1 /*
2 * SSL client with certificate authentication
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7
8 #include "ssl_test_lib.h"
9
10 #if defined(MBEDTLS_USE_PSA_CRYPTO)
11 #include "test/psa_crypto_helpers.h"
12 #endif
13
14 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
main(void)15 int main(void)
16 {
17 mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE);
18 mbedtls_exit(0);
19 }
20 #elif !defined(MBEDTLS_SSL_CLI_C)
main(void)21 int main(void)
22 {
23 mbedtls_printf("MBEDTLS_SSL_CLI_C not defined.\n");
24 mbedtls_exit(0);
25 }
26 #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
27
28 /* Size of memory to be allocated for the heap, when using the library's memory
29 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
30 #define MEMORY_HEAP_SIZE 120000
31
32 #define MAX_REQUEST_SIZE 20000
33 #define MAX_REQUEST_SIZE_STR "20000"
34
35 #define DFL_SERVER_NAME "localhost"
36 #define DFL_SERVER_ADDR NULL
37 #define DFL_SERVER_PORT "4433"
38 #define DFL_REQUEST_PAGE "/"
39 #define DFL_REQUEST_SIZE -1
40 #define DFL_DEBUG_LEVEL 0
41 #define DFL_CONTEXT_CRT_CB 0
42 #define DFL_NBIO 0
43 #define DFL_EVENT 0
44 #define DFL_READ_TIMEOUT 0
45 #define DFL_MAX_RESEND 0
46 #define DFL_CA_FILE ""
47 #define DFL_CA_PATH ""
48 #define DFL_CRT_FILE ""
49 #define DFL_KEY_FILE ""
50 #define DFL_KEY_OPAQUE 0
51 #define DFL_KEY_PWD ""
52 #define DFL_PSK ""
53 #define DFL_PSK_OPAQUE 0
54 #define DFL_PSK_IDENTITY "Client_identity"
55 #define DFL_ECJPAKE_PW NULL
56 #define DFL_EC_MAX_OPS -1
57 #define DFL_FORCE_CIPHER 0
58 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
59 #define DFL_ALLOW_LEGACY -2
60 #define DFL_RENEGOTIATE 0
61 #define DFL_EXCHANGES 1
62 #define DFL_MIN_VERSION -1
63 #define DFL_MAX_VERSION -1
64 #define DFL_ARC4 -1
65 #define DFL_SHA1 -1
66 #define DFL_AUTH_MODE -1
67 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
68 #define DFL_TRUNC_HMAC -1
69 #define DFL_RECSPLIT -1
70 #define DFL_DHMLEN -1
71 #define DFL_RECONNECT 0
72 #define DFL_RECO_DELAY 0
73 #define DFL_RECO_MODE 1
74 #define DFL_CID_ENABLED 0
75 #define DFL_CID_VALUE ""
76 #define DFL_CID_ENABLED_RENEGO -1
77 #define DFL_CID_VALUE_RENEGO NULL
78 #define DFL_RECONNECT_HARD 0
79 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
80 #define DFL_ALPN_STRING NULL
81 #define DFL_CURVES NULL
82 #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
83 #define DFL_HS_TO_MIN 0
84 #define DFL_HS_TO_MAX 0
85 #define DFL_DTLS_MTU -1
86 #define DFL_DGRAM_PACKING 1
87 #define DFL_FALLBACK -1
88 #define DFL_EXTENDED_MS -1
89 #define DFL_ETM -1
90 #define DFL_SERIALIZE 0
91 #define DFL_CONTEXT_FILE ""
92 #define DFL_EXTENDED_MS_ENFORCE -1
93 #define DFL_CA_CALLBACK 0
94 #define DFL_EAP_TLS 0
95 #define DFL_REPRODUCIBLE 0
96 #define DFL_NSS_KEYLOG 0
97 #define DFL_NSS_KEYLOG_FILE NULL
98 #define DFL_SKIP_CLOSE_NOTIFY 0
99 #define DFL_QUERY_CONFIG_MODE 0
100 #define DFL_USE_SRTP 0
101 #define DFL_SRTP_FORCE_PROFILE 0
102 #define DFL_SRTP_MKI ""
103
104 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
105 #define GET_REQUEST_END "\r\n\r\n"
106
107 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
108 #define USAGE_CONTEXT_CRT_CB \
109 " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
110 " to the SSL configuration of the SSL context.\n" \
111 " Possible values:\n" \
112 " - 0 (default): Use CRT callback bound to configuration\n" \
113 " - 1: Use CRT callback bound to SSL context\n"
114 #else
115 #define USAGE_CONTEXT_CRT_CB ""
116 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
117 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
118 #if defined(MBEDTLS_FS_IO)
119 #define USAGE_IO \
120 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
121 " default: \"\" (pre-loaded)\n" \
122 " use \"none\" to skip loading any top-level CAs.\n" \
123 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
124 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
125 " use \"none\" to skip loading any top-level CAs.\n" \
126 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
127 " default: \"\" (pre-loaded)\n" \
128 " key_file=%%s default: \"\" (pre-loaded)\n" \
129 " key_pwd=%%s Password for key specified by key_file argument\n" \
130 " default: none\n"
131 #else
132 #define USAGE_IO \
133 " No file operations available (MBEDTLS_FS_IO not defined)\n"
134 #endif /* MBEDTLS_FS_IO */
135 #else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
136 #define USAGE_IO ""
137 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
138 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
139 #define USAGE_KEY_OPAQUE \
140 " key_opaque=%%d Handle your private key as if it were opaque\n" \
141 " default: 0 (disabled)\n"
142 #else
143 #define USAGE_KEY_OPAQUE ""
144 #endif
145
146 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
147 #define USAGE_CID \
148 " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
149 " default: 0 (disabled)\n" \
150 " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
151 " default: same as 'cid' parameter\n" \
152 " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
153 " default: \"\"\n" \
154 " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
155 " default: same as 'cid_val' parameter\n"
156 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
157 #define USAGE_CID ""
158 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
159
160 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
161 #define USAGE_PSK_RAW \
162 " psk=%%s default: \"\" (disabled)\n" \
163 " The PSK values are in hex, without 0x.\n" \
164 " psk_identity=%%s default: \"Client_identity\"\n"
165 #if defined(MBEDTLS_USE_PSA_CRYPTO)
166 #define USAGE_PSK_SLOT \
167 " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
168 " Enable this to store the PSK configured through command line\n" \
169 " parameter `psk` in a PSA-based key slot.\n" \
170 " Note: Currently only supported in conjunction with\n" \
171 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
172 " to force a particular PSK-only ciphersuite.\n" \
173 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
174 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
175 " with prepopulated key slots instead of importing raw key material.\n"
176 #else
177 #define USAGE_PSK_SLOT ""
178 #endif /* MBEDTLS_USE_PSA_CRYPTO */
179 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
180 #else
181 #define USAGE_PSK ""
182 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
183
184 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
185 #define USAGE_CA_CALLBACK \
186 " ca_callback=%%d default: 0 (disabled)\n" \
187 " Enable this to use the trusted certificate callback function\n"
188 #else
189 #define USAGE_CA_CALLBACK ""
190 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
191
192 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
193 #define USAGE_TICKETS \
194 " tickets=%%d default: 1 (enabled)\n"
195 #else
196 #define USAGE_TICKETS ""
197 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
198
199 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
200 #define USAGE_EAP_TLS \
201 " eap_tls=%%d default: 0 (disabled)\n"
202 #define USAGE_NSS_KEYLOG \
203 " nss_keylog=%%d default: 0 (disabled)\n" \
204 " This cannot be used with eap_tls=1\n"
205 #define USAGE_NSS_KEYLOG_FILE \
206 " nss_keylog_file=%%s\n"
207 #if defined(MBEDTLS_SSL_DTLS_SRTP)
208 #define USAGE_SRTP \
209 " use_srtp=%%d default: 0 (disabled)\n" \
210 " This cannot be used with eap_tls=1 or " \
211 " nss_keylog=1\n" \
212 " srtp_force_profile=%%d default: 0 (all enabled)\n" \
213 " available profiles:\n" \
214 " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
215 " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
216 " 3 - SRTP_NULL_HMAC_SHA1_80\n" \
217 " 4 - SRTP_NULL_HMAC_SHA1_32\n" \
218 " mki=%%s default: \"\" (in hex, without 0x)\n"
219 #else /* MBEDTLS_SSL_DTLS_SRTP */
220 #define USAGE_SRTP ""
221 #endif
222 #else /* MBEDTLS_SSL_EXPORT_KEYS */
223 #define USAGE_EAP_TLS ""
224 #define USAGE_NSS_KEYLOG ""
225 #define USAGE_NSS_KEYLOG_FILE ""
226 #define USAGE_SRTP ""
227 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
228
229 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
230 #define USAGE_TRUNC_HMAC \
231 " trunc_hmac=%%d default: library default\n"
232 #else
233 #define USAGE_TRUNC_HMAC ""
234 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
235
236 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
237 #define USAGE_MAX_FRAG_LEN \
238 " max_frag_len=%%d default: 16384 (tls default)\n" \
239 " options: 512, 1024, 2048, 4096\n"
240 #else
241 #define USAGE_MAX_FRAG_LEN ""
242 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
243
244 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
245 #define USAGE_RECSPLIT \
246 " recsplit=0/1 default: (library default: on)\n"
247 #else
248 #define USAGE_RECSPLIT
249 #endif
250
251 #if defined(MBEDTLS_DHM_C)
252 #define USAGE_DHMLEN \
253 " dhmlen=%%d default: (library default: 1024 bits)\n"
254 #else
255 #define USAGE_DHMLEN
256 #endif
257
258 #if defined(MBEDTLS_SSL_ALPN)
259 #define USAGE_ALPN \
260 " alpn=%%s default: \"\" (disabled)\n" \
261 " example: spdy/1,http/1.1\n"
262 #else
263 #define USAGE_ALPN ""
264 #endif /* MBEDTLS_SSL_ALPN */
265
266 #if defined(MBEDTLS_ECP_C)
267 #define USAGE_CURVES \
268 " curves=a,b,c,d default: \"default\" (library default)\n" \
269 " example: \"secp521r1,brainpoolP512r1\"\n" \
270 " - use \"none\" for empty list\n" \
271 " - see mbedtls_ecp_curve_list()\n" \
272 " for acceptable curve names\n"
273 #else
274 #define USAGE_CURVES ""
275 #endif
276
277 #if defined(MBEDTLS_SSL_PROTO_DTLS)
278 #define USAGE_DTLS \
279 " dtls=%%d default: 0 (TLS)\n" \
280 " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
281 " range of DTLS handshake timeouts in millisecs\n" \
282 " mtu=%%d default: (library default: unlimited)\n" \
283 " dgram_packing=%%d default: 1 (allowed)\n" \
284 " allow or forbid packing of multiple\n" \
285 " records within a single datgram.\n"
286 #else
287 #define USAGE_DTLS ""
288 #endif
289
290 #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
291 #define USAGE_FALLBACK \
292 " fallback=0/1 default: (library default: off)\n"
293 #else
294 #define USAGE_FALLBACK ""
295 #endif
296
297 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
298 #define USAGE_EMS \
299 " extended_ms=0/1 default: (library default: on)\n"
300 #else
301 #define USAGE_EMS ""
302 #endif
303
304 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
305 #define USAGE_ETM \
306 " etm=0/1 default: (library default: on)\n"
307 #else
308 #define USAGE_ETM ""
309 #endif
310
311 #define USAGE_REPRODUCIBLE \
312 " reproducible=0/1 default: 0 (disabled)\n"
313
314 #if defined(MBEDTLS_SSL_RENEGOTIATION)
315 #define USAGE_RENEGO \
316 " renegotiation=%%d default: 0 (disabled)\n" \
317 " renegotiate=%%d default: 0 (disabled)\n"
318 #else
319 #define USAGE_RENEGO ""
320 #endif
321
322 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
323 #define USAGE_ECJPAKE \
324 " ecjpake_pw=%%s default: none (disabled)\n"
325 #else
326 #define USAGE_ECJPAKE ""
327 #endif
328
329 #if defined(MBEDTLS_ECP_RESTARTABLE)
330 #define USAGE_ECRESTART \
331 " ec_max_ops=%%s default: library default (restart disabled)\n"
332 #else
333 #define USAGE_ECRESTART ""
334 #endif
335
336 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
337 #define USAGE_SERIALIZATION \
338 " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
339 " options: 1 (serialize)\n" \
340 " 2 (serialize with re-initialization)\n" \
341 " context_file=%%s The file path to write a serialized connection\n" \
342 " in the form of base64 code (serialize option\n" \
343 " must be set)\n" \
344 " default: \"\" (do nothing)\n" \
345 " option: a file path\n"
346 #else
347 #define USAGE_SERIALIZATION ""
348 #endif
349
350 /* USAGE is arbitrarily split to stay under the portable string literal
351 * length limit: 4095 bytes in C99. */
352 #define USAGE1 \
353 "\n usage: ssl_client2 param=<>...\n" \
354 "\n acceptable parameters:\n" \
355 " server_name=%%s default: localhost\n" \
356 " server_addr=%%s default: given by name\n" \
357 " server_port=%%d default: 4433\n" \
358 " request_page=%%s default: \".\"\n" \
359 " request_size=%%d default: about 34 (basic request)\n" \
360 " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
361 " If 0, in the first exchange only an empty\n" \
362 " application data message is sent followed by\n" \
363 " a second non-empty message before attempting\n" \
364 " to read a response from the server\n" \
365 " debug_level=%%d default: 0 (disabled)\n" \
366 " build_version=%%d default: none (disabled)\n" \
367 " option: 1 (print build version only and stop)\n" \
368 " nbio=%%d default: 0 (blocking I/O)\n" \
369 " options: 1 (non-blocking), 2 (added delays)\n" \
370 " event=%%d default: 0 (loop)\n" \
371 " options: 1 (level-triggered, implies nbio=1),\n" \
372 " read_timeout=%%d default: 0 ms (no timeout)\n" \
373 " max_resend=%%d default: 0 (no resend on timeout)\n" \
374 " skip_close_notify=%%d default: 0 (send close_notify)\n" \
375 "\n" \
376 USAGE_DTLS \
377 USAGE_CID \
378 USAGE_SRTP \
379 "\n"
380 #define USAGE2 \
381 " auth_mode=%%s default: (library default: none)\n" \
382 " options: none, optional, required\n" \
383 USAGE_IO \
384 USAGE_KEY_OPAQUE \
385 USAGE_CA_CALLBACK \
386 "\n" \
387 USAGE_PSK \
388 USAGE_ECJPAKE \
389 USAGE_ECRESTART \
390 "\n"
391 #define USAGE3 \
392 " allow_legacy=%%d default: (library default: no)\n" \
393 USAGE_RENEGO \
394 " exchanges=%%d default: 1\n" \
395 " reconnect=%%d number of reconnections using session resumption\n" \
396 " default: 0 (disabled)\n" \
397 " reco_delay=%%d default: 0 seconds\n" \
398 " reco_mode=%%d 0: copy session, 1: serialize session\n" \
399 " default: 1\n" \
400 " reconnect_hard=%%d default: 0 (disabled)\n" \
401 USAGE_TICKETS \
402 USAGE_EAP_TLS \
403 USAGE_MAX_FRAG_LEN \
404 USAGE_TRUNC_HMAC \
405 USAGE_CONTEXT_CRT_CB \
406 USAGE_ALPN \
407 USAGE_FALLBACK \
408 USAGE_EMS \
409 USAGE_ETM \
410 USAGE_REPRODUCIBLE \
411 USAGE_CURVES \
412 USAGE_RECSPLIT \
413 USAGE_DHMLEN \
414 "\n"
415 #define USAGE4 \
416 " arc4=%%d default: (library default: 0)\n" \
417 " allow_sha1=%%d default: 0\n" \
418 " min_version=%%s default: (library default: tls1)\n" \
419 " max_version=%%s default: (library default: tls12)\n" \
420 " force_version=%%s default: \"\" (none)\n" \
421 " options: ssl3, tls1, tls1_1, tls12, dtls1, dtls12\n" \
422 "\n" \
423 " force_ciphersuite=<name> default: all enabled\n" \
424 " query_config=<name> return 0 if the specified\n" \
425 " configuration macro is defined and 1\n" \
426 " otherwise. The expansion of the macro\n" \
427 " is printed if it is defined\n" \
428 USAGE_SERIALIZATION \
429 " acceptable ciphersuite names:\n"
430
431 #define ALPN_LIST_SIZE 10
432 #define CURVE_LIST_SIZE 20
433
434
435 /*
436 * global options
437 */
438 struct options {
439 const char *server_name; /* hostname of the server (client only) */
440 const char *server_addr; /* address of the server (client only) */
441 const char *server_port; /* port on which the ssl service runs */
442 int debug_level; /* level of debugging */
443 int nbio; /* should I/O be blocking? */
444 int event; /* loop or event-driven IO? level or edge triggered? */
445 uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
446 int max_resend; /* DTLS times to resend on read timeout */
447 const char *request_page; /* page on server to request */
448 int request_size; /* pad request with header to requested size */
449 const char *ca_file; /* the file with the CA certificate(s) */
450 const char *ca_path; /* the path with the CA certificate(s) reside */
451 const char *crt_file; /* the file with the client certificate */
452 const char *key_file; /* the file with the client key */
453 int key_opaque; /* handle private key as if it were opaque */
454 #if defined(MBEDTLS_USE_PSA_CRYPTO)
455 int psk_opaque;
456 #endif
457 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
458 int ca_callback; /* Use callback for trusted certificate list */
459 #endif
460 const char *key_pwd; /* the password for the client key */
461 const char *psk; /* the pre-shared key */
462 const char *psk_identity; /* the pre-shared key identity */
463 const char *ecjpake_pw; /* the EC J-PAKE password */
464 int ec_max_ops; /* EC consecutive operations limit */
465 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
466 int renegotiation; /* enable / disable renegotiation */
467 int allow_legacy; /* allow legacy renegotiation */
468 int renegotiate; /* attempt renegotiation? */
469 int renego_delay; /* delay before enforcing renegotiation */
470 int exchanges; /* number of data exchanges */
471 int min_version; /* minimum protocol version accepted */
472 int max_version; /* maximum protocol version accepted */
473 int arc4; /* flag for arc4 suites support */
474 int allow_sha1; /* flag for SHA-1 support */
475 int auth_mode; /* verify mode for connection */
476 unsigned char mfl_code; /* code for maximum fragment length */
477 int trunc_hmac; /* negotiate truncated hmac or not */
478 int recsplit; /* enable record splitting? */
479 int dhmlen; /* minimum DHM params len in bits */
480 int reconnect; /* attempt to resume session */
481 int reco_delay; /* delay in seconds before resuming session */
482 int reco_mode; /* how to keep the session around */
483 int reconnect_hard; /* unexpectedly reconnect from the same port */
484 int tickets; /* enable / disable session tickets */
485 const char *curves; /* list of supported elliptic curves */
486 const char *alpn_string; /* ALPN supported protocols */
487 int transport; /* TLS or DTLS? */
488 uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
489 uint32_t hs_to_max; /* Max value of DTLS handshake timer */
490 int dtls_mtu; /* UDP Maximum transport unit for DTLS */
491 int fallback; /* is this a fallback connection? */
492 int dgram_packing; /* allow/forbid datagram packing */
493 int extended_ms; /* negotiate extended master secret? */
494 int etm; /* negotiate encrypt then mac? */
495 int context_crt_cb; /* use context-specific CRT verify callback */
496 int eap_tls; /* derive EAP-TLS keying material? */
497 int nss_keylog; /* export NSS key log material */
498 const char *nss_keylog_file; /* NSS key log file */
499 int cid_enabled; /* whether to use the CID extension or not */
500 int cid_enabled_renego; /* whether to use the CID extension or not
501 * during renegotiation */
502 const char *cid_val; /* the CID to use for incoming messages */
503 int serialize; /* serialize/deserialize connection */
504 const char *context_file; /* the file to write a serialized connection
505 * in the form of base64 code (serialize
506 * option must be set) */
507 const char *cid_val_renego; /* the CID to use for incoming messages
508 * after renegotiation */
509 int reproducible; /* make communication reproducible */
510 int skip_close_notify; /* skip sending the close_notify alert */
511 int query_config_mode; /* whether to read config */
512 int use_srtp; /* Support SRTP */
513 int force_srtp_profile; /* SRTP protection profile to use or all */
514 const char *mki; /* The dtls mki value to use */
515 } opt;
516
517 #include "ssl_test_common_source.c"
518
519 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
520 static unsigned char peer_crt_info[1024];
521
522 /*
523 * Enabled if debug_level > 1 in code below
524 */
my_verify(void * data,mbedtls_x509_crt * crt,int depth,uint32_t * flags)525 static int my_verify(void *data, mbedtls_x509_crt *crt,
526 int depth, uint32_t *flags)
527 {
528 char buf[1024];
529 ((void) data);
530
531 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
532 if (depth == 0) {
533 memcpy(peer_crt_info, buf, sizeof(buf));
534 }
535
536 if (opt.debug_level == 0) {
537 return 0;
538 }
539
540 mbedtls_printf("\nVerify requested for (Depth %d):\n", depth);
541 mbedtls_printf("%s", buf);
542
543 if ((*flags) == 0) {
544 mbedtls_printf(" This certificate has no flags\n");
545 } else {
546 mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags);
547 mbedtls_printf("%s\n", buf);
548 }
549
550 return 0;
551 }
552 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
553
554 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
report_cid_usage(mbedtls_ssl_context * ssl,const char * additional_description)555 int report_cid_usage(mbedtls_ssl_context *ssl,
556 const char *additional_description)
557 {
558 int ret;
559 unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
560 size_t peer_cid_len;
561 int cid_negotiated;
562
563 if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
564 return 0;
565 }
566
567 /* Check if the use of a CID has been negotiated,
568 * but don't ask for the CID value and length.
569 *
570 * Note: Here and below, we're demonstrating the various ways
571 * in which mbedtls_ssl_get_peer_cid() can be called,
572 * depending on whether or not the length/value of the
573 * peer's CID is needed.
574 *
575 * An actual application, however, should use
576 * just one call to mbedtls_ssl_get_peer_cid(). */
577 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
578 NULL, NULL);
579 if (ret != 0) {
580 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
581 (unsigned int) -ret);
582 return ret;
583 }
584
585 if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) {
586 if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) {
587 mbedtls_printf("(%s) Use of Connection ID was rejected by the server.\n",
588 additional_description);
589 }
590 } else {
591 size_t idx = 0;
592 mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n",
593 additional_description);
594
595 /* Ask for just the length of the peer's CID. */
596 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
597 NULL, &peer_cid_len);
598 if (ret != 0) {
599 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
600 (unsigned int) -ret);
601 return ret;
602 }
603
604 /* Ask for just length + value of the peer's CID. */
605 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
606 peer_cid, &peer_cid_len);
607 if (ret != 0) {
608 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
609 (unsigned int) -ret);
610 return ret;
611 }
612 mbedtls_printf("(%s) Peer CID (length %u Bytes): ",
613 additional_description,
614 (unsigned) peer_cid_len);
615 while (idx < peer_cid_len) {
616 mbedtls_printf("%02x ", peer_cid[idx]);
617 idx++;
618 }
619 mbedtls_printf("\n");
620 }
621
622 return 0;
623 }
624 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
625
main(int argc,char * argv[])626 int main(int argc, char *argv[])
627 {
628 int ret = 0, len, tail_len, i, written, frags, retry_left;
629 int query_config_ret = 0;
630 mbedtls_net_context server_fd;
631 io_ctx_t io_ctx;
632
633 unsigned char buf[MAX_REQUEST_SIZE + 1];
634
635 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
636 unsigned char psk[MBEDTLS_PSK_MAX_LEN];
637 size_t psk_len = 0;
638 #endif
639
640 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
641 unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
642 unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
643 size_t cid_len = 0;
644 size_t cid_renego_len = 0;
645 #endif
646
647 #if defined(MBEDTLS_SSL_ALPN)
648 const char *alpn_list[ALPN_LIST_SIZE];
649 #endif
650
651 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
652 unsigned char alloc_buf[MEMORY_HEAP_SIZE];
653 #endif
654
655 #if defined(MBEDTLS_ECP_C)
656 mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
657 const mbedtls_ecp_curve_info *curve_cur;
658 #endif
659 #if defined(MBEDTLS_SSL_DTLS_SRTP)
660 unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
661 size_t mki_len = 0;
662 #endif
663
664 const char *pers = "ssl_client2";
665
666 #if defined(MBEDTLS_USE_PSA_CRYPTO)
667 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
668 psa_key_id_t slot = 0;
669 psa_algorithm_t alg = 0;
670 psa_key_attributes_t key_attributes;
671 #endif
672 psa_status_t status;
673 #endif
674
675 rng_context_t rng;
676 mbedtls_ssl_context ssl;
677 mbedtls_ssl_config conf;
678 mbedtls_ssl_session saved_session;
679 unsigned char *session_data = NULL;
680 size_t session_data_len = 0;
681 #if defined(MBEDTLS_TIMING_C)
682 mbedtls_timing_delay_context timer;
683 #endif
684 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
685 uint32_t flags;
686 mbedtls_x509_crt cacert;
687 mbedtls_x509_crt clicert;
688 mbedtls_pk_context pkey;
689 mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
690 #if defined(MBEDTLS_USE_PSA_CRYPTO)
691 psa_key_id_t key_slot = 0; /* invalid key slot */
692 #endif
693 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
694 char *p, *q;
695 const int *list;
696 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
697 unsigned char *context_buf = NULL;
698 size_t context_buf_len;
699 #endif
700 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
701 unsigned char eap_tls_keymaterial[16];
702 unsigned char eap_tls_iv[8];
703 const char *eap_tls_label = "client EAP encryption";
704 eap_tls_keys eap_tls_keying;
705 #if defined(MBEDTLS_SSL_DTLS_SRTP)
706 /*! master keys and master salt for SRTP generated during handshake */
707 unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
708 const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp";
709 dtls_srtp_keys dtls_srtp_keying;
710 const mbedtls_ssl_srtp_profile default_profiles[] = {
711 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
712 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
713 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
714 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
715 MBEDTLS_TLS_SRTP_UNSET
716 };
717 #endif /* MBEDTLS_SSL_DTLS_SRTP */
718 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
719
720 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
721 mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
722 #endif
723
724 #if defined(MBEDTLS_TEST_HOOKS)
725 test_hooks_init();
726 #endif /* MBEDTLS_TEST_HOOKS */
727
728 /*
729 * Make sure memory references are valid.
730 */
731 mbedtls_net_init(&server_fd);
732 mbedtls_ssl_init(&ssl);
733 mbedtls_ssl_config_init(&conf);
734 memset(&saved_session, 0, sizeof(mbedtls_ssl_session));
735 rng_init(&rng);
736 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
737 mbedtls_x509_crt_init(&cacert);
738 mbedtls_x509_crt_init(&clicert);
739 mbedtls_pk_init(&pkey);
740 #endif
741 #if defined(MBEDTLS_SSL_ALPN)
742 memset((void *) alpn_list, 0, sizeof(alpn_list));
743 #endif
744
745 #if defined(MBEDTLS_USE_PSA_CRYPTO)
746 status = psa_crypto_init();
747 if (status != PSA_SUCCESS) {
748 mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
749 (int) status);
750 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
751 goto exit;
752 }
753 #endif /* MBEDTLS_USE_PSA_CRYPTO */
754 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
755 mbedtls_test_enable_insecure_external_rng();
756 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
757
758 if (argc < 2) {
759 usage:
760 if (ret == 0) {
761 ret = 1;
762 }
763
764 mbedtls_printf(USAGE1);
765 mbedtls_printf(USAGE2);
766 mbedtls_printf(USAGE3);
767 mbedtls_printf(USAGE4);
768
769 list = mbedtls_ssl_list_ciphersuites();
770 while (*list) {
771 mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
772 list++;
773 if (!*list) {
774 break;
775 }
776 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
777 list++;
778 }
779 mbedtls_printf("\n");
780 goto exit;
781 }
782
783 opt.server_name = DFL_SERVER_NAME;
784 opt.server_addr = DFL_SERVER_ADDR;
785 opt.server_port = DFL_SERVER_PORT;
786 opt.debug_level = DFL_DEBUG_LEVEL;
787 opt.cid_enabled = DFL_CID_ENABLED;
788 opt.cid_val = DFL_CID_VALUE;
789 opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
790 opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
791 opt.nbio = DFL_NBIO;
792 opt.event = DFL_EVENT;
793 opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
794 opt.read_timeout = DFL_READ_TIMEOUT;
795 opt.max_resend = DFL_MAX_RESEND;
796 opt.request_page = DFL_REQUEST_PAGE;
797 opt.request_size = DFL_REQUEST_SIZE;
798 opt.ca_file = DFL_CA_FILE;
799 opt.ca_path = DFL_CA_PATH;
800 opt.crt_file = DFL_CRT_FILE;
801 opt.key_file = DFL_KEY_FILE;
802 opt.key_opaque = DFL_KEY_OPAQUE;
803 opt.key_pwd = DFL_KEY_PWD;
804 opt.psk = DFL_PSK;
805 #if defined(MBEDTLS_USE_PSA_CRYPTO)
806 opt.psk_opaque = DFL_PSK_OPAQUE;
807 #endif
808 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
809 opt.ca_callback = DFL_CA_CALLBACK;
810 #endif
811 opt.psk_identity = DFL_PSK_IDENTITY;
812 opt.ecjpake_pw = DFL_ECJPAKE_PW;
813 opt.ec_max_ops = DFL_EC_MAX_OPS;
814 opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
815 opt.renegotiation = DFL_RENEGOTIATION;
816 opt.allow_legacy = DFL_ALLOW_LEGACY;
817 opt.renegotiate = DFL_RENEGOTIATE;
818 opt.exchanges = DFL_EXCHANGES;
819 opt.min_version = DFL_MIN_VERSION;
820 opt.max_version = DFL_MAX_VERSION;
821 opt.arc4 = DFL_ARC4;
822 opt.allow_sha1 = DFL_SHA1;
823 opt.auth_mode = DFL_AUTH_MODE;
824 opt.mfl_code = DFL_MFL_CODE;
825 opt.trunc_hmac = DFL_TRUNC_HMAC;
826 opt.recsplit = DFL_RECSPLIT;
827 opt.dhmlen = DFL_DHMLEN;
828 opt.reconnect = DFL_RECONNECT;
829 opt.reco_delay = DFL_RECO_DELAY;
830 opt.reco_mode = DFL_RECO_MODE;
831 opt.reconnect_hard = DFL_RECONNECT_HARD;
832 opt.tickets = DFL_TICKETS;
833 opt.alpn_string = DFL_ALPN_STRING;
834 opt.curves = DFL_CURVES;
835 opt.transport = DFL_TRANSPORT;
836 opt.hs_to_min = DFL_HS_TO_MIN;
837 opt.hs_to_max = DFL_HS_TO_MAX;
838 opt.dtls_mtu = DFL_DTLS_MTU;
839 opt.fallback = DFL_FALLBACK;
840 opt.extended_ms = DFL_EXTENDED_MS;
841 opt.etm = DFL_ETM;
842 opt.dgram_packing = DFL_DGRAM_PACKING;
843 opt.serialize = DFL_SERIALIZE;
844 opt.context_file = DFL_CONTEXT_FILE;
845 opt.eap_tls = DFL_EAP_TLS;
846 opt.reproducible = DFL_REPRODUCIBLE;
847 opt.nss_keylog = DFL_NSS_KEYLOG;
848 opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
849 opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
850 opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
851 opt.use_srtp = DFL_USE_SRTP;
852 opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
853 opt.mki = DFL_SRTP_MKI;
854
855 for (i = 1; i < argc; i++) {
856 p = argv[i];
857 if ((q = strchr(p, '=')) == NULL) {
858 goto usage;
859 }
860 *q++ = '\0';
861
862 if (strcmp(p, "server_name") == 0) {
863 opt.server_name = q;
864 } else if (strcmp(p, "server_addr") == 0) {
865 opt.server_addr = q;
866 } else if (strcmp(p, "server_port") == 0) {
867 opt.server_port = q;
868 } else if (strcmp(p, "dtls") == 0) {
869 int t = atoi(q);
870 if (t == 0) {
871 opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
872 } else if (t == 1) {
873 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
874 } else {
875 goto usage;
876 }
877 } else if (strcmp(p, "debug_level") == 0) {
878 opt.debug_level = atoi(q);
879 if (opt.debug_level < 0 || opt.debug_level > 65535) {
880 goto usage;
881 }
882 } else if (strcmp(p, "build_version") == 0) {
883 if (strcmp(q, "1") == 0) {
884 mbedtls_printf("build version: %s (build %d)\n",
885 MBEDTLS_VERSION_STRING_FULL,
886 MBEDTLS_VERSION_NUMBER);
887 goto exit;
888 }
889 } else if (strcmp(p, "context_crt_cb") == 0) {
890 opt.context_crt_cb = atoi(q);
891 if (opt.context_crt_cb != 0 && opt.context_crt_cb != 1) {
892 goto usage;
893 }
894 } else if (strcmp(p, "nbio") == 0) {
895 opt.nbio = atoi(q);
896 if (opt.nbio < 0 || opt.nbio > 2) {
897 goto usage;
898 }
899 } else if (strcmp(p, "event") == 0) {
900 opt.event = atoi(q);
901 if (opt.event < 0 || opt.event > 2) {
902 goto usage;
903 }
904 } else if (strcmp(p, "read_timeout") == 0) {
905 opt.read_timeout = atoi(q);
906 } else if (strcmp(p, "max_resend") == 0) {
907 opt.max_resend = atoi(q);
908 if (opt.max_resend < 0) {
909 goto usage;
910 }
911 } else if (strcmp(p, "request_page") == 0) {
912 opt.request_page = q;
913 } else if (strcmp(p, "request_size") == 0) {
914 opt.request_size = atoi(q);
915 if (opt.request_size < 0 ||
916 opt.request_size > MAX_REQUEST_SIZE) {
917 goto usage;
918 }
919 } else if (strcmp(p, "ca_file") == 0) {
920 opt.ca_file = q;
921 } else if (strcmp(p, "ca_path") == 0) {
922 opt.ca_path = q;
923 } else if (strcmp(p, "crt_file") == 0) {
924 opt.crt_file = q;
925 } else if (strcmp(p, "key_file") == 0) {
926 opt.key_file = q;
927 } else if (strcmp(p, "key_pwd") == 0) {
928 opt.key_pwd = q;
929 }
930 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
931 else if (strcmp(p, "key_opaque") == 0) {
932 opt.key_opaque = atoi(q);
933 }
934 #endif
935 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
936 else if (strcmp(p, "cid") == 0) {
937 opt.cid_enabled = atoi(q);
938 if (opt.cid_enabled != 0 && opt.cid_enabled != 1) {
939 goto usage;
940 }
941 } else if (strcmp(p, "cid_renego") == 0) {
942 opt.cid_enabled_renego = atoi(q);
943 if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) {
944 goto usage;
945 }
946 } else if (strcmp(p, "cid_val") == 0) {
947 opt.cid_val = q;
948 } else if (strcmp(p, "cid_val_renego") == 0) {
949 opt.cid_val_renego = q;
950 }
951 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
952 else if (strcmp(p, "psk") == 0) {
953 opt.psk = q;
954 }
955 #if defined(MBEDTLS_USE_PSA_CRYPTO)
956 else if (strcmp(p, "psk_opaque") == 0) {
957 opt.psk_opaque = atoi(q);
958 }
959 #endif
960 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
961 else if (strcmp(p, "ca_callback") == 0) {
962 opt.ca_callback = atoi(q);
963 }
964 #endif
965 else if (strcmp(p, "psk_identity") == 0) {
966 opt.psk_identity = q;
967 } else if (strcmp(p, "ecjpake_pw") == 0) {
968 opt.ecjpake_pw = q;
969 } else if (strcmp(p, "ec_max_ops") == 0) {
970 opt.ec_max_ops = atoi(q);
971 } else if (strcmp(p, "force_ciphersuite") == 0) {
972 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
973
974 if (opt.force_ciphersuite[0] == 0) {
975 ret = 2;
976 goto usage;
977 }
978 opt.force_ciphersuite[1] = 0;
979 } else if (strcmp(p, "renegotiation") == 0) {
980 opt.renegotiation = (atoi(q)) ?
981 MBEDTLS_SSL_RENEGOTIATION_ENABLED :
982 MBEDTLS_SSL_RENEGOTIATION_DISABLED;
983 } else if (strcmp(p, "allow_legacy") == 0) {
984 switch (atoi(q)) {
985 case -1:
986 opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
987 break;
988 case 0:
989 opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
990 break;
991 case 1:
992 opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
993 break;
994 default: goto usage;
995 }
996 } else if (strcmp(p, "renegotiate") == 0) {
997 opt.renegotiate = atoi(q);
998 if (opt.renegotiate < 0 || opt.renegotiate > 1) {
999 goto usage;
1000 }
1001 } else if (strcmp(p, "exchanges") == 0) {
1002 opt.exchanges = atoi(q);
1003 if (opt.exchanges < 1) {
1004 goto usage;
1005 }
1006 } else if (strcmp(p, "reconnect") == 0) {
1007 opt.reconnect = atoi(q);
1008 if (opt.reconnect < 0 || opt.reconnect > 2) {
1009 goto usage;
1010 }
1011 } else if (strcmp(p, "reco_delay") == 0) {
1012 opt.reco_delay = atoi(q);
1013 if (opt.reco_delay < 0) {
1014 goto usage;
1015 }
1016 } else if (strcmp(p, "reco_mode") == 0) {
1017 opt.reco_mode = atoi(q);
1018 if (opt.reco_mode < 0) {
1019 goto usage;
1020 }
1021 } else if (strcmp(p, "reconnect_hard") == 0) {
1022 opt.reconnect_hard = atoi(q);
1023 if (opt.reconnect_hard < 0 || opt.reconnect_hard > 1) {
1024 goto usage;
1025 }
1026 } else if (strcmp(p, "tickets") == 0) {
1027 opt.tickets = atoi(q);
1028 if (opt.tickets < 0 || opt.tickets > 2) {
1029 goto usage;
1030 }
1031 } else if (strcmp(p, "alpn") == 0) {
1032 opt.alpn_string = q;
1033 } else if (strcmp(p, "fallback") == 0) {
1034 switch (atoi(q)) {
1035 case 0: opt.fallback = MBEDTLS_SSL_IS_NOT_FALLBACK; break;
1036 case 1: opt.fallback = MBEDTLS_SSL_IS_FALLBACK; break;
1037 default: goto usage;
1038 }
1039 } else if (strcmp(p, "extended_ms") == 0) {
1040 switch (atoi(q)) {
1041 case 0:
1042 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
1043 break;
1044 case 1:
1045 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
1046 break;
1047 default: goto usage;
1048 }
1049 } else if (strcmp(p, "curves") == 0) {
1050 opt.curves = q;
1051 } else if (strcmp(p, "etm") == 0) {
1052 switch (atoi(q)) {
1053 case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
1054 case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
1055 default: goto usage;
1056 }
1057 } else if (strcmp(p, "min_version") == 0) {
1058 if (strcmp(q, "ssl3") == 0) {
1059 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
1060 } else if (strcmp(q, "tls1") == 0) {
1061 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
1062 } else if (strcmp(q, "tls1_1") == 0 ||
1063 strcmp(q, "dtls1") == 0) {
1064 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1065 } else if (strcmp(q, "tls12") == 0 ||
1066 strcmp(q, "dtls12") == 0) {
1067 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1068 } else {
1069 goto usage;
1070 }
1071 } else if (strcmp(p, "max_version") == 0) {
1072 if (strcmp(q, "ssl3") == 0) {
1073 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
1074 } else if (strcmp(q, "tls1") == 0) {
1075 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
1076 } else if (strcmp(q, "tls1_1") == 0 ||
1077 strcmp(q, "dtls1") == 0) {
1078 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1079 } else if (strcmp(q, "tls12") == 0 ||
1080 strcmp(q, "dtls12") == 0) {
1081 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1082 } else {
1083 goto usage;
1084 }
1085 } else if (strcmp(p, "arc4") == 0) {
1086 switch (atoi(q)) {
1087 case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
1088 case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
1089 default: goto usage;
1090 }
1091 } else if (strcmp(p, "allow_sha1") == 0) {
1092 switch (atoi(q)) {
1093 case 0: opt.allow_sha1 = 0; break;
1094 case 1: opt.allow_sha1 = 1; break;
1095 default: goto usage;
1096 }
1097 } else if (strcmp(p, "force_version") == 0) {
1098 if (strcmp(q, "ssl3") == 0) {
1099 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
1100 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
1101 } else if (strcmp(q, "tls1") == 0) {
1102 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
1103 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
1104 } else if (strcmp(q, "tls1_1") == 0) {
1105 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1106 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1107 } else if (strcmp(q, "tls12") == 0) {
1108 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1109 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1110 } else if (strcmp(q, "dtls1") == 0) {
1111 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1112 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
1113 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1114 } else if (strcmp(q, "dtls12") == 0) {
1115 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
1116 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
1117 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1118 } else {
1119 goto usage;
1120 }
1121 } else if (strcmp(p, "auth_mode") == 0) {
1122 if (strcmp(q, "none") == 0) {
1123 opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
1124 } else if (strcmp(q, "optional") == 0) {
1125 opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
1126 } else if (strcmp(q, "required") == 0) {
1127 opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
1128 } else {
1129 goto usage;
1130 }
1131 } else if (strcmp(p, "max_frag_len") == 0) {
1132 if (strcmp(q, "512") == 0) {
1133 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
1134 } else if (strcmp(q, "1024") == 0) {
1135 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
1136 } else if (strcmp(q, "2048") == 0) {
1137 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
1138 } else if (strcmp(q, "4096") == 0) {
1139 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
1140 } else {
1141 goto usage;
1142 }
1143 } else if (strcmp(p, "trunc_hmac") == 0) {
1144 switch (atoi(q)) {
1145 case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
1146 case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
1147 default: goto usage;
1148 }
1149 } else if (strcmp(p, "hs_timeout") == 0) {
1150 if ((p = strchr(q, '-')) == NULL) {
1151 goto usage;
1152 }
1153 *p++ = '\0';
1154 opt.hs_to_min = atoi(q);
1155 opt.hs_to_max = atoi(p);
1156 if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) {
1157 goto usage;
1158 }
1159 } else if (strcmp(p, "mtu") == 0) {
1160 opt.dtls_mtu = atoi(q);
1161 if (opt.dtls_mtu < 0) {
1162 goto usage;
1163 }
1164 } else if (strcmp(p, "dgram_packing") == 0) {
1165 opt.dgram_packing = atoi(q);
1166 if (opt.dgram_packing != 0 &&
1167 opt.dgram_packing != 1) {
1168 goto usage;
1169 }
1170 } else if (strcmp(p, "recsplit") == 0) {
1171 opt.recsplit = atoi(q);
1172 if (opt.recsplit < 0 || opt.recsplit > 1) {
1173 goto usage;
1174 }
1175 } else if (strcmp(p, "dhmlen") == 0) {
1176 opt.dhmlen = atoi(q);
1177 if (opt.dhmlen < 0) {
1178 goto usage;
1179 }
1180 } else if (strcmp(p, "query_config") == 0) {
1181 opt.query_config_mode = 1;
1182 query_config_ret = query_config(q);
1183 goto exit;
1184 } else if (strcmp(p, "serialize") == 0) {
1185 opt.serialize = atoi(q);
1186 if (opt.serialize < 0 || opt.serialize > 2) {
1187 goto usage;
1188 }
1189 } else if (strcmp(p, "context_file") == 0) {
1190 opt.context_file = q;
1191 } else if (strcmp(p, "eap_tls") == 0) {
1192 opt.eap_tls = atoi(q);
1193 if (opt.eap_tls < 0 || opt.eap_tls > 1) {
1194 goto usage;
1195 }
1196 } else if (strcmp(p, "reproducible") == 0) {
1197 opt.reproducible = 1;
1198 } else if (strcmp(p, "nss_keylog") == 0) {
1199 opt.nss_keylog = atoi(q);
1200 if (opt.nss_keylog < 0 || opt.nss_keylog > 1) {
1201 goto usage;
1202 }
1203 } else if (strcmp(p, "nss_keylog_file") == 0) {
1204 opt.nss_keylog_file = q;
1205 } else if (strcmp(p, "skip_close_notify") == 0) {
1206 opt.skip_close_notify = atoi(q);
1207 if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) {
1208 goto usage;
1209 }
1210 } else if (strcmp(p, "use_srtp") == 0) {
1211 opt.use_srtp = atoi(q);
1212 } else if (strcmp(p, "srtp_force_profile") == 0) {
1213 opt.force_srtp_profile = atoi(q);
1214 } else if (strcmp(p, "mki") == 0) {
1215 opt.mki = q;
1216 } else {
1217 goto usage;
1218 }
1219 }
1220
1221 if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
1222 mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
1223 goto usage;
1224 }
1225
1226 /* Event-driven IO is incompatible with the above custom
1227 * receive and send functions, as the polling builds on
1228 * refers to the underlying net_context. */
1229 if (opt.event == 1 && opt.nbio != 1) {
1230 mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n");
1231 opt.nbio = 1;
1232 }
1233
1234 #if defined(MBEDTLS_DEBUG_C)
1235 mbedtls_debug_set_threshold(opt.debug_level);
1236 #endif
1237
1238 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
1239 /*
1240 * Unhexify the pre-shared key if any is given
1241 */
1242 if (strlen(opt.psk)) {
1243 if (mbedtls_test_unhexify(psk, sizeof(psk),
1244 opt.psk, &psk_len) != 0) {
1245 mbedtls_printf("pre-shared key not valid\n");
1246 goto exit;
1247 }
1248 }
1249 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1250
1251 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1252 if (opt.psk_opaque != 0) {
1253 if (opt.psk == NULL) {
1254 mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
1255 ret = 2;
1256 goto usage;
1257 }
1258
1259 if (opt.force_ciphersuite[0] <= 0) {
1260 mbedtls_printf(
1261 "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
1262 ret = 2;
1263 goto usage;
1264 }
1265 }
1266 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1267
1268 if (opt.force_ciphersuite[0] > 0) {
1269 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1270 ciphersuite_info =
1271 mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]);
1272
1273 if (opt.max_version != -1 &&
1274 ciphersuite_info->min_minor_ver > opt.max_version) {
1275 mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
1276 ret = 2;
1277 goto usage;
1278 }
1279 if (opt.min_version != -1 &&
1280 ciphersuite_info->max_minor_ver < opt.min_version) {
1281 mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
1282 ret = 2;
1283 goto usage;
1284 }
1285
1286 /* If the server selects a version that's not supported by
1287 * this suite, then there will be no common ciphersuite... */
1288 if (opt.max_version == -1 ||
1289 opt.max_version > ciphersuite_info->max_minor_ver) {
1290 opt.max_version = ciphersuite_info->max_minor_ver;
1291 }
1292 if (opt.min_version < ciphersuite_info->min_minor_ver) {
1293 opt.min_version = ciphersuite_info->min_minor_ver;
1294 /* DTLS starts with TLS 1.1 */
1295 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
1296 opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2) {
1297 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
1298 }
1299 }
1300
1301 /* Enable RC4 if needed and not explicitly disabled */
1302 if (ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128) {
1303 if (opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED) {
1304 mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
1305 ret = 2;
1306 goto usage;
1307 }
1308
1309 opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
1310 }
1311
1312 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1313 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
1314 if (opt.psk_opaque != 0) {
1315 /* Determine KDF algorithm the opaque PSK will be used in. */
1316 #if defined(MBEDTLS_SHA512_C)
1317 if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
1318 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
1319 } else
1320 #endif /* MBEDTLS_SHA512_C */
1321 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
1322 }
1323 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1324 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1325 }
1326
1327 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1328 if (mbedtls_test_unhexify(cid, sizeof(cid),
1329 opt.cid_val, &cid_len) != 0) {
1330 mbedtls_printf("CID not valid\n");
1331 goto exit;
1332 }
1333
1334 /* Keep CID settings for renegotiation unless
1335 * specified otherwise. */
1336 if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) {
1337 opt.cid_enabled_renego = opt.cid_enabled;
1338 }
1339 if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) {
1340 opt.cid_val_renego = opt.cid_val;
1341 }
1342
1343 if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego),
1344 opt.cid_val_renego, &cid_renego_len) != 0) {
1345 mbedtls_printf("CID not valid\n");
1346 goto exit;
1347 }
1348 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1349
1350 #if defined(MBEDTLS_ECP_C)
1351 if (opt.curves != NULL) {
1352 p = (char *) opt.curves;
1353 i = 0;
1354
1355 if (strcmp(p, "none") == 0) {
1356 curve_list[0] = MBEDTLS_ECP_DP_NONE;
1357 } else if (strcmp(p, "default") != 0) {
1358 /* Leave room for a final NULL in curve list */
1359 while (i < CURVE_LIST_SIZE - 1 && *p != '\0') {
1360 q = p;
1361
1362 /* Terminate the current string */
1363 while (*p != ',' && *p != '\0') {
1364 p++;
1365 }
1366 if (*p == ',') {
1367 *p++ = '\0';
1368 }
1369
1370 if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) {
1371 curve_list[i++] = curve_cur->grp_id;
1372 } else {
1373 mbedtls_printf("unknown curve %s\n", q);
1374 mbedtls_printf("supported curves: ");
1375 for (curve_cur = mbedtls_ecp_curve_list();
1376 curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
1377 curve_cur++) {
1378 mbedtls_printf("%s ", curve_cur->name);
1379 }
1380 mbedtls_printf("\n");
1381 goto exit;
1382 }
1383 }
1384
1385 mbedtls_printf("Number of curves: %d\n", i);
1386
1387 if (i == CURVE_LIST_SIZE - 1 && *p != '\0') {
1388 mbedtls_printf("curves list too long, maximum %d",
1389 CURVE_LIST_SIZE - 1);
1390 goto exit;
1391 }
1392
1393 curve_list[i] = MBEDTLS_ECP_DP_NONE;
1394 }
1395 }
1396 #endif /* MBEDTLS_ECP_C */
1397
1398 #if defined(MBEDTLS_SSL_ALPN)
1399 if (opt.alpn_string != NULL) {
1400 p = (char *) opt.alpn_string;
1401 i = 0;
1402
1403 /* Leave room for a final NULL in alpn_list */
1404 while (i < ALPN_LIST_SIZE - 1 && *p != '\0') {
1405 alpn_list[i++] = p;
1406
1407 /* Terminate the current string and move on to next one */
1408 while (*p != ',' && *p != '\0') {
1409 p++;
1410 }
1411 if (*p == ',') {
1412 *p++ = '\0';
1413 }
1414 }
1415 }
1416 #endif /* MBEDTLS_SSL_ALPN */
1417
1418 mbedtls_printf("build version: %s (build %d)\n",
1419 MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER);
1420
1421 /*
1422 * 0. Initialize the RNG and the session data
1423 */
1424 mbedtls_printf("\n . Seeding the random number generator...");
1425 fflush(stdout);
1426
1427 ret = rng_seed(&rng, opt.reproducible, pers);
1428 if (ret != 0) {
1429 goto exit;
1430 }
1431 mbedtls_printf(" ok\n");
1432
1433 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1434 /*
1435 * 1.1. Load the trusted CA
1436 */
1437 mbedtls_printf(" . Loading the CA root certificate ...");
1438 fflush(stdout);
1439
1440 if (strcmp(opt.ca_path, "none") == 0 ||
1441 strcmp(opt.ca_file, "none") == 0) {
1442 ret = 0;
1443 } else
1444 #if defined(MBEDTLS_FS_IO)
1445 if (strlen(opt.ca_path)) {
1446 ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path);
1447 } else if (strlen(opt.ca_file)) {
1448 ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
1449 } else
1450 #endif
1451 #if defined(MBEDTLS_CERTS_C)
1452 {
1453 #if defined(MBEDTLS_PEM_PARSE_C)
1454 for (i = 0; mbedtls_test_cas[i] != NULL; i++) {
1455 ret = mbedtls_x509_crt_parse(&cacert,
1456 (const unsigned char *) mbedtls_test_cas[i],
1457 mbedtls_test_cas_len[i]);
1458 if (ret != 0) {
1459 break;
1460 }
1461 }
1462 #endif /* MBEDTLS_PEM_PARSE_C */
1463 if (ret == 0) {
1464 for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
1465 ret = mbedtls_x509_crt_parse_der(&cacert,
1466 (const unsigned char *) mbedtls_test_cas_der[i],
1467 mbedtls_test_cas_der_len[i]);
1468 if (ret != 0) {
1469 break;
1470 }
1471 }
1472 }
1473 }
1474 #else
1475 {
1476 ret = 1;
1477 mbedtls_printf("MBEDTLS_CERTS_C not defined.");
1478 }
1479 #endif /* MBEDTLS_CERTS_C */
1480 if (ret < 0) {
1481 mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1482 (unsigned int) -ret);
1483 goto exit;
1484 }
1485
1486 mbedtls_printf(" ok (%d skipped)\n", ret);
1487
1488 /*
1489 * 1.2. Load own certificate and private key
1490 *
1491 * (can be skipped if client authentication is not required)
1492 */
1493 mbedtls_printf(" . Loading the client cert. and key...");
1494 fflush(stdout);
1495
1496 if (strcmp(opt.crt_file, "none") == 0) {
1497 ret = 0;
1498 } else
1499 #if defined(MBEDTLS_FS_IO)
1500 if (strlen(opt.crt_file)) {
1501 ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
1502 } else
1503 #endif
1504 #if defined(MBEDTLS_CERTS_C)
1505 { ret = mbedtls_x509_crt_parse(&clicert,
1506 (const unsigned char *) mbedtls_test_cli_crt,
1507 mbedtls_test_cli_crt_len); }
1508 #else
1509 {
1510 ret = 1;
1511 mbedtls_printf("MBEDTLS_CERTS_C not defined.");
1512 }
1513 #endif
1514 if (ret != 0) {
1515 mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1516 (unsigned int) -ret);
1517 goto exit;
1518 }
1519
1520 if (strcmp(opt.key_file, "none") == 0) {
1521 ret = 0;
1522 } else
1523 #if defined(MBEDTLS_FS_IO)
1524 if (strlen(opt.key_file)) {
1525 ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd);
1526 } else
1527 #endif
1528 #if defined(MBEDTLS_CERTS_C)
1529 { ret = mbedtls_pk_parse_key(&pkey,
1530 (const unsigned char *) mbedtls_test_cli_key,
1531 mbedtls_test_cli_key_len, NULL, 0); }
1532 #else
1533 {
1534 ret = 1;
1535 mbedtls_printf("MBEDTLS_CERTS_C not defined.");
1536 }
1537 #endif
1538 if (ret != 0) {
1539 mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
1540 (unsigned int) -ret);
1541 goto exit;
1542 }
1543
1544 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1545 if (opt.key_opaque != 0) {
1546 if ((ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot,
1547 PSA_ALG_ANY_HASH)) != 0) {
1548 mbedtls_printf(" failed\n ! "
1549 "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret);
1550 goto exit;
1551 }
1552 }
1553 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1554
1555 mbedtls_printf(" ok (key type: %s)\n", mbedtls_pk_get_name(&pkey));
1556 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
1557
1558 /*
1559 * 2. Start the connection
1560 */
1561 if (opt.server_addr == NULL) {
1562 opt.server_addr = opt.server_name;
1563 }
1564
1565 mbedtls_printf(" . Connecting to %s/%s/%s...",
1566 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
1567 opt.server_addr, opt.server_port);
1568 fflush(stdout);
1569
1570 if ((ret = mbedtls_net_connect(&server_fd,
1571 opt.server_addr, opt.server_port,
1572 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
1573 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
1574 mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
1575 (unsigned int) -ret);
1576 goto exit;
1577 }
1578
1579 if (opt.nbio > 0) {
1580 ret = mbedtls_net_set_nonblock(&server_fd);
1581 } else {
1582 ret = mbedtls_net_set_block(&server_fd);
1583 }
1584 if (ret != 0) {
1585 mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
1586 (unsigned int) -ret);
1587 goto exit;
1588 }
1589
1590 mbedtls_printf(" ok\n");
1591
1592 /*
1593 * 3. Setup stuff
1594 */
1595 mbedtls_printf(" . Setting up the SSL/TLS structure...");
1596 fflush(stdout);
1597
1598 if ((ret = mbedtls_ssl_config_defaults(&conf,
1599 MBEDTLS_SSL_IS_CLIENT,
1600 opt.transport,
1601 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
1602 mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
1603 (unsigned int) -ret);
1604 goto exit;
1605 }
1606
1607 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1608 /* The default algorithms profile disables SHA-1, but our tests still
1609 rely on it heavily. */
1610 if (opt.allow_sha1 > 0) {
1611 crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1);
1612 mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test);
1613 mbedtls_ssl_conf_sig_hashes(&conf, ssl_sig_hashes_for_test);
1614 }
1615
1616 if (opt.context_crt_cb == 0) {
1617 mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
1618 }
1619
1620 memset(peer_crt_info, 0, sizeof(peer_crt_info));
1621 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
1622
1623 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1624 if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) {
1625 if (opt.cid_enabled == 1 &&
1626 opt.cid_enabled_renego == 1 &&
1627 cid_len != cid_renego_len) {
1628 mbedtls_printf("CID length must not change during renegotiation\n");
1629 goto usage;
1630 }
1631
1632 if (opt.cid_enabled == 1) {
1633 ret = mbedtls_ssl_conf_cid(&conf, cid_len,
1634 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
1635 } else {
1636 ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len,
1637 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
1638 }
1639
1640 if (ret != 0) {
1641 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
1642 (unsigned int) -ret);
1643 goto exit;
1644 }
1645 }
1646 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1647
1648 if (opt.auth_mode != DFL_AUTH_MODE) {
1649 mbedtls_ssl_conf_authmode(&conf, opt.auth_mode);
1650 }
1651
1652 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1653 if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) {
1654 mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min,
1655 opt.hs_to_max);
1656 }
1657
1658 if (opt.dgram_packing != DFL_DGRAM_PACKING) {
1659 mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing);
1660 }
1661 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1662
1663 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1664 if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) {
1665 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
1666 ret);
1667 goto exit;
1668 }
1669 #endif
1670
1671 #if defined(MBEDTLS_SSL_DTLS_SRTP)
1672 const mbedtls_ssl_srtp_profile forced_profile[] =
1673 { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
1674 if (opt.use_srtp == 1) {
1675 if (opt.force_srtp_profile != 0) {
1676 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile);
1677 } else {
1678 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles);
1679 }
1680
1681 if (ret != 0) {
1682 mbedtls_printf(" failed\n ! "
1683 "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
1684 ret);
1685 goto exit;
1686 }
1687
1688 } else if (opt.force_srtp_profile != 0) {
1689 mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n");
1690 goto exit;
1691 }
1692 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1693
1694 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
1695 if (opt.trunc_hmac != DFL_TRUNC_HMAC) {
1696 mbedtls_ssl_conf_truncated_hmac(&conf, opt.trunc_hmac);
1697 }
1698 #endif
1699
1700 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1701 if (opt.extended_ms != DFL_EXTENDED_MS) {
1702 mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms);
1703 }
1704 #endif
1705
1706 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1707 if (opt.etm != DFL_ETM) {
1708 mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm);
1709 }
1710 #endif
1711
1712 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
1713 if (opt.eap_tls != 0) {
1714 mbedtls_ssl_conf_export_keys_ext_cb(&conf, eap_tls_key_derivation,
1715 &eap_tls_keying);
1716 } else if (opt.nss_keylog != 0) {
1717 mbedtls_ssl_conf_export_keys_ext_cb(&conf,
1718 nss_keylog_export,
1719 NULL);
1720 }
1721 #if defined(MBEDTLS_SSL_DTLS_SRTP)
1722 else if (opt.use_srtp != 0) {
1723 mbedtls_ssl_conf_export_keys_ext_cb(&conf, dtls_srtp_key_derivation,
1724 &dtls_srtp_keying);
1725 }
1726 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1727 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
1728
1729 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
1730 if (opt.recsplit != DFL_RECSPLIT) {
1731 mbedtls_ssl_conf_cbc_record_splitting(&conf, opt.recsplit
1732 ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
1733 : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
1734 }
1735 #endif
1736
1737 #if defined(MBEDTLS_DHM_C)
1738 if (opt.dhmlen != DFL_DHMLEN) {
1739 mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen);
1740 }
1741 #endif
1742
1743 #if defined(MBEDTLS_SSL_ALPN)
1744 if (opt.alpn_string != NULL) {
1745 if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
1746 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
1747 ret);
1748 goto exit;
1749 }
1750 }
1751 #endif
1752
1753 if (opt.reproducible) {
1754 #if defined(MBEDTLS_HAVE_TIME)
1755 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
1756 mbedtls_platform_set_time(dummy_constant_time);
1757 #else
1758 fprintf(stderr, "Warning: reproducible option used without constant time\n");
1759 #endif
1760 #endif /* MBEDTLS_HAVE_TIME */
1761 }
1762 mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
1763 mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
1764
1765 mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
1766
1767 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1768 mbedtls_ssl_conf_session_tickets(&conf, opt.tickets);
1769 #endif
1770
1771 if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
1772 mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
1773 }
1774
1775 #if defined(MBEDTLS_ARC4_C)
1776 if (opt.arc4 != DFL_ARC4) {
1777 mbedtls_ssl_conf_arc4_support(&conf, opt.arc4);
1778 }
1779 #endif
1780
1781 if (opt.allow_legacy != DFL_ALLOW_LEGACY) {
1782 mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy);
1783 }
1784 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1785 mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation);
1786 #endif
1787
1788 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1789 if (strcmp(opt.ca_path, "none") != 0 &&
1790 strcmp(opt.ca_file, "none") != 0) {
1791 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1792 if (opt.ca_callback != 0) {
1793 mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert);
1794 } else
1795 #endif
1796 mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
1797 }
1798 if (strcmp(opt.crt_file, "none") != 0 &&
1799 strcmp(opt.key_file, "none") != 0) {
1800 if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
1801 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
1802 ret);
1803 goto exit;
1804 }
1805 }
1806 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
1807
1808 #if defined(MBEDTLS_ECP_C)
1809 if (opt.curves != NULL &&
1810 strcmp(opt.curves, "default") != 0) {
1811 mbedtls_ssl_conf_curves(&conf, curve_list);
1812 }
1813 #endif
1814
1815 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
1816 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1817 if (opt.psk_opaque != 0) {
1818 key_attributes = psa_key_attributes_init();
1819 psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
1820 psa_set_key_algorithm(&key_attributes, alg);
1821 psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
1822
1823 status = psa_import_key(&key_attributes, psk, psk_len, &slot);
1824 if (status != PSA_SUCCESS) {
1825 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
1826 goto exit;
1827 }
1828
1829 if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, slot,
1830 (const unsigned char *) opt.psk_identity,
1831 strlen(opt.psk_identity))) != 0) {
1832 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
1833 ret);
1834 goto exit;
1835 }
1836 } else
1837 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1838 if (psk_len > 0) {
1839 ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
1840 (const unsigned char *) opt.psk_identity,
1841 strlen(opt.psk_identity));
1842 if (ret != 0) {
1843 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret);
1844 goto exit;
1845 }
1846 }
1847 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
1848
1849 if (opt.min_version != DFL_MIN_VERSION) {
1850 mbedtls_ssl_conf_min_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1851 opt.min_version);
1852 }
1853
1854 if (opt.max_version != DFL_MAX_VERSION) {
1855 mbedtls_ssl_conf_max_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3,
1856 opt.max_version);
1857 }
1858
1859 #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
1860 if (opt.fallback != DFL_FALLBACK) {
1861 mbedtls_ssl_conf_fallback(&conf, opt.fallback);
1862 }
1863 #endif
1864
1865 if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
1866 mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
1867 (unsigned int) -ret);
1868 goto exit;
1869 }
1870
1871 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1872 if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
1873 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
1874 ret);
1875 goto exit;
1876 }
1877 #endif
1878
1879 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
1880 if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
1881 if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
1882 (const unsigned char *) opt.ecjpake_pw,
1883 strlen(opt.ecjpake_pw))) != 0) {
1884 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
1885 ret);
1886 goto exit;
1887 }
1888 }
1889 #endif
1890
1891 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
1892 if (opt.context_crt_cb == 1) {
1893 mbedtls_ssl_set_verify(&ssl, my_verify, NULL);
1894 }
1895 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
1896
1897 io_ctx.ssl = &ssl;
1898 io_ctx.net = &server_fd;
1899 mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb,
1900 opt.nbio == 0 ? recv_timeout_cb : NULL);
1901
1902 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1903 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
1904 if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled,
1905 cid, cid_len)) != 0) {
1906 mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
1907 ret);
1908 goto exit;
1909 }
1910 }
1911 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1912
1913 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1914 if (opt.dtls_mtu != DFL_DTLS_MTU) {
1915 mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu);
1916 }
1917 #endif
1918
1919 #if defined(MBEDTLS_TIMING_C)
1920 mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
1921 mbedtls_timing_get_delay);
1922 #endif
1923
1924 #if defined(MBEDTLS_ECP_RESTARTABLE)
1925 if (opt.ec_max_ops != DFL_EC_MAX_OPS) {
1926 mbedtls_ecp_set_max_ops(opt.ec_max_ops);
1927 }
1928 #endif
1929
1930 #if defined(MBEDTLS_SSL_DTLS_SRTP)
1931 if (opt.use_srtp != 0 && strlen(opt.mki) != 0) {
1932 if (mbedtls_test_unhexify(mki, sizeof(mki),
1933 opt.mki, &mki_len) != 0) {
1934 mbedtls_printf("mki value not valid hex\n");
1935 goto exit;
1936 }
1937
1938 mbedtls_ssl_conf_srtp_mki_value_supported(&conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED);
1939 if ((ret = mbedtls_ssl_dtls_srtp_set_mki_value(&ssl, mki,
1940 (uint16_t) strlen(opt.mki) / 2)) != 0) {
1941 mbedtls_printf(" failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret);
1942 goto exit;
1943 }
1944 }
1945 #endif
1946
1947 mbedtls_printf(" ok\n");
1948
1949 /*
1950 * 4. Handshake
1951 */
1952 mbedtls_printf(" . Performing the SSL/TLS handshake...");
1953 fflush(stdout);
1954
1955 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
1956 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
1957 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
1958 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
1959 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
1960 (unsigned int) -ret);
1961 if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
1962 mbedtls_printf(
1963 " Unable to verify the server's certificate. "
1964 "Either it is invalid,\n"
1965 " or you didn't set ca_file or ca_path "
1966 "to an appropriate value.\n"
1967 " Alternatively, you may want to use "
1968 "auth_mode=optional for testing purposes.\n");
1969 }
1970 mbedtls_printf("\n");
1971 goto exit;
1972 }
1973
1974 #if defined(MBEDTLS_ECP_RESTARTABLE)
1975 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
1976 continue;
1977 }
1978 #endif
1979
1980 /* For event-driven IO, wait for socket to become available */
1981 if (opt.event == 1 /* level triggered IO */) {
1982 #if defined(MBEDTLS_TIMING_C)
1983 ret = idle(&server_fd, &timer, ret);
1984 #else
1985 ret = idle(&server_fd, ret);
1986 #endif
1987 if (ret != 0) {
1988 goto exit;
1989 }
1990 }
1991 }
1992
1993 mbedtls_printf(" ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
1994 mbedtls_ssl_get_version(&ssl),
1995 mbedtls_ssl_get_ciphersuite(&ssl));
1996
1997 if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) {
1998 mbedtls_printf(" [ Record expansion is %d ]\n", ret);
1999 } else {
2000 mbedtls_printf(" [ Record expansion is unknown (compression) ]\n");
2001 }
2002
2003 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2004 mbedtls_printf(" [ Maximum input fragment length is %u ]\n",
2005 (unsigned int) mbedtls_ssl_get_input_max_frag_len(&ssl));
2006 mbedtls_printf(" [ Maximum output fragment length is %u ]\n",
2007 (unsigned int) mbedtls_ssl_get_output_max_frag_len(&ssl));
2008 #endif
2009
2010 #if defined(MBEDTLS_SSL_ALPN)
2011 if (opt.alpn_string != NULL) {
2012 const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl);
2013 mbedtls_printf(" [ Application Layer Protocol is %s ]\n",
2014 alp ? alp : "(none)");
2015 }
2016 #endif
2017
2018 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
2019 if (opt.eap_tls != 0) {
2020 size_t j = 0;
2021
2022 if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type,
2023 eap_tls_keying.master_secret,
2024 sizeof(eap_tls_keying.master_secret),
2025 eap_tls_label,
2026 eap_tls_keying.randbytes,
2027 sizeof(eap_tls_keying.randbytes),
2028 eap_tls_keymaterial,
2029 sizeof(eap_tls_keymaterial)))
2030 != 0) {
2031 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2032 (unsigned int) -ret);
2033 goto exit;
2034 }
2035
2036 mbedtls_printf(" EAP-TLS key material is:");
2037 for (j = 0; j < sizeof(eap_tls_keymaterial); j++) {
2038 if (j % 8 == 0) {
2039 mbedtls_printf("\n ");
2040 }
2041 mbedtls_printf("%02x ", eap_tls_keymaterial[j]);
2042 }
2043 mbedtls_printf("\n");
2044
2045 if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0,
2046 eap_tls_label,
2047 eap_tls_keying.randbytes,
2048 sizeof(eap_tls_keying.randbytes),
2049 eap_tls_iv,
2050 sizeof(eap_tls_iv))) != 0) {
2051 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2052 (unsigned int) -ret);
2053 goto exit;
2054 }
2055
2056 mbedtls_printf(" EAP-TLS IV is:");
2057 for (j = 0; j < sizeof(eap_tls_iv); j++) {
2058 if (j % 8 == 0) {
2059 mbedtls_printf("\n ");
2060 }
2061 mbedtls_printf("%02x ", eap_tls_iv[j]);
2062 }
2063 mbedtls_printf("\n");
2064 }
2065
2066 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2067 else if (opt.use_srtp != 0) {
2068 size_t j = 0;
2069 mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
2070 mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result);
2071
2072 if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
2073 == MBEDTLS_TLS_SRTP_UNSET) {
2074 mbedtls_printf(" Unable to negotiate "
2075 "the use of DTLS-SRTP\n");
2076 } else {
2077 if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type,
2078 dtls_srtp_keying.master_secret,
2079 sizeof(dtls_srtp_keying.master_secret),
2080 dtls_srtp_label,
2081 dtls_srtp_keying.randbytes,
2082 sizeof(dtls_srtp_keying.randbytes),
2083 dtls_srtp_key_material,
2084 sizeof(dtls_srtp_key_material)))
2085 != 0) {
2086 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2087 (unsigned int) -ret);
2088 goto exit;
2089 }
2090
2091 mbedtls_printf(" DTLS-SRTP key material is:");
2092 for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
2093 if (j % 8 == 0) {
2094 mbedtls_printf("\n ");
2095 }
2096 mbedtls_printf("%02x ", dtls_srtp_key_material[j]);
2097 }
2098 mbedtls_printf("\n");
2099
2100 /* produce a less readable output used to perform automatic checks
2101 * - compare client and server output
2102 * - interop test with openssl which client produces this kind of output
2103 */
2104 mbedtls_printf(" Keying material: ");
2105 for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
2106 mbedtls_printf("%02X", dtls_srtp_key_material[j]);
2107 }
2108 mbedtls_printf("\n");
2109
2110 if (dtls_srtp_negotiation_result.mki_len > 0) {
2111 mbedtls_printf(" DTLS-SRTP mki value: ");
2112 for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) {
2113 mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]);
2114 }
2115 } else {
2116 mbedtls_printf(" DTLS-SRTP no mki value negotiated");
2117 }
2118 mbedtls_printf("\n");
2119 }
2120 }
2121 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2122 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
2123 if (opt.reconnect != 0) {
2124 mbedtls_printf(" . Saving session for reuse...");
2125 fflush(stdout);
2126
2127 if (opt.reco_mode == 1) {
2128 /* free any previously saved data */
2129 if (session_data != NULL) {
2130 mbedtls_platform_zeroize(session_data, session_data_len);
2131 mbedtls_free(session_data);
2132 session_data = NULL;
2133 }
2134
2135 /* get size of the buffer needed */
2136 mbedtls_ssl_session_save(mbedtls_ssl_get_session_pointer(&ssl),
2137 NULL, 0, &session_data_len);
2138 session_data = mbedtls_calloc(1, session_data_len);
2139 if (session_data == NULL) {
2140 mbedtls_printf(" failed\n ! alloc %u bytes for session data\n",
2141 (unsigned) session_data_len);
2142 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
2143 goto exit;
2144 }
2145
2146 /* actually save session data */
2147 if ((ret = mbedtls_ssl_session_save(mbedtls_ssl_get_session_pointer(&ssl),
2148 session_data, session_data_len,
2149 &session_data_len)) != 0) {
2150 mbedtls_printf(" failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
2151 (unsigned int) -ret);
2152 goto exit;
2153 }
2154 } else {
2155 if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) {
2156 mbedtls_printf(" failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2157 (unsigned int) -ret);
2158 goto exit;
2159 }
2160 }
2161
2162 mbedtls_printf(" ok\n");
2163
2164 if (opt.reco_mode == 1) {
2165 mbedtls_printf(" [ Saved %u bytes of session data]\n",
2166 (unsigned) session_data_len);
2167 }
2168 }
2169
2170 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
2171 /*
2172 * 5. Verify the server certificate
2173 */
2174 mbedtls_printf(" . Verifying peer X.509 certificate...");
2175
2176 if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
2177 char vrfy_buf[512];
2178
2179 mbedtls_printf(" failed\n");
2180
2181 mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf),
2182 " ! ", flags);
2183
2184 mbedtls_printf("%s\n", vrfy_buf);
2185 } else {
2186 mbedtls_printf(" ok\n");
2187 }
2188
2189 mbedtls_printf(" . Peer certificate information ...\n");
2190 mbedtls_printf("%s\n", peer_crt_info);
2191 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
2192
2193 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2194 ret = report_cid_usage(&ssl, "initial handshake");
2195 if (ret != 0) {
2196 goto exit;
2197 }
2198
2199 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2200 if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego,
2201 cid_renego,
2202 cid_renego_len)) != 0) {
2203 mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2204 ret);
2205 goto exit;
2206 }
2207 }
2208 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2209
2210 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2211 if (opt.renegotiate) {
2212 /*
2213 * Perform renegotiation (this must be done when the server is waiting
2214 * for input from our side).
2215 */
2216 mbedtls_printf(" . Performing renegotiation...");
2217 fflush(stdout);
2218 while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) {
2219 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2220 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2221 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2222 mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
2223 ret);
2224 goto exit;
2225 }
2226
2227 #if defined(MBEDTLS_ECP_RESTARTABLE)
2228 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2229 continue;
2230 }
2231 #endif
2232
2233 /* For event-driven IO, wait for socket to become available */
2234 if (opt.event == 1 /* level triggered IO */) {
2235 #if defined(MBEDTLS_TIMING_C)
2236 idle(&server_fd, &timer, ret);
2237 #else
2238 idle(&server_fd, ret);
2239 #endif
2240 }
2241
2242 }
2243 mbedtls_printf(" ok\n");
2244 }
2245 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2246
2247 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2248 ret = report_cid_usage(&ssl, "after renegotiation");
2249 if (ret != 0) {
2250 goto exit;
2251 }
2252 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2253
2254 /*
2255 * 6. Write the GET request
2256 */
2257 retry_left = opt.max_resend;
2258 send_request:
2259 mbedtls_printf(" > Write to server:");
2260 fflush(stdout);
2261
2262 len = mbedtls_snprintf((char *) buf, sizeof(buf) - 1, GET_REQUEST,
2263 opt.request_page);
2264 tail_len = (int) strlen(GET_REQUEST_END);
2265
2266 /* Add padding to GET request to reach opt.request_size in length */
2267 if (opt.request_size != DFL_REQUEST_SIZE &&
2268 len + tail_len < opt.request_size) {
2269 memset(buf + len, 'A', opt.request_size - len - tail_len);
2270 len += opt.request_size - len - tail_len;
2271 }
2272
2273 strncpy((char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1);
2274 len += tail_len;
2275
2276 /* Truncate if request size is smaller than the "natural" size */
2277 if (opt.request_size != DFL_REQUEST_SIZE &&
2278 len > opt.request_size) {
2279 len = opt.request_size;
2280
2281 /* Still end with \r\n unless that's really not possible */
2282 if (len >= 2) {
2283 buf[len - 2] = '\r';
2284 }
2285 if (len >= 1) {
2286 buf[len - 1] = '\n';
2287 }
2288 }
2289
2290 if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
2291 written = 0;
2292 frags = 0;
2293
2294 do {
2295 while ((ret = mbedtls_ssl_write(&ssl, buf + written,
2296 len - written)) < 0) {
2297 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2298 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2299 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2300 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
2301 (unsigned int) -ret);
2302 goto exit;
2303 }
2304
2305 /* For event-driven IO, wait for socket to become available */
2306 if (opt.event == 1 /* level triggered IO */) {
2307 #if defined(MBEDTLS_TIMING_C)
2308 idle(&server_fd, &timer, ret);
2309 #else
2310 idle(&server_fd, ret);
2311 #endif
2312 }
2313 }
2314
2315 frags++;
2316 written += ret;
2317 } while (written < len);
2318 } else { /* Not stream, so datagram */
2319 while (1) {
2320 ret = mbedtls_ssl_write(&ssl, buf, len);
2321
2322 #if defined(MBEDTLS_ECP_RESTARTABLE)
2323 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2324 continue;
2325 }
2326 #endif
2327
2328 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2329 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
2330 break;
2331 }
2332
2333 /* For event-driven IO, wait for socket to become available */
2334 if (opt.event == 1 /* level triggered IO */) {
2335 #if defined(MBEDTLS_TIMING_C)
2336 idle(&server_fd, &timer, ret);
2337 #else
2338 idle(&server_fd, ret);
2339 #endif
2340 }
2341 }
2342
2343 if (ret < 0) {
2344 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n",
2345 ret);
2346 goto exit;
2347 }
2348
2349 frags = 1;
2350 written = ret;
2351
2352 if (written < len) {
2353 mbedtls_printf(" warning\n ! request didn't fit into single datagram and "
2354 "was truncated to size %u", (unsigned) written);
2355 }
2356 }
2357
2358 buf[written] = '\0';
2359 mbedtls_printf(" %d bytes written in %d fragments\n\n%s\n",
2360 written, frags, (char *) buf);
2361
2362 /* Send a non-empty request if request_size == 0 */
2363 if (len == 0) {
2364 opt.request_size = DFL_REQUEST_SIZE;
2365 goto send_request;
2366 }
2367
2368 /*
2369 * 7. Read the HTTP response
2370 */
2371 mbedtls_printf(" < Read from server:");
2372 fflush(stdout);
2373
2374 /*
2375 * TLS and DTLS need different reading styles (stream vs datagram)
2376 */
2377 if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
2378 do {
2379 len = sizeof(buf) - 1;
2380 memset(buf, 0, sizeof(buf));
2381 ret = mbedtls_ssl_read(&ssl, buf, len);
2382
2383 #if defined(MBEDTLS_ECP_RESTARTABLE)
2384 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2385 continue;
2386 }
2387 #endif
2388
2389 if (ret == MBEDTLS_ERR_SSL_WANT_READ ||
2390 ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
2391 /* For event-driven IO, wait for socket to become available */
2392 if (opt.event == 1 /* level triggered IO */) {
2393 #if defined(MBEDTLS_TIMING_C)
2394 idle(&server_fd, &timer, ret);
2395 #else
2396 idle(&server_fd, ret);
2397 #endif
2398 }
2399 continue;
2400 }
2401
2402 if (ret <= 0) {
2403 switch (ret) {
2404 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2405 mbedtls_printf(" connection was closed gracefully\n");
2406 ret = 0;
2407 goto close_notify;
2408
2409 case 0:
2410 case MBEDTLS_ERR_NET_CONN_RESET:
2411 mbedtls_printf(" connection was reset by peer\n");
2412 ret = 0;
2413 goto reconnect;
2414
2415 default:
2416 mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n",
2417 (unsigned int) -ret);
2418 goto exit;
2419 }
2420 }
2421
2422 len = ret;
2423 buf[len] = '\0';
2424 mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
2425
2426 /* End of message should be detected according to the syntax of the
2427 * application protocol (eg HTTP), just use a dummy test here. */
2428 if (ret > 0 && buf[len-1] == '\n') {
2429 ret = 0;
2430 break;
2431 }
2432 } while (1);
2433 } else { /* Not stream, so datagram */
2434 len = sizeof(buf) - 1;
2435 memset(buf, 0, sizeof(buf));
2436
2437 while (1) {
2438 ret = mbedtls_ssl_read(&ssl, buf, len);
2439
2440 #if defined(MBEDTLS_ECP_RESTARTABLE)
2441 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2442 continue;
2443 }
2444 #endif
2445
2446 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2447 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
2448 break;
2449 }
2450
2451 /* For event-driven IO, wait for socket to become available */
2452 if (opt.event == 1 /* level triggered IO */) {
2453 #if defined(MBEDTLS_TIMING_C)
2454 idle(&server_fd, &timer, ret);
2455 #else
2456 idle(&server_fd, ret);
2457 #endif
2458 }
2459 }
2460
2461 if (ret <= 0) {
2462 switch (ret) {
2463 case MBEDTLS_ERR_SSL_TIMEOUT:
2464 mbedtls_printf(" timeout\n");
2465 if (retry_left-- > 0) {
2466 goto send_request;
2467 }
2468 goto exit;
2469
2470 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2471 mbedtls_printf(" connection was closed gracefully\n");
2472 ret = 0;
2473 goto close_notify;
2474
2475 default:
2476 mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
2477 goto exit;
2478 }
2479 }
2480
2481 len = ret;
2482 buf[len] = '\0';
2483 mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
2484 ret = 0;
2485 }
2486
2487 /*
2488 * 7b. Simulate hard reset and reconnect from same port?
2489 */
2490 if (opt.reconnect_hard != 0) {
2491 opt.reconnect_hard = 0;
2492
2493 mbedtls_printf(" . Restarting connection from same port...");
2494 fflush(stdout);
2495
2496 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
2497 memset(peer_crt_info, 0, sizeof(peer_crt_info));
2498 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
2499
2500 if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
2501 mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2502 (unsigned int) -ret);
2503 goto exit;
2504 }
2505
2506 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
2507 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2508 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2509 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2510 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
2511 (unsigned int) -ret);
2512 goto exit;
2513 }
2514
2515 /* For event-driven IO, wait for socket to become available */
2516 if (opt.event == 1 /* level triggered IO */) {
2517 #if defined(MBEDTLS_TIMING_C)
2518 idle(&server_fd, &timer, ret);
2519 #else
2520 idle(&server_fd, ret);
2521 #endif
2522 }
2523 }
2524
2525 mbedtls_printf(" ok\n");
2526
2527 goto send_request;
2528 }
2529
2530 /*
2531 * 7c. Simulate serialize/deserialize and go back to data exchange
2532 */
2533 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2534 if (opt.serialize != 0) {
2535 size_t buf_len;
2536
2537 mbedtls_printf(" . Serializing live connection...");
2538
2539 ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len);
2540 if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
2541 mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
2542 "-0x%x\n\n", (unsigned int) -ret);
2543
2544 goto exit;
2545 }
2546
2547 if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) {
2548 mbedtls_printf(" failed\n ! Couldn't allocate buffer for "
2549 "serialized context");
2550
2551 goto exit;
2552 }
2553 context_buf_len = buf_len;
2554
2555 if ((ret = mbedtls_ssl_context_save(&ssl, context_buf,
2556 buf_len, &buf_len)) != 0) {
2557 mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
2558 "-0x%x\n\n", (unsigned int) -ret);
2559
2560 goto exit;
2561 }
2562
2563 mbedtls_printf(" ok\n");
2564
2565 /* Save serialized context to the 'opt.context_file' as a base64 code */
2566 if (0 < strlen(opt.context_file)) {
2567 FILE *b64_file;
2568 uint8_t *b64_buf;
2569 size_t b64_len;
2570
2571 mbedtls_printf(" . Save serialized context to a file... ");
2572
2573 mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len);
2574
2575 if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) {
2576 mbedtls_printf("failed\n ! Couldn't allocate buffer for "
2577 "the base64 code\n");
2578 goto exit;
2579 }
2580
2581 if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len,
2582 context_buf, buf_len)) != 0) {
2583 mbedtls_printf("failed\n ! mbedtls_base64_encode returned "
2584 "-0x%x\n", (unsigned int) -ret);
2585 mbedtls_free(b64_buf);
2586 goto exit;
2587 }
2588
2589 if ((b64_file = fopen(opt.context_file, "w")) == NULL) {
2590 mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n",
2591 opt.context_file);
2592 mbedtls_free(b64_buf);
2593 goto exit;
2594 }
2595
2596 if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) {
2597 mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n",
2598 (long) b64_len);
2599 mbedtls_free(b64_buf);
2600 fclose(b64_file);
2601 goto exit;
2602 }
2603
2604 mbedtls_free(b64_buf);
2605 fclose(b64_file);
2606
2607 mbedtls_printf("ok\n");
2608 }
2609
2610 if (opt.serialize == 1) {
2611 /* nothing to do here, done by context_save() already */
2612 mbedtls_printf(" . Context has been reset... ok\n");
2613 }
2614
2615 if (opt.serialize == 2) {
2616 mbedtls_printf(" . Freeing and reinitializing context...");
2617
2618 mbedtls_ssl_free(&ssl);
2619
2620 mbedtls_ssl_init(&ssl);
2621
2622 if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
2623 mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned "
2624 "-0x%x\n\n", (unsigned int) -ret);
2625 goto exit;
2626 }
2627
2628 if (opt.nbio == 2) {
2629 mbedtls_ssl_set_bio(&ssl, &server_fd, delayed_send,
2630 delayed_recv, NULL);
2631 } else {
2632 mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send,
2633 mbedtls_net_recv,
2634 opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL);
2635 }
2636
2637 #if defined(MBEDTLS_TIMING_C)
2638 mbedtls_ssl_set_timer_cb(&ssl, &timer,
2639 mbedtls_timing_set_delay,
2640 mbedtls_timing_get_delay);
2641 #endif /* MBEDTLS_TIMING_C */
2642
2643 mbedtls_printf(" ok\n");
2644 }
2645
2646 mbedtls_printf(" . Deserializing connection...");
2647
2648 if ((ret = mbedtls_ssl_context_load(&ssl, context_buf,
2649 buf_len)) != 0) {
2650 mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned "
2651 "-0x%x\n\n", (unsigned int) -ret);
2652
2653 goto exit;
2654 }
2655
2656 mbedtls_free(context_buf);
2657 context_buf = NULL;
2658 context_buf_len = 0;
2659
2660 mbedtls_printf(" ok\n");
2661 }
2662 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
2663
2664 /*
2665 * 7d. Continue doing data exchanges?
2666 */
2667 if (--opt.exchanges > 0) {
2668 goto send_request;
2669 }
2670
2671 /*
2672 * 8. Done, cleanly close the connection
2673 */
2674 close_notify:
2675 mbedtls_printf(" . Closing the connection...");
2676 fflush(stdout);
2677
2678 /*
2679 * Most of the time sending a close_notify before closing is the right
2680 * thing to do. However, when the server already knows how many messages
2681 * are expected and closes the connection by itself, this alert becomes
2682 * redundant. Sometimes with DTLS this redundancy becomes a problem by
2683 * leading to a race condition where the server might close the connection
2684 * before seeing the alert, and since UDP is connection-less when the
2685 * alert arrives it will be seen as a new connection, which will fail as
2686 * the alert is clearly not a valid ClientHello. This may cause spurious
2687 * failures in tests that use DTLS and resumption with ssl_server2 in
2688 * ssl-opt.sh, avoided by enabling skip_close_notify client-side.
2689 */
2690 if (opt.skip_close_notify == 0) {
2691 /* No error checking, the connection might be closed already */
2692 do {
2693 ret = mbedtls_ssl_close_notify(&ssl);
2694 } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
2695 ret = 0;
2696 }
2697
2698 mbedtls_printf(" done\n");
2699
2700 /*
2701 * 9. Reconnect?
2702 */
2703 reconnect:
2704 if (opt.reconnect != 0) {
2705 --opt.reconnect;
2706
2707 mbedtls_net_free(&server_fd);
2708
2709 #if defined(MBEDTLS_TIMING_C)
2710 if (opt.reco_delay > 0) {
2711 mbedtls_net_usleep(1000000 * opt.reco_delay);
2712 }
2713 #endif
2714
2715 mbedtls_printf(" . Reconnecting with saved session...");
2716
2717 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
2718 memset(peer_crt_info, 0, sizeof(peer_crt_info));
2719 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
2720
2721 if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
2722 mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2723 (unsigned int) -ret);
2724 goto exit;
2725 }
2726
2727 if (opt.reco_mode == 1) {
2728 if ((ret = mbedtls_ssl_session_load(&saved_session,
2729 session_data,
2730 session_data_len)) != 0) {
2731 mbedtls_printf(" failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
2732 (unsigned int) -ret);
2733 goto exit;
2734 }
2735 }
2736
2737 if ((ret = mbedtls_ssl_set_session(&ssl, &saved_session)) != 0) {
2738 mbedtls_printf(" failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
2739 (unsigned int) -ret);
2740 goto exit;
2741 }
2742
2743 if ((ret = mbedtls_net_connect(&server_fd,
2744 opt.server_addr, opt.server_port,
2745 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2746 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
2747 mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
2748 (unsigned int) -ret);
2749 goto exit;
2750 }
2751
2752 if (opt.nbio > 0) {
2753 ret = mbedtls_net_set_nonblock(&server_fd);
2754 } else {
2755 ret = mbedtls_net_set_block(&server_fd);
2756 }
2757 if (ret != 0) {
2758 mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
2759 (unsigned int) -ret);
2760 goto exit;
2761 }
2762
2763 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
2764 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2765 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2766 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2767 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
2768 (unsigned int) -ret);
2769 goto exit;
2770 }
2771 }
2772
2773 mbedtls_printf(" ok\n");
2774
2775 goto send_request;
2776 }
2777
2778 /*
2779 * Cleanup and exit
2780 */
2781 exit:
2782 #ifdef MBEDTLS_ERROR_C
2783 if (ret != 0) {
2784 char error_buf[100];
2785 mbedtls_strerror(ret, error_buf, 100);
2786 mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf);
2787 }
2788 #endif
2789
2790 mbedtls_net_free(&server_fd);
2791
2792 mbedtls_ssl_free(&ssl);
2793 mbedtls_ssl_config_free(&conf);
2794 mbedtls_ssl_session_free(&saved_session);
2795
2796 if (session_data != NULL) {
2797 mbedtls_platform_zeroize(session_data, session_data_len);
2798 }
2799 mbedtls_free(session_data);
2800 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2801 if (context_buf != NULL) {
2802 mbedtls_platform_zeroize(context_buf, context_buf_len);
2803 }
2804 mbedtls_free(context_buf);
2805 #endif
2806
2807 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
2808 mbedtls_x509_crt_free(&clicert);
2809 mbedtls_x509_crt_free(&cacert);
2810 mbedtls_pk_free(&pkey);
2811 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2812 psa_destroy_key(key_slot);
2813 #endif
2814 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
2815
2816 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
2817 defined(MBEDTLS_USE_PSA_CRYPTO)
2818 if (opt.psk_opaque != 0) {
2819 /* This is ok even if the slot hasn't been
2820 * initialized (we might have jumed here
2821 * immediately because of bad cmd line params,
2822 * for example). */
2823 status = psa_destroy_key(slot);
2824 if ((status != PSA_SUCCESS) &&
2825 (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
2826 mbedtls_printf("Failed to destroy key slot %u - error was %d",
2827 (unsigned) slot, (int) status);
2828 if (ret == 0) {
2829 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
2830 }
2831 }
2832 }
2833 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
2834 MBEDTLS_USE_PSA_CRYPTO */
2835
2836 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2837 const char *message = mbedtls_test_helper_is_psa_leaking();
2838 if (message) {
2839 if (ret == 0) {
2840 ret = 1;
2841 }
2842 mbedtls_printf("PSA memory leak detected: %s\n", message);
2843 }
2844 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2845
2846 /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
2847 * resources are freed by rng_free(). */
2848 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
2849 !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
2850 mbedtls_psa_crypto_free();
2851 #endif
2852
2853 rng_free(&rng);
2854
2855 #if defined(MBEDTLS_TEST_HOOKS)
2856 if (test_hooks_failure_detected()) {
2857 if (ret == 0) {
2858 ret = 1;
2859 }
2860 mbedtls_printf("Test hooks detected errors.\n");
2861 }
2862 test_hooks_free();
2863 #endif /* MBEDTLS_TEST_HOOKS */
2864
2865 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
2866 #if defined(MBEDTLS_MEMORY_DEBUG)
2867 mbedtls_memory_buffer_alloc_status();
2868 #endif
2869 mbedtls_memory_buffer_alloc_free();
2870 #endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
2871
2872 #if defined(_WIN32)
2873 if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
2874 mbedtls_printf(" + Press Enter to exit this program.\n");
2875 fflush(stdout); getchar();
2876 }
2877 #endif
2878
2879 // Shell can not handle large exit numbers -> 1 for errors
2880 if (ret < 0) {
2881 ret = 1;
2882 }
2883
2884 if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
2885 mbedtls_exit(ret);
2886 } else {
2887 mbedtls_exit(query_config_ret);
2888 }
2889 }
2890 #endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
2891