (client only) */
- const char *server_addr; /* address of the server (client only) */
- int server_port; /* port on which the ssl service runs */
- int debug_level; /* level of debugging */
- int nbio; /* should I/O be blocking? */
- uint32_t read_timeout; /* timeout on ssl_read() in milliseconds */
- int max_resend; /* DTLS times to resend on read timeout */
- const char *request_page; /* page on server to request */
- int request_size; /* pad request with header to requested size */
- const char *ca_file; /* the file with the CA certificate(s) */
- const char *ca_path; /* the path with the CA certificate(s) reside */
- const char *crt_file; /* the file with the client certificate */
- const char *key_file; /* the file with the client key */
- const char *psk; /* the pre-shared key */
- const char *psk_identity; /* the pre-shared key identity */
- int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
- int renegotiation; /* enable / disable renegotiation */
- int allow_legacy; /* allow legacy renegotiation */
- int renegotiate; /* attempt renegotiation? */
- int renego_delay; /* delay before enforcing renegotiation */
- int exchanges; /* number of data exchanges */
- int min_version; /* minimum protocol version accepted */
- int max_version; /* maximum protocol version accepted */
- int arc4; /* flag for arc4 suites support */
- int auth_mode; /* verify mode for connection */
- unsigned char mfl_code; /* code for maximum fragment length */
- int trunc_hmac; /* negotiate truncated hmac or not */
- int recsplit; /* enable record splitting? */
- int reconnect; /* attempt to resume session */
- int reco_delay; /* delay in seconds before resuming session */
- int tickets; /* enable / disable session tickets */
- const char *alpn_string; /* ALPN supported protocols */
- int transport; /* TLS or DTLS? */
- uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
- uint32_t hs_to_max; /* Max value of DTLS handshake timer */
- int fallback; /* is this a fallback connection? */
- int extended_ms; /* negotiate extended master secret? */
- int etm; /* negotiate encrypt then mac? */
-} opt;
-
-static void my_debug( void *ctx, int level, const char *str )
-{
- ((void) level);
-
- polarssl_fprintf( (FILE *) ctx, "%s", str );
- fflush( (FILE *) ctx );
-}
-
-/*
- * Test recv/send functions that make sure each try returns
- * WANT_READ/WANT_WRITE at least once before sucesseding
- */
-static int my_recv( void *ctx, unsigned char *buf, size_t len )
-{
- static int first_try = 1;
- int ret;
-
- if( first_try )
- {
- first_try = 0;
- return( POLARSSL_ERR_NET_WANT_READ );
- }
-
- ret = net_recv( ctx, buf, len );
- if( ret != POLARSSL_ERR_NET_WANT_READ )
- first_try = 1; /* Next call will be a new operation */
- return( ret );
-}
-
-static int my_send( void *ctx, const unsigned char *buf, size_t len )
-{
- static int first_try = 1;
- int ret;
-
- if( first_try )
- {
- first_try = 0;
- return( POLARSSL_ERR_NET_WANT_WRITE );
- }
-
- ret = net_send( ctx, buf, len );
- if( ret != POLARSSL_ERR_NET_WANT_WRITE )
- first_try = 1; /* Next call will be a new operation */
- return( ret );
-}
-
-#if defined(POLARSSL_X509_CRT_PARSE_C)
-/*
- * Enabled if debug_level > 1 in code below
- */
-static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
-{
- char buf[1024];
- ((void) data);
-
- polarssl_printf( "\nVerify requested for (Depth %d):\n", depth );
- x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
- polarssl_printf( "%s", buf );
-
- if( ( (*flags) & BADCERT_EXPIRED ) != 0 )
- polarssl_printf( " ! server certificate has expired\n" );
-
- if( ( (*flags) & BADCERT_REVOKED ) != 0 )
- polarssl_printf( " ! server certificate has been revoked\n" );
-
- if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 )
- polarssl_printf( " ! CN mismatch\n" );
-
- if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 )
- polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
-
- if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 )
- polarssl_printf( " ! CRL not trusted\n" );
-
- if( ( (*flags) & BADCRL_EXPIRED ) != 0 )
- polarssl_printf( " ! CRL expired\n" );
-
- if( ( (*flags) & BADCERT_OTHER ) != 0 )
- polarssl_printf( " ! other (unknown) flag\n" );
-
- if ( ( *flags ) == 0 )
- polarssl_printf( " This certificate has no flags\n" );
-
- return( 0 );
-}
-#endif /* POLARSSL_X509_CRT_PARSE_C */
-
#if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(POLARSSL_FS_IO)
#define USAGE_IO \
@@ -399,6 +258,149 @@
" force_ciphersuite=<name> default: all enabled\n"\
" acceptable ciphersuite names:\n"
+#if !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_FS_IO) || \
+ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
+int main( void )
+{
+ polarssl_printf("POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+/*
+ * global options
+ */
+struct options
+{
+ const char *server_name; /* hostname of the server (client only) */
+ const char *server_addr; /* address of the server (client only) */
+ int server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int nbio; /* should I/O be blocking? */
+ uint32_t read_timeout; /* timeout on ssl_read() in milliseconds */
+ int max_resend; /* DTLS times to resend on read timeout */
+ const char *request_page; /* page on server to request */
+ int request_size; /* pad request with header to requested size */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *crt_file; /* the file with the client certificate */
+ const char *key_file; /* the file with the client key */
+ const char *psk; /* the pre-shared key */
+ const char *psk_identity; /* the pre-shared key identity */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+ int renegotiation; /* enable / disable renegotiation */
+ int allow_legacy; /* allow legacy renegotiation */
+ int renegotiate; /* attempt renegotiation? */
+ int renego_delay; /* delay before enforcing renegotiation */
+ int exchanges; /* number of data exchanges */
+ int min_version; /* minimum protocol version accepted */
+ int max_version; /* maximum protocol version accepted */
+ int arc4; /* flag for arc4 suites support */
+ int auth_mode; /* verify mode for connection */
+ unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* negotiate truncated hmac or not */
+ int recsplit; /* enable record splitting? */
+ int reconnect; /* attempt to resume session */
+ int reco_delay; /* delay in seconds before resuming session */
+ int tickets; /* enable / disable session tickets */
+ const char *alpn_string; /* ALPN supported protocols */
+ int transport; /* TLS or DTLS? */
+ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
+ uint32_t hs_to_max; /* Max value of DTLS handshake timer */
+ int fallback; /* is this a fallback connection? */
+ int extended_ms; /* negotiate extended master secret? */
+ int etm; /* negotiate encrypt then mac? */
+} opt;
+
+static void my_debug( void *ctx, int level, const char *str )
+{
+ ((void) level);
+
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
+ fflush( (FILE *) ctx );
+}
+
+/*
+ * Test recv/send functions that make sure each try returns
+ * WANT_READ/WANT_WRITE at least once before sucesseding
+ */
+static int my_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( POLARSSL_ERR_NET_WANT_READ );
+ }
+
+ ret = net_recv( ctx, buf, len );
+ if( ret != POLARSSL_ERR_NET_WANT_READ )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
+static int my_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( POLARSSL_ERR_NET_WANT_WRITE );
+ }
+
+ ret = net_send( ctx, buf, len );
+ if( ret != POLARSSL_ERR_NET_WANT_WRITE )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+/*
+ * Enabled if debug_level > 1 in code below
+ */
+static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
+{
+ char buf[1024];
+ ((void) data);
+
+ polarssl_printf( "\nVerify requested for (Depth %d):\n", depth );
+ x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
+ polarssl_printf( "%s", buf );
+
+ if( ( (*flags) & BADCERT_EXPIRED ) != 0 )
+ polarssl_printf( " ! server certificate has expired\n" );
+
+ if( ( (*flags) & BADCERT_REVOKED ) != 0 )
+ polarssl_printf( " ! server certificate has been revoked\n" );
+
+ if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 )
+ polarssl_printf( " ! CN mismatch\n" );
+
+ if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 )
+ polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
+
+ if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 )
+ polarssl_printf( " ! CRL not trusted\n" );
+
+ if( ( (*flags) & BADCRL_EXPIRED ) != 0 )
+ polarssl_printf( " ! CRL expired\n" );
+
+ if( ( (*flags) & BADCERT_OTHER ) != 0 )
+ polarssl_printf( " ! other (unknown) flag\n" );
+
+ if ( ( *flags ) == 0 )
+ polarssl_printf( " This certificate has no flags\n" );
+
+ return( 0 );
+}
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, server_fd, i, written, frags, retry_left;
@@ -1323,7 +1325,7 @@
polarssl_printf( " > Write to server:" );
fflush( stdout );
- len = snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
+ len = polarssl_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
opt.request_page );
tail_len = strlen( GET_REQUEST_END );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 6424311..71a3aa9 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -29,23 +29,21 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_printf printf
+#include <stdio.h>
#define polarssl_fprintf fprintf
+#define polarssl_printf printf
#endif
#if defined(_WIN32)
#include <windows.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <signal.h>
-
-#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
-#include <unistd.h>
-#endif
-
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
+ defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
+ defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_TIMING_C) && \
+ defined(POLARSSL_FS_IO)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
@@ -54,6 +52,15 @@
#include "polarssl/net.h"
#include "polarssl/timing.h"
+#include <string.h>
+#include <stdio.h>
+#include <signal.h>
+#endif
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#endif
+
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>mbed TLS Test Server</h2>\r\n" \
@@ -63,7 +70,8 @@
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_TIMING_C)
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_TIMING_C) || \
+ !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
((void) argc);
@@ -77,11 +85,8 @@
return( 0 );
}
#elif defined(_WIN32)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
polarssl_printf("_WIN32 defined. This application requires fork() and signals "
"to work correctly.\n");
return( 0 );
@@ -99,7 +104,7 @@
}
}
-int main( int argc, char *argv[] )
+int main( void )
{
int ret, len, cnt = 0, pid;
int listen_fd;
@@ -113,9 +118,6 @@
x509_crt srvcert;
pk_context pkey;
- ((void) argc);
- ((void) argv);
-
memset( &ssl, 0, sizeof(ssl_context) );
entropy_init( &entropy );
@@ -340,8 +342,11 @@
len = ret;
polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
+
+ if( ret > 0 )
+ break;
}
- while( 0 );
+ while( 1 );
/*
* 7. Write the 200 Response
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 7259d65..8794c98 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -29,13 +29,29 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_printf printf
+#include <stdio.h>
#define polarssl_fprintf fprintf
+#define polarssl_printf printf
#endif
-#include <string.h>
-#include <stdlib.h>
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_CLI_C) && \
+ defined(POLARSSL_NET_C) && defined(POLARSSL_RSA_C) && \
+ defined(POLARSSL_CTR_DRBG_C) && defined(POLARSSL_X509_CRT_PARSE_C) && \
+ defined(POLARSSL_FS_IO)
+#include "polarssl/base64.h"
+#include "polarssl/error.h"
+#include "polarssl/net.h"
+#include "polarssl/ssl.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
+#include "polarssl/certs.h"
+#include "polarssl/x509.h"
+
#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
#include <unistd.h>
@@ -46,7 +62,6 @@
#endif
#if defined(_WIN32) || defined(_WIN32_WCE)
-
#include <winsock2.h>
#include <windows.h>
@@ -59,33 +74,6 @@
#endif /* _MSC_VER */
#endif
-#include "polarssl/base64.h"
-#include "polarssl/error.h"
-#include "polarssl/net.h"
-#include "polarssl/ssl.h"
-#include "polarssl/entropy.h"
-#include "polarssl/ctr_drbg.h"
-#include "polarssl/certs.h"
-#include "polarssl/x509.h"
-
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
- !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
- "not defined.\n");
- return( 0 );
-}
-#else
-
#define DFL_SERVER_NAME "localhost"
#define DFL_SERVER_PORT 465
#define DFL_USER_NAME "user"
@@ -103,6 +91,55 @@
#define MODE_SSL_TLS 0
#define MODE_STARTTLS 0
+#if defined(POLARSSL_BASE64_C)
+#define USAGE_AUTH \
+ " authentication=%%d default: 0 (disabled)\n" \
+ " user_name=%%s default: \"user\"\n" \
+ " user_pwd=%%s default: \"password\"\n"
+#else
+#define USAGE_AUTH \
+ " authentication options disabled. (Require POLARSSL_BASE64_C)\n"
+#endif /* POLARSSL_BASE64_C */
+
+#if defined(POLARSSL_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s default: \"\" (pre-loaded)\n" \
+ " crt_file=%%s default: \"\" (pre-loaded)\n" \
+ " key_file=%%s default: \"\" (pre-loaded)\n"
+#else
+#define USAGE_IO \
+ " No file operations available (POLARSSL_FS_IO not defined)\n"
+#endif /* POLARSSL_FS_IO */
+
+#define USAGE \
+ "\n usage: ssl_mail_client param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_name=%%s default: localhost\n" \
+ " server_port=%%d default: 4433\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
+ USAGE_AUTH \
+ " mail_from=%%s default: \"\"\n" \
+ " mail_to=%%s default: \"\"\n" \
+ USAGE_IO \
+ " force_ciphersuite=<name> default: all enabled\n"\
+ " acceptable ciphersuite names:\n"
+
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
+ !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
+ !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
+ "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
/*
* global options
*/
@@ -312,47 +349,13 @@
code[3] = '\0';
return atoi( code );
}
-
+
idx = 0;
}
}
while( 1 );
}
-#if defined(POLARSSL_BASE64_C)
-#define USAGE_AUTH \
- " authentication=%%d default: 0 (disabled)\n" \
- " user_name=%%s default: \"user\"\n" \
- " user_pwd=%%s default: \"password\"\n"
-#else
-#define USAGE_AUTH \
- " authentication options disabled. (Require POLARSSL_BASE64_C)\n"
-#endif /* POLARSSL_BASE64_C */
-
-#if defined(POLARSSL_FS_IO)
-#define USAGE_IO \
- " ca_file=%%s default: \"\" (pre-loaded)\n" \
- " crt_file=%%s default: \"\" (pre-loaded)\n" \
- " key_file=%%s default: \"\" (pre-loaded)\n"
-#else
-#define USAGE_IO \
- " No file operations available (POLARSSL_FS_IO not defined)\n"
-#endif /* POLARSSL_FS_IO */
-
-#define USAGE \
- "\n usage: ssl_mail_client param=<>...\n" \
- "\n acceptable parameters:\n" \
- " server_name=%%s default: localhost\n" \
- " server_port=%%d default: 4433\n" \
- " debug_level=%%d default: 0 (disabled)\n" \
- " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
- USAGE_AUTH \
- " mail_from=%%s default: \"\"\n" \
- " mail_to=%%s default: \"\"\n" \
- USAGE_IO \
- " force_ciphersuite=<name> default: all enabled\n"\
- " acceptable ciphersuite names:\n"
-
int main( int argc, char *argv[] )
{
int ret = 0, len, server_fd;
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index d642a24..8ae4113 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -30,18 +30,22 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_printf printf
+#include <stdio.h>
#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#define polarssl_snprintf snprintf
#endif
#if defined(_WIN32)
#include <windows.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
+ defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
+ defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO) && \
+ defined(POLARSSL_THREADING_C) && defined(POLARSSL_THREADING_PTHREAD)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
@@ -50,6 +54,11 @@
#include "polarssl/net.h"
#include "polarssl/error.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(POLARSSL_SSL_CACHE_C)
#include "polarssl/ssl_cache.h"
#endif
@@ -58,17 +67,23 @@
#include "polarssl/memory_buffer_alloc.h"
#endif
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+#define MAX_NUM_THREADS 5
+
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C) || \
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_THREADING_C) || !defined(POLARSSL_THREADING_PTHREAD)
-int main( int argc, char *argv[] )
+int main( void )
{
- ((void) argc);
- ((void) argv);
-
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
@@ -78,14 +93,6 @@
return( 0 );
}
#else
-
-#define HTTP_RESPONSE \
- "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
- "<p>Successful connection using: %s</p>\r\n"
-
-#define DEBUG_LEVEL 0
-
threading_mutex_t debug_mutex;
static void my_mutexed_debug( void *ctx, int level, const char *str )
@@ -117,8 +124,6 @@
pthread_t thread;
} pthread_info_t;
-#define MAX_NUM_THREADS 5
-
static thread_info_t base_info;
static pthread_info_t threads[MAX_NUM_THREADS];
@@ -137,7 +142,7 @@
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &ctr_drbg, 0, sizeof( ctr_drbg_context ) );
- snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
+ polarssl_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
polarssl_printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
polarssl_printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
@@ -366,7 +371,7 @@
return( 0 );
}
-int main( int argc, char *argv[] )
+int main( void )
{
int ret;
int listen_fd;
@@ -382,9 +387,6 @@
ssl_cache_context cache;
#endif
- ((void) argc);
- ((void) argv);
-
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#endif
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index f590bad..83430f6 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -29,18 +29,20 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_printf printf
+#include <stdio.h>
#define polarssl_fprintf fprintf
+#define polarssl_printf printf
#endif
#if defined(_WIN32)
#include <windows.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-
+#if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \
+ defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \
+ defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \
+ defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \
+ defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO)
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
@@ -50,29 +52,15 @@
#include "polarssl/error.h"
#include "polarssl/debug.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
#if defined(POLARSSL_SSL_CACHE_C)
#include "polarssl/ssl_cache.h"
#endif
-#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
- !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
- !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
- !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C)
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
- "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
- "not defined.\n");
- return( 0 );
-}
-#else
-
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
"<h2>mbed TLS Test Server</h2>\r\n" \
@@ -80,6 +68,21 @@
#define DEBUG_LEVEL 0
+#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
+ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
+ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
+ !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO)
+int main( void )
+{
+ polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
+ "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
+ "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
+ "not defined.\n");
+ return( 0 );
+}
+#else
static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
@@ -88,7 +91,7 @@
fflush( (FILE *) ctx );
}
-int main( int argc, char *argv[] )
+int main( void )
{
int ret, len;
int listen_fd;
@@ -105,9 +108,6 @@
ssl_cache_context cache;
#endif
- ((void) argc);
- ((void) argv);
-
memset( &ssl, 0, sizeof(ssl_context) );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 5d6fe40..5319c7e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -29,27 +29,12 @@
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
-#define polarssl_printf printf
-#define polarssl_fprintf fprintf
-#define polarssl_malloc malloc
-#define polarssl_free free
-#endif
-
-#if !defined(POLARSSL_ENTROPY_C) || \
- !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
- !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
#include <stdio.h>
-int main( int argc, char *argv[] )
-{
- ((void) argc);
- ((void) argv);
-
- polarssl_printf("POLARSSL_ENTROPY_C and/or "
- "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
- "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
- return( 0 );
-}
-#else
+#define polarssl_free free
+#define polarssl_malloc malloc
+#define polarssl_fprintf fprintf
+#define polarssl_printf printf
+#endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && defined(POLARSSL_FS_IO)
#define POLARSSL_SNI
@@ -59,14 +44,9 @@
#include <windows.h>
#endif
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-
-#if !defined(_WIN32)
-#include <signal.h>
-#endif
-
+#if defined(POLARSSL_ENTROPY_C) && \
+ defined(POLARSSL_SSL_TLS_C) && defined(POLARSSL_SSL_SRV_C) && \
+ defined(POLARSSL_NET_C) && defined(POLARSSL_CTR_DRBG_C)
#include "polarssl/net.h"
#include "polarssl/ssl.h"
#include "polarssl/entropy.h"
@@ -76,6 +56,15 @@
#include "polarssl/error.h"
#include "polarssl/debug.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
+#if !defined(_WIN32)
+#include <signal.h>
+#endif
+
#if defined(POLARSSL_SSL_CACHE_C)
#include "polarssl/ssl_cache.h"
#endif
@@ -155,102 +144,6 @@
*/
#define IO_BUF_LEN 200
-/*
- * global options
- */
-struct options
-{
- const char *server_addr; /* address on which the ssl service runs */
- int server_port; /* port on which the ssl service runs */
- int debug_level; /* level of debugging */
- int nbio; /* should I/O be blocking? */
- uint32_t read_timeout; /* timeout on ssl_read() in milliseconds */
- const char *ca_file; /* the file with the CA certificate(s) */
- const char *ca_path; /* the path with the CA certificate(s) reside */
- const char *crt_file; /* the file with the server certificate */
- const char *key_file; /* the file with the server key */
- const char *crt_file2; /* the file with the 2nd server certificate */
- const char *key_file2; /* the file with the 2nd server key */
- const char *psk; /* the pre-shared key */
- const char *psk_identity; /* the pre-shared key identity */
- char *psk_list; /* list of PSK id/key pairs for callback */
- int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
- const char *version_suites; /* per-version ciphersuites */
- int renegotiation; /* enable / disable renegotiation */
- int allow_legacy; /* allow legacy renegotiation */
- int renegotiate; /* attempt renegotiation? */
- int renego_delay; /* delay before enforcing renegotiation */
- int renego_period; /* period for automatic renegotiation */
- int exchanges; /* number of data exchanges */
- int min_version; /* minimum protocol version accepted */
- int max_version; /* maximum protocol version accepted */
- int arc4; /* flag for arc4 suites support */
- int auth_mode; /* verify mode for connection */
- unsigned char mfl_code; /* code for maximum fragment length */
- int trunc_hmac; /* accept truncated hmac? */
- int tickets; /* enable / disable session tickets */
- int ticket_timeout; /* session ticket lifetime */
- int cache_max; /* max number of session cache entries */
- int cache_timeout; /* expiration delay of session cache entries */
- char *sni; /* string describing sni information */
- const char *alpn_string; /* ALPN supported protocols */
- const char *dhm_file; /* the file with the DH parameters */
- int extended_ms; /* allow negotiation of extended MS? */
- int etm; /* allow negotiation of encrypt-then-MAC? */
- int transport; /* TLS or DTLS? */
- int cookies; /* Use cookies for DTLS? -1 to break them */
- int anti_replay; /* Use anti-replay for DTLS? -1 for default */
- uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
- uint32_t hs_to_max; /* Max value of DTLS handshake timer */
- int badmac_limit; /* Limit of records with bad MAC */
-} opt;
-
-static void my_debug( void *ctx, int level, const char *str )
-{
- ((void) level);
-
- polarssl_fprintf( (FILE *) ctx, "%s", str );
- fflush( (FILE *) ctx );
-}
-
-/*
- * Test recv/send functions that make sure each try returns
- * WANT_READ/WANT_WRITE at least once before sucesseding
- */
-static int my_recv( void *ctx, unsigned char *buf, size_t len )
-{
- static int first_try = 1;
- int ret;
-
- if( first_try )
- {
- first_try = 0;
- return( POLARSSL_ERR_NET_WANT_READ );
- }
-
- ret = net_recv( ctx, buf, len );
- if( ret != POLARSSL_ERR_NET_WANT_READ )
- first_try = 1; /* Next call will be a new operation */
- return( ret );
-}
-
-static int my_send( void *ctx, const unsigned char *buf, size_t len )
-{
- static int first_try = 1;
- int ret;
-
- if( first_try )
- {
- first_try = 0;
- return( POLARSSL_ERR_NET_WANT_WRITE );
- }
-
- ret = net_send( ctx, buf, len );
- if( ret != POLARSSL_ERR_NET_WANT_WRITE )
- first_try = 1; /* Next call will be a new operation */
- return( ret );
-}
-
#if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(POLARSSL_FS_IO)
#define USAGE_IO \
@@ -434,6 +327,114 @@
" force_ciphersuite=<name> default: all enabled\n" \
" acceptable ciphersuite names:\n"
+#if !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
+ !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
+#include <stdio.h>
+int main( void )
+{
+ polarssl_printf("POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
+ "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
+ return( 0 );
+}
+#else
+/*
+ * global options
+ */
+struct options
+{
+ const char *server_addr; /* address on which the ssl service runs */
+ int server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int nbio; /* should I/O be blocking? */
+ uint32_t read_timeout; /* timeout on ssl_read() in milliseconds */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *crt_file; /* the file with the server certificate */
+ const char *key_file; /* the file with the server key */
+ const char *crt_file2; /* the file with the 2nd server certificate */
+ const char *key_file2; /* the file with the 2nd server key */
+ const char *psk; /* the pre-shared key */
+ const char *psk_identity; /* the pre-shared key identity */
+ char *psk_list; /* list of PSK id/key pairs for callback */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+ const char *version_suites; /* per-version ciphersuites */
+ int renegotiation; /* enable / disable renegotiation */
+ int allow_legacy; /* allow legacy renegotiation */
+ int renegotiate; /* attempt renegotiation? */
+ int renego_delay; /* delay before enforcing renegotiation */
+ int renego_period; /* period for automatic renegotiation */
+ int exchanges; /* number of data exchanges */
+ int min_version; /* minimum protocol version accepted */
+ int max_version; /* maximum protocol version accepted */
+ int arc4; /* flag for arc4 suites support */
+ int auth_mode; /* verify mode for connection */
+ unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* accept truncated hmac? */
+ int tickets; /* enable / disable session tickets */
+ int ticket_timeout; /* session ticket lifetime */
+ int cache_max; /* max number of session cache entries */
+ int cache_timeout; /* expiration delay of session cache entries */
+ char *sni; /* string describing sni information */
+ const char *alpn_string; /* ALPN supported protocols */
+ const char *dhm_file; /* the file with the DH parameters */
+ int extended_ms; /* allow negotiation of extended MS? */
+ int etm; /* allow negotiation of encrypt-then-MAC? */
+ int transport; /* TLS or DTLS? */
+ int cookies; /* Use cookies for DTLS? -1 to break them */
+ int anti_replay; /* Use anti-replay for DTLS? -1 for default */
+ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
+ uint32_t hs_to_max; /* Max value of DTLS handshake timer */
+ int badmac_limit; /* Limit of records with bad MAC */
+} opt;
+
+static void my_debug( void *ctx, int level, const char *str )
+{
+ ((void) level);
+
+ polarssl_fprintf( (FILE *) ctx, "%s", str );
+ fflush( (FILE *) ctx );
+}
+
+/*
+ * Test recv/send functions that make sure each try returns
+ * WANT_READ/WANT_WRITE at least once before sucesseding
+ */
+static int my_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( POLARSSL_ERR_NET_WANT_READ );
+ }
+
+ ret = net_recv( ctx, buf, len );
+ if( ret != POLARSSL_ERR_NET_WANT_READ )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
+static int my_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ static int first_try = 1;
+ int ret;
+
+ if( first_try )
+ {
+ first_try = 0;
+ return( POLARSSL_ERR_NET_WANT_WRITE );
+ }
+
+ ret = net_send( ctx, buf, len );
+ if( ret != POLARSSL_ERR_NET_WANT_WRITE )
+ first_try = 1; /* Next call will be a new operation */
+ return( ret );
+}
+
/*
* Used by sni_parse and psk_parse to handle coma-separated lists
*/
@@ -441,7 +442,7 @@
dst = p; \
while( *p != ',' ) \
if( ++p > end ) \
- return( NULL ); \
+ goto error; \
*p++ = '\0';
#if defined(POLARSSL_SNI)
@@ -454,53 +455,6 @@
sni_entry *next;
};
-/*
- * Parse a string of triplets name1,crt1,key1[,name2,crt2,key2[,...]]
- * into a usable sni_entry list.
- *
- * Modifies the input string! This is not production quality!
- * (leaks memory if parsing fails, no error reporting, ...)
- */
-sni_entry *sni_parse( char *sni_string )
-{
- sni_entry *cur = NULL, *new = NULL;
- char *p = sni_string;
- char *end = p;
- char *crt_file, *key_file;
-
- while( *end != '\0' )
- ++end;
- *end = ',';
-
- while( p <= end )
- {
- if( ( new = polarssl_malloc( sizeof( sni_entry ) ) ) == NULL )
- return( NULL );
-
- memset( new, 0, sizeof( sni_entry ) );
-
- if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL ||
- ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
- return( NULL );
-
- x509_crt_init( new->cert );
- pk_init( new->key );
-
- GET_ITEM( new->name );
- GET_ITEM( crt_file );
- GET_ITEM( key_file );
-
- if( x509_crt_parse_file( new->cert, crt_file ) != 0 ||
- pk_parse_keyfile( new->key, key_file, "" ) != 0 )
- return( NULL );
-
- new->next = cur;
- cur = new;
- }
-
- return( cur );
-}
-
void sni_free( sni_entry *head )
{
sni_entry *cur = head, *next;
@@ -520,6 +474,67 @@
}
/*
+ * Parse a string of triplets name1,crt1,key1[,name2,crt2,key2[,...]]
+ * into a usable sni_entry list.
+ *
+ * Modifies the input string! This is not production quality!
+ */
+sni_entry *sni_parse( char *sni_string )
+{
+ sni_entry *cur = NULL, *new = NULL;
+ char *p = sni_string;
+ char *end = p;
+ char *crt_file, *key_file;
+
+ while( *end != '\0' )
+ ++end;
+ *end = ',';
+
+ while( p <= end )
+ {
+ if( ( new = polarssl_malloc( sizeof( sni_entry ) ) ) == NULL )
+ {
+ sni_free( cur );
+ return( NULL );
+ }
+
+ memset( new, 0, sizeof( sni_entry ) );
+
+ if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL ||
+ ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
+ {
+ polarssl_free( new->cert );
+ polarssl_free( new );
+ sni_free( cur );
+ return( NULL );
+ }
+
+ x509_crt_init( new->cert );
+ pk_init( new->key );
+
+ GET_ITEM( new->name );
+ GET_ITEM( crt_file );
+ GET_ITEM( key_file );
+
+ if( x509_crt_parse_file( new->cert, crt_file ) != 0 ||
+ pk_parse_keyfile( new->key, key_file, "" ) != 0 )
+ {
+ goto error;
+ }
+
+ new->next = cur;
+ cur = new;
+ }
+
+ return( cur );
+
+error:
+ sni_free( new );
+ sni_free( cur );
+ return( NULL );
+}
+
+/*
* SNI callback.
*/
int sni_callback( void *p_info, ssl_context *ssl,
@@ -594,11 +609,25 @@
};
/*
+ * Free a list of psk_entry's
+ */
+void psk_free( psk_entry *head )
+{
+ psk_entry *next;
+
+ while( head != NULL )
+ {
+ next = head->next;
+ polarssl_free( head );
+ head = next;
+ }
+}
+
+/*
* Parse a string of pairs name1,key1[,name2,key2[,...]]
* into a usable psk_entry list.
*
* Modifies the input string! This is not production quality!
- * (leaks memory if parsing fails, no error reporting, ...)
*/
psk_entry *psk_parse( char *psk_string )
{
@@ -622,28 +651,18 @@
GET_ITEM( key_hex );
if( unhexify( new->key, key_hex, &new->key_len ) != 0 )
- return( NULL );
+ goto error;
new->next = cur;
cur = new;
}
return( cur );
-}
-/*
- * Free a list of psk_entry's
- */
-void psk_free( psk_entry *head )
-{
- psk_entry *next;
-
- while( head != NULL )
- {
- next = head->next;
- polarssl_free( head );
- head = next;
- }
+error:
+ psk_free( new );
+ psk_free( cur );
+ return( 0 );
}
/*