2 * SSL client with options
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 * This file is part of mbed TLS (https://tls.mbed.org)
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
25 #include MBEDTLS_CONFIG_FILE
28 #if defined(MBEDTLS_PLATFORM_C)
29 #include "mbedtls/platform.h"
33 #define mbedtls_calloc calloc
34 #define mbedtls_free free
35 #define mbedtls_time time
36 #define mbedtls_time_t time_t
37 #define mbedtls_calloc calloc
38 #define mbedtls_fprintf fprintf
39 #define mbedtls_printf printf
40 #define mbedtls_exit exit
41 #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
42 #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
45 #if !defined(MBEDTLS_ENTROPY_C) || \
46 !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
47 !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
50 mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
51 "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
52 "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
57 #include "mbedtls/net_sockets.h"
58 #include "mbedtls/ssl.h"
59 #include "mbedtls/entropy.h"
60 #include "mbedtls/ctr_drbg.h"
61 #include "mbedtls/certs.h"
62 #include "mbedtls/x509.h"
63 #include "mbedtls/error.h"
64 #include "mbedtls/debug.h"
65 #include "mbedtls/timing.h"
67 #if defined(MBEDTLS_USE_PSA_CRYPTO)
68 #include "psa/crypto.h"
69 #include "mbedtls/psa_util.h"
77 #if !defined(_MSC_VER)
85 #if defined(MBEDTLS_SSL_CACHE_C)
86 #include "mbedtls/ssl_cache.h"
89 #if defined(MBEDTLS_SSL_TICKET_C)
90 #include "mbedtls/ssl_ticket.h"
93 #if defined(MBEDTLS_SSL_COOKIE_C)
94 #include "mbedtls/ssl_cookie.h"
97 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
98 #include "mbedtls/memory_buffer_alloc.h"
101 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_FS_IO)
109 /* Size of memory to be allocated for the heap, when using the library's memory
110 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
111 #define MEMORY_HEAP_SIZE 120000
113 #define DFL_SERVER_ADDR NULL
114 #define DFL_SERVER_PORT "4433"
115 #define DFL_RESPONSE_SIZE -1
116 #define DFL_DEBUG_LEVEL 0
119 #define DFL_READ_TIMEOUT 0
120 #define DFL_CA_FILE ""
121 #define DFL_CA_PATH ""
122 #define DFL_CRT_FILE ""
123 #define DFL_KEY_FILE ""
124 #define DFL_CRT_FILE2 ""
125 #define DFL_KEY_FILE2 ""
126 #define DFL_ASYNC_OPERATIONS "-"
127 #define DFL_ASYNC_PRIVATE_DELAY1 ( -1 )
128 #define DFL_ASYNC_PRIVATE_DELAY2 ( -1 )
129 #define DFL_ASYNC_PRIVATE_ERROR ( 0 )
131 #define DFL_PSK_OPAQUE 0
132 #define DFL_PSK_LIST_OPAQUE 0
133 #define DFL_PSK_IDENTITY "Client_identity"
134 #define DFL_ECJPAKE_PW NULL
135 #define DFL_PSK_LIST NULL
136 #define DFL_FORCE_CIPHER 0
137 #define DFL_VERSION_SUITES NULL
138 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
139 #define DFL_ALLOW_LEGACY -2
140 #define DFL_RENEGOTIATE 0
141 #define DFL_RENEGO_DELAY -2
142 #define DFL_RENEGO_PERIOD ( (uint64_t)-1 )
143 #define DFL_EXCHANGES 1
144 #define DFL_MIN_VERSION -1
145 #define DFL_MAX_VERSION -1
148 #define DFL_CID_ENABLED 0
149 #define DFL_CID_VALUE ""
150 #define DFL_CID_ENABLED_RENEGO -1
151 #define DFL_CID_VALUE_RENEGO NULL
152 #define DFL_AUTH_MODE -1
153 #define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
154 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
155 #define DFL_TRUNC_HMAC -1
156 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
157 #define DFL_TICKET_TIMEOUT 86400
158 #define DFL_CACHE_MAX -1
159 #define DFL_CACHE_TIMEOUT -1
161 #define DFL_ALPN_STRING NULL
162 #define DFL_CURVES NULL
163 #define DFL_DHM_FILE NULL
164 #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
165 #define DFL_COOKIES 1
166 #define DFL_ANTI_REPLAY -1
167 #define DFL_HS_TO_MIN 0
168 #define DFL_HS_TO_MAX 0
169 #define DFL_DTLS_MTU -1
170 #define DFL_BADMAC_LIMIT -1
171 #define DFL_DGRAM_PACKING 1
172 #define DFL_EXTENDED_MS -1
174 #define DFL_CA_CALLBACK 0
175 #define DFL_EAP_TLS 0
177 #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
178 "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
179 "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
180 "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
181 "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
182 "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
183 "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
185 /* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
186 * packets (for fragmentation purposes) */
187 #define HTTP_RESPONSE \
188 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
189 "<h2>mbed TLS Test Server</h2>\r\n" \
190 "<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
193 * Size of the basic I/O buffer. Able to hold our default response.
195 * You will need to adapt the mbedtls_ssl_get_bytes_avail() test in ssl-opt.sh
196 * if you change this value to something outside the range <= 100 or > 500
198 #define DFL_IO_BUF_LEN 200
200 #if defined(MBEDTLS_X509_CRT_PARSE_C)
201 #if defined(MBEDTLS_FS_IO)
203 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
204 " default: \"\" (pre-loaded)\n" \
205 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
206 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
207 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
208 " default: see note after key_file2\n" \
209 " key_file=%%s default: see note after key_file2\n" \
210 " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \
211 " default: see note after key_file2\n" \
212 " key_file2=%%s default: see note below\n" \
213 " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
214 " preloaded certificate(s) and key(s) are used if available\n" \
215 " dhm_file=%%s File containing Diffie-Hellman parameters\n" \
216 " default: preloaded parameters\n"
220 " No file operations available (MBEDTLS_FS_IO not defined)\n" \
222 #endif /* MBEDTLS_FS_IO */
225 #endif /* MBEDTLS_X509_CRT_PARSE_C */
227 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
228 #define USAGE_SSL_ASYNC \
229 " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
230 " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
231 " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \
232 " default: -1 (not asynchronous)\n" \
233 " async_private_error=%%d Async callback error injection (default=0=none,\n" \
234 " 1=start, 2=cancel, 3=resume, negative=first time only)"
236 #define USAGE_SSL_ASYNC ""
237 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
239 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
241 " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
242 " default: 0 (disabled)\n" \
243 " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
244 " default: same as 'cid' parameter\n" \
245 " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
247 " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
248 " default: same as 'cid_val' parameter\n"
249 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
251 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
253 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
254 #define USAGE_PSK_RAW \
255 " psk=%%s default: \"\" (in hex, without 0x)\n" \
256 " psk_list=%%s default: \"\"\n" \
257 " A list of (PSK identity, PSK value) pairs.\n" \
258 " The PSK values are in hex, without 0x.\n" \
259 " id1,psk1[,id2,psk2[,...]]\n" \
260 " psk_identity=%%s default: \"Client_identity\"\n"
261 #if defined(MBEDTLS_USE_PSA_CRYPTO)
262 #define USAGE_PSK_SLOT \
263 " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
264 " Enable this to store the PSK configured through command line\n" \
265 " parameter `psk` in a PSA-based key slot.\n" \
266 " Note: Currently only supported in conjunction with\n" \
267 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
268 " to force a particular PSK-only ciphersuite.\n" \
269 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
270 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
271 " with prepopulated key slots instead of importing raw key material.\n" \
272 " psk_list_opaque=%%d default: 0 (don't use opaque dynamic PSKs)\n" \
273 " Enable this to store the list of dynamically chosen PSKs configured\n" \
274 " through the command line parameter `psk_list` in PSA-based key slots.\n" \
275 " Note: Currently only supported in conjunction with\n" \
276 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
277 " to force a particular PSK-only ciphersuite.\n" \
278 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
279 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
280 " with prepopulated key slots instead of importing raw key material.\n"
282 #define USAGE_PSK_SLOT ""
283 #endif /* MBEDTLS_USE_PSA_CRYPTO */
284 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
287 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
288 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
289 #define USAGE_CA_CALLBACK \
290 " ca_callback=%%d default: 0 (disabled)\n" \
291 " Enable this to use the trusted certificate callback function\n"
293 #define USAGE_CA_CALLBACK ""
294 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
295 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
296 #define USAGE_TICKETS \
297 " tickets=%%d default: 1 (enabled)\n" \
298 " ticket_timeout=%%d default: 86400 (one day)\n"
300 #define USAGE_TICKETS ""
301 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
303 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
304 #define USAGE_EAP_TLS \
305 " eap_tls=%%d default: 0 (disabled)\n"
307 #define USAGE_EAP_TLS ""
308 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
310 #if defined(MBEDTLS_SSL_CACHE_C)
311 #define USAGE_CACHE \
312 " cache_max=%%d default: cache default (50)\n" \
313 " cache_timeout=%%d default: cache default (1d)\n"
315 #define USAGE_CACHE ""
316 #endif /* MBEDTLS_SSL_CACHE_C */
318 #if defined(SNI_OPTION)
319 #if defined(MBEDTLS_X509_CRL_PARSE_C)
320 #define SNI_CRL ",crl"
326 " sni=%%s name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n" \
327 " default: disabled\n"
330 #endif /* SNI_OPTION */
332 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
333 #define USAGE_MAX_FRAG_LEN \
334 " max_frag_len=%%d default: 16384 (tls default)\n" \
335 " options: 512, 1024, 2048, 4096\n"
337 #define USAGE_MAX_FRAG_LEN ""
338 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
340 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
341 #define USAGE_TRUNC_HMAC \
342 " trunc_hmac=%%d default: library default\n"
344 #define USAGE_TRUNC_HMAC ""
347 #if defined(MBEDTLS_SSL_ALPN)
349 " alpn=%%s default: \"\" (disabled)\n" \
350 " example: spdy/1,http/1.1\n"
352 #define USAGE_ALPN ""
353 #endif /* MBEDTLS_SSL_ALPN */
355 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
356 #define USAGE_COOKIES \
357 " cookies=0/1/-1 default: 1 (enabled)\n" \
358 " 0: disabled, -1: library default (broken)\n"
360 #define USAGE_COOKIES ""
363 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
364 #define USAGE_ANTI_REPLAY \
365 " anti_replay=0/1 default: (library default: enabled)\n"
367 #define USAGE_ANTI_REPLAY ""
370 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
371 #define USAGE_BADMAC_LIMIT \
372 " badmac_limit=%%d default: (library default: disabled)\n"
374 #define USAGE_BADMAC_LIMIT ""
377 #if defined(MBEDTLS_SSL_PROTO_DTLS)
379 " dtls=%%d default: 0 (TLS)\n" \
380 " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
381 " range of DTLS handshake timeouts in millisecs\n" \
382 " mtu=%%d default: (library default: unlimited)\n" \
383 " dgram_packing=%%d default: 1 (allowed)\n" \
384 " allow or forbid packing of multiple\n" \
385 " records within a single datgram.\n"
387 #define USAGE_DTLS ""
390 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
392 " extended_ms=0/1 default: (library default: on)\n"
397 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
399 " etm=0/1 default: (library default: on)\n"
404 #if defined(MBEDTLS_SSL_RENEGOTIATION)
405 #define USAGE_RENEGO \
406 " renegotiation=%%d default: 0 (disabled)\n" \
407 " renegotiate=%%d default: 0 (disabled)\n" \
408 " renego_delay=%%d default: -2 (library default)\n" \
409 " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n"
411 #define USAGE_RENEGO ""
414 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
415 #define USAGE_ECJPAKE \
416 " ecjpake_pw=%%s default: none (disabled)\n"
418 #define USAGE_ECJPAKE ""
421 #if defined(MBEDTLS_ECP_C)
422 #define USAGE_CURVES \
423 " curves=a,b,c,d default: \"default\" (library default)\n" \
424 " example: \"secp521r1,brainpoolP512r1\"\n" \
425 " - use \"none\" for empty list\n" \
426 " - see mbedtls_ecp_curve_list()\n" \
427 " for acceptable curve names\n"
429 #define USAGE_CURVES ""
433 "\n usage: ssl_server2 param=<>...\n" \
434 "\n acceptable parameters:\n" \
435 " server_addr=%%s default: (all interfaces)\n" \
436 " server_port=%%d default: 4433\n" \
437 " debug_level=%%d default: 0 (disabled)\n" \
438 " buffer_size=%%d default: 200 \n" \
439 " (minimum: 1, max: 16385)\n" \
440 " response_size=%%d default: about 152 (basic response)\n" \
441 " (minimum: 0, max: 16384)\n" \
442 " increases buffer_size if bigger\n"\
443 " nbio=%%d default: 0 (blocking I/O)\n" \
444 " options: 1 (non-blocking), 2 (added delays)\n" \
445 " event=%%d default: 0 (loop)\n" \
446 " options: 1 (level-triggered, implies nbio=1),\n" \
447 " read_timeout=%%d default: 0 ms (no timeout)\n" \
454 " auth_mode=%%s default: (library default: none)\n" \
455 " options: none, optional, required\n" \
456 " cert_req_ca_list=%%d default: 1 (send ca list)\n" \
457 " options: 1 (send ca list), 0 (don't send)\n" \
466 " allow_legacy=%%d default: (library default: no)\n" \
468 " exchanges=%%d default: 1\n" \
480 " arc4=%%d default: (library default: 0)\n" \
481 " allow_sha1=%%d default: 0\n" \
482 " min_version=%%s default: (library default: tls1)\n" \
483 " max_version=%%s default: (library default: tls1_2)\n" \
484 " force_version=%%s default: \"\" (none)\n" \
485 " options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
487 " version_suites=a,b,c,d per-version ciphersuites\n" \
488 " in order from ssl3 to tls1_2\n" \
489 " default: all enabled\n" \
490 " force_ciphersuite=<name> default: all enabled\n" \
491 " query_config=<name> return 0 if the specified\n" \
492 " configuration macro is defined and 1\n" \
493 " otherwise. The expansion of the macro\n" \
494 " is printed if it is defined\n" \
495 " acceptable ciphersuite names:\n"
498 #define ALPN_LIST_SIZE 10
499 #define CURVE_LIST_SIZE 20
501 #define PUT_UINT64_BE(out_be,in_le,i) \
503 (out_be)[(i) + 0] = (unsigned char)( ( (in_le) >> 56 ) & 0xFF ); \
504 (out_be)[(i) + 1] = (unsigned char)( ( (in_le) >> 48 ) & 0xFF ); \
505 (out_be)[(i) + 2] = (unsigned char)( ( (in_le) >> 40 ) & 0xFF ); \
506 (out_be)[(i) + 3] = (unsigned char)( ( (in_le) >> 32 ) & 0xFF ); \
507 (out_be)[(i) + 4] = (unsigned char)( ( (in_le) >> 24 ) & 0xFF ); \
508 (out_be)[(i) + 5] = (unsigned char)( ( (in_le) >> 16 ) & 0xFF ); \
509 (out_be)[(i) + 6] = (unsigned char)( ( (in_le) >> 8 ) & 0xFF ); \
510 (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
513 #if defined(MBEDTLS_CHECK_PARAMS)
514 #include "mbedtls/platform_util.h"
515 void mbedtls_param_failed( const char *failure_condition,
519 mbedtls_printf( "%s:%i: Input param failed - %s\n",
520 file, line, failure_condition );
521 mbedtls_exit( MBEDTLS_EXIT_FAILURE );
530 const char *server_addr; /* address on which the ssl service runs */
531 const char *server_port; /* port on which the ssl service runs */
532 int debug_level; /* level of debugging */
533 int nbio; /* should I/O be blocking? */
534 int event; /* loop or event-driven IO? level or edge triggered? */
535 uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
536 int response_size; /* pad response with header to requested size */
537 uint16_t buffer_size; /* IO buffer size */
538 const char *ca_file; /* the file with the CA certificate(s) */
539 const char *ca_path; /* the path with the CA certificate(s) reside */
540 const char *crt_file; /* the file with the server certificate */
541 const char *key_file; /* the file with the server key */
542 const char *crt_file2; /* the file with the 2nd server certificate */
543 const char *key_file2; /* the file with the 2nd server key */
544 const char *async_operations; /* supported SSL asynchronous operations */
545 int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
546 int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
547 int async_private_error; /* inject error in async private callback */
548 #if defined(MBEDTLS_USE_PSA_CRYPTO)
552 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
553 int ca_callback; /* Use callback for trusted certificate list */
555 const char *psk; /* the pre-shared key */
556 const char *psk_identity; /* the pre-shared key identity */
557 char *psk_list; /* list of PSK id/key pairs for callback */
558 const char *ecjpake_pw; /* the EC J-PAKE password */
559 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
560 const char *version_suites; /* per-version ciphersuites */
561 int renegotiation; /* enable / disable renegotiation */
562 int allow_legacy; /* allow legacy renegotiation */
563 int renegotiate; /* attempt renegotiation? */
564 int renego_delay; /* delay before enforcing renegotiation */
565 uint64_t renego_period; /* period for automatic renegotiation */
566 int exchanges; /* number of data exchanges */
567 int min_version; /* minimum protocol version accepted */
568 int max_version; /* maximum protocol version accepted */
569 int arc4; /* flag for arc4 suites support */
570 int allow_sha1; /* flag for SHA-1 support */
571 int auth_mode; /* verify mode for connection */
572 int cert_req_ca_list; /* should we send the CA list? */
573 unsigned char mfl_code; /* code for maximum fragment length */
574 int trunc_hmac; /* accept truncated hmac? */
575 int tickets; /* enable / disable session tickets */
576 int ticket_timeout; /* session ticket lifetime */
577 int cache_max; /* max number of session cache entries */
578 int cache_timeout; /* expiration delay of session cache entries */
579 char *sni; /* string describing sni information */
580 const char *curves; /* list of supported elliptic curves */
581 const char *alpn_string; /* ALPN supported protocols */
582 const char *dhm_file; /* the file with the DH parameters */
583 int extended_ms; /* allow negotiation of extended MS? */
584 int etm; /* allow negotiation of encrypt-then-MAC? */
585 int transport; /* TLS or DTLS? */
586 int cookies; /* Use cookies for DTLS? -1 to break them */
587 int anti_replay; /* Use anti-replay for DTLS? -1 for default */
588 uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
589 uint32_t hs_to_max; /* Max value of DTLS handshake timer */
590 int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
591 int dgram_packing; /* allow/forbid datagram packing */
592 int badmac_limit; /* Limit of records with bad MAC */
593 int eap_tls; /* derive EAP-TLS keying material? */
594 int cid_enabled; /* whether to use the CID extension or not */
595 int cid_enabled_renego; /* whether to use the CID extension or not
596 * during renegotiation */
597 const char *cid_val; /* the CID to use for incoming messages */
598 const char *cid_val_renego; /* the CID to use for incoming messages
599 * after renegotiation */
602 int query_config( const char *config );
604 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
605 typedef struct eap_tls_keys
607 unsigned char master_secret[48];
608 unsigned char randbytes[64];
609 mbedtls_tls_prf_types tls_prf_type;
612 static int eap_tls_key_derivation ( void *p_expkey,
613 const unsigned char *ms,
614 const unsigned char *kb,
618 unsigned char client_random[32],
619 unsigned char server_random[32],
620 mbedtls_tls_prf_types tls_prf_type )
622 eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
625 memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
626 memcpy( keys->randbytes, client_random, 32 );
627 memcpy( keys->randbytes + 32, server_random, 32 );
628 keys->tls_prf_type = tls_prf_type;
630 if( opt.debug_level > 2 )
632 mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
633 mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
634 mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
640 static void my_debug( void *ctx, int level,
641 const char *file, int line,
644 const char *p, *basename;
646 /* Extract basename from file */
647 for( p = basename = file; *p != '\0'; p++ )
648 if( *p == '/' || *p == '\\' )
651 mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str );
652 fflush( (FILE *) ctx );
655 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
656 int ca_callback( void *data, mbedtls_x509_crt const *child,
657 mbedtls_x509_crt **candidates)
660 mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
661 mbedtls_x509_crt *first;
663 /* This is a test-only implementation of the CA callback
664 * which always returns the entire list of trusted certificates.
665 * Production implementations managing a large number of CAs
666 * should use an efficient presentation and lookup for the
667 * set of trusted certificates (such as a hashtable) and only
668 * return those trusted certificates which satisfy basic
669 * parental checks, such as the matching of child `Issuer`
670 * and parent `Subject` field. */
673 first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
679 mbedtls_x509_crt_init( first );
681 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
687 while( ca->next != NULL )
690 if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
701 mbedtls_x509_crt_free( first );
702 mbedtls_free( first );
709 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
712 * Test recv/send functions that make sure each try returns
713 * WANT_READ/WANT_WRITE at least once before sucesseding
715 static int my_recv( void *ctx, unsigned char *buf, size_t len )
717 static int first_try = 1;
723 return( MBEDTLS_ERR_SSL_WANT_READ );
726 ret = mbedtls_net_recv( ctx, buf, len );
727 if( ret != MBEDTLS_ERR_SSL_WANT_READ )
728 first_try = 1; /* Next call will be a new operation */
732 static int my_send( void *ctx, const unsigned char *buf, size_t len )
734 static int first_try = 1;
740 return( MBEDTLS_ERR_SSL_WANT_WRITE );
743 ret = mbedtls_net_send( ctx, buf, len );
744 if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
745 first_try = 1; /* Next call will be a new operation */
750 * Return authmode from string, or -1 on error
752 static int get_auth_mode( const char *s )
754 if( strcmp( s, "none" ) == 0 )
755 return( MBEDTLS_SSL_VERIFY_NONE );
756 if( strcmp( s, "optional" ) == 0 )
757 return( MBEDTLS_SSL_VERIFY_OPTIONAL );
758 if( strcmp( s, "required" ) == 0 )
759 return( MBEDTLS_SSL_VERIFY_REQUIRED );
765 * Used by sni_parse and psk_parse to handle coma-separated lists
767 #define GET_ITEM( dst ) \
777 #if defined(SNI_OPTION)
778 typedef struct _sni_entry sni_entry;
782 mbedtls_x509_crt *cert;
783 mbedtls_pk_context *key;
784 mbedtls_x509_crt* ca;
785 mbedtls_x509_crl* crl;
790 void sni_free( sni_entry *head )
792 sni_entry *cur = head, *next;
796 mbedtls_x509_crt_free( cur->cert );
797 mbedtls_free( cur->cert );
799 mbedtls_pk_free( cur->key );
800 mbedtls_free( cur->key );
802 mbedtls_x509_crt_free( cur->ca );
803 mbedtls_free( cur->ca );
804 #if defined(MBEDTLS_X509_CRL_PARSE_C)
805 mbedtls_x509_crl_free( cur->crl );
806 mbedtls_free( cur->crl );
815 * Parse a string of sextuples name1,crt1,key1,ca1,crl1,auth1[,...]
816 * into a usable sni_entry list. For ca1, crl1, auth1, the special value
817 * '-' means unset. If ca1 is unset, then crl1 is ignored too.
819 * Modifies the input string! This is not production quality!
821 sni_entry *sni_parse( char *sni_string )
823 sni_entry *cur = NULL, *new = NULL;
824 char *p = sni_string;
826 char *crt_file, *key_file, *ca_file, *auth_str;
827 #if defined(MBEDTLS_X509_CRL_PARSE_C)
831 while( *end != '\0' )
837 if( ( new = mbedtls_calloc( 1, sizeof( sni_entry ) ) ) == NULL )
843 GET_ITEM( new->name );
844 GET_ITEM( crt_file );
845 GET_ITEM( key_file );
847 #if defined(MBEDTLS_X509_CRL_PARSE_C)
848 GET_ITEM( crl_file );
850 GET_ITEM( auth_str );
852 if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
853 ( new->key = mbedtls_calloc( 1, sizeof( mbedtls_pk_context ) ) ) == NULL )
856 mbedtls_x509_crt_init( new->cert );
857 mbedtls_pk_init( new->key );
859 if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 ||
860 mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 )
863 if( strcmp( ca_file, "-" ) != 0 )
865 if( ( new->ca = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL )
868 mbedtls_x509_crt_init( new->ca );
870 if( mbedtls_x509_crt_parse_file( new->ca, ca_file ) != 0 )
874 #if defined(MBEDTLS_X509_CRL_PARSE_C)
875 if( strcmp( crl_file, "-" ) != 0 )
877 if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
880 mbedtls_x509_crl_init( new->crl );
882 if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
887 if( strcmp( auth_str, "-" ) != 0 )
889 if( ( new->authmode = get_auth_mode( auth_str ) ) < 0 )
893 new->authmode = DFL_AUTH_MODE;
910 int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
911 const unsigned char *name, size_t name_len )
913 const sni_entry *cur = (const sni_entry *) p_info;
917 if( name_len == strlen( cur->name ) &&
918 memcmp( name, cur->name, name_len ) == 0 )
920 if( cur->ca != NULL )
921 mbedtls_ssl_set_hs_ca_chain( ssl, cur->ca, cur->crl );
923 if( cur->authmode != DFL_AUTH_MODE )
924 mbedtls_ssl_set_hs_authmode( ssl, cur->authmode );
926 return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) );
935 #endif /* SNI_OPTION */
937 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) || \
938 defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
940 #define HEX2NUM( c ) \
943 if( (c) >= '0' && (c) <= '9' ) \
945 else if( (c) >= 'a' && (c) <= 'f' ) \
947 else if( (c) >= 'A' && (c) <= 'F' ) \
954 * Convert a hex string to bytes.
955 * Return 0 on success, -1 on error.
957 int unhexify( unsigned char *output, const char *input, size_t *olen )
962 *olen = strlen( input );
963 if( *olen % 2 != 0 || *olen / 2 > MBEDTLS_PSK_MAX_LEN )
967 for( j = 0; j < *olen * 2; j += 2 )
971 output[ j / 2 ] = c << 4;
975 output[ j / 2 ] |= c;
983 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
985 typedef struct _psk_entry psk_entry;
991 unsigned char key[MBEDTLS_PSK_MAX_LEN];
992 #if defined(MBEDTLS_USE_PSA_CRYPTO)
993 psa_key_handle_t slot;
994 #endif /* MBEDTLS_USE_PSA_CRYPTO */
999 * Free a list of psk_entry's
1001 int psk_free( psk_entry *head )
1005 while( head != NULL )
1007 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1008 psa_status_t status;
1009 psa_key_handle_t const slot = head->slot;
1013 status = psa_destroy_key( slot );
1014 if( status != PSA_SUCCESS )
1017 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1020 mbedtls_free( head );
1028 * Parse a string of pairs name1,key1[,name2,key2[,...]]
1029 * into a usable psk_entry list.
1031 * Modifies the input string! This is not production quality!
1033 psk_entry *psk_parse( char *psk_string )
1035 psk_entry *cur = NULL, *new = NULL;
1036 char *p = psk_string;
1040 while( *end != '\0' )
1046 if( ( new = mbedtls_calloc( 1, sizeof( psk_entry ) ) ) == NULL )
1049 memset( new, 0, sizeof( psk_entry ) );
1051 GET_ITEM( new->name );
1052 GET_ITEM( key_hex );
1054 if( unhexify( new->key, key_hex, &new->key_len ) != 0 )
1072 int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
1073 const unsigned char *name, size_t name_len )
1075 psk_entry *cur = (psk_entry *) p_info;
1077 while( cur != NULL )
1079 if( name_len == strlen( cur->name ) &&
1080 memcmp( name, cur->name, name_len ) == 0 )
1082 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1083 if( cur->slot != 0 )
1084 return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) );
1087 return( mbedtls_ssl_set_hs_psk( ssl, cur->key, cur->key_len ) );
1095 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
1097 static mbedtls_net_context listen_fd, client_fd;
1099 /* Interruption handler to ensure clean exit (for valgrind testing) */
1100 #if !defined(_WIN32)
1101 static int received_sigterm = 0;
1102 void term_handler( int sig )
1105 received_sigterm = 1;
1106 mbedtls_net_free( &listen_fd ); /* causes mbedtls_net_accept() to abort */
1107 mbedtls_net_free( &client_fd ); /* causes net_read() to abort */
1111 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1112 static int ssl_sig_hashes_for_test[] = {
1113 #if defined(MBEDTLS_SHA512_C)
1117 #if defined(MBEDTLS_SHA256_C)
1121 #if defined(MBEDTLS_SHA1_C)
1122 /* Allow SHA-1 as we use it extensively in tests. */
1127 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1129 /** Return true if \p ret is a status code indicating that there is an
1130 * operation in progress on an SSL connection, and false if it indicates
1131 * success or a fatal error.
1133 * The possible operations in progress are:
1135 * - A read, when the SSL input buffer does not contain a full message.
1136 * - A write, when the SSL output buffer contains some data that has not
1137 * been sent over the network yet.
1138 * - An asynchronous callback that has not completed yet. */
1139 static int mbedtls_status_is_ssl_in_progress( int ret )
1141 return( ret == MBEDTLS_ERR_SSL_WANT_READ ||
1142 ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
1143 ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
1146 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1149 mbedtls_x509_crt *cert; /*!< Certificate corresponding to the key */
1150 mbedtls_pk_context *pk; /*!< Private key */
1151 unsigned delay; /*!< Number of resume steps to go through */
1152 unsigned pk_owned : 1; /*!< Whether to free the pk object on exit */
1153 } ssl_async_key_slot_t;
1156 SSL_ASYNC_INJECT_ERROR_NONE = 0, /*!< Let the callbacks succeed */
1157 SSL_ASYNC_INJECT_ERROR_START, /*!< Inject error during start */
1158 SSL_ASYNC_INJECT_ERROR_CANCEL, /*!< Close the connection after async start */
1159 SSL_ASYNC_INJECT_ERROR_RESUME, /*!< Inject error during resume */
1160 #define SSL_ASYNC_INJECT_ERROR_MAX SSL_ASYNC_INJECT_ERROR_RESUME
1161 } ssl_async_inject_error_t;
1165 ssl_async_key_slot_t slots[4]; /* key, key2, sni1, sni2 */
1167 ssl_async_inject_error_t inject_error;
1168 int (*f_rng)(void *, unsigned char *, size_t);
1170 } ssl_async_key_context_t;
1172 int ssl_async_set_key( ssl_async_key_context_t *ctx,
1173 mbedtls_x509_crt *cert,
1174 mbedtls_pk_context *pk,
1175 int pk_take_ownership,
1178 if( ctx->slots_used >= sizeof( ctx->slots ) / sizeof( *ctx->slots ) )
1180 ctx->slots[ctx->slots_used].cert = cert;
1181 ctx->slots[ctx->slots_used].pk = pk;
1182 ctx->slots[ctx->slots_used].delay = delay;
1183 ctx->slots[ctx->slots_used].pk_owned = pk_take_ownership;
1188 #define SSL_ASYNC_INPUT_MAX_SIZE 512
1194 } ssl_async_operation_type_t;
1195 /* Note that the enum above and the array below need to be kept in sync!
1196 * `ssl_async_operation_names[op]` is the name of op for each value `op`
1197 * of type `ssl_async_operation_type_t`. */
1198 static const char *const ssl_async_operation_names[] =
1207 ssl_async_operation_type_t operation_type;
1208 mbedtls_md_type_t md_alg;
1209 unsigned char input[SSL_ASYNC_INPUT_MAX_SIZE];
1211 unsigned remaining_delay;
1212 } ssl_async_operation_context_t;
1214 static int ssl_async_start( mbedtls_ssl_context *ssl,
1215 mbedtls_x509_crt *cert,
1216 ssl_async_operation_type_t op_type,
1217 mbedtls_md_type_t md_alg,
1218 const unsigned char *input,
1221 ssl_async_key_context_t *config_data =
1222 mbedtls_ssl_conf_get_async_config_data( ssl->conf );
1224 ssl_async_operation_context_t *ctx = NULL;
1225 const char *op_name = ssl_async_operation_names[op_type];
1229 if( mbedtls_x509_dn_gets( dn, sizeof( dn ), &cert->subject ) > 0 )
1230 mbedtls_printf( "Async %s callback: looking for DN=%s\n",
1234 /* Look for a private key that matches the public key in cert.
1235 * Since this test code has the private key inside Mbed TLS,
1236 * we call mbedtls_pk_check_pair to match a private key with the
1238 for( slot = 0; slot < config_data->slots_used; slot++ )
1240 if( mbedtls_pk_check_pair( &cert->pk,
1241 config_data->slots[slot].pk ) == 0 )
1244 if( slot == config_data->slots_used )
1246 mbedtls_printf( "Async %s callback: no key matches this certificate.\n",
1248 return( MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH );
1250 mbedtls_printf( "Async %s callback: using key slot %u, delay=%u.\n",
1251 op_name, slot, config_data->slots[slot].delay );
1253 if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_START )
1255 mbedtls_printf( "Async %s callback: injected error\n", op_name );
1256 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1259 if( input_len > SSL_ASYNC_INPUT_MAX_SIZE )
1260 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
1262 ctx = mbedtls_calloc( 1, sizeof( *ctx ) );
1264 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
1266 ctx->operation_type = op_type;
1267 ctx->md_alg = md_alg;
1268 memcpy( ctx->input, input, input_len );
1269 ctx->input_len = input_len;
1270 ctx->remaining_delay = config_data->slots[slot].delay;
1271 mbedtls_ssl_set_async_operation_data( ssl, ctx );
1273 if( ctx->remaining_delay == 0 )
1276 return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
1279 static int ssl_async_sign( mbedtls_ssl_context *ssl,
1280 mbedtls_x509_crt *cert,
1281 mbedtls_md_type_t md_alg,
1282 const unsigned char *hash,
1285 return( ssl_async_start( ssl, cert,
1286 ASYNC_OP_SIGN, md_alg,
1290 static int ssl_async_decrypt( mbedtls_ssl_context *ssl,
1291 mbedtls_x509_crt *cert,
1292 const unsigned char *input,
1295 return( ssl_async_start( ssl, cert,
1296 ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
1297 input, input_len ) );
1300 static int ssl_async_resume( mbedtls_ssl_context *ssl,
1301 unsigned char *output,
1303 size_t output_size )
1305 ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data( ssl );
1306 ssl_async_key_context_t *config_data =
1307 mbedtls_ssl_conf_get_async_config_data( ssl->conf );
1308 ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot];
1310 const char *op_name;
1312 if( ctx->remaining_delay > 0 )
1314 --ctx->remaining_delay;
1315 mbedtls_printf( "Async resume (slot %u): call %u more times.\n",
1316 ctx->slot, ctx->remaining_delay );
1317 return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
1320 switch( ctx->operation_type )
1322 case ASYNC_OP_DECRYPT:
1323 ret = mbedtls_pk_decrypt( key_slot->pk,
1324 ctx->input, ctx->input_len,
1325 output, output_len, output_size,
1326 config_data->f_rng, config_data->p_rng );
1329 ret = mbedtls_pk_sign( key_slot->pk,
1331 ctx->input, ctx->input_len,
1333 config_data->f_rng, config_data->p_rng );
1336 mbedtls_printf( "Async resume (slot %u): unknown operation type %ld. This shouldn't happen.\n",
1337 ctx->slot, (long) ctx->operation_type );
1338 mbedtls_free( ctx );
1339 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1343 op_name = ssl_async_operation_names[ctx->operation_type];
1345 if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME )
1347 mbedtls_printf( "Async resume callback: %s done but injected error\n",
1349 mbedtls_free( ctx );
1350 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
1353 mbedtls_printf( "Async resume (slot %u): %s done, status=%d.\n",
1354 ctx->slot, op_name, ret );
1355 mbedtls_free( ctx );
1359 static void ssl_async_cancel( mbedtls_ssl_context *ssl )
1361 ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data( ssl );
1362 mbedtls_printf( "Async cancel callback.\n" );
1363 mbedtls_free( ctx );
1365 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
1368 * Wait for an event from the underlying transport or the timer
1369 * (Used in event-driven IO mode).
1371 #if !defined(MBEDTLS_TIMING_C)
1372 int idle( mbedtls_net_context *fd,
1375 int idle( mbedtls_net_context *fd,
1376 mbedtls_timing_delay_context *timer,
1383 if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
1384 poll_type = MBEDTLS_NET_POLL_WRITE;
1385 else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
1386 poll_type = MBEDTLS_NET_POLL_READ;
1387 #if !defined(MBEDTLS_TIMING_C)
1394 /* Check if timer has expired */
1395 #if defined(MBEDTLS_TIMING_C)
1396 if( timer != NULL &&
1397 mbedtls_timing_get_delay( timer ) == 2 )
1401 #endif /* MBEDTLS_TIMING_C */
1403 /* Check if underlying transport became available */
1404 if( poll_type != 0 )
1406 ret = mbedtls_net_poll( fd, poll_type, 0 );
1409 if( ret == poll_type )
1417 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1418 static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t slot,
1419 psa_algorithm_t alg,
1423 psa_status_t status;
1424 psa_key_policy_t policy;
1426 policy = psa_key_policy_init();
1427 psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg );
1429 status = psa_set_key_policy( slot, &policy );
1430 if( status != PSA_SUCCESS )
1432 fprintf( stderr, "POLICY\n" );
1436 status = psa_import_key( slot, PSA_KEY_TYPE_DERIVE, psk, psk_len );
1437 if( status != PSA_SUCCESS )
1439 fprintf( stderr, "IMPORT\n" );
1443 return( PSA_SUCCESS );
1445 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1447 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1448 int report_cid_usage( mbedtls_ssl_context *ssl,
1449 const char *additional_description )
1452 unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
1453 size_t peer_cid_len;
1456 if( opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
1459 /* Check if the use of a CID has been negotiated */
1460 ret = mbedtls_ssl_get_peer_cid( ssl, &cid_negotiated,
1461 peer_cid, &peer_cid_len );
1464 mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
1469 if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
1471 if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
1473 mbedtls_printf( "(%s) Use of Connection ID was not offered by client.\n",
1474 additional_description );
1480 mbedtls_printf( "(%s) Use of Connection ID has been negotiated.\n",
1481 additional_description );
1482 mbedtls_printf( "(%s) Peer CID (length %u Bytes): ",
1483 additional_description,
1484 (unsigned) peer_cid_len );
1485 while( idx < peer_cid_len )
1487 mbedtls_printf( "%02x ", peer_cid[ idx ] );
1490 mbedtls_printf( "\n" );
1495 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1497 int main( int argc, char *argv[] )
1499 int ret = 0, len, written, frags, exchanges_left;
1500 int version_suites[4][2];
1501 unsigned char* buf = 0;
1502 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
1503 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1504 psa_algorithm_t alg = 0;
1505 psa_key_handle_t psk_slot = 0;
1506 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1507 unsigned char psk[MBEDTLS_PSK_MAX_LEN];
1509 psk_entry *psk_info = NULL;
1511 const char *pers = "ssl_server2";
1512 unsigned char client_ip[16] = { 0 };
1514 #if defined(MBEDTLS_SSL_COOKIE_C)
1515 mbedtls_ssl_cookie_ctx cookie_ctx;
1518 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1519 mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
1521 mbedtls_entropy_context entropy;
1522 mbedtls_ctr_drbg_context ctr_drbg;
1523 mbedtls_ssl_context ssl;
1524 mbedtls_ssl_config conf;
1525 #if defined(MBEDTLS_TIMING_C)
1526 mbedtls_timing_delay_context timer;
1528 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1529 unsigned char renego_period[8] = { 0 };
1531 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1533 mbedtls_x509_crt cacert;
1534 mbedtls_x509_crt srvcert;
1535 mbedtls_pk_context pkey;
1536 mbedtls_x509_crt srvcert2;
1537 mbedtls_pk_context pkey2;
1538 int key_cert_init = 0, key_cert_init2 = 0;
1539 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1540 ssl_async_key_context_t ssl_async_keys;
1541 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
1542 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1543 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
1544 mbedtls_dhm_context dhm;
1546 #if defined(MBEDTLS_SSL_CACHE_C)
1547 mbedtls_ssl_cache_context cache;
1549 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1550 mbedtls_ssl_ticket_context ticket_ctx;
1552 #if defined(SNI_OPTION)
1553 sni_entry *sni_info = NULL;
1555 #if defined(MBEDTLS_ECP_C)
1556 mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
1557 const mbedtls_ecp_curve_info * curve_cur;
1559 #if defined(MBEDTLS_SSL_ALPN)
1560 const char *alpn_list[ALPN_LIST_SIZE];
1562 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
1563 unsigned char alloc_buf[MEMORY_HEAP_SIZE];
1566 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1567 unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
1568 unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
1570 size_t cid_renego_len = 0;
1576 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1577 psa_status_t status;
1579 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
1580 unsigned char eap_tls_keymaterial[16];
1581 unsigned char eap_tls_iv[8];
1582 const char* eap_tls_label = "client EAP encryption";
1583 eap_tls_keys eap_tls_keying;
1586 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
1587 mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
1591 * Make sure memory references are valid in case we exit early.
1593 mbedtls_net_init( &client_fd );
1594 mbedtls_net_init( &listen_fd );
1595 mbedtls_ssl_init( &ssl );
1596 mbedtls_ssl_config_init( &conf );
1597 mbedtls_ctr_drbg_init( &ctr_drbg );
1598 #if defined(MBEDTLS_X509_CRT_PARSE_C)
1599 mbedtls_x509_crt_init( &cacert );
1600 mbedtls_x509_crt_init( &srvcert );
1601 mbedtls_pk_init( &pkey );
1602 mbedtls_x509_crt_init( &srvcert2 );
1603 mbedtls_pk_init( &pkey2 );
1604 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1605 memset( &ssl_async_keys, 0, sizeof( ssl_async_keys ) );
1608 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
1609 mbedtls_dhm_init( &dhm );
1611 #if defined(MBEDTLS_SSL_CACHE_C)
1612 mbedtls_ssl_cache_init( &cache );
1614 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1615 mbedtls_ssl_ticket_init( &ticket_ctx );
1617 #if defined(MBEDTLS_SSL_ALPN)
1618 memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
1620 #if defined(MBEDTLS_SSL_COOKIE_C)
1621 mbedtls_ssl_cookie_init( &cookie_ctx );
1624 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1625 status = psa_crypto_init();
1626 if( status != PSA_SUCCESS )
1628 mbedtls_fprintf( stderr, "Failed to initialize PSA Crypto implementation: %d\n",
1630 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
1635 #if !defined(_WIN32)
1636 /* Abort cleanly on SIGTERM and SIGINT */
1637 signal( SIGTERM, term_handler );
1638 signal( SIGINT, term_handler );
1647 mbedtls_printf( USAGE );
1649 list = mbedtls_ssl_list_ciphersuites();
1652 mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
1656 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
1659 mbedtls_printf("\n");
1663 opt.buffer_size = DFL_IO_BUF_LEN;
1664 opt.server_addr = DFL_SERVER_ADDR;
1665 opt.server_port = DFL_SERVER_PORT;
1666 opt.debug_level = DFL_DEBUG_LEVEL;
1667 opt.event = DFL_EVENT;
1668 opt.response_size = DFL_RESPONSE_SIZE;
1669 opt.nbio = DFL_NBIO;
1670 opt.cid_enabled = DFL_CID_ENABLED;
1671 opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
1672 opt.cid_val = DFL_CID_VALUE;
1673 opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
1674 opt.read_timeout = DFL_READ_TIMEOUT;
1675 opt.ca_file = DFL_CA_FILE;
1676 opt.ca_path = DFL_CA_PATH;
1677 opt.crt_file = DFL_CRT_FILE;
1678 opt.key_file = DFL_KEY_FILE;
1679 opt.crt_file2 = DFL_CRT_FILE2;
1680 opt.key_file2 = DFL_KEY_FILE2;
1681 opt.async_operations = DFL_ASYNC_OPERATIONS;
1682 opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1;
1683 opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
1684 opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
1686 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1687 opt.psk_opaque = DFL_PSK_OPAQUE;
1688 opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE;
1690 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1691 opt.ca_callback = DFL_CA_CALLBACK;
1693 opt.psk_identity = DFL_PSK_IDENTITY;
1694 opt.psk_list = DFL_PSK_LIST;
1695 opt.ecjpake_pw = DFL_ECJPAKE_PW;
1696 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
1697 opt.version_suites = DFL_VERSION_SUITES;
1698 opt.renegotiation = DFL_RENEGOTIATION;
1699 opt.allow_legacy = DFL_ALLOW_LEGACY;
1700 opt.renegotiate = DFL_RENEGOTIATE;
1701 opt.renego_delay = DFL_RENEGO_DELAY;
1702 opt.renego_period = DFL_RENEGO_PERIOD;
1703 opt.exchanges = DFL_EXCHANGES;
1704 opt.min_version = DFL_MIN_VERSION;
1705 opt.max_version = DFL_MAX_VERSION;
1706 opt.arc4 = DFL_ARC4;
1707 opt.allow_sha1 = DFL_SHA1;
1708 opt.auth_mode = DFL_AUTH_MODE;
1709 opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST;
1710 opt.mfl_code = DFL_MFL_CODE;
1711 opt.trunc_hmac = DFL_TRUNC_HMAC;
1712 opt.tickets = DFL_TICKETS;
1713 opt.ticket_timeout = DFL_TICKET_TIMEOUT;
1714 opt.cache_max = DFL_CACHE_MAX;
1715 opt.cache_timeout = DFL_CACHE_TIMEOUT;
1717 opt.alpn_string = DFL_ALPN_STRING;
1718 opt.curves = DFL_CURVES;
1719 opt.dhm_file = DFL_DHM_FILE;
1720 opt.transport = DFL_TRANSPORT;
1721 opt.cookies = DFL_COOKIES;
1722 opt.anti_replay = DFL_ANTI_REPLAY;
1723 opt.hs_to_min = DFL_HS_TO_MIN;
1724 opt.hs_to_max = DFL_HS_TO_MAX;
1725 opt.dtls_mtu = DFL_DTLS_MTU;
1726 opt.dgram_packing = DFL_DGRAM_PACKING;
1727 opt.badmac_limit = DFL_BADMAC_LIMIT;
1728 opt.extended_ms = DFL_EXTENDED_MS;
1730 opt.eap_tls = DFL_EAP_TLS;
1732 for( i = 1; i < argc; i++ )
1735 if( ( q = strchr( p, '=' ) ) == NULL )
1739 if( strcmp( p, "server_port" ) == 0 )
1740 opt.server_port = q;
1741 else if( strcmp( p, "server_addr" ) == 0 )
1742 opt.server_addr = q;
1743 else if( strcmp( p, "dtls" ) == 0 )
1747 opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
1749 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1753 else if( strcmp( p, "debug_level" ) == 0 )
1755 opt.debug_level = atoi( q );
1756 if( opt.debug_level < 0 || opt.debug_level > 65535 )
1759 else if( strcmp( p, "nbio" ) == 0 )
1761 opt.nbio = atoi( q );
1762 if( opt.nbio < 0 || opt.nbio > 2 )
1765 else if( strcmp( p, "event" ) == 0 )
1767 opt.event = atoi( q );
1768 if( opt.event < 0 || opt.event > 2 )
1771 else if( strcmp( p, "read_timeout" ) == 0 )
1772 opt.read_timeout = atoi( q );
1773 else if( strcmp( p, "buffer_size" ) == 0 )
1775 opt.buffer_size = atoi( q );
1776 if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 )
1779 else if( strcmp( p, "response_size" ) == 0 )
1781 opt.response_size = atoi( q );
1782 if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
1784 if( opt.buffer_size < opt.response_size )
1785 opt.buffer_size = opt.response_size;
1787 else if( strcmp( p, "ca_file" ) == 0 )
1789 else if( strcmp( p, "ca_path" ) == 0 )
1791 else if( strcmp( p, "crt_file" ) == 0 )
1793 else if( strcmp( p, "key_file" ) == 0 )
1795 else if( strcmp( p, "crt_file2" ) == 0 )
1797 else if( strcmp( p, "key_file2" ) == 0 )
1799 else if( strcmp( p, "dhm_file" ) == 0 )
1801 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
1802 else if( strcmp( p, "async_operations" ) == 0 )
1803 opt.async_operations = q;
1804 else if( strcmp( p, "async_private_delay1" ) == 0 )
1805 opt.async_private_delay1 = atoi( q );
1806 else if( strcmp( p, "async_private_delay2" ) == 0 )
1807 opt.async_private_delay2 = atoi( q );
1808 else if( strcmp( p, "async_private_error" ) == 0 )
1811 if( n < -SSL_ASYNC_INJECT_ERROR_MAX ||
1812 n > SSL_ASYNC_INJECT_ERROR_MAX )
1817 opt.async_private_error = n;
1819 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
1820 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1821 else if( strcmp( p, "cid" ) == 0 )
1823 opt.cid_enabled = atoi( q );
1824 if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
1827 else if( strcmp( p, "cid_renego" ) == 0 )
1829 opt.cid_enabled_renego = atoi( q );
1830 if( opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1 )
1833 else if( strcmp( p, "cid_val" ) == 0 )
1837 else if( strcmp( p, "cid_val_renego" ) == 0 )
1839 opt.cid_val_renego = q;
1841 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1842 else if( strcmp( p, "psk" ) == 0 )
1844 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1845 else if( strcmp( p, "psk_opaque" ) == 0 )
1846 opt.psk_opaque = atoi( q );
1847 else if( strcmp( p, "psk_list_opaque" ) == 0 )
1848 opt.psk_list_opaque = atoi( q );
1850 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1851 else if( strcmp( p, "ca_callback" ) == 0)
1852 opt.ca_callback = atoi( q );
1854 else if( strcmp( p, "psk_identity" ) == 0 )
1855 opt.psk_identity = q;
1856 else if( strcmp( p, "psk_list" ) == 0 )
1858 else if( strcmp( p, "ecjpake_pw" ) == 0 )
1860 else if( strcmp( p, "force_ciphersuite" ) == 0 )
1862 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
1864 if( opt.force_ciphersuite[0] == 0 )
1869 opt.force_ciphersuite[1] = 0;
1871 else if( strcmp( p, "curves" ) == 0 )
1873 else if( strcmp( p, "version_suites" ) == 0 )
1874 opt.version_suites = q;
1875 else if( strcmp( p, "renegotiation" ) == 0 )
1877 opt.renegotiation = (atoi( q )) ?
1878 MBEDTLS_SSL_RENEGOTIATION_ENABLED :
1879 MBEDTLS_SSL_RENEGOTIATION_DISABLED;
1881 else if( strcmp( p, "allow_legacy" ) == 0 )
1886 opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
1889 opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
1892 opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
1894 default: goto usage;
1897 else if( strcmp( p, "renegotiate" ) == 0 )
1899 opt.renegotiate = atoi( q );
1900 if( opt.renegotiate < 0 || opt.renegotiate > 1 )
1903 else if( strcmp( p, "renego_delay" ) == 0 )
1905 opt.renego_delay = atoi( q );
1907 else if( strcmp( p, "renego_period" ) == 0 )
1909 #if defined(_MSC_VER)
1910 opt.renego_period = _strtoui64( q, NULL, 10 );
1912 if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 )
1914 #endif /* _MSC_VER */
1915 if( opt.renego_period < 2 )
1918 else if( strcmp( p, "exchanges" ) == 0 )
1920 opt.exchanges = atoi( q );
1921 if( opt.exchanges < 0 )
1924 else if( strcmp( p, "min_version" ) == 0 )
1926 if( strcmp( q, "ssl3" ) == 0 )
1927 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
1928 else if( strcmp( q, "tls1" ) == 0 )
1929 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
1930 else if( strcmp( q, "tls1_1" ) == 0 ||
1931 strcmp( q, "dtls1" ) == 0 )
1932 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1933 else if( strcmp( q, "tls1_2" ) == 0 ||
1934 strcmp( q, "dtls1_2" ) == 0 )
1935 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1939 else if( strcmp( p, "max_version" ) == 0 )
1941 if( strcmp( q, "ssl3" ) == 0 )
1942 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
1943 else if( strcmp( q, "tls1" ) == 0 )
1944 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
1945 else if( strcmp( q, "tls1_1" ) == 0 ||
1946 strcmp( q, "dtls1" ) == 0 )
1947 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1948 else if( strcmp( q, "tls1_2" ) == 0 ||
1949 strcmp( q, "dtls1_2" ) == 0 )
1950 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1954 else if( strcmp( p, "arc4" ) == 0 )
1958 case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
1959 case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
1960 default: goto usage;
1963 else if( strcmp( p, "allow_sha1" ) == 0 )
1967 case 0: opt.allow_sha1 = 0; break;
1968 case 1: opt.allow_sha1 = 1; break;
1969 default: goto usage;
1972 else if( strcmp( p, "force_version" ) == 0 )
1974 if( strcmp( q, "ssl3" ) == 0 )
1976 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
1977 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
1979 else if( strcmp( q, "tls1" ) == 0 )
1981 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
1982 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
1984 else if( strcmp( q, "tls1_1" ) == 0 )
1986 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1987 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1989 else if( strcmp( q, "tls1_2" ) == 0 )
1991 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1992 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1994 else if( strcmp( q, "dtls1" ) == 0 )
1996 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1997 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1998 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
2000 else if( strcmp( q, "dtls1_2" ) == 0 )
2002 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
2003 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
2004 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
2009 else if( strcmp( p, "auth_mode" ) == 0 )
2011 if( ( opt.auth_mode = get_auth_mode( q ) ) < 0 )
2014 else if( strcmp( p, "cert_req_ca_list" ) == 0 )
2016 opt.cert_req_ca_list = atoi( q );
2017 if( opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 1 )
2020 else if( strcmp( p, "max_frag_len" ) == 0 )
2022 if( strcmp( q, "512" ) == 0 )
2023 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
2024 else if( strcmp( q, "1024" ) == 0 )
2025 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
2026 else if( strcmp( q, "2048" ) == 0 )
2027 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
2028 else if( strcmp( q, "4096" ) == 0 )
2029 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
2033 else if( strcmp( p, "alpn" ) == 0 )
2035 opt.alpn_string = q;
2037 else if( strcmp( p, "trunc_hmac" ) == 0 )
2041 case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
2042 case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
2043 default: goto usage;
2046 else if( strcmp( p, "extended_ms" ) == 0 )
2051 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
2054 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
2056 default: goto usage;
2059 else if( strcmp( p, "etm" ) == 0 )
2063 case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
2064 case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
2065 default: goto usage;
2068 else if( strcmp( p, "tickets" ) == 0 )
2070 opt.tickets = atoi( q );
2071 if( opt.tickets < 0 || opt.tickets > 1 )
2074 else if( strcmp( p, "ticket_timeout" ) == 0 )
2076 opt.ticket_timeout = atoi( q );
2077 if( opt.ticket_timeout < 0 )
2080 else if( strcmp( p, "cache_max" ) == 0 )
2082 opt.cache_max = atoi( q );
2083 if( opt.cache_max < 0 )
2086 else if( strcmp( p, "cache_timeout" ) == 0 )
2088 opt.cache_timeout = atoi( q );
2089 if( opt.cache_timeout < 0 )
2092 else if( strcmp( p, "cookies" ) == 0 )
2094 opt.cookies = atoi( q );
2095 if( opt.cookies < -1 || opt.cookies > 1)
2098 else if( strcmp( p, "anti_replay" ) == 0 )
2100 opt.anti_replay = atoi( q );
2101 if( opt.anti_replay < 0 || opt.anti_replay > 1)
2104 else if( strcmp( p, "badmac_limit" ) == 0 )
2106 opt.badmac_limit = atoi( q );
2107 if( opt.badmac_limit < 0 )
2110 else if( strcmp( p, "hs_timeout" ) == 0 )
2112 if( ( p = strchr( q, '-' ) ) == NULL )
2115 opt.hs_to_min = atoi( q );
2116 opt.hs_to_max = atoi( p );
2117 if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
2120 else if( strcmp( p, "mtu" ) == 0 )
2122 opt.dtls_mtu = atoi( q );
2123 if( opt.dtls_mtu < 0 )
2126 else if( strcmp( p, "dgram_packing" ) == 0 )
2128 opt.dgram_packing = atoi( q );
2129 if( opt.dgram_packing != 0 &&
2130 opt.dgram_packing != 1 )
2135 else if( strcmp( p, "sni" ) == 0 )
2139 else if( strcmp( p, "query_config" ) == 0 )
2141 return query_config( q );
2143 else if( strcmp( p, "eap_tls" ) == 0 )
2145 opt.eap_tls = atoi( q );
2146 if( opt.eap_tls < 0 || opt.eap_tls > 1 )
2153 /* Event-driven IO is incompatible with the above custom
2154 * receive and send functions, as the polling builds on
2155 * refers to the underlying net_context. */
2156 if( opt.event == 1 && opt.nbio != 1 )
2158 mbedtls_printf( "Warning: event-driven IO mandates nbio=1 - overwrite\n" );
2162 #if defined(MBEDTLS_DEBUG_C)
2163 mbedtls_debug_set_threshold( opt.debug_level );
2165 buf = mbedtls_calloc( 1, opt.buffer_size + 1 );
2168 mbedtls_printf( "Could not allocate %u bytes\n", opt.buffer_size );
2173 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2174 if( opt.psk_opaque != 0 )
2176 if( strlen( opt.psk ) == 0 )
2178 mbedtls_printf( "psk_opaque set but no psk to be imported specified.\n" );
2183 if( opt.force_ciphersuite[0] <= 0 )
2185 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
2191 if( opt.psk_list_opaque != 0 )
2193 if( opt.psk_list == NULL )
2195 mbedtls_printf( "psk_slot set but no psk to be imported specified.\n" );
2200 if( opt.force_ciphersuite[0] <= 0 )
2202 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
2207 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2209 if( opt.force_ciphersuite[0] > 0 )
2211 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
2213 mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
2215 if( opt.max_version != -1 &&
2216 ciphersuite_info->min_minor_ver > opt.max_version )
2218 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
2222 if( opt.min_version != -1 &&
2223 ciphersuite_info->max_minor_ver < opt.min_version )
2225 mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" );
2230 /* If we select a version that's not supported by
2231 * this suite, then there will be no common ciphersuite... */
2232 if( opt.max_version == -1 ||
2233 opt.max_version > ciphersuite_info->max_minor_ver )
2235 opt.max_version = ciphersuite_info->max_minor_ver;
2237 if( opt.min_version < ciphersuite_info->min_minor_ver )
2239 opt.min_version = ciphersuite_info->min_minor_ver;
2240 /* DTLS starts with TLS 1.1 */
2241 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
2242 opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
2243 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
2246 /* Enable RC4 if needed and not explicitly disabled */
2247 if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
2249 if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
2251 mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
2256 opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
2259 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2260 if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
2262 /* Ensure that the chosen ciphersuite is PSK-only; we must know
2263 * the ciphersuite in advance to set the correct policy for the
2264 * PSK key slot. This limitation might go away in the future. */
2265 if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK ||
2266 opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
2268 mbedtls_printf( "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n" );
2273 /* Determine KDF algorithm the opaque PSK will be used in. */
2274 #if defined(MBEDTLS_SHA512_C)
2275 if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
2276 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
2278 #endif /* MBEDTLS_SHA512_C */
2279 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
2281 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2284 if( opt.version_suites != NULL )
2286 const char *name[4] = { 0 };
2288 /* Parse 4-element coma-separated list */
2289 for( i = 0, p = (char *) opt.version_suites;
2290 i < 4 && *p != '\0';
2295 /* Terminate the current string and move on to next one */
2296 while( *p != ',' && *p != '\0' )
2304 mbedtls_printf( "too few values for version_suites\n" );
2309 memset( version_suites, 0, sizeof( version_suites ) );
2311 /* Get the suites identifiers from their name */
2312 for( i = 0; i < 4; i++ )
2314 version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
2316 if( version_suites[i][0] == 0 )
2318 mbedtls_printf( "unknown ciphersuite: '%s'\n", name[i] );
2325 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2326 if( unhexify( cid, opt.cid_val, &cid_len ) != 0 )
2328 mbedtls_printf( "CID not valid hex\n" );
2332 /* Keep CID settings for renegotiation unless
2333 * specified otherwise. */
2334 if( opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO )
2335 opt.cid_enabled_renego = opt.cid_enabled;
2336 if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO )
2337 opt.cid_val_renego = opt.cid_val;
2339 if( unhexify( cid_renego, opt.cid_val_renego, &cid_renego_len ) != 0 )
2341 mbedtls_printf( "CID not valid hex\n" );
2344 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2346 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
2348 * Unhexify the pre-shared key and parse the list if any given
2350 if( unhexify( psk, opt.psk, &psk_len ) != 0 )
2352 mbedtls_printf( "pre-shared key not valid hex\n" );
2356 if( opt.psk_list != NULL )
2358 if( ( psk_info = psk_parse( opt.psk_list ) ) == NULL )
2360 mbedtls_printf( "psk_list invalid" );
2364 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
2366 #if defined(MBEDTLS_ECP_C)
2367 if( opt.curves != NULL )
2369 p = (char *) opt.curves;
2372 if( strcmp( p, "none" ) == 0 )
2374 curve_list[0] = MBEDTLS_ECP_DP_NONE;
2376 else if( strcmp( p, "default" ) != 0 )
2378 /* Leave room for a final NULL in curve list */
2379 while( i < CURVE_LIST_SIZE - 1 && *p != '\0' )
2383 /* Terminate the current string */
2384 while( *p != ',' && *p != '\0' )
2389 if( ( curve_cur = mbedtls_ecp_curve_info_from_name( q ) ) != NULL )
2391 curve_list[i++] = curve_cur->grp_id;
2395 mbedtls_printf( "unknown curve %s\n", q );
2396 mbedtls_printf( "supported curves: " );
2397 for( curve_cur = mbedtls_ecp_curve_list();
2398 curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
2401 mbedtls_printf( "%s ", curve_cur->name );
2403 mbedtls_printf( "\n" );
2408 mbedtls_printf("Number of curves: %d\n", i );
2410 if( i == CURVE_LIST_SIZE - 1 && *p != '\0' )
2412 mbedtls_printf( "curves list too long, maximum %d",
2413 CURVE_LIST_SIZE - 1 );
2417 curve_list[i] = MBEDTLS_ECP_DP_NONE;
2420 #endif /* MBEDTLS_ECP_C */
2422 #if defined(MBEDTLS_SSL_ALPN)
2423 if( opt.alpn_string != NULL )
2425 p = (char *) opt.alpn_string;
2428 /* Leave room for a final NULL in alpn_list */
2429 while( i < ALPN_LIST_SIZE - 1 && *p != '\0' )
2433 /* Terminate the current string and move on to next one */
2434 while( *p != ',' && *p != '\0' )
2440 #endif /* MBEDTLS_SSL_ALPN */
2443 * 0. Initialize the RNG and the session data
2445 mbedtls_printf( "\n . Seeding the random number generator..." );
2448 mbedtls_entropy_init( &entropy );
2449 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
2450 &entropy, (const unsigned char *) pers,
2451 strlen( pers ) ) ) != 0 )
2453 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
2458 mbedtls_printf( " ok\n" );
2460 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2462 * 1.1. Load the trusted CA
2464 mbedtls_printf( " . Loading the CA root certificate ..." );
2467 #if defined(MBEDTLS_FS_IO)
2468 if( strlen( opt.ca_path ) )
2469 if( strcmp( opt.ca_path, "none" ) == 0 )
2472 ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
2473 else if( strlen( opt.ca_file ) )
2474 if( strcmp( opt.ca_file, "none" ) == 0 )
2477 ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
2480 #if defined(MBEDTLS_CERTS_C)
2481 for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
2483 ret = mbedtls_x509_crt_parse( &cacert,
2484 (const unsigned char *) mbedtls_test_cas[i],
2485 mbedtls_test_cas_len[i] );
2492 mbedtls_printf("MBEDTLS_CERTS_C not defined.");
2497 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
2501 mbedtls_printf( " ok (%d skipped)\n", ret );
2504 * 1.2. Load own certificate and private key
2506 mbedtls_printf( " . Loading the server cert. and key..." );
2509 #if defined(MBEDTLS_FS_IO)
2510 if( strlen( opt.crt_file ) && strcmp( opt.crt_file, "none" ) != 0 )
2513 if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
2515 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
2520 if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
2523 if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
2525 mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", -ret );
2529 if( key_cert_init == 1 )
2531 mbedtls_printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
2535 if( strlen( opt.crt_file2 ) && strcmp( opt.crt_file2, "none" ) != 0 )
2538 if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
2540 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
2545 if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
2548 if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
2550 mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
2555 if( key_cert_init2 == 1 )
2557 mbedtls_printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
2561 if( key_cert_init == 0 &&
2562 strcmp( opt.crt_file, "none" ) != 0 &&
2563 strcmp( opt.key_file, "none" ) != 0 &&
2564 key_cert_init2 == 0 &&
2565 strcmp( opt.crt_file2, "none" ) != 0 &&
2566 strcmp( opt.key_file2, "none" ) != 0 )
2568 #if !defined(MBEDTLS_CERTS_C)
2569 mbedtls_printf( "Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n" );
2572 #if defined(MBEDTLS_RSA_C)
2573 if( ( ret = mbedtls_x509_crt_parse( &srvcert,
2574 (const unsigned char *) mbedtls_test_srv_crt_rsa,
2575 mbedtls_test_srv_crt_rsa_len ) ) != 0 )
2577 mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
2581 if( ( ret = mbedtls_pk_parse_key( &pkey,
2582 (const unsigned char *) mbedtls_test_srv_key_rsa,
2583 mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
2585 mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
2590 #endif /* MBEDTLS_RSA_C */
2591 #if defined(MBEDTLS_ECDSA_C)
2592 if( ( ret = mbedtls_x509_crt_parse( &srvcert2,
2593 (const unsigned char *) mbedtls_test_srv_crt_ec,
2594 mbedtls_test_srv_crt_ec_len ) ) != 0 )
2596 mbedtls_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n",
2600 if( ( ret = mbedtls_pk_parse_key( &pkey2,
2601 (const unsigned char *) mbedtls_test_srv_key_ec,
2602 mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
2604 mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
2609 #endif /* MBEDTLS_ECDSA_C */
2610 #endif /* MBEDTLS_CERTS_C */
2613 mbedtls_printf( " ok\n" );
2614 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2616 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
2617 if( opt.dhm_file != NULL )
2619 mbedtls_printf( " . Loading DHM parameters..." );
2622 if( ( ret = mbedtls_dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
2624 mbedtls_printf( " failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
2629 mbedtls_printf( " ok\n" );
2633 #if defined(SNI_OPTION)
2634 if( opt.sni != NULL )
2636 mbedtls_printf( " . Setting up SNI information..." );
2639 if( ( sni_info = sni_parse( opt.sni ) ) == NULL )
2641 mbedtls_printf( " failed\n" );
2645 mbedtls_printf( " ok\n" );
2647 #endif /* SNI_OPTION */
2650 * 2. Setup the listening TCP socket
2652 mbedtls_printf( " . Bind on %s://%s:%s/ ...",
2653 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
2654 opt.server_addr ? opt.server_addr : "*",
2658 if( ( ret = mbedtls_net_bind( &listen_fd, opt.server_addr, opt.server_port,
2659 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2660 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
2662 mbedtls_printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", -ret );
2666 mbedtls_printf( " ok\n" );
2671 mbedtls_printf( " . Setting up the SSL/TLS structure..." );
2674 if( ( ret = mbedtls_ssl_config_defaults( &conf,
2675 MBEDTLS_SSL_IS_SERVER,
2677 MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
2679 mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
2683 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2684 /* The default algorithms profile disables SHA-1, but our tests still
2685 rely on it heavily. Hence we allow it here. A real-world server
2686 should use the default profile unless there is a good reason not to. */
2687 if( opt.allow_sha1 > 0 )
2689 crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
2690 mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
2691 mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
2693 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2695 if( opt.auth_mode != DFL_AUTH_MODE )
2696 mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
2698 if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
2699 mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
2701 #if defined(MBEDTLS_SSL_PROTO_DTLS)
2702 if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
2703 mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
2705 if( opt.dgram_packing != DFL_DGRAM_PACKING )
2706 mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
2707 #endif /* MBEDTLS_SSL_PROTO_DTLS */
2709 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2710 if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
2712 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
2717 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2718 if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
2720 if( opt.cid_enabled == 1 &&
2721 opt.cid_enabled_renego == 1 &&
2722 cid_len != cid_renego_len )
2724 mbedtls_printf( "CID length must not change during renegotiation\n" );
2728 if( opt.cid_enabled == 1 )
2729 ret = mbedtls_ssl_conf_cid( &conf, cid_len,
2730 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
2732 ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
2733 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
2737 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
2742 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2744 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
2745 if( opt.trunc_hmac != DFL_TRUNC_HMAC )
2746 mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
2749 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
2750 if( opt.extended_ms != DFL_EXTENDED_MS )
2751 mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
2754 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
2755 if( opt.etm != DFL_ETM )
2756 mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
2759 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
2760 if( opt.eap_tls != 0 )
2761 mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation,
2765 #if defined(MBEDTLS_SSL_ALPN)
2766 if( opt.alpn_string != NULL )
2767 if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
2769 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
2774 mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
2775 mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
2777 #if defined(MBEDTLS_SSL_CACHE_C)
2778 if( opt.cache_max != -1 )
2779 mbedtls_ssl_cache_set_max_entries( &cache, opt.cache_max );
2781 if( opt.cache_timeout != -1 )
2782 mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
2784 mbedtls_ssl_conf_session_cache( &conf, &cache,
2785 mbedtls_ssl_cache_get,
2786 mbedtls_ssl_cache_set );
2789 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
2790 if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
2792 if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
2793 mbedtls_ctr_drbg_random, &ctr_drbg,
2794 MBEDTLS_CIPHER_AES_256_GCM,
2795 opt.ticket_timeout ) ) != 0 )
2797 mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", ret );
2801 mbedtls_ssl_conf_session_tickets_cb( &conf,
2802 mbedtls_ssl_ticket_write,
2803 mbedtls_ssl_ticket_parse,
2808 #if defined(MBEDTLS_SSL_PROTO_DTLS)
2809 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
2811 #if defined(MBEDTLS_SSL_COOKIE_C)
2812 if( opt.cookies > 0 )
2814 if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
2815 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
2817 mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
2821 mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
2825 #endif /* MBEDTLS_SSL_COOKIE_C */
2826 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
2827 if( opt.cookies == 0 )
2829 mbedtls_ssl_conf_dtls_cookies( &conf, NULL, NULL, NULL );
2832 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
2834 ; /* Nothing to do */
2837 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
2838 if( opt.anti_replay != DFL_ANTI_REPLAY )
2839 mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
2842 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
2843 if( opt.badmac_limit != DFL_BADMAC_LIMIT )
2844 mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
2847 #endif /* MBEDTLS_SSL_PROTO_DTLS */
2849 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
2850 mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
2852 #if defined(MBEDTLS_ARC4_C)
2853 if( opt.arc4 != DFL_ARC4 )
2854 mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
2857 if( opt.version_suites != NULL )
2859 mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
2860 MBEDTLS_SSL_MAJOR_VERSION_3,
2861 MBEDTLS_SSL_MINOR_VERSION_0 );
2862 mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
2863 MBEDTLS_SSL_MAJOR_VERSION_3,
2864 MBEDTLS_SSL_MINOR_VERSION_1 );
2865 mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
2866 MBEDTLS_SSL_MAJOR_VERSION_3,
2867 MBEDTLS_SSL_MINOR_VERSION_2 );
2868 mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[3],
2869 MBEDTLS_SSL_MAJOR_VERSION_3,
2870 MBEDTLS_SSL_MINOR_VERSION_3 );
2873 if( opt.allow_legacy != DFL_ALLOW_LEGACY )
2874 mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
2875 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2876 mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
2878 if( opt.renego_delay != DFL_RENEGO_DELAY )
2879 mbedtls_ssl_conf_renegotiation_enforced( &conf, opt.renego_delay );
2881 if( opt.renego_period != DFL_RENEGO_PERIOD )
2883 PUT_UINT64_BE( renego_period, opt.renego_period, 0 );
2884 mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
2888 #if defined(MBEDTLS_X509_CRT_PARSE_C)
2889 if( strcmp( opt.ca_path, "none" ) != 0 &&
2890 strcmp( opt.ca_file, "none" ) != 0 )
2892 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
2893 if( opt.ca_callback != 0 )
2894 mbedtls_ssl_conf_ca_cb( &conf, ca_callback, &cacert);
2897 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
2901 mbedtls_pk_context *pk = &pkey;
2902 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2903 if( opt.async_private_delay1 >= 0 )
2905 ret = ssl_async_set_key( &ssl_async_keys, &srvcert, pk, 0,
2906 opt.async_private_delay1 );
2909 mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
2915 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2916 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, pk ) ) != 0 )
2918 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
2922 if( key_cert_init2 )
2924 mbedtls_pk_context *pk = &pkey2;
2925 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2926 if( opt.async_private_delay2 >= 0 )
2928 ret = ssl_async_set_key( &ssl_async_keys, &srvcert2, pk, 0,
2929 opt.async_private_delay2 );
2932 mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
2938 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2939 if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, pk ) ) != 0 )
2941 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
2946 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2947 if( opt.async_operations[0] != '-' )
2949 mbedtls_ssl_async_sign_t *sign = NULL;
2950 mbedtls_ssl_async_decrypt_t *decrypt = NULL;
2952 for( r = opt.async_operations; *r; r++ )
2957 decrypt = ssl_async_decrypt;
2960 sign = ssl_async_sign;
2964 ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
2965 - opt.async_private_error :
2966 opt.async_private_error );
2967 ssl_async_keys.f_rng = mbedtls_ctr_drbg_random;
2968 ssl_async_keys.p_rng = &ctr_drbg;
2969 mbedtls_ssl_conf_async_private_cb( &conf,
2976 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
2977 #endif /* MBEDTLS_X509_CRT_PARSE_C */
2979 #if defined(SNI_OPTION)
2980 if( opt.sni != NULL )
2982 mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info );
2983 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
2984 if( opt.async_private_delay2 >= 0 )
2987 for( cur = sni_info; cur != NULL; cur = cur->next )
2989 ret = ssl_async_set_key( &ssl_async_keys,
2990 cur->cert, cur->key, 1,
2991 opt.async_private_delay2 );
2994 mbedtls_printf( " Test error: ssl_async_set_key failed (%d)\n",
3001 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
3005 #if defined(MBEDTLS_ECP_C)
3006 if( opt.curves != NULL &&
3007 strcmp( opt.curves, "default" ) != 0 )
3009 mbedtls_ssl_conf_curves( &conf, curve_list );
3013 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3015 if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
3017 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3018 if( opt.psk_opaque != 0 )
3020 status = psa_allocate_key( &psk_slot );
3021 if( status != PSA_SUCCESS )
3023 fprintf( stderr, "ALLOC FAIL\n" );
3024 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3028 /* The algorithm has already been determined earlier. */
3029 status = psa_setup_psk_key_slot( psk_slot, alg, psk, psk_len );
3030 if( status != PSA_SUCCESS )
3032 fprintf( stderr, "SETUP FAIL\n" );
3033 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3036 if( ( ret = mbedtls_ssl_conf_psk_opaque( &conf, psk_slot,
3037 (const unsigned char *) opt.psk_identity,
3038 strlen( opt.psk_identity ) ) ) != 0 )
3040 mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
3046 #endif /* MBEDTLS_USE_PSA_CRYPTO */
3047 if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
3048 (const unsigned char *) opt.psk_identity,
3049 strlen( opt.psk_identity ) ) ) != 0 )
3051 mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret );
3056 if( opt.psk_list != NULL )
3058 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3059 if( opt.psk_list_opaque != 0 )
3062 for( cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next )
3064 status = psa_allocate_key( &cur_psk->slot );
3065 if( status != PSA_SUCCESS )
3067 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3071 status = psa_setup_psk_key_slot( cur_psk->slot, alg,
3074 if( status != PSA_SUCCESS )
3076 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3081 #endif /* MBEDTLS_USE_PSA_CRYPTO */
3083 mbedtls_ssl_conf_psk_cb( &conf, psk_callback, psk_info );
3087 #if defined(MBEDTLS_DHM_C)
3089 * Use different group than default DHM group
3091 #if defined(MBEDTLS_FS_IO)
3092 if( opt.dhm_file != NULL )
3093 ret = mbedtls_ssl_conf_dh_param_ctx( &conf, &dhm );
3097 mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - ret );
3102 if( opt.min_version != DFL_MIN_VERSION )
3103 mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
3105 if( opt.max_version != DFL_MIN_VERSION )
3106 mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
3108 if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
3110 mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
3115 mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL );
3117 mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
3118 opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
3120 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3121 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
3123 if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
3124 cid, cid_len ) ) != 0 )
3126 mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
3131 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3133 #if defined(MBEDTLS_SSL_PROTO_DTLS)
3134 if( opt.dtls_mtu != DFL_DTLS_MTU )
3135 mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
3138 #if defined(MBEDTLS_TIMING_C)
3139 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
3140 mbedtls_timing_get_delay );
3143 mbedtls_printf( " ok\n" );
3146 #if !defined(_WIN32)
3147 if( received_sigterm )
3149 mbedtls_printf( " interrupted by SIGTERM (not in net_accept())\n" );
3150 if( ret == MBEDTLS_ERR_NET_INVALID_CONTEXT )
3157 if( ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
3159 mbedtls_printf( " ! Client initiated reconnection from same port\n" );
3163 #ifdef MBEDTLS_ERROR_C
3166 char error_buf[100];
3167 mbedtls_strerror( ret, error_buf, 100 );
3168 mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
3172 mbedtls_net_free( &client_fd );
3174 mbedtls_ssl_session_reset( &ssl );
3177 * 3. Wait until a client connects
3179 mbedtls_printf( " . Waiting for a remote connection ..." );
3182 if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
3183 client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
3185 #if !defined(_WIN32)
3186 if( received_sigterm )
3188 mbedtls_printf( " interrupted by SIGTERM (in net_accept())\n" );
3189 if( ret == MBEDTLS_ERR_NET_ACCEPT_FAILED )
3196 mbedtls_printf( " failed\n ! mbedtls_net_accept returned -0x%x\n\n", -ret );
3201 ret = mbedtls_net_set_nonblock( &client_fd );
3203 ret = mbedtls_net_set_block( &client_fd );
3206 mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
3210 mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
3212 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
3213 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
3215 if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
3216 client_ip, cliip_len ) ) != 0 )
3218 mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
3223 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
3225 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
3226 if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
3228 if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
3229 (const unsigned char *) opt.ecjpake_pw,
3230 strlen( opt.ecjpake_pw ) ) ) != 0 )
3232 mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
3238 mbedtls_printf( " ok\n" );
3244 mbedtls_printf( " . Performing the SSL/TLS handshake..." );
3247 while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
3249 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
3250 if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
3251 ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL )
3253 mbedtls_printf( " cancelling on injected error\n" );
3256 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
3258 if( ! mbedtls_status_is_ssl_in_progress( ret ) )
3261 /* For event-driven IO, wait for socket to become available */
3262 if( opt.event == 1 /* level triggered IO */ )
3264 #if defined(MBEDTLS_TIMING_C)
3265 ret = idle( &client_fd, &timer, ret );
3267 ret = idle( &client_fd, ret );
3274 if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
3276 mbedtls_printf( " hello verification requested\n" );
3282 mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
3284 #if defined(MBEDTLS_X509_CRT_PARSE_C)
3285 if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
3288 flags = mbedtls_ssl_get_verify_result( &ssl );
3290 mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
3292 mbedtls_printf( "%s\n", vrfy_buf );
3296 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
3297 if( opt.async_private_error < 0 )
3298 /* Injected error only the first time round, to test reset */
3299 ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE;
3305 mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
3306 mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
3309 if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
3310 mbedtls_printf( " [ Record expansion is %d ]\n", ret );
3312 mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
3314 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
3315 mbedtls_printf( " [ Maximum fragment length is %u ]\n",
3316 (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
3319 #if defined(MBEDTLS_SSL_ALPN)
3320 if( opt.alpn_string != NULL )
3322 const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
3323 mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
3324 alp ? alp : "(none)" );
3328 #if defined(MBEDTLS_X509_CRT_PARSE_C)
3330 * 5. Verify the client certificate
3332 mbedtls_printf( " . Verifying peer X.509 certificate..." );
3334 if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
3338 mbedtls_printf( " failed\n" );
3340 mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
3342 mbedtls_printf( "%s\n", vrfy_buf );
3345 mbedtls_printf( " ok\n" );
3347 if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
3351 mbedtls_printf( " . Peer certificate information ...\n" );
3352 mbedtls_x509_crt_info( crt_buf, sizeof( crt_buf ), " ",
3353 mbedtls_ssl_get_peer_cert( &ssl ) );
3354 mbedtls_printf( "%s\n", crt_buf );
3356 #endif /* MBEDTLS_X509_CRT_PARSE_C */
3358 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
3359 if( opt.eap_tls != 0 )
3363 if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type,
3364 eap_tls_keying.master_secret,
3365 sizeof( eap_tls_keying.master_secret ),
3367 eap_tls_keying.randbytes,
3368 sizeof( eap_tls_keying.randbytes ),
3369 eap_tls_keymaterial,
3370 sizeof( eap_tls_keymaterial ) ) )
3373 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
3378 mbedtls_printf( " EAP-TLS key material is:" );
3379 for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ )
3382 mbedtls_printf("\n ");
3383 mbedtls_printf("%02x ", eap_tls_keymaterial[j] );
3385 mbedtls_printf("\n");
3387 if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
3389 eap_tls_keying.randbytes,
3390 sizeof( eap_tls_keying.randbytes ),
3392 sizeof( eap_tls_iv ) ) ) != 0 )
3394 mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
3399 mbedtls_printf( " EAP-TLS IV is:" );
3400 for( j = 0; j < sizeof( eap_tls_iv ); j++ )
3403 mbedtls_printf("\n ");
3404 mbedtls_printf("%02x ", eap_tls_iv[j] );
3406 mbedtls_printf("\n");
3410 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3411 ret = report_cid_usage( &ssl, "initial handshake" );
3415 if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
3417 if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
3418 cid_renego, cid_renego_len ) ) != 0 )
3420 mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
3425 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3427 if( opt.exchanges == 0 )
3430 exchanges_left = opt.exchanges;
3433 * 6. Read the HTTP Request
3435 mbedtls_printf( " < Read from client:" );
3439 * TLS and DTLS need different reading styles (stream vs datagram)
3441 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
3446 len = opt.buffer_size - 1;
3447 memset( buf, 0, opt.buffer_size );
3448 ret = mbedtls_ssl_read( &ssl, buf, len );
3450 if( mbedtls_status_is_ssl_in_progress( ret ) )
3452 if( opt.event == 1 /* level triggered IO */ )
3454 #if defined(MBEDTLS_TIMING_C)
3455 idle( &client_fd, &timer, ret );
3457 idle( &client_fd, ret );
3468 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
3469 mbedtls_printf( " connection was closed gracefully\n" );
3473 case MBEDTLS_ERR_NET_CONN_RESET:
3474 mbedtls_printf( " connection was reset by peer\n" );
3475 ret = MBEDTLS_ERR_NET_CONN_RESET;
3479 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
3484 if( mbedtls_ssl_get_bytes_avail( &ssl ) == 0 )
3488 mbedtls_printf( " %d bytes read\n\n%s\n", len, (char *) buf );
3490 /* End of message should be detected according to the syntax of the
3491 * application protocol (eg HTTP), just use a dummy test here. */
3492 if( buf[len - 1] == '\n' )
3497 int extra_len, ori_len;
3498 unsigned char *larger_buf;
3501 extra_len = (int) mbedtls_ssl_get_bytes_avail( &ssl );
3503 larger_buf = mbedtls_calloc( 1, ori_len + extra_len + 1 );
3504 if( larger_buf == NULL )
3506 mbedtls_printf( " ! memory allocation failed\n" );
3511 memset( larger_buf, 0, ori_len + extra_len );
3512 memcpy( larger_buf, buf, ori_len );
3514 /* This read should never fail and get the whole cached data */
3515 ret = mbedtls_ssl_read( &ssl, larger_buf + ori_len, extra_len );
3516 if( ret != extra_len ||
3517 mbedtls_ssl_get_bytes_avail( &ssl ) != 0 )
3519 mbedtls_printf( " ! mbedtls_ssl_read failed on cached data\n" );
3524 larger_buf[ori_len + extra_len] = '\0';
3525 mbedtls_printf( " %u bytes read (%u + %u)\n\n%s\n",
3526 ori_len + extra_len, ori_len, extra_len,
3527 (char *) larger_buf );
3529 /* End of message should be detected according to the syntax of the
3530 * application protocol (eg HTTP), just use a dummy test here. */
3531 if( larger_buf[ori_len + extra_len - 1] == '\n' )
3534 mbedtls_free( larger_buf );
3545 else /* Not stream, so datagram */
3547 len = opt.buffer_size - 1;
3548 memset( buf, 0, opt.buffer_size );
3552 /* Without the call to `mbedtls_ssl_check_pending`, it might
3553 * happen that the client sends application data in the same
3554 * datagram as the Finished message concluding the handshake.
3555 * In this case, the application data would be ready to be
3556 * processed while the underlying transport wouldn't signal
3557 * any further incoming data.
3559 * See the test 'Event-driven I/O: session-id resume, UDP packing'
3560 * in tests/ssl-opt.sh.
3563 /* For event-driven IO, wait for socket to become available */
3564 if( mbedtls_ssl_check_pending( &ssl ) == 0 &&
3565 opt.event == 1 /* level triggered IO */ )
3567 #if defined(MBEDTLS_TIMING_C)
3568 idle( &client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ );
3570 idle( &client_fd, MBEDTLS_ERR_SSL_WANT_READ );
3574 ret = mbedtls_ssl_read( &ssl, buf, len );
3576 /* Note that even if `mbedtls_ssl_check_pending` returns true,
3577 * it can happen that the subsequent call to `mbedtls_ssl_read`
3578 * returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages
3579 * might be discarded (e.g. because they are retransmissions). */
3581 while( mbedtls_status_is_ssl_in_progress( ret ) );
3587 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
3588 mbedtls_printf( " connection was closed gracefully\n" );
3593 mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
3600 mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
3605 * 7a. Request renegotiation while client is waiting for input from us.
3606 * (only on the first exchange, to be able to test retransmission)
3608 #if defined(MBEDTLS_SSL_RENEGOTIATION)
3609 if( opt.renegotiate && exchanges_left == opt.exchanges )
3611 mbedtls_printf( " . Requestion renegotiation..." );
3614 while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
3616 if( ! mbedtls_status_is_ssl_in_progress( ret ) )
3618 mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
3622 /* For event-driven IO, wait for socket to become available */
3623 if( opt.event == 1 /* level triggered IO */ )
3625 #if defined(MBEDTLS_TIMING_C)
3626 idle( &client_fd, &timer, ret );
3628 idle( &client_fd, ret );
3633 mbedtls_printf( " ok\n" );
3635 #endif /* MBEDTLS_SSL_RENEGOTIATION */
3637 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
3638 ret = report_cid_usage( &ssl, "after renegotiation" );
3641 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
3644 * 7. Write the 200 Response
3646 mbedtls_printf( " > Write to client:" );
3649 len = sprintf( (char *) buf, HTTP_RESPONSE,
3650 mbedtls_ssl_get_ciphersuite( &ssl ) );
3652 /* Add padding to the response to reach opt.response_size in length */
3653 if( opt.response_size != DFL_RESPONSE_SIZE &&
3654 len < opt.response_size )
3656 memset( buf + len, 'B', opt.response_size - len );
3657 len += opt.response_size - len;
3660 /* Truncate if response size is smaller than the "natural" size */
3661 if( opt.response_size != DFL_RESPONSE_SIZE &&
3662 len > opt.response_size )
3664 len = opt.response_size;
3666 /* Still end with \r\n unless that's really not possible */
3667 if( len >= 2 ) buf[len - 2] = '\r';
3668 if( len >= 1 ) buf[len - 1] = '\n';
3671 if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
3673 for( written = 0, frags = 0; written < len; written += ret, frags++ )
3675 while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
3678 if( ret == MBEDTLS_ERR_NET_CONN_RESET )
3680 mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
3684 if( ! mbedtls_status_is_ssl_in_progress( ret ) )
3686 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
3690 /* For event-driven IO, wait for socket to become available */
3691 if( opt.event == 1 /* level triggered IO */ )
3693 #if defined(MBEDTLS_TIMING_C)
3694 idle( &client_fd, &timer, ret );
3696 idle( &client_fd, ret );
3702 else /* Not stream, so datagram */
3706 ret = mbedtls_ssl_write( &ssl, buf, len );
3708 if( ! mbedtls_status_is_ssl_in_progress( ret ) )
3711 /* For event-driven IO, wait for socket to become available */
3712 if( opt.event == 1 /* level triggered IO */ )
3714 #if defined(MBEDTLS_TIMING_C)
3715 idle( &client_fd, &timer, ret );
3717 idle( &client_fd, ret );
3724 mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
3732 buf[written] = '\0';
3733 mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
3737 * 7b. Continue doing data exchanges?
3739 if( --exchanges_left > 0 )
3743 * 8. Done, cleanly close the connection
3746 mbedtls_printf( " . Closing the connection..." );
3748 /* No error checking, the connection might be closed already */
3749 do ret = mbedtls_ssl_close_notify( &ssl );
3750 while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
3753 mbedtls_printf( " done\n" );
3761 #ifdef MBEDTLS_ERROR_C
3764 char error_buf[100];
3765 mbedtls_strerror( ret, error_buf, 100 );
3766 mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
3770 mbedtls_printf( " . Cleaning up..." );
3773 mbedtls_net_free( &client_fd );
3774 mbedtls_net_free( &listen_fd );
3776 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
3777 mbedtls_dhm_free( &dhm );
3779 #if defined(MBEDTLS_X509_CRT_PARSE_C)
3780 mbedtls_x509_crt_free( &cacert );
3781 mbedtls_x509_crt_free( &srvcert );
3782 mbedtls_pk_free( &pkey );
3783 mbedtls_x509_crt_free( &srvcert2 );
3784 mbedtls_pk_free( &pkey2 );
3786 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
3787 for( i = 0; (size_t) i < ssl_async_keys.slots_used; i++ )
3789 if( ssl_async_keys.slots[i].pk_owned )
3791 mbedtls_pk_free( ssl_async_keys.slots[i].pk );
3792 mbedtls_free( ssl_async_keys.slots[i].pk );
3793 ssl_async_keys.slots[i].pk = NULL;
3797 #if defined(SNI_OPTION)
3798 sni_free( sni_info );
3800 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
3801 if( ( ret = psk_free( psk_info ) ) != 0 )
3802 mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
3804 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
3805 mbedtls_dhm_free( &dhm );
3808 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
3809 defined(MBEDTLS_USE_PSA_CRYPTO)
3810 if( opt.psk_opaque != 0 )
3812 /* This is ok even if the slot hasn't been
3813 * initialized (we might have jumed here
3814 * immediately because of bad cmd line params,
3816 status = psa_destroy_key( psk_slot );
3817 if( status != PSA_SUCCESS )
3819 mbedtls_printf( "Failed to destroy key slot %u - error was %d",
3820 (unsigned) psk_slot, (int) status );
3823 #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED &&
3824 MBEDTLS_USE_PSA_CRYPTO */
3826 mbedtls_ssl_free( &ssl );
3827 mbedtls_ssl_config_free( &conf );
3828 mbedtls_ctr_drbg_free( &ctr_drbg );
3829 mbedtls_entropy_free( &entropy );
3831 #if defined(MBEDTLS_SSL_CACHE_C)
3832 mbedtls_ssl_cache_free( &cache );
3834 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
3835 mbedtls_ssl_ticket_free( &ticket_ctx );
3837 #if defined(MBEDTLS_SSL_COOKIE_C)
3838 mbedtls_ssl_cookie_free( &cookie_ctx );
3841 mbedtls_free( buf );
3843 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
3844 #if defined(MBEDTLS_MEMORY_DEBUG)
3845 mbedtls_memory_buffer_alloc_status();
3847 mbedtls_memory_buffer_alloc_free();
3850 mbedtls_printf( " done.\n" );
3853 mbedtls_printf( " + Press Enter to exit this program.\n" );
3854 fflush( stdout ); getchar();
3857 // Shell can not handle large exit numbers -> 1 for errors
3863 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
3864 MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
3865 MBEDTLS_CTR_DRBG_C */