yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-04-17 12:25:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/pr/558' into baremetal

Browse source
This commit is contained in:
Simon Butcher 2019-05-09 17:03:18 +01:00
commit e372d5fb8f
9 changed files with 600 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

24
programs/ssl/query_config.c
View file

@ -1202,6 +1202,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
#if defined(MBEDTLS_SSL_CID)
if( strcmp( "MBEDTLS_SSL_CID", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID );
return( 0 );
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( strcmp( "MBEDTLS_SSL_ASYNC_PRIVATE", config ) == 0 )
{
@ -2426,6 +2434,22 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_IN_CONTENT_LEN */
#if defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
if( strcmp( "MBEDTLS_SSL_CID_IN_LEN_MAX", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_IN_LEN_MAX );
return( 0 );
}
#endif /* MBEDTLS_SSL_CID_IN_LEN_MAX */
#if defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
if( strcmp( "MBEDTLS_SSL_CID_OUT_LEN_MAX", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_OUT_LEN_MAX );
return( 0 );
}
#endif /* MBEDTLS_SSL_CID_OUT_LEN_MAX */
#if defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 )
{

186
programs/ssl/ssl_client2.c
View file

@ -103,6 +103,8 @@ int main( void )
#define DFL_DHMLEN -1
#define DFL_RECONNECT 0
#define DFL_RECO_DELAY 0
#define DFL_CID_ENABLED 0
#define DFL_CID_VALUE ""
#define DFL_RECONNECT_HARD 0
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
#define DFL_ALPN_STRING NULL
@ -137,6 +139,16 @@ int main( void )
#define USAGE_IO ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CID)
#define USAGE_CID \
" cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
" default: 0 (disabled)\n" \
" cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
" default: \"\"\n"
#else /* MBEDTLS_SSL_CID */
#define USAGE_CID ""
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK \
" psk=%%s default: \"\" (in hex, without 0x)\n" \
@ -278,6 +290,7 @@ int main( void )
" max_resend=%%d default: 0 (no resend on timeout)\n" \
"\n" \
USAGE_DTLS \
USAGE_CID \
"\n" \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
@ -385,6 +398,8 @@ struct options
int dgram_packing; /* allow/forbid datagram packing */
int extended_ms; /* negotiate extended master secret? */
int etm; /* negotiate encrypt then mac? */
int cid_enabled; /* whether to use the CID extension or not */
const char *cid_val; /* the CID to use for incoming messages */
} opt;
int query_config( const char *config );
@ -536,6 +551,45 @@ int idle( mbedtls_net_context *fd,
return( 0 );
}
/* Unhexify `hex` into `dst`. `dst` must have
* size at least `strlen( hex ) / 2`. */
int unhexify( char const *hex, unsigned char *dst )
{
unsigned char c;
size_t j;
size_t len = strlen( hex );
if( len % 2 != 0 )
return( -1 );
for( j = 0; j < len; j += 2 )
{
c = hex[j];
if( c >= '0' && c <= '9' )
c -= '0';
else if( c >= 'a' && c <= 'f' )
c -= 'a' - 10;
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
return( -1 );
dst[ j / 2 ] = c << 4;
c = hex[j + 1];
if( c >= '0' && c <= '9' )
c -= '0';
else if( c >= 'a' && c <= 'f' )
c -= 'a' - 10;
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
return( -1 );
dst[ j / 2 ] |= c;
}
return( 0 );
}
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
@ -547,6 +601,12 @@ int main( int argc, char *argv[] )
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
#endif
#if defined(MBEDTLS_SSL_CID)
unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
size_t cid_len = 0;
#endif
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE];
#endif
@ -620,6 +680,8 @@ int main( int argc, char *argv[] )
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
opt.debug_level = DFL_DEBUG_LEVEL;
opt.cid_enabled = DFL_CID_ENABLED;
opt.cid_val = DFL_CID_VALUE;
opt.nbio = DFL_NBIO;
opt.event = DFL_EVENT;
opt.read_timeout = DFL_READ_TIMEOUT;
@ -729,6 +791,18 @@ int main( int argc, char *argv[] )
opt.crt_file = q;
else if( strcmp( p, "key_file" ) == 0 )
opt.key_file = q;
#if defined(MBEDTLS_SSL_CID)
else if( strcmp( p, "cid" ) == 0 )
{
opt.cid_enabled = atoi( q );
if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
goto usage;
}
else if( strcmp( p, "cid_val" ) == 0 )
{
opt.cid_val = q;
}
#endif /* MBEDTLS_SSL_CID */
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
else if( strcmp( p, "psk_identity" ) == 0 )
@ -1070,52 +1144,41 @@ int main( int argc, char *argv[] )
}
}
#if defined(MBEDTLS_SSL_CID)
if( strlen( opt.cid_val ) )
{
cid_len = strlen( opt.cid_val ) / 2;
if( cid_len > sizeof( cid ) )
{
mbedtls_printf( "CID too long\n" );
goto exit;
}
if( unhexify( opt.cid_val, cid ) != 0 )
{
mbedtls_printf( "CID not valid hex\n" );
goto exit;
}
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/*
* Unhexify the pre-shared key if any is given
*/
if( strlen( opt.psk ) )
{
unsigned char c;
size_t j;
if( strlen( opt.psk ) % 2 != 0 )
psk_len = strlen( opt.psk ) / 2;
if( psk_len > sizeof( psk ) )
{
mbedtls_printf( "pre-shared key not valid hex\n" );
mbedtls_printf( "pre-shared key too long\n" );
goto exit;
}
psk_len = strlen( opt.psk ) / 2;
for( j = 0; j < strlen( opt.psk ); j += 2 )
if( unhexify( opt.psk, psk ) != 0 )
{
c = opt.psk[j];
if( c >= '0' && c <= '9' )
c -= '0';
else if( c >= 'a' && c <= 'f' )
c -= 'a' - 10;
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
{
mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
psk[ j / 2 ] = c << 4;
c = opt.psk[j + 1];
if( c >= '0' && c <= '9' )
c -= '0';
else if( c >= 'a' && c <= 'f' )
c -= 'a' - 10;
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
{
mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
psk[ j / 2 ] |= c;
mbedtls_printf( "pre-shared key not valid hex\n" );
goto exit;
}
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
@ -1551,6 +1614,19 @@ int main( int argc, char *argv[] )
mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
#if defined(MBEDTLS_SSL_CID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
cid, cid_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
ret );
goto exit;
}
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU )
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
@ -1679,6 +1755,46 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
size_t peer_cid_len;
int cid_negotiated;
/* Check if the use of a CID has been negotiated */
ret = mbedtls_ssl_get_peer_cid( &ssl, &cid_negotiated,
peer_cid, &peer_cid_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
-ret );
goto exit;
}
if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
{
if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
{
mbedtls_printf( "Use of Connection ID was rejected by the server.\n" );
}
}
else
{
size_t idx=0;
mbedtls_printf( "Use of Connection ID has been negotiated.\n" );
mbedtls_printf( "Peer CID (length %u Bytes): ",
(unsigned) peer_cid_len );
while( idx < peer_cid_len )
{
mbedtls_printf( "%#02x ", peer_cid[ idx ] );
idx++;
}
mbedtls_printf( "\n" );
}
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( opt.renegotiate )
{

104
programs/ssl/ssl_server2.c
View file

@ -137,6 +137,8 @@ int main( void )
#define DFL_MAX_VERSION -1
#define DFL_ARC4 -1
#define DFL_SHA1 -1
#define DFL_CID_ENABLED 0
#define DFL_CID_VALUE ""
#define DFL_AUTH_MODE -1
#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
@ -222,6 +224,16 @@ int main( void )
#define USAGE_SSL_ASYNC ""
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CID)
#define USAGE_CID \
" cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
" default: 0 (disabled)\n" \
" cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
" default: \"\"\n"
#else /* MBEDTLS_SSL_CID */
#define USAGE_CID ""
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
#define USAGE_PSK \
" psk=%%s default: \"\" (in hex, without 0x)\n" \
@ -510,6 +522,8 @@ struct options
int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
int dgram_packing; /* allow/forbid datagram packing */
int badmac_limit; /* Limit of records with bad MAC */
int cid_enabled; /* whether to use the CID extension or not */
const char *cid_val; /* the CID to use for incoming messages */
} opt;
int query_config( const char *config );
@ -1260,6 +1274,11 @@ int main( int argc, char *argv[] )
unsigned char alloc_buf[MEMORY_HEAP_SIZE];
#endif
#if defined(MBEDTLS_SSL_CID)
unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
size_t cid_len = 0;
#endif
int i;
char *p, *q;
const int *list;
@ -1337,6 +1356,8 @@ int main( int argc, char *argv[] )
opt.event = DFL_EVENT;
opt.response_size = DFL_RESPONSE_SIZE;
opt.nbio = DFL_NBIO;
opt.cid_enabled = DFL_CID_ENABLED;
opt.cid_val = DFL_CID_VALUE;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.ca_file = DFL_CA_FILE;
opt.ca_path = DFL_CA_PATH;
@ -1475,6 +1496,18 @@ int main( int argc, char *argv[] )
opt.async_private_error = n;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CID)
else if( strcmp( p, "cid" ) == 0 )
{
opt.cid_enabled = atoi( q );
if( opt.cid_enabled != 0 && opt.cid_enabled != 1 )
goto usage;
}
else if( strcmp( p, "cid_val" ) == 0 )
{
opt.cid_val = q;
}
#endif /* MBEDTLS_SSL_CID */
else if( strcmp( p, "psk" ) == 0 )
opt.psk = q;
else if( strcmp( p, "psk_identity" ) == 0 )
@ -1882,6 +1915,24 @@ int main( int argc, char *argv[] )
}
}
#if defined(MBEDTLS_SSL_CID)
if( strlen( opt.cid_val ) )
{
cid_len = strlen( opt.cid_val ) / 2;
if( cid_len > sizeof( cid ) )
{
mbedtls_printf( "CID too long\n" );
goto exit;
}
if( unhexify( cid, opt.cid_val, &cid_len ) != 0 )
{
mbedtls_printf( "CID not valid hex\n" );
goto exit;
}
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/*
* Unhexify the pre-shared key and parse the list if any given
@ -2561,6 +2612,19 @@ int main( int argc, char *argv[] )
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
#if defined(MBEDTLS_SSL_CID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
cid, cid_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
ret );
goto exit;
}
}
#endif /* MBEDTLS_SSL_CID */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU )
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
@ -2786,6 +2850,46 @@ handshake:
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_CID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
size_t peer_cid_len;
int cid_negotiated;
/* Check if the use of a CID has been negotiated */
ret = mbedtls_ssl_get_peer_cid( &ssl, &cid_negotiated,
peer_cid, &peer_cid_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
-ret );
goto exit;
}
if( cid_negotiated == MBEDTLS_SSL_CID_DISABLED )
{
if( opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED )
{
mbedtls_printf( "Use of Connection ID was not offered by the client.\n" );
}
}
else
{
size_t idx=0;
mbedtls_printf( "Use of Connection ID has been negotiated.\n" );
mbedtls_printf( "Peer CID (length %u Bytes): ",
(unsigned) peer_cid_len );
while( idx < peer_cid_len )
{
mbedtls_printf( "%#02x ", peer_cid[ idx ] );
idx++;
}
mbedtls_printf( "\n" );
}
}
#endif /* MBEDTLS_SSL_CID */
if( opt.exchanges == 0 )
goto close_notify;