| Gilles Peskine | 0d980b8 | 2021-01-05 23:34:27 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Common source code for SSL test programs. This file is included by |
| 3 | * both ssl_client2.c and ssl_server2.c and is intended for source |
| 4 | * code that is textually identical in both programs, but that cannot be |
| 5 | * compiled separately because it refers to types or macros that are |
| 6 | * different in the two programs, or because it would have an incomplete |
| 7 | * type. |
| 8 | * |
| 9 | * This file is meant to be #include'd and cannot be compiled separately. |
| 10 | * |
| 11 | * Copyright The Mbed TLS Contributors |
| 12 | * SPDX-License-Identifier: Apache-2.0 |
| 13 | * |
| 14 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 15 | * not use this file except in compliance with the License. |
| 16 | * You may obtain a copy of the License at |
| 17 | * |
| 18 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 19 | * |
| 20 | * Unless required by applicable law or agreed to in writing, software |
| 21 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 22 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 23 | * See the License for the specific language governing permissions and |
| 24 | * limitations under the License. |
| 25 | */ |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 26 | |
| 27 | #if defined(MBEDTLS_SSL_EXPORT_KEYS) |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 28 | void eap_tls_key_derivation(void *p_expkey, |
| 29 | mbedtls_ssl_key_export_type secret_type, |
| 30 | const unsigned char *secret, |
| 31 | size_t secret_len, |
| 32 | const unsigned char client_random[32], |
| 33 | const unsigned char server_random[32], |
| 34 | mbedtls_tls_prf_types tls_prf_type) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 35 | { |
| 36 | eap_tls_keys *keys = (eap_tls_keys *)p_expkey; |
| 37 | |
| Hanno Becker | c4c38ca | 2021-05-24 10:57:07 +0100 | [diff] [blame] | 38 | /* We're only interested in the TLS 1.2 master secret */ |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 39 | if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) |
| Hanno Becker | 296fefe | 2021-06-21 09:32:27 +0100 | [diff] [blame] | 40 | return; |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 41 | if (secret_len != sizeof(keys->master_secret)) |
| Hanno Becker | 296fefe | 2021-06-21 09:32:27 +0100 | [diff] [blame] | 42 | return; |
| Hanno Becker | c4c38ca | 2021-05-24 10:57:07 +0100 | [diff] [blame] | 43 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 44 | memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); |
| 45 | memcpy(keys->randbytes, client_random, 32); |
| 46 | memcpy(keys->randbytes + 32, server_random, 32); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 47 | keys->tls_prf_type = tls_prf_type; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 48 | } |
| 49 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 50 | void nss_keylog_export(void *p_expkey, |
| 51 | mbedtls_ssl_key_export_type secret_type, |
| 52 | const unsigned char *secret, |
| 53 | size_t secret_len, |
| 54 | const unsigned char client_random[32], |
| 55 | const unsigned char server_random[32], |
| 56 | mbedtls_tls_prf_types tls_prf_type) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 57 | { |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 58 | char nss_keylog_line[200]; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 59 | size_t const client_random_len = 32; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 60 | size_t len = 0; |
| 61 | size_t j; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 62 | |
| Hanno Becker | c4c38ca | 2021-05-24 10:57:07 +0100 | [diff] [blame] | 63 | /* We're only interested in the TLS 1.2 master secret */ |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 64 | if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) |
| Hanno Becker | 296fefe | 2021-06-21 09:32:27 +0100 | [diff] [blame] | 65 | return; |
| Hanno Becker | c4c38ca | 2021-05-24 10:57:07 +0100 | [diff] [blame] | 66 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 67 | ((void)p_expkey); |
| 68 | ((void)server_random); |
| 69 | ((void)tls_prf_type); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 70 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 71 | len += sprintf(nss_keylog_line + len, "%s", "CLIENT_RANDOM "); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 72 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 73 | for (j = 0; j < client_random_len; j++) { |
| 74 | len += sprintf(nss_keylog_line + len, "%02x", client_random[j]); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 75 | } |
| 76 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 77 | len += sprintf(nss_keylog_line + len, " "); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 78 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 79 | for (j = 0; j < secret_len; j++) { |
| 80 | len += sprintf(nss_keylog_line + len, "%02x", secret[j]); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 81 | } |
| 82 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 83 | len += sprintf(nss_keylog_line + len, "\n"); |
| 84 | nss_keylog_line[len] = '\0'; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 85 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 86 | mbedtls_printf("\n"); |
| 87 | mbedtls_printf("---------------- NSS KEYLOG -----------------\n"); |
| 88 | mbedtls_printf("%s", nss_keylog_line); |
| 89 | mbedtls_printf("---------------------------------------------\n"); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 90 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 91 | if (opt.nss_keylog_file != NULL) { |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 92 | FILE *f; |
| 93 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 94 | if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) { |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 95 | goto exit; |
| 96 | } |
| 97 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 98 | if (fwrite(nss_keylog_line, 1, len, f) != len) { |
| 99 | fclose(f); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 100 | goto exit; |
| 101 | } |
| 102 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 103 | fclose(f); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 104 | } |
| 105 | |
| 106 | exit: |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 107 | mbedtls_platform_zeroize(nss_keylog_line, sizeof(nss_keylog_line)); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 108 | } |
| 109 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 110 | # if defined(MBEDTLS_SSL_DTLS_SRTP) |
| 111 | void dtls_srtp_key_derivation(void *p_expkey, |
| 112 | mbedtls_ssl_key_export_type secret_type, |
| 113 | const unsigned char *secret, |
| 114 | size_t secret_len, |
| 115 | const unsigned char client_random[32], |
| 116 | const unsigned char server_random[32], |
| 117 | mbedtls_tls_prf_types tls_prf_type) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 118 | { |
| 119 | dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey; |
| 120 | |
| Hanno Becker | c4c38ca | 2021-05-24 10:57:07 +0100 | [diff] [blame] | 121 | /* We're only interested in the TLS 1.2 master secret */ |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 122 | if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) |
| Hanno Becker | 296fefe | 2021-06-21 09:32:27 +0100 | [diff] [blame] | 123 | return; |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 124 | if (secret_len != sizeof(keys->master_secret)) |
| Hanno Becker | 296fefe | 2021-06-21 09:32:27 +0100 | [diff] [blame] | 125 | return; |
| Hanno Becker | c4c38ca | 2021-05-24 10:57:07 +0100 | [diff] [blame] | 126 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 127 | memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); |
| 128 | memcpy(keys->randbytes, client_random, 32); |
| 129 | memcpy(keys->randbytes + 32, server_random, 32); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 130 | keys->tls_prf_type = tls_prf_type; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 131 | } |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 132 | # endif /* MBEDTLS_SSL_DTLS_SRTP */ |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 133 | |
| 134 | #endif /* MBEDTLS_SSL_EXPORT_KEYS */ |
| 135 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 136 | int ssl_check_record(mbedtls_ssl_context const *ssl, |
| 137 | unsigned char const *buf, |
| 138 | size_t len) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 139 | { |
| Manuel Pégourié-Gonnard | e5306f6 | 2021-07-07 10:48:26 +0200 | [diff] [blame] | 140 | int my_ret = 0, ret_cr1, ret_cr2; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 141 | unsigned char *tmp_buf; |
| 142 | |
| 143 | /* Record checking may modify the input buffer, |
| 144 | * so make a copy. */ |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 145 | tmp_buf = mbedtls_calloc(1, len); |
| 146 | if (tmp_buf == NULL) |
| 147 | return MBEDTLS_ERR_SSL_ALLOC_FAILED; |
| 148 | memcpy(tmp_buf, buf, len); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 149 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 150 | ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len); |
| 151 | if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) { |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 152 | /* Test-only: Make sure that mbedtls_ssl_check_record() |
| 153 | * doesn't alter state. */ |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 154 | memcpy(tmp_buf, buf, len); /* Restore buffer */ |
| 155 | ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len); |
| 156 | if (ret_cr2 != ret_cr1) { |
| 157 | mbedtls_printf( |
| 158 | "mbedtls_ssl_check_record() returned inconsistent results.\n"); |
| Manuel Pégourié-Gonnard | e5306f6 | 2021-07-07 10:48:26 +0200 | [diff] [blame] | 159 | my_ret = -1; |
| Manuel Pégourié-Gonnard | 69c10a4 | 2021-07-06 12:05:23 +0200 | [diff] [blame] | 160 | goto cleanup; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 161 | } |
| 162 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 163 | switch (ret_cr1) { |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 164 | case 0: |
| 165 | break; |
| 166 | |
| 167 | case MBEDTLS_ERR_SSL_INVALID_RECORD: |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 168 | if (opt.debug_level > 1) |
| 169 | mbedtls_printf( |
| 170 | "mbedtls_ssl_check_record() detected invalid record.\n"); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 171 | break; |
| 172 | |
| 173 | case MBEDTLS_ERR_SSL_INVALID_MAC: |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 174 | if (opt.debug_level > 1) |
| 175 | mbedtls_printf( |
| 176 | "mbedtls_ssl_check_record() detected unauthentic record.\n"); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 177 | break; |
| 178 | |
| 179 | case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 180 | if (opt.debug_level > 1) |
| 181 | mbedtls_printf( |
| 182 | "mbedtls_ssl_check_record() detected unexpected record.\n"); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 183 | break; |
| 184 | |
| 185 | default: |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 186 | mbedtls_printf( |
| 187 | "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", |
| 188 | (unsigned int)-ret_cr1); |
| Manuel Pégourié-Gonnard | e5306f6 | 2021-07-07 10:48:26 +0200 | [diff] [blame] | 189 | my_ret = -1; |
| Manuel Pégourié-Gonnard | 69c10a4 | 2021-07-06 12:05:23 +0200 | [diff] [blame] | 190 | goto cleanup; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 191 | } |
| 192 | |
| 193 | /* Regardless of the outcome, forward the record to the stack. */ |
| 194 | } |
| 195 | |
| Manuel Pégourié-Gonnard | 69c10a4 | 2021-07-06 12:05:23 +0200 | [diff] [blame] | 196 | cleanup: |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 197 | mbedtls_free(tmp_buf); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 198 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 199 | return my_ret; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 200 | } |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 201 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 202 | int recv_cb(void *ctx, unsigned char *buf, size_t len) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 203 | { |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 204 | io_ctx_t *io_ctx = (io_ctx_t *)ctx; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 205 | size_t recv_len; |
| 206 | int ret; |
| 207 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 208 | if (opt.nbio == 2) |
| 209 | ret = delayed_recv(io_ctx->net, buf, len); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 210 | else |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 211 | ret = mbedtls_net_recv(io_ctx->net, buf, len); |
| 212 | if (ret < 0) |
| 213 | return ret; |
| 214 | recv_len = (size_t)ret; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 215 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 216 | if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 217 | /* Here's the place to do any datagram/record checking |
| 218 | * in between receiving the packet from the underlying |
| 219 | * transport and passing it on to the TLS stack. */ |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 220 | if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) |
| 221 | return -1; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 222 | } |
| 223 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 224 | return (int)recv_len; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 225 | } |
| 226 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 227 | int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, uint32_t timeout) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 228 | { |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 229 | io_ctx_t *io_ctx = (io_ctx_t *)ctx; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 230 | int ret; |
| 231 | size_t recv_len; |
| 232 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 233 | ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout); |
| 234 | if (ret < 0) |
| 235 | return ret; |
| 236 | recv_len = (size_t)ret; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 237 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 238 | if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 239 | /* Here's the place to do any datagram/record checking |
| 240 | * in between receiving the packet from the underlying |
| 241 | * transport and passing it on to the TLS stack. */ |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 242 | if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) |
| 243 | return -1; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 244 | } |
| 245 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 246 | return (int)recv_len; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 247 | } |
| 248 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 249 | int send_cb(void *ctx, unsigned char const *buf, size_t len) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 250 | { |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 251 | io_ctx_t *io_ctx = (io_ctx_t *)ctx; |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 252 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 253 | if (opt.nbio == 2) |
| 254 | return delayed_send(io_ctx->net, buf, len); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 255 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 256 | return mbedtls_net_send(io_ctx->net, buf, len); |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 257 | } |
| 258 | |
| 259 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 260 | int ssl_sig_hashes_for_test[] = { |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 261 | # if defined(MBEDTLS_SHA512_C) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 262 | MBEDTLS_MD_SHA512, |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 263 | # endif |
| 264 | # if defined(MBEDTLS_SHA384_C) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 265 | MBEDTLS_MD_SHA384, |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 266 | # endif |
| 267 | # if defined(MBEDTLS_SHA256_C) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 268 | MBEDTLS_MD_SHA256, |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 269 | # endif |
| 270 | # if defined(MBEDTLS_SHA224_C) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 271 | MBEDTLS_MD_SHA224, |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 272 | # endif |
| 273 | # if defined(MBEDTLS_SHA1_C) |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 274 | /* Allow SHA-1 as we use it extensively in tests. */ |
| 275 | MBEDTLS_MD_SHA1, |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 276 | # endif |
| Gilles Peskine | 504c1a3 | 2021-01-05 23:40:14 +0100 | [diff] [blame] | 277 | MBEDTLS_MD_NONE |
| 278 | }; |
| 279 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 280 | |
| 281 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 282 | /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function |
| 283 | * for more info. |
| 284 | */ |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 285 | int x509_crt_verify_info(char *buf, |
| 286 | size_t size, |
| 287 | const char *prefix, |
| 288 | uint32_t flags) |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 289 | { |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 290 | # if !defined(MBEDTLS_X509_REMOVE_INFO) |
| 291 | return mbedtls_x509_crt_verify_info(buf, size, prefix, flags); |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 292 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 293 | # else /* !MBEDTLS_X509_REMOVE_INFO */ |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 294 | int ret; |
| 295 | char *p = buf; |
| 296 | size_t n = size; |
| 297 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 298 | # define X509_CRT_ERROR_INFO(err, err_str, info) \ |
| 299 | if ((flags & err) != 0) { \ |
| 300 | ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, info); \ |
| 301 | MBEDTLS_X509_SAFE_SNPRINTF; \ |
| 302 | flags ^= err; \ |
| 303 | } |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 304 | |
| 305 | MBEDTLS_X509_CRT_ERROR_INFO_LIST |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 306 | # undef X509_CRT_ERROR_INFO |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 307 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 308 | if (flags != 0) { |
| 309 | ret = mbedtls_snprintf(p, n, |
| 310 | "%sUnknown reason " |
| 311 | "(this should not happen)\n", |
| 312 | prefix); |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 313 | MBEDTLS_X509_SAFE_SNPRINTF; |
| 314 | } |
| 315 | |
| Mateusz Starzyk | c0eabdc | 2021-08-03 14:09:02 +0200 | [diff] [blame^] | 316 | return ((int)(size - n)); |
| 317 | # endif /* MBEDTLS_X509_REMOVE_INFO */ |
| Chris Jones | e383fa6 | 2021-04-27 14:50:43 +0100 | [diff] [blame] | 318 | } |
| 319 | #endif /* MBEDTLS_X509_CRT_PARSE_C */ |