Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-21 21:36:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

The Great Renaming

Browse source 
A simple execution of tmp/invoke-rename.pl
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-08 12:49:31 +02:00
parent b5904d25ef
commit 2cf5a7c98e
291 changed files with 36012 additions and 36012 deletions
Download patch file Download diff file Expand all files Collapse all files

210
programs/ssl/dtls_client.c
View file

@ -20,36 +20,36 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#endif
#if !defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_SSL_PROTO_DTLS) || \
!defined(POLARSSL_NET_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CERTS_C)
#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
!defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
polarssl_printf( "POLARSSL_SSL_CLI_C and/or POLARSSL_SSL_PROTO_DTLS and/or "
"POLARSSL_NET_C and/or "
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or "
"POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CERTS_C and/or POLARSSL_PEM_PARSE_C not defined.\n" );
mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_NET_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
return( 0 );
}
#else
@ -78,7 +78,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
polarssl_fprintf( (FILE *) ctx, "%s", str );
mbedtls_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@ -89,243 +89,243 @@ int main( int argc, char *argv[] )
const char *pers = "dtls_client";
int retry_left = MAX_RETRY;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_crt cacert;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_x509_crt cacert;
((void) argc);
((void) argv);
#if defined(POLARSSL_DEBUG_C)
debug_set_threshold( DEBUG_LEVEL );
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( DEBUG_LEVEL );
#endif
/*
* 0. Initialize the RNG and the session data
*/
memset( &ssl, 0, sizeof( ssl_context ) );
x509_crt_init( &cacert );
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
mbedtls_x509_crt_init( &cacert );
polarssl_printf( "\n . Seeding the random number generator..." );
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_init returned %d\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 0. Initialize certificates
*/
polarssl_printf( " . Loading the CA root certificate ..." );
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
ret = x509_crt_parse( &cacert, (const unsigned char *) test_cas_pem,
test_cas_pem_len );
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret < 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
polarssl_printf( " ok (%d skipped)\n", ret );
mbedtls_printf( " ok (%d skipped)\n", ret );
/*
* 1. Start the connection
*/
polarssl_printf( " . Connecting to udp/%s/%4d...", SERVER_NAME,
mbedtls_printf( " . Connecting to udp/%s/%4d...", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_ADDR,
SERVER_PORT, NET_PROTO_UDP ) ) != 0 )
if( ( ret = mbedtls_net_connect( &server_fd, SERVER_ADDR,
SERVER_PORT, MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 2. Setup stuff
*/
polarssl_printf( " . Setting up the DTLS structure..." );
mbedtls_printf( " . Setting up the DTLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_transport( &ssl, SSL_TRANSPORT_DATAGRAM );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM );
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio_timeout( &ssl, &server_fd,
net_send, net_recv, net_recv_timeout,
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
READ_TIMEOUT_MS );
/*
* 4. Handshake
*/
polarssl_printf( " . Performing the SSL/TLS handshake..." );
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
do ret = ssl_handshake( &ssl );
while( ret == POLARSSL_ERR_NET_WANT_READ ||
ret == POLARSSL_ERR_NET_WANT_WRITE );
do ret = mbedtls_ssl_handshake( &ssl );
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
if( ret != 0 )
{
polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 5. Verify the server certificate
*/
polarssl_printf( " . Verifying peer X.509 certificate..." );
mbedtls_printf( " . Verifying peer X.509 certificate..." );
/* In real life, we would have used SSL_VERIFY_REQUIRED so that the
/* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the
* handshake would not succeed if the peer's cert is bad. Even if we used
* SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
* MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
polarssl_printf( " failed\n" );
mbedtls_printf( " failed\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
polarssl_printf( " ! server certificate has expired\n" );
if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
polarssl_printf( " ! server certificate has been revoked\n" );
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
mbedtls_printf( " ! server certificate has been revoked\n" );
if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
polarssl_printf( " ! CN mismatch (expected CN=%s)\n", SERVER_NAME );
if( ( ret & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
mbedtls_printf( " ! CN mismatch (expected CN=%s)\n", SERVER_NAME );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
mbedtls_printf( " ! self-signed or not signed by a trusted CA\n" );
polarssl_printf( "\n" );
mbedtls_printf( "\n" );
}
else
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 6. Write the echo request
*/
send_request:
polarssl_printf( " > Write to server:" );
mbedtls_printf( " > Write to server:" );
fflush( stdout );
len = sizeof( MESSAGE ) - 1;
do ret = ssl_write( &ssl, (unsigned char *) MESSAGE, len );
while( ret == POLARSSL_ERR_NET_WANT_READ ||
ret == POLARSSL_ERR_NET_WANT_WRITE );
do ret = mbedtls_ssl_write( &ssl, (unsigned char *) MESSAGE, len );
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
if( ret < 0 )
{
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
goto exit;
}
len = ret;
polarssl_printf( " %d bytes written\n\n%s\n\n", len, MESSAGE );
mbedtls_printf( " %d bytes written\n\n%s\n\n", len, MESSAGE );
/*
* 7. Read the echo response
*/
polarssl_printf( " < Read from server:" );
mbedtls_printf( " < Read from server:" );
fflush( stdout );
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
do ret = ssl_read( &ssl, buf, len );
while( ret == POLARSSL_ERR_NET_WANT_READ ||
ret == POLARSSL_ERR_NET_WANT_WRITE );
do ret = mbedtls_ssl_read( &ssl, buf, len );
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
if( ret <= 0 )
{
switch( ret )
{
case POLARSSL_ERR_NET_TIMEOUT:
polarssl_printf( " timeout\n\n" );
case MBEDTLS_ERR_NET_TIMEOUT:
mbedtls_printf( " timeout\n\n" );
if( retry_left-- > 0 )
goto send_request;
goto exit;
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
polarssl_printf( " connection was closed gracefully\n" );
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf( " connection was closed gracefully\n" );
ret = 0;
goto close_notify;
default:
polarssl_printf( " ssl_read returned -0x%x\n\n", -ret );
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
goto exit;
}
}
len = ret;
polarssl_printf( " %d bytes read\n\n%s\n\n", len, buf );
mbedtls_printf( " %d bytes read\n\n%s\n\n", len, buf );
/*
* 8. Done, cleanly close the connection
*/
close_notify:
polarssl_printf( " . Closing the connection..." );
mbedtls_printf( " . Closing the connection..." );
/* No error checking, the connection might be closed already */
do ret = ssl_close_notify( &ssl );
while( ret == POLARSSL_ERR_NET_WANT_WRITE );
do ret = mbedtls_ssl_close_notify( &ssl );
while( ret == MBEDTLS_ERR_NET_WANT_WRITE );
ret = 0;
polarssl_printf( " done\n" );
mbedtls_printf( " done\n" );
/*
* 9. Final clean-ups and exit
*/
exit:
#ifdef POLARSSL_ERROR_C
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
polarssl_printf( "Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf( "Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
if( server_fd != -1 )
net_close( server_fd );
mbedtls_net_close( server_fd );
x509_crt_free( &cacert );
ssl_free( &ssl );
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
mbedtls_x509_crt_free( &cacert );
mbedtls_ssl_free( &ssl );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32)
polarssl_printf( " + Press Enter to exit this program.\n" );
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
@ -335,7 +335,7 @@ exit:
return( ret );
}
#endif /* POLARSSL_SSL_CLI_C && POLARSSL_SSL_PROTO_DTLS && POLARSSL_NET_C &&
POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
POLARSSL_X509_CRT_PARSE_C && POLARSSL_RSA_C && POLARSSL_CERTS_C &&
POLARSSL_PEM_PARSE_C */
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_CERTS_C &&
MBEDTLS_PEM_PARSE_C */

218
programs/ssl/dtls_server.c
View file

@ -20,33 +20,33 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#endif
#if !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_SSL_PROTO_DTLS) || \
!defined(POLARSSL_SSL_COOKIE_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CERTS_C) || !defined(POLARSSL_PEM_PARSE_C)
#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
!defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C)
#include <stdio.h>
int main( void )
{
printf( "POLARSSL_SSL_SRV_C and/or POLARSSL_SSL_PROTO_DTLS and/or "
"POLARSSL_SSL_COOKIE_C and/or POLARSSL_NET_C and/or "
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or "
"POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CERTS_C and/or POLARSSL_PEM_PARSE_C not defined.\n" );
printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
return( 0 );
}
#else
@ -69,7 +69,7 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#if defined(POLARSSL_SSL_CACHE_C)
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
#endif
@ -80,7 +80,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
polarssl_fprintf( (FILE *) ctx, "%s", str );
mbedtls_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@ -92,28 +92,28 @@ int main( void )
unsigned char buf[1024];
const char *pers = "dtls_server";
unsigned char client_ip[16] = { 0 };
ssl_cookie_ctx cookie_ctx;
mbedtls_ssl_cookie_ctx cookie_ctx;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_crt srvcert;
pk_context pkey;
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
#endif
memset( &ssl, 0, sizeof(ssl_context) );
ssl_cookie_init( &cookie_ctx );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
memset( &ssl, 0, sizeof(mbedtls_ssl_context) );
mbedtls_ssl_cookie_init( &cookie_ctx );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
#endif
x509_crt_init( &srvcert );
pk_init( &pkey );
entropy_init( &entropy );
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
mbedtls_entropy_init( &entropy );
#if defined(POLARSSL_DEBUG_C)
debug_set_threshold( DEBUG_LEVEL );
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( DEBUG_LEVEL );
#endif
/*
@ -124,30 +124,30 @@ int main( void )
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509_crt_parse_file() to read the
* server and CA certificates, as well as pk_parse_keyfile().
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
test_srv_crt_len );
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_cas_pem,
test_cas_pem_len );
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
test_srv_key_len, NULL, 0 );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
goto exit;
}
@ -159,9 +159,9 @@ int main( void )
printf( " . Bind on udp/*/4433 ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433, NET_PROTO_UDP ) ) != 0 )
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, 4433, MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
printf( " failed\n ! net_bind returned %d\n\n", ret );
printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
goto exit;
}
@ -173,11 +173,11 @@ int main( void )
printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
if( ( ret = mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
printf( " failed\n ! mbedtls_ctr_drbg_init returned %d\n", ret );
goto exit;
}
@ -189,57 +189,57 @@ int main( void )
printf( " . Setting up the DTLS data..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret );
goto exit;
}
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_transport( &ssl, SSL_TRANSPORT_DATAGRAM );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
ssl_cache_set, &cache );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_cache_set, &cache );
#endif
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
if( ( ret = ssl_cookie_setup( &cookie_ctx,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! ssl_cookie_setup returned %d\n\n", ret );
printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
goto exit;
}
ssl_set_dtls_cookies( &ssl, ssl_cookie_write, ssl_cookie_check,
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
printf( " ok\n" );
reset:
#ifdef POLARSSL_ERROR_C
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
mbedtls_strerror( ret, error_buf, 100 );
printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
if( client_fd != -1 )
net_close( client_fd );
mbedtls_net_close( client_fd );
ssl_session_reset( &ssl );
mbedtls_ssl_session_reset( &ssl );
/*
* 3. Wait until a client connects
@ -249,21 +249,21 @@ reset:
printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, client_ip ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, client_ip ) ) != 0 )
{
printf( " failed\n ! net_accept returned %d\n\n", ret );
printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
goto exit;
}
/* With UDP, bind_fd is hijacked by client_fd, so bind a new one */
if( ( ret = net_bind( &listen_fd, NULL, 4433, NET_PROTO_UDP ) ) != 0 )
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, 4433, MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
printf( " failed\n ! mbedtls_net_bind returned -0x%x\n\n", -ret );
goto exit;
}
/* For HelloVerifyRequest cookies */
if( ( ret = ssl_set_client_transport_id( &ssl, client_ip,
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl, client_ip,
sizeof( client_ip ) ) ) != 0 )
{
printf( " failed\n ! "
@ -271,8 +271,8 @@ reset:
goto exit;
}
ssl_set_bio_timeout( &ssl, &client_fd,
net_send, net_recv, net_recv_timeout,
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
READ_TIMEOUT_MS );
printf( " ok\n" );
@ -283,11 +283,11 @@ reset:
printf( " . Performing the DTLS handshake..." );
fflush( stdout );
do ret = ssl_handshake( &ssl );
while( ret == POLARSSL_ERR_NET_WANT_READ ||
ret == POLARSSL_ERR_NET_WANT_WRITE );
do ret = mbedtls_ssl_handshake( &ssl );
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
if( ret == POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
printf( " hello verification requested\n" );
ret = 0;
@ -295,7 +295,7 @@ reset:
}
else if( ret != 0 )
{
printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
goto reset;
}
@ -310,25 +310,25 @@ reset:
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
do ret = ssl_read( &ssl, buf, len );
while( ret == POLARSSL_ERR_NET_WANT_READ ||
ret == POLARSSL_ERR_NET_WANT_WRITE );
do ret = mbedtls_ssl_read( &ssl, buf, len );
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
if( ret <= 0 )
{
switch( ret )
{
case POLARSSL_ERR_NET_TIMEOUT:
case MBEDTLS_ERR_NET_TIMEOUT:
printf( " timeout\n\n" );
goto reset;
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
ret = 0;
goto close_notify;
default:
printf( " ssl_read returned -0x%x\n\n", -ret );
printf( " mbedtls_ssl_read returned -0x%x\n\n", -ret );
goto reset;
}
}
@ -342,13 +342,13 @@ reset:
printf( " > Write to client:" );
fflush( stdout );
do ret = ssl_write( &ssl, buf, len );
while( ret == POLARSSL_ERR_NET_WANT_READ ||
ret == POLARSSL_ERR_NET_WANT_WRITE );
do ret = mbedtls_ssl_write( &ssl, buf, len );
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
if( ret < 0 )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
goto exit;
}
@ -362,8 +362,8 @@ close_notify:
printf( " . Closing the connection..." );
/* No error checking, the connection might be closed already */
do ret = ssl_close_notify( &ssl );
while( ret == POLARSSL_ERR_NET_WANT_WRITE );
do ret = mbedtls_ssl_close_notify( &ssl );
while( ret == MBEDTLS_ERR_NET_WANT_WRITE );
ret = 0;
printf( " done\n" );
@ -375,27 +375,27 @@ close_notify:
*/
exit:
#ifdef POLARSSL_ERROR_C
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
mbedtls_strerror( ret, error_buf, 100 );
printf( "Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
if( client_fd != -1 )
net_close( client_fd );
mbedtls_net_close( client_fd );
x509_crt_free( &srvcert );
pk_free( &pkey );
ssl_free( &ssl );
ssl_cookie_free( &cookie_ctx );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_cookie_free( &cookie_ctx );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
#endif
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
@ -408,7 +408,7 @@ exit:
return( ret );
}
#endif /* POLARSSL_SSL_SRV_C && POLARSSL_SSL_PROTO_DTLS &&
POLARSSL_SSL_COOKIE_C && POLARSSL_NET_C && POLARSSL_ENTROPY_C &&
POLARSSL_CTR_DRBG_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_RSA_C
&& POLARSSL_CERTS_C && POLARSSL_PEM_PARSE_C */
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
&& MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */

80
programs/ssl/mini_client.c
View file

@ -21,10 +21,10 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
#endif
/*
@ -37,19 +37,19 @@
#define UNIX
#endif
#if !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_SSL_CLI_C) || \
#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(UNIX)
#if defined(POLARSSL_PLATFORM_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define polarssl_printf printf
#define mbedtls_printf printf
#endif
int main( void )
{
polarssl_printf( "POLARSSL_CTR_DRBG_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_NET_C and/or POLARSSL_SSL_CLI_C and/or UNIX "
mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
"not defined.\n");
return( 0 );
}
@ -79,7 +79,7 @@ int main( void )
const char *pers = "mini_client";
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const unsigned char psk[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
@ -87,7 +87,7 @@ const unsigned char psk[] = {
const char psk_id[] = "Client_identity";
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/* This is tests/data_files/test-ca2.crt, a CA using EC secp384r1 */
const unsigned char ca_cert[] = {
0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x01, 0xd7, 0xa0, 0x03, 0x02, 0x01,
@ -141,7 +141,7 @@ const unsigned char ca_cert[] = {
0xb8, 0x28, 0xe7, 0xf2, 0x9c, 0x14, 0x3a, 0x40, 0x01, 0x5c, 0xaf, 0x0c,
0xb2, 0xcf, 0x74, 0x7f, 0x30, 0x9f, 0x08, 0x43, 0xad, 0x20,
};
#endif /* POLARSSL_X509_CRT_PARSE_C */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
enum exit_codes
{
@ -160,54 +160,54 @@ int main( void )
int ret = exit_ok;
int server_fd = -1;
struct sockaddr_in addr;
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt ca;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt ca;
#endif
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
/*
* 0. Initialize and setup stuff
*/
memset( &ssl, 0, sizeof( ssl_context ) );
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt_init( &ca );
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &ca );
#endif
entropy_init( &entropy );
if( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
mbedtls_entropy_init( &entropy );
if( mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
{
ret = ssl_init_failed;
goto exit;
}
if( ssl_init( &ssl ) != 0 )
if( mbedtls_ssl_init( &ssl ) != 0 )
{
ret = ssl_init_failed;
goto exit;
}
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
ssl_set_psk( &ssl, psk, sizeof( psk ),
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
mbedtls_ssl_set_psk( &ssl, psk, sizeof( psk ),
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 )
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( mbedtls_x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 )
{
ret = x509_crt_parse_failed;
goto exit;
}
ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
ssl_set_authmode( &ssl, SSL_VERIFY_REQUIRED );
mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
#endif
/*
@ -234,9 +234,9 @@ int main( void )
goto exit;
}
ssl_set_bio_timeout( &ssl, &server_fd, net_send, net_recv, NULL, 0 );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( ssl_handshake( &ssl ) != 0 )
if( mbedtls_ssl_handshake( &ssl ) != 0 )
{
ret = ssl_handshake_failed;
goto exit;
@ -245,24 +245,24 @@ int main( void )
/*
* 2. Write the GET request and close the connection
*/
if( ssl_write( &ssl, (const unsigned char *) GET_REQUEST,
if( mbedtls_ssl_write( &ssl, (const unsigned char *) GET_REQUEST,
sizeof( GET_REQUEST ) - 1 ) <= 0 )
{
ret = ssl_write_failed;
goto exit;
}
ssl_close_notify( &ssl );
mbedtls_ssl_close_notify( &ssl );
exit:
if( server_fd != -1 )
net_close( server_fd );
mbedtls_net_close( server_fd );
ssl_free( &ssl );
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt_free( &ca );
mbedtls_ssl_free( &ssl );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free( &ca );
#endif
return( ret );

184
programs/ssl/ssl_client1.c
View file

@ -20,31 +20,31 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define polarssl_fprintf fprintf
#define polarssl_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CERTS_C) || !defined(POLARSSL_PEM_PARSE_C) || \
!defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main( void )
{
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
return( 0 );
}
@ -70,7 +70,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
polarssl_fprintf( (FILE *) ctx, "%s", str );
mbedtls_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@ -80,221 +80,221 @@ int main( void )
unsigned char buf[1024];
const char *pers = "ssl_client1";
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_crt cacert;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_x509_crt cacert;
#if defined(POLARSSL_DEBUG_C)
debug_set_threshold( DEBUG_LEVEL );
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( DEBUG_LEVEL );
#endif
/*
* 0. Initialize the RNG and the session data
*/
memset( &ssl, 0, sizeof( ssl_context ) );
x509_crt_init( &cacert );
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
mbedtls_x509_crt_init( &cacert );
polarssl_printf( "\n . Seeding the random number generator..." );
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_init returned %d\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 0. Initialize certificates
*/
polarssl_printf( " . Loading the CA root certificate ..." );
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
ret = x509_crt_parse( &cacert, (const unsigned char *) test_cas_pem,
test_cas_pem_len );
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret < 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
polarssl_printf( " ok (%d skipped)\n", ret );
mbedtls_printf( " ok (%d skipped)\n", ret );
/*
* 1. Start the connection
*/
polarssl_printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
mbedtls_printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_NAME,
SERVER_PORT, NET_PROTO_TCP ) ) != 0 )
if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 2. Setup stuff
*/
polarssl_printf( " . Setting up the SSL/TLS structure..." );
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio_timeout( &ssl, &server_fd, net_send, net_recv, NULL, 0 );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
/*
* 4. Handshake
*/
polarssl_printf( " . Performing the SSL/TLS handshake..." );
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
goto exit;
}
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 5. Verify the server certificate
*/
polarssl_printf( " . Verifying peer X.509 certificate..." );
mbedtls_printf( " . Verifying peer X.509 certificate..." );
/* In real life, we may want to bail out when ret != 0 */
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
polarssl_printf( " failed\n" );
mbedtls_printf( " failed\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
polarssl_printf( " ! server certificate has expired\n" );
if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
polarssl_printf( " ! server certificate has been revoked\n" );
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
mbedtls_printf( " ! server certificate has been revoked\n" );
if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
polarssl_printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
if( ( ret & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
mbedtls_printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
mbedtls_printf( " ! self-signed or not signed by a trusted CA\n" );
polarssl_printf( "\n" );
mbedtls_printf( "\n" );
}
else
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 3. Write the GET request
*/
polarssl_printf( " > Write to server:" );
mbedtls_printf( " > Write to server:" );
fflush( stdout );
len = sprintf( (char *) buf, GET_REQUEST );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
polarssl_printf( " %d bytes written\n\n%s", len, (char *) buf );
mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );
/*
* 7. Read the HTTP response
*/
polarssl_printf( " < Read from server:" );
mbedtls_printf( " < Read from server:" );
fflush( stdout );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
continue;
if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
break;
if( ret < 0 )
{
polarssl_printf( "failed\n ! ssl_read returned %d\n\n", ret );
mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
break;
}
if( ret == 0 )
{
polarssl_printf( "\n\nEOF\n\n" );
mbedtls_printf( "\n\nEOF\n\n" );
break;
}
len = ret;
polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 1 );
ssl_close_notify( &ssl );
mbedtls_ssl_close_notify( &ssl );
exit:
#ifdef POLARSSL_ERROR_C
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
if( server_fd != -1 )
net_close( server_fd );
mbedtls_net_close( server_fd );
x509_crt_free( &cacert );
ssl_free( &ssl );
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
mbedtls_x509_crt_free( &cacert );
mbedtls_ssl_free( &ssl );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
memset( &ssl, 0, sizeof( ssl ) );
#if defined(_WIN32)
polarssl_printf( " + Press Enter to exit this program.\n" );
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
POLARSSL_CERTS_C && POLARSSL_PEM_PARSE_C && POLARSSL_CTR_DRBG_C &&
POLARSSL_X509_CRT_PARSE_C */
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C &&
MBEDTLS_X509_CRT_PARSE_C */

776
programs/ssl/ssl_client2.c
View file

File diff suppressed because it is too large Load diff

210
programs/ssl/ssl_fork_server.c
View file

@ -20,42 +20,42 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define polarssl_fprintf fprintf
#define polarssl_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_TIMING_C) || \
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_PEM_PARSE_C)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
"POLARSSL_TIMING_C and/or POLARSSL_PEM_PARSE_C not defined.\n");
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
return( 0 );
}
#elif defined(_WIN32)
int main( void )
{
polarssl_printf("_WIN32 defined. This application requires fork() and signals "
mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
"to work correctly.\n");
return( 0 );
}
@ -87,7 +87,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
if( level < DEBUG_LEVEL )
{
polarssl_fprintf( (FILE *) ctx, "%s", str );
mbedtls_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
@ -100,86 +100,86 @@ int main( void )
unsigned char buf[1024];
const char *pers = "ssl_fork_server";
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_crt srvcert;
pk_context pkey;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey;
memset( &ssl, 0, sizeof(ssl_context) );
memset( &ssl, 0, sizeof(mbedtls_ssl_context) );
entropy_init( &entropy );
pk_init( &pkey );
x509_crt_init( &srvcert );
mbedtls_entropy_init( &entropy );
mbedtls_pk_init( &pkey );
mbedtls_x509_crt_init( &srvcert );
signal( SIGCHLD, SIG_IGN );
/*
* 0. Initial seeding of the RNG
*/
polarssl_printf( "\n . Initial seeding of the random generator..." );
mbedtls_printf( "\n . Initial seeding of the random generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
if( ( ret = mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_init returned %d\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 1. Load the certificates and private RSA key
*/
polarssl_printf( " . Loading the server cert. and key..." );
mbedtls_printf( " . Loading the server cert. and key..." );
fflush( stdout );
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509_crt_parse_file() to read the
* server and CA certificates, as well as pk_parse_keyfile().
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
test_srv_crt_len );
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_cas_pem,
test_cas_pem_len );
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
test_srv_key_len, NULL, 0 );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
polarssl_printf( " . Bind on https://localhost:4433/ ..." );
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433, NET_PROTO_TCP ) ) != 0 )
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, 4433, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
while( 1 )
{
@ -189,16 +189,16 @@ int main( void )
client_fd = -1;
memset( &ssl, 0, sizeof( ssl ) );
polarssl_printf( " . Waiting for a remote connection ..." );
mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
polarssl_printf( " failed\n ! net_accept returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 3.5. Forking server thread
@ -206,24 +206,24 @@ int main( void )
pid = fork();
polarssl_printf( " . Forking to handle connection ..." );
mbedtls_printf( " . Forking to handle connection ..." );
fflush( stdout );
if( pid < 0 )
{
polarssl_printf(" failed\n ! fork returned %d\n\n", pid );
mbedtls_printf(" failed\n ! fork returned %d\n\n", pid );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
if( pid != 0 )
{
if( ( ret = ctr_drbg_reseed( &ctr_drbg,
if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
(const unsigned char *) "parent",
6 ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
@ -236,85 +236,85 @@ int main( void )
/*
* 4. Setup stuff
*/
polarssl_printf( " . Setting up the SSL data...." );
mbedtls_printf( " . Setting up the SSL data...." );
fflush( stdout );
if( ( ret = ctr_drbg_reseed( &ctr_drbg,
if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
(const unsigned char *) "child",
5 ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
if( ( ret = ssl_init( &ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio_timeout( &ssl, &client_fd, net_send, net_recv, NULL, 0 );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
/*
* 5. Handshake
*/
polarssl_printf( " . Performing the SSL/TLS handshake..." );
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
goto exit;
}
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 6. Read the HTTP Request
*/
polarssl_printf( " < Read from client:" );
mbedtls_printf( " < Read from client:" );
fflush( stdout );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
continue;
if( ret <= 0 )
{
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
polarssl_printf( " connection was closed gracefully\n" );
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
polarssl_printf( " connection was reset by peer\n" );
case MBEDTLS_ERR_NET_CONN_RESET:
mbedtls_printf( " connection was reset by peer\n" );
break;
default:
polarssl_printf( " ssl_read returned %d\n", ret );
mbedtls_printf( " mbedtls_ssl_read returned %d\n", ret );
break;
}
@ -322,7 +322,7 @@ int main( void )
}
len = ret;
polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
if( ret > 0 )
break;
@ -332,57 +332,57 @@ int main( void )
/*
* 7. Write the 200 Response
*/
polarssl_printf( " > Write to client:" );
mbedtls_printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_ciphersuite( &ssl ) );
mbedtls_ssl_get_ciphersuite( &ssl ) );
while( cnt++ < 100 )
{
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
{
polarssl_printf( " failed\n ! peer closed the connection\n\n" );
mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
goto exit;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
polarssl_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
m_sleep( 1000 );
mbedtls_timing_m_sleep( 1000 );
}
ssl_close_notify( &ssl );
mbedtls_ssl_close_notify( &ssl );
goto exit;
}
exit:
if( client_fd != -1 )
net_close( client_fd );
mbedtls_net_close( client_fd );
x509_crt_free( &srvcert );
pk_free( &pkey );
ssl_free( &ssl );
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
mbedtls_ssl_free( &ssl );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32)
polarssl_printf( " Press Enter to exit this program.\n" );
mbedtls_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C && POLARSSL_PEM_PARSE_C &&
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C &&
! _WIN32 */

370
programs/ssl/ssl_mail_client.c
View file

@ -20,31 +20,31 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define polarssl_fprintf fprintf
#define polarssl_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
!defined(POLARSSL_FS_IO)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO)
int main( void )
{
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
return( 0 );
}
@ -100,25 +100,25 @@ int main( void )
#define MODE_SSL_TLS 0
#define MODE_STARTTLS 0
#if defined(POLARSSL_BASE64_C)
#if defined(MBEDTLS_BASE64_C)
#define USAGE_AUTH \
" authentication=%%d default: 0 (disabled)\n" \
" user_name=%%s default: \"user\"\n" \
" user_pwd=%%s default: \"password\"\n"
#else
#define USAGE_AUTH \
" authentication options disabled. (Require POLARSSL_BASE64_C)\n"
#endif /* POLARSSL_BASE64_C */
" authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
#endif /* MBEDTLS_BASE64_C */
#if defined(POLARSSL_FS_IO)
#if defined(MBEDTLS_FS_IO)
#define USAGE_IO \
" ca_file=%%s default: \"\" (pre-loaded)\n" \
" crt_file=%%s default: \"\" (pre-loaded)\n" \
" key_file=%%s default: \"\" (pre-loaded)\n"
#else
#define USAGE_IO \
" No file operations available (POLARSSL_FS_IO not defined)\n"
#endif /* POLARSSL_FS_IO */
" No file operations available (MBEDTLS_FS_IO not defined)\n"
#endif /* MBEDTLS_FS_IO */
#define USAGE \
"\n usage: ssl_mail_client param=<>...\n" \
@ -158,12 +158,12 @@ static void my_debug( void *ctx, int level, const char *str )
{
if( level < opt.debug_level )
{
polarssl_fprintf( (FILE *) ctx, "%s", str );
mbedtls_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
static int do_handshake( ssl_context *ssl, struct options *opt )
static int do_handshake( mbedtls_ssl_context *ssl, struct options *opt )
{
int ret;
unsigned char buf[1024];
@ -172,69 +172,69 @@ static int do_handshake( ssl_context *ssl, struct options *opt )
/*
* 4. Handshake
*/
polarssl_printf( " . Performing the SSL/TLS handshake..." );
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( ssl ) ) != 0 )
while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, 1024 );
#if defined(MBEDTLS_ERROR_C)
mbedtls_strerror( ret, (char *) buf, 1024 );
#endif
polarssl_printf( " failed\n ! ssl_handshake returned %d: %s\n\n", ret, buf );
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf );
return( -1 );
}
}
polarssl_printf( " ok\n [ Ciphersuite is %s ]\n",
ssl_get_ciphersuite( ssl ) );
mbedtls_printf( " ok\n [ Ciphersuite is %s ]\n",
mbedtls_ssl_get_ciphersuite( ssl ) );
/*
* 5. Verify the server certificate
*/
polarssl_printf( " . Verifying peer X.509 certificate..." );
mbedtls_printf( " . Verifying peer X.509 certificate..." );
/* In real life, we may want to bail out when ret != 0 */
if( ( ret = ssl_get_verify_result( ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
{
polarssl_printf( " failed\n" );
mbedtls_printf( " failed\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
polarssl_printf( " ! server certificate has expired\n" );
if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
polarssl_printf( " ! server certificate has been revoked\n" );
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
mbedtls_printf( " ! server certificate has been revoked\n" );
if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
polarssl_printf( " ! CN mismatch (expected CN=%s)\n", opt->server_name );
if( ( ret & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
mbedtls_printf( " ! CN mismatch (expected CN=%s)\n", opt->server_name );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
mbedtls_printf( " ! self-signed or not signed by a trusted CA\n" );
polarssl_printf( "\n" );
mbedtls_printf( "\n" );
}
else
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
polarssl_printf( " . Peer certificate information ...\n" );
x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl_get_peer_cert( ssl ) );
polarssl_printf( "%s\n", buf );
mbedtls_printf( " . Peer certificate information ...\n" );
mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
mbedtls_ssl_get_peer_cert( ssl ) );
mbedtls_printf( "%s\n", buf );
return( 0 );
}
static int write_ssl_data( ssl_context *ssl, unsigned char *buf, size_t len )
static int write_ssl_data( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
{
int ret;
polarssl_printf("\n%s", buf);
while( len && ( ret = ssl_write( ssl, buf, len ) ) <= 0 )
mbedtls_printf("\n%s", buf);
while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
return -1;
}
}
@ -242,19 +242,19 @@ static int write_ssl_data( ssl_context *ssl, unsigned char *buf, size_t len )
return( 0 );
}
static int write_ssl_and_get_response( ssl_context *ssl, unsigned char *buf, size_t len )
static int write_ssl_and_get_response( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
{
int ret;
unsigned char data[128];
char code[4];
size_t i, idx = 0;
polarssl_printf("\n%s", buf);
while( len && ( ret = ssl_write( ssl, buf, len ) ) <= 0 )
mbedtls_printf("\n%s", buf);
while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
return -1;
}
}
@ -263,21 +263,21 @@ static int write_ssl_and_get_response( ssl_context *ssl, unsigned char *buf, siz
{
len = sizeof( data ) - 1;
memset( data, 0, sizeof( data ) );
ret = ssl_read( ssl, data, len );
ret = mbedtls_ssl_read( ssl, data, len );
if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
continue;
if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
return -1;
if( ret <= 0 )
{
polarssl_printf( "failed\n ! ssl_read returned %d\n\n", ret );
mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
return -1;
}
polarssl_printf("\n%s", data);
mbedtls_printf("\n%s", data);
len = ret;
for( i = 0; i < len; i++ )
{
@ -307,10 +307,10 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len )
char code[4];
size_t i, idx = 0;
polarssl_printf("\n%s", buf);
mbedtls_printf("\n%s", buf);
if( len && ( ret = write( sock_fd, buf, len ) ) <= 0 )
{
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
return -1;
}
@ -322,12 +322,12 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len )
if( ret <= 0 )
{
polarssl_printf( "failed\n ! read returned %d\n\n", ret );
mbedtls_printf( "failed\n ! read returned %d\n\n", ret );
return -1;
}
data[len] = '\0';
polarssl_printf("\n%s", data);
mbedtls_printf("\n%s", data);
len = ret;
for( i = 0; i < len; i++ )
{
@ -354,18 +354,18 @@ int main( int argc, char *argv[] )
{
int ret = 0, len, server_fd;
unsigned char buf[1024];
#if defined(POLARSSL_BASE64_C)
#if defined(MBEDTLS_BASE64_C)
unsigned char base[1024];
#endif
char hostname[32];
const char *pers = "ssl_mail_client";
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_crt cacert;
x509_crt clicert;
pk_context pkey;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert;
mbedtls_pk_context pkey;
int i;
size_t n;
char *p, *q;
@ -375,24 +375,24 @@ int main( int argc, char *argv[] )
* Make sure memory references are valid in case we exit early.
*/
server_fd = 0;
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
memset( &buf, 0, sizeof( buf ) );
x509_crt_init( &cacert );
x509_crt_init( &clicert );
pk_init( &pkey );
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert );
mbedtls_pk_init( &pkey );
if( argc == 0 )
{
usage:
polarssl_printf( USAGE );
mbedtls_printf( USAGE );
list = ssl_list_ciphersuites();
list = mbedtls_ssl_list_ciphersuites();
while( *list )
{
polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
list++;
}
polarssl_printf("\n");
mbedtls_printf("\n");
goto exit;
}
@ -461,7 +461,7 @@ int main( int argc, char *argv[] )
{
opt.force_ciphersuite[0] = -1;
opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
if( opt.force_ciphersuite[0] <= 0 )
goto usage;
@ -475,151 +475,151 @@ int main( int argc, char *argv[] )
/*
* 0. Initialize the RNG and the session data
*/
polarssl_printf( "\n . Seeding the random number generator..." );
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_init returned %d\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 1.1. Load the trusted CA
*/
polarssl_printf( " . Loading the CA root certificate ..." );
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_file ) )
ret = x509_crt_parse_file( &cacert, opt.ca_file );
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &cacert, (const unsigned char *) test_cas_pem,
test_cas_pem_len );
#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
#else
{
ret = 1;
polarssl_printf("POLARSSL_CERTS_C not defined.");
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
}
#endif
if( ret < 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok (%d skipped)\n", ret );
mbedtls_printf( " ok (%d skipped)\n", ret );
/*
* 1.2. Load own certificate and private key
*
* (can be skipped if client authentication is not required)
*/
polarssl_printf( " . Loading the client cert. and key..." );
mbedtls_printf( " . Loading the client cert. and key..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.crt_file ) )
ret = x509_crt_parse_file( &clicert, opt.crt_file );
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
test_cli_crt_len );
#if defined(MBEDTLS_CERTS_C)
ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len );
#else
{
ret = -1;
polarssl_printf("POLARSSL_CERTS_C not defined.");
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
#if defined(POLARSSL_FS_IO)
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
ret = pk_parse_keyfile( &pkey, opt.key_file, "" );
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_PEM_PARSE_C)
ret = pk_parse_key( &pkey, (const unsigned char *) test_cli_key,
test_cli_key_len, NULL, 0 );
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
#else
{
ret = -1;
polarssl_printf("POLARSSL_CERTS_C or POLARSSL_PEM_PARSE_C not defined.");
mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
}
#endif
if( ret != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 2. Start the connection
*/
polarssl_printf( " . Connecting to tcp/%s/%-4d...", opt.server_name,
mbedtls_printf( " . Connecting to tcp/%s/%-4d...", opt.server_name,
opt.server_port );
fflush( stdout );
if( ( ret = net_connect( &server_fd, opt.server_name,
opt.server_port, NET_PROTO_TCP ) ) != 0 )
if( ( ret = mbedtls_net_connect( &server_fd, opt.server_name,
opt.server_port, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 3. Setup stuff
*/
polarssl_printf( " . Setting up the SSL/TLS structure..." );
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
ssl_set_bio_timeout( &ssl, &server_fd, net_send, net_recv, NULL, 0 );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
#endif
@ -629,19 +629,19 @@ int main( int argc, char *argv[] )
if( do_handshake( &ssl, &opt ) != 0 )
goto exit;
polarssl_printf( " > Get header from server:" );
mbedtls_printf( " > Get header from server:" );
fflush( stdout );
ret = write_ssl_and_get_response( &ssl, buf, 0 );
if( ret < 200 || ret > 299 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
polarssl_printf( " > Write EHLO to server:" );
mbedtls_printf( " > Write EHLO to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@ -649,25 +649,25 @@ int main( int argc, char *argv[] )
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
}
else
{
polarssl_printf( " > Get header from server:" );
mbedtls_printf( " > Get header from server:" );
fflush( stdout );
ret = write_and_get_response( server_fd, buf, 0 );
if( ret < 200 || ret > 299 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
polarssl_printf( " > Write EHLO to server:" );
mbedtls_printf( " > Write EHLO to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@ -675,13 +675,13 @@ int main( int argc, char *argv[] )
ret = write_and_get_response( server_fd, buf, len );
if( ret < 200 || ret > 299 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
polarssl_printf( " > Write STARTTLS to server:" );
mbedtls_printf( " > Write STARTTLS to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@ -689,115 +689,115 @@ int main( int argc, char *argv[] )
ret = write_and_get_response( server_fd, buf, len );
if( ret < 200 || ret > 299 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
if( do_handshake( &ssl, &opt ) != 0 )
goto exit;
}
#if defined(POLARSSL_BASE64_C)
#if defined(MBEDTLS_BASE64_C)
if( opt.authentication )
{
polarssl_printf( " > Write AUTH LOGIN to server:" );
mbedtls_printf( " > Write AUTH LOGIN to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "AUTH LOGIN\r\n" );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 399 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
polarssl_printf( " > Write username to server: %s", opt.user_name );
mbedtls_printf( " > Write username to server: %s", opt.user_name );
fflush( stdout );
n = sizeof( buf );
ret = base64_encode( base, &n, (const unsigned char *) opt.user_name,
ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_name,
strlen( opt.user_name ) );
if( ret != 0 ) {
polarssl_printf( " failed\n ! base64_encode returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_base64_encode returned %d\n\n", ret );
goto exit;
}
len = sprintf( (char *) buf, "%s\r\n", base );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 300 || ret > 399 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
polarssl_printf( " > Write password to server: %s", opt.user_pwd );
mbedtls_printf( " > Write password to server: %s", opt.user_pwd );
fflush( stdout );
ret = base64_encode( base, &n, (const unsigned char *) opt.user_pwd,
ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_pwd,
strlen( opt.user_pwd ) );
if( ret != 0 ) {
polarssl_printf( " failed\n ! base64_encode returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_base64_encode returned %d\n\n", ret );
goto exit;
}
len = sprintf( (char *) buf, "%s\r\n", base );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 399 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
}
#endif
polarssl_printf( " > Write MAIL FROM to server:" );
mbedtls_printf( " > Write MAIL FROM to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
polarssl_printf( " > Write RCPT TO to server:" );
mbedtls_printf( " > Write RCPT TO to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
polarssl_printf( " > Write DATA to server:" );
mbedtls_printf( " > Write DATA to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "DATA\r\n" );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 300 || ret > 399 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
polarssl_printf( " > Write content to server:" );
mbedtls_printf( " > Write content to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
@ -811,32 +811,32 @@ int main( int argc, char *argv[] )
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
polarssl_printf(" ok\n" );
mbedtls_printf(" ok\n" );
ssl_close_notify( &ssl );
mbedtls_ssl_close_notify( &ssl );
exit:
if( server_fd )
net_close( server_fd );
x509_crt_free( &clicert );
x509_crt_free( &cacert );
pk_free( &pkey );
ssl_free( &ssl );
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
mbedtls_net_close( server_fd );
mbedtls_x509_crt_free( &clicert );
mbedtls_x509_crt_free( &cacert );
mbedtls_pk_free( &pkey );
mbedtls_ssl_free( &ssl );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32)
polarssl_printf( " + Press Enter to exit this program.\n" );
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C **
POLARSSL_CTR_DRBG_C */
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
MBEDTLS_CTR_DRBG_C */

298
programs/ssl/ssl_pthread_server.c
View file

@ -21,36 +21,36 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define polarssl_fprintf fprintf
#define polarssl_printf printf
#define polarssl_snprintf snprintf
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#define mbedtls_snprintf snprintf
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_THREADING_C) || !defined(POLARSSL_THREADING_PTHREAD) || \
!defined(POLARSSL_PEM_PARSE_C)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
!defined(MBEDTLS_PEM_PARSE_C)
int main( void )
{
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
"POLARSSL_THREADING_C and/or POLARSSL_THREADING_PTHREAD "
"and/or POLARSSL_PEM_PARSE_C not defined.\n");
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
return( 0 );
}
#else
@ -70,11 +70,11 @@ int main( void )
#include "mbedtls/net.h"
#include "mbedtls/error.h"
#if defined(POLARSSL_SSL_CACHE_C)
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
#endif
@ -87,29 +87,29 @@ int main( void )
#define MAX_NUM_THREADS 5
threading_mutex_t debug_mutex;
mbedtls_threading_mutex_t debug_mutex;
static void my_mutexed_debug( void *ctx, int level, const char *str )
{
polarssl_mutex_lock( &debug_mutex );
mbedtls_mutex_lock( &debug_mutex );
if( level < DEBUG_LEVEL )
{
polarssl_fprintf( (FILE *) ctx, "%s", str );
mbedtls_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
polarssl_mutex_unlock( &debug_mutex );
mbedtls_mutex_unlock( &debug_mutex );
}
typedef struct {
int client_fd;
int thread_complete;
entropy_context *entropy;
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context *cache;
mbedtls_entropy_context *entropy;
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context *cache;
#endif
x509_crt *ca_chain;
x509_crt *server_cert;
pk_context *server_key;
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crt *server_cert;
mbedtls_pk_context *server_key;
} thread_info_t;
typedef struct {
@ -129,123 +129,123 @@ static void *handle_ssl_connection( void *data )
int thread_id = (int) pthread_self();
unsigned char buf[1024];
char pers[50];
ssl_context ssl;
ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ctr_drbg_context ctr_drbg;
/* Make sure memory references are valid */
memset( &ssl, 0, sizeof( ssl_context ) );
memset( &ctr_drbg, 0, sizeof( ctr_drbg_context ) );
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
memset( &ctr_drbg, 0, sizeof( mbedtls_ctr_drbg_context ) );
polarssl_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
polarssl_printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
polarssl_printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
mbedtls_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
mbedtls_printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
mbedtls_printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
/* entropy_func() is thread-safe if POLARSSL_THREADING_C is set
/* mbedtls_entropy_func() is thread-safe if MBEDTLS_THREADING_C is set
*/
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, thread_info->entropy,
if( ( ret = mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, thread_info->entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
polarssl_printf( " [ #%d ] failed: ctr_drbg_init returned -0x%04x\n",
mbedtls_printf( " [ #%d ] failed: mbedtls_ctr_drbg_init returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
polarssl_printf( " [ #%d ] ok\n", thread_id );
mbedtls_printf( " [ #%d ] ok\n", thread_id );
/*
* 4. Setup stuff
*/
polarssl_printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
mbedtls_printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
if( ( ret = ssl_init( &ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 )
{
polarssl_printf( " [ #%d ] failed: ssl_init returned -0x%04x\n",
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_init returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
/* ssl_cache_get() and ssl_cache_set() are thread-safe if
* POLARSSL_THREADING_C is set.
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
* MBEDTLS_THREADING_C is set.
*/
#if defined(POLARSSL_SSL_CACHE_C)
ssl_set_session_cache( &ssl, ssl_cache_get, thread_info->cache,
ssl_cache_set, thread_info->cache );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, thread_info->cache,
mbedtls_ssl_cache_set, thread_info->cache );
#endif
ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 )
mbedtls_ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
goto thread_exit;
}
polarssl_printf( " [ #%d ] ok\n", thread_id );
mbedtls_printf( " [ #%d ] ok\n", thread_id );
ssl_set_bio_timeout( &ssl, &client_fd, net_send, net_recv, NULL, 0 );
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
polarssl_printf( " [ #%d ] ok\n", thread_id );
mbedtls_printf( " [ #%d ] ok\n", thread_id );
/*
* 5. Handshake
*/
polarssl_printf( " [ #%d ] Performing the SSL/TLS handshake\n", thread_id );
mbedtls_printf( " [ #%d ] Performing the SSL/TLS handshake\n", thread_id );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " [ #%d ] failed: ssl_handshake returned -0x%04x\n",
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
}
polarssl_printf( " [ #%d ] ok\n", thread_id );
mbedtls_printf( " [ #%d ] ok\n", thread_id );
/*
* 6. Read the HTTP Request
*/
polarssl_printf( " [ #%d ] < Read from client\n", thread_id );
mbedtls_printf( " [ #%d ] < Read from client\n", thread_id );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
continue;
if( ret <= 0 )
{
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
polarssl_printf( " [ #%d ] connection was closed gracefully\n",
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf( " [ #%d ] connection was closed gracefully\n",
thread_id );
goto thread_exit;
case POLARSSL_ERR_NET_CONN_RESET:
polarssl_printf( " [ #%d ] connection was reset by peer\n",
case MBEDTLS_ERR_NET_CONN_RESET:
mbedtls_printf( " [ #%d ] connection was reset by peer\n",
thread_id );
goto thread_exit;
default:
polarssl_printf( " [ #%d ] ssl_read returned -0x%04x\n",
mbedtls_printf( " [ #%d ] mbedtls_ssl_read returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
}
len = ret;
polarssl_printf( " [ #%d ] %d bytes read\n=====\n%s\n=====\n",
mbedtls_printf( " [ #%d ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
if( ret > 0 )
@ -256,64 +256,64 @@ static void *handle_ssl_connection( void *data )
/*
* 7. Write the 200 Response
*/
polarssl_printf( " [ #%d ] > Write to client:\n", thread_id );
mbedtls_printf( " [ #%d ] > Write to client:\n", thread_id );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_ciphersuite( &ssl ) );
mbedtls_ssl_get_ciphersuite( &ssl ) );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
{
polarssl_printf( " [ #%d ] failed: peer closed the connection\n",
mbedtls_printf( " [ #%d ] failed: peer closed the connection\n",
thread_id );
goto thread_exit;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " [ #%d ] failed: ssl_write returned -0x%04x\n",
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_write returned -0x%04x\n",
thread_id, ret );
goto thread_exit;
}
}
len = ret;
polarssl_printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n",
mbedtls_printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
polarssl_printf( " [ #%d ] . Closing the connection...", thread_id );
mbedtls_printf( " [ #%d ] . Closing the connection...", thread_id );
while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " [ #%d ] failed: ssl_close_notify returned -0x%04x\n",
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
thread_id, ret );
goto thread_exit;
}
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
ret = 0;
thread_exit:
#ifdef POLARSSL_ERROR_C
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
polarssl_printf(" [ #%d ] Last error was: -0x%04x - %s\n\n",
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf(" [ #%d ] Last error was: -0x%04x - %s\n\n",
thread_id, -ret, error_buf );
}
#endif
net_close( client_fd );
ctr_drbg_free( &ctr_drbg );
ssl_free( &ssl );
mbedtls_net_close( client_fd );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_free( &ssl );
thread_info->thread_complete = 1;
@ -334,7 +334,7 @@ static int thread_create( int client_fd )
if( threads[i].data.thread_complete == 1 )
{
polarssl_printf( " [ main ] Cleaning up thread %d\n", i );
mbedtls_printf( " [ main ] Cleaning up thread %d\n", i );
pthread_join(threads[i].thread, NULL );
memset( &threads[i], 0, sizeof(pthread_info_t) );
break;
@ -365,70 +365,70 @@ int main( void )
int listen_fd;
int client_fd = -1;
entropy_context entropy;
x509_crt srvcert;
pk_context pkey;
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
mbedtls_entropy_context entropy;
mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[100000];
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
base_info.cache = &cache;
#endif
memset( threads, 0, sizeof(threads) );
polarssl_mutex_init( &debug_mutex );
mbedtls_mutex_init( &debug_mutex );
/*
* We use only a single entropy source that is used in all the threads.
*/
entropy_init( &entropy );
mbedtls_entropy_init( &entropy );
base_info.entropy = &entropy;
/*
* 1. Load the certificates and private RSA key
*/
polarssl_printf( "\n . Loading the server cert. and key..." );
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
x509_crt_init( &srvcert );
mbedtls_x509_crt_init( &srvcert );
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509_crt_parse_file() to read the
* server and CA certificates, as well as pk_parse_keyfile().
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
test_srv_crt_len );
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_cas_pem,
test_cas_pem_len );
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
pk_init( &pkey );
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
test_srv_key_len, NULL, 0 );
mbedtls_pk_init( &pkey );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
goto exit;
}
@ -436,29 +436,29 @@ int main( void )
base_info.server_cert = &srvcert;
base_info.server_key = &pkey;
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
polarssl_printf( " . Bind on https://localhost:4433/ ..." );
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433, NET_PROTO_TCP ) ) != 0 )
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, 4433, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
reset:
#ifdef POLARSSL_ERROR_C
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
polarssl_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
}
#endif
@ -467,21 +467,21 @@ reset:
*/
client_fd = -1;
polarssl_printf( " [ main ] Waiting for a remote connection\n" );
mbedtls_printf( " [ main ] Waiting for a remote connection\n" );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
polarssl_printf( " [ main ] failed: net_accept returned -0x%04x\n", ret );
mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret );
goto exit;
}
polarssl_printf( " [ main ] ok\n" );
polarssl_printf( " [ main ] Creating a new thread\n" );
mbedtls_printf( " [ main ] ok\n" );
mbedtls_printf( " [ main ] Creating a new thread\n" );
if( ( ret = thread_create( client_fd ) ) != 0 )
{
polarssl_printf( " [ main ] failed: thread_create returned %d\n", ret );
net_close( client_fd );
mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret );
mbedtls_net_close( client_fd );
goto reset;
}
@ -489,28 +489,28 @@ reset:
goto reset;
exit:
x509_crt_free( &srvcert );
pk_free( &pkey );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
#endif
entropy_free( &entropy );
mbedtls_entropy_free( &entropy );
polarssl_mutex_free( &debug_mutex );
mbedtls_mutex_free( &debug_mutex );
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
memory_buffer_alloc_free();
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
#if defined(_WIN32)
polarssl_printf( " Press Enter to exit this program.\n" );
mbedtls_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C && POLARSSL_THREADING_C &&
POLARSSL_THREADING_PTHREAD && POLARSSL_PEM_PARSE_C */
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */

244
programs/ssl/ssl_server.c
View file

@ -20,33 +20,33 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include POLARSSL_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#define polarssl_fprintf fprintf
#define polarssl_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_printf printf
#endif
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_PEM_PARSE_C)
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PEM_PARSE_C)
int main( void )
{
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
"and/or POLARSSL_PEM_PARSE_C not defined.\n");
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
return( 0 );
}
#else
@ -67,7 +67,7 @@ int main( void )
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#if defined(POLARSSL_SSL_CACHE_C)
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
#endif
@ -82,7 +82,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
polarssl_fprintf( (FILE *) ctx, "%s", str );
mbedtls_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@ -94,205 +94,205 @@ int main( void )
unsigned char buf[1024];
const char *pers = "ssl_server";
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_crt srvcert;
pk_context pkey;
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
#endif
memset( &ssl, 0, sizeof(ssl_context) );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
memset( &ssl, 0, sizeof(mbedtls_ssl_context) );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
#endif
x509_crt_init( &srvcert );
pk_init( &pkey );
entropy_init( &entropy );
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
mbedtls_entropy_init( &entropy );
#if defined(POLARSSL_DEBUG_C)
debug_set_threshold( DEBUG_LEVEL );
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( DEBUG_LEVEL );
#endif
/*
* 1. Load the certificates and private RSA key
*/
polarssl_printf( "\n . Loading the server cert. and key..." );
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509_crt_parse_file() to read the
* server and CA certificates, as well as pk_parse_keyfile().
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt,
test_srv_crt_len );
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = x509_crt_parse( &srvcert, (const unsigned char *) test_cas_pem,
test_cas_pem_len );
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
goto exit;
}
ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
test_srv_key_len, NULL, 0 );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 );
if( ret != 0 )
{
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
polarssl_printf( " . Bind on https://localhost:4433/ ..." );
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433, NET_PROTO_TCP ) ) != 0 )
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, 4433, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 3. Seed the RNG
*/
polarssl_printf( " . Seeding the random number generator..." );
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
if( ( ret = mbedtls_ctr_drbg_init( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_init returned %d\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 4. Setup stuff
*/
polarssl_printf( " . Setting up the SSL data...." );
mbedtls_printf( " . Setting up the SSL data...." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret );
goto exit;
}
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
ssl_cache_set, &cache );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_cache_set, &cache );
#endif
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
reset:
#ifdef POLARSSL_ERROR_C
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
if( client_fd != -1 )
net_close( client_fd );
mbedtls_net_close( client_fd );
ssl_session_reset( &ssl );
mbedtls_ssl_session_reset( &ssl );
/*
* 3. Wait until a client connects
*/
client_fd = -1;
polarssl_printf( " . Waiting for a remote connection ..." );
mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
polarssl_printf( " failed\n ! net_accept returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
goto exit;
}
ssl_set_bio_timeout( &ssl, &client_fd, net_send, net_recv, NULL, 0 );
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 5. Handshake
*/
polarssl_printf( " . Performing the SSL/TLS handshake..." );
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
goto reset;
}
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
/*
* 6. Read the HTTP Request
*/
polarssl_printf( " < Read from client:" );
mbedtls_printf( " < Read from client:" );
fflush( stdout );
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = ssl_read( &ssl, buf, len );
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
continue;
if( ret <= 0 )
{
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
polarssl_printf( " connection was closed gracefully\n" );
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
polarssl_printf( " connection was reset by peer\n" );
case MBEDTLS_ERR_NET_CONN_RESET:
mbedtls_printf( " connection was reset by peer\n" );
break;
default:
polarssl_printf( " ssl_read returned -0x%x\n", -ret );
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
break;
}
@ -300,7 +300,7 @@ reset:
}
len = ret;
polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
if( ret > 0 )
break;
@ -310,78 +310,78 @@ reset:
/*
* 7. Write the 200 Response
*/
polarssl_printf( " > Write to client:" );
mbedtls_printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_ciphersuite( &ssl ) );
mbedtls_ssl_get_ciphersuite( &ssl ) );
while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
{
polarssl_printf( " failed\n ! peer closed the connection\n\n" );
mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
goto reset;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
polarssl_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
polarssl_printf( " . Closing the connection..." );
mbedtls_printf( " . Closing the connection..." );
while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
ret != MBEDTLS_ERR_NET_WANT_WRITE )
{
polarssl_printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
goto reset;
}
}
polarssl_printf( " ok\n" );
mbedtls_printf( " ok\n" );
ret = 0;
goto reset;
exit:
#ifdef POLARSSL_ERROR_C
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
if( client_fd != -1 )
net_close( client_fd );
mbedtls_net_close( client_fd );
x509_crt_free( &srvcert );
pk_free( &pkey );
ssl_free( &ssl );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
mbedtls_ssl_free( &ssl );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
#endif
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32)
polarssl_printf( " Press Enter to exit this program.\n" );
mbedtls_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C && POLARSSL_X509_CRT_PARSE_C
&& POLARSSL_FS_IO && POLARSSL_PEM_PARSE_C */
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
&& MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */

1010
programs/ssl/ssl_server2.c
View file

File diff suppressed because it is too large Load diff