Commit graph

478 commits

Author SHA1 Message Date
Gilles Peskine
daa94c4ff5 SSL test programs: move RNG common code to ssl_test_lib
This commit is deliberately arranged to minimize code changes.
Subsequent commits will clean up the resulting code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:13:47 +01:00
Gilles Peskine
b3715eb86e SSL test programs: prepare to unify common code
In preparation for unifying the common RNG-related code of ssl_client2
and ssl_server2, make it possible to copy-paste that code out of these
programs' main() functions:

* Replaces reads of the non-unifiable structure opt by reads of a
  separate variable.
* Replace references to the local variable rng by a pointer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:08:14 +01:00
Gilles Peskine
8a8492bcd4 SSL test programs: stuff RNG context into a struct
Group the random generation context (entropy and DRBG) into a struct.
This is in preparation for unifying the common RNG-related code of
ssl_client2 and ssl_server2, then generalizing that code to support
methods other than entropy+CTR_DRBG.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 18:17:32 +01:00
Gilles Peskine
b4df754274 Update #else and #endif comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-08 21:21:27 +01:00
Gilles Peskine
504c1a361e ssl_test_lib: move common functions and variables
Move from ssl_*2.c to ssl_test_lib.c:
* Functions that have exactly identical definitions in the two
  programs, and that don't reference the global variable opt which
  has a different type in the client and in the server. Also declare
  these functions in ssl_test_lib.h.

Move from ssl_*2.c to ssl_test_common_source.c:
* Functions that have exactly identical definitions in the two
  programs, but access fields of the global variable opt which
  has a different structure type in the client and in the server.
* The array ssl_sig_hashes_for_test, because its type is incomplete.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
7c818d68be ssl_test_lib: move common type definitions
Move from ssl_*2.c to ssl_test_lib.h:
* Types defined identically in both files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
c11eb1fa07 Prepare to merge identical code from ssl_client2.c and ssl_server2.c
Adjust whitespace and comments in code of ssl_client2.c and
ssl_server2.c that was almost identical to make these chunks exactly
identical.

Make the common functions non-static.

This is in preparation for moving the common code to ssl_test_lib.c.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
7f679c7bf4 ssl_test_lib: move declaration of query_config
Move from ssl_*2.c to ssl_test_lib.h:
* The declaration of query_config(). Also document it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
67638d6828 ssl_test_lib: move common includes
Move from ssl_*2.c to ssl_test_lib.h:
* Include directives for headers included by both programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
ab7ce96d7b ssl_test_lib: move initial includes and is-it-supported check
Move from ssl_*2.c to ssl_test_lib.h:
* The inclusion of the config header file (identical).
* The fallback definitions of platform functions (almost identical:
  server2 also had snprintf and the order and whitespace was slightly
  different).
* The compilation guards checking that required options are
  enabled (tweaked to make them common, with MBEDTLS_SSL_{CLI,SRV}_C
  separated out).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
0d980b8be8 ssl_test_common_source.c: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c, but cannot be compiled separately and instead needs
to be #include'd in each program that uses it.

This is for code that references macros or types that are defined
differently in the two programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Bence Szépkúti
880334cba0 Fix use-after-scope error in programs/ssl
mbedtls_ssl_conf_dtls_srtp_protection_profiles stores the pointer to the
profiles in the configuration.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-15 10:22:05 +01:00
Ronald Cron
c9851141a2 programs: ssl: Fix printf parameter type cast
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
adc2ff28b0 Adapt programs to PSA openless APIs
PSA and SSL programs are PSA clients thus should use
psa_key_id_t as the type for key identifiers, not
mbedtls_svc_key_id_t.

As a consequence, PSA, ssl_server2 and ssl_client2
programs cannot compile and must not be compiled if
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined.
Thus, add MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
compilation guard to those programs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
c4d1b514ab Define handles as key identifiers
Define psa_key_handle_t to be equal to
mbedtls_svc_key_id_t. Make the handle of a persistent
key be equal to its key identifier. For volatile keys,
make the key handle equal to the volatile key
identifier of the created volatile key.

The unit tests are modified just to make them compile
not to make them run successfully. They are fixed in
the subsequent commits.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Johan Pascal
5fbe9e7ac0 remove useless parentheses
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 10:50:54 +01:00
Johan Pascal
5ef72d214f Style and typos
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
2258a4f481 Do not return a structure, use a return parameter
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
0dbcd1d3f0 Make API safer
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
20c7db3a67 API modified so server side can get mki value
+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
76fdf1d60e Minor fix and improvements
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
9bc50b0122 Test check the key material exported match
- include interop with openssl client

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
d387aa0586 style + missing cast
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
253d0263a6 set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
43f9490a52 SRTP profiles definition use macros only
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
d576fdb1d6 Style + fix bound check in write_use_srt_ext
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
9bc97ca19d SRTP-DTLS protection profile configuration list not copied into ssl_config
+ improve test
+ minor style fix

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
8526957cd5 Minor style modifications
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
48f62e98a8 Fix ssl_client2 after rebase
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
1d957e61eb Fix build warning
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
b64eab7656 fix style
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
65b56ef87f Change key derivation for srtp
Use the export keys functionality, to call the public API
`mbedtls_ssl_tls_prf()`, and remove the function
`mbedtls_ssl_get_dtls_srtp_key_material()`.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
a978804a1b Style fixes
1. Fix indentations.
2. Remove redundant whitespaces.
3. Keep short lines.
4. Grammar fixes.
5. Rephrase function description.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
ef72faf2bb Style fixes
1. Adjust to 80 colums where possible.
2. Add \ remove spaces where needed.
3. Fix alignments.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
311b95aafe Fix compilation errors
Fix compilation errors when `MBEDTLS_DTLS_SRTP` not set
1. Add file missed in previous commmit.
2. In sample applications, set `DFL_FORCE_SRTP_PROFILE` to 0.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Ron Eldor
6ea64518ad Add dtls-srtp to client and server examples
Add dtls-srtp to `ssl_client2` and `ssl_server2` examples,
for reference and for allowing in tests.

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
gabor-mezei-arm
de47217580
Do not print any messages if query_config option is used
To preserve the behaviour of the query_config option all message
is omitted it it is used.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-10-05 11:34:50 +02:00
gabor-mezei-arm
785958577e
Use goto exit instead of direct return
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-10-05 11:34:50 +02:00
gabor-mezei-arm
a9eecf1b19
If query_config is used only the config value is printed.
The extra code running after the removed return instruction should not generate any output. Only the read config value must be printed.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-10-05 11:34:41 +02:00
Manuel Pégourié-Gonnard
6edfe60e0d
Merge pull request #2182 from hanno-arm/key_pwd
Add support for password protected key files to ssl_server2 and ssl_client2
2020-08-24 09:42:38 +02:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
Hanno Becker
2d3ac68336 Parse key-file and -password parameters in same place in ssl_client2
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-17 09:44:44 +01:00
Hanno Becker
bffa54f4eb Add usage string for key_pwd argument in ssl_client2 program
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-17 09:44:41 +01:00
Hanno Becker
ca04fdc2cc Add support for password protected key file to ssl_client2
The example application programs/ssl/ssl_client2 allows the
configuration of a client CRT through the parameters
- crt_file, key_file
However, password protected key files are not supported.

This commit adds a new command line option
- key_pwd
which allow to specify a password for the key file specified
in the key_file parameter.
2020-08-14 09:58:51 +01:00
Ronald Cron
7d8661618b Use mbedtls_test_unhexify in programs
Use mbedtls_test_unhexify in programs instead of ad-hoc
implementations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Gilles Peskine
e24fc7b0a1
Merge pull request #2595 from k-stachowiak/unified-exit-in-examples
Unify the example programs' termination
2020-05-12 10:46:47 +02:00
Gilles Peskine
d9f694960f
Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
2020-05-04 12:29:09 +02:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2020-04-22 16:01:48 +02:00
Gilles Peskine
b2971ff942 Strict C99: don't use extremely large string literals
Don't use string literals that are longer than 4095 bytes, which is
the minimum that C99 compilers are required to support. Compilers are
extremely likely to support longer literals, but `gcc -std=c99 -pedantic`
complains.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 15:39:36 +02:00
Piotr Nowicki
3de298f18f Saving the serialized context to a file
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 16:26:43 +02:00
Piotr Nowicki
136bebf934 Add missing newline character
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-04-17 14:47:33 +02:00
Andrzej Kurek
90c6e84a9c
Split the maximum fragment length into two - an input and output MFL
Since the server might want to have a different maximum fragment length
for the outgoing messages than the negotiated one - introduce a new way of
computing it. This commit also adds additional ssl-opt.sh tests ensuring
that the maximum fragment lengths are set as expected. 
mbedtls_ssl_get_max_frag_len() is now a deprecated function,
being an alias to mbedtls_ssl_get_output_max_frag_len(). The behaviour
of this function is the same as before.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-09 04:30:34 -04:00
Gilles Peskine
eccd888717 Rename identifiers containing double-underscore
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.

This commit makes check-names.sh pass.

```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
2020-03-23 17:55:32 +01:00
Manuel Pégourié-Gonnard
56941fe6a2 Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 09:33:45 +01:00
Gilles Peskine
2ac4d86040 Fix file leak in test program
A similar bug was fixed earlier in ssl_server2, but we missed the fix
in ssl_client2.
2020-01-21 17:39:52 +01:00
Piotr Nowicki
7d01ef6562 Added buffer-based mbedtls allocator support to ssl_client2 2019-11-25 15:52:48 +01:00
Piotr Nowicki
9926eaf695 Do not allow configuring zero-length PSK
fix error when calloc is called with size 0
2019-11-25 15:49:53 +01:00
Jaeden Amero
63d813d258 ssl: Disallow modification of hello.random by export
Make client_random and server_random const in
mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged
from modifying the client/server hello.

Update examples and tests use const for hello.random as well, to ensure
that the export callbacks are of the proper type.

Fixes #2759
2019-09-12 15:18:25 +01:00
Hanno Becker
bc5308cb9a ssl_cli/srv2: Indicate nss_keylog and eap_tls are mut. exclusive 2019-09-09 11:38:51 +01:00
Hanno Becker
48f3a3d101 Add NSS keylog support to ssl_server2 and ssl_client2
This commit adds command line options

- nss_keylog=0/1
- nss_keylog_file=FILENAME

to the example programs ssl/ssl_client2 and ssl/ssl_server2 which
allow to print and export the session keys in the NSS keylog
for debugging purposes.
2019-09-09 10:30:16 +01:00
Jarno Lamsa
472a2a2fcd Don't redefine calloc and free 2019-08-23 13:13:52 +03:00
Manuel Pégourié-Gonnard
9df5a82079 Actually reset the context on save as advertised
Also fix some wording in the documentation while at it.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
13c8e68477 Change requirements for setting timer callback
The code wants timer callbacks to be set (checked in fetch_input()), and can't
easily check whether we're using nbio, so it seems easier to require the
callbacks to be always set rather than only with nbio as was previously done.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
3309a67996 Fix memory leak in client/server2
context_buf was never free()d. Moreover, since we want to free it on error
paths as well, and even properly zeroize it in order to demonstrate good
memory hygiene, we need to make it and its length main()-scoped.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
a88399c091 Improve demo/testing code in client/server2
Previously it was missing reset in case 1, and in case 2 the code was never
executed as the option value was reset to 0.

Tighten checking of return values of save(NULL, 0) now that it works.

Also, improve the printed output as well as the comments.

I checked manually that everything now works and fail in the expected way:
save, reset-or-reinit and load all succeed, but the subsequent read or write
fails.
2019-08-23 13:11:31 +03:00
Jarno Lamsa
ddf72a1cf6 Fix style issues 2019-08-23 13:07:05 +03:00
Jarno Lamsa
8e2532196d Set timer callbacks with serialization 2019-08-23 13:05:43 +03:00
Jarno Lamsa
1a7f7936f3 Fix spacing 2019-08-23 13:05:43 +03:00
Jarno Lamsa
15b3a7ae4d Fix compiler warnings 2019-08-23 13:05:42 +03:00
Jarno Lamsa
304d61cede Add option for ssl-context re-initialization flow 2019-08-23 13:05:34 +03:00
Jarno Lamsa
1d1657f11c Allow stub implementation of the context_save for now 2019-08-23 12:53:40 +03:00
Jarno Lamsa
93c6ff2392 Address review comments for code-style issues 2019-08-23 12:53:40 +03:00
Jarno Lamsa
378d64daad Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test 2019-08-23 12:53:40 +03:00
Jarno Lamsa
bbc7b41903 Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag 2019-08-23 12:53:40 +03:00
Jarno Lamsa
af30629686 Rely on opt.exchanges for sending after serialization 2019-08-23 12:53:40 +03:00
Jarno Lamsa
77e6665ffb Serialization/deserialization in ssl_client2 2019-08-23 12:53:40 +03:00
Jarno Lamsa
9831c8a14c Add option for serialization in ssl_client/server2 2019-08-23 12:53:40 +03:00
Manuel Pégourié-Gonnard
686adb4d54 Normalize spelling to serialiZation
We have explicit recommendations to use US spelling for technical writing, so
let's apply this to code as well for uniformity. (My fingers tend to prefer UK
spelling, so this needs to be fixed in many places.)

sed -i 's/\([Ss]eriali\)s/\1z/g' **/*.[ch] **/*.function **/*.data ChangeLog
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
4d591d6d3f Demonstrate safe usage (zeroize) in ssl_client2 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
26f982f50e Improve save API by always updating olen
This allows callers to discover what an appropriate size is. Otherwise they'd
have to either try repeatedly, or allocate an overly large buffer (or some
combination of those).

Adapt documentation an example usage in ssl_client2.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
a7c3765760 Add tests for session copy without serialisation 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
b5e4e0a395 Add mbedtls_ssl_get_session_pointer()
Avoid useless copy with mbedtls_ssl_get_session() before serialising.

Used in ssl_client2 for testing and demonstrating usage, but unfortunately
that means mbedtls_ssl_get_session() is no longer tested, which will be fixed
in the next commit.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
21548638b7 Save session in serialised form in ssl_client2.
This provides basic testing for the session (de)serialisation functions, as
well as an example of how to use them.

Tested locally with tests/ssl-opt.sh -f '^Session resume'.
2019-08-23 12:48:41 +03:00
Jaeden Amero
9a09f511b5 Merge remote-tracking branch 'origin/pr/2781' into development
* origin/pr/2781:
  Documentation fixes according to review
  Remove unused label in ssl_client2/ssl_server2
  Add missing word in documentation of mbedtls_ssl_check_record()
  cli/srv ex: Add dbg msg if record checking gives inconsistent result
  Fix minor issues in documentation of mbedtls_ssl_check_record()
  State that record checking is DTLS only and doesn't check content type
  Update version_features.c
  Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2
  Add IO wrappers to ssl_server2 as interm's between NET and SSL layer
  Add IO wrappers to ssl_client2 as interm's between NET and SSL layer
  Introduce configuration option and API for SSL record checking
2019-08-22 11:08:52 +01:00
Janos Follath
be4efc2b38 Move the examples to PSA 1.0 2019-08-16 13:37:32 +01:00
Krzysztof Stachowiak
5e1b195d1f Unify the example programs' termination
This is done to account for platforms, for which we want custom behavior
upon the program termination, hence we call `mbedtls_exit()` instead of
returning from `main()`.
2019-08-16 06:37:42 +02:00
Hanno Becker
1f3fe87da3 Remove unused label in ssl_client2/ssl_server2 2019-08-06 11:27:34 +03:00
Hanno Becker
91f8327e40 cli/srv ex: Add dbg msg if record checking gives inconsistent result 2019-08-06 11:26:55 +03:00
Hanno Becker
4b6649e67c Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2 2019-08-06 10:53:28 +03:00
Hanno Becker
8b1af2f89c Add IO wrappers to ssl_client2 as interm's between NET and SSL layer 2019-08-06 10:26:33 +03:00
Jaeden Amero
fd0f65459c Merge remote-tracking branch 'origin/pr/2697' into development
* origin/pr/2697:
  Update crypto submodule
  Add all.sh component that exercises invalid_param checks
  Remove mbedtls_param_failed from programs
  Make it easier to define MBEDTLS_PARAM_FAILED as assert
  Make test suites compatible with #include <assert.h>
  Pass -m32 to the linker as well
  Don't systematically rebuild programs
2019-06-21 13:21:05 +01:00
Jaeden Amero
8d936e87fb Merge remote-tracking branch 'origin/pr/2681' into development
* origin/pr/2681:
  unconditional mbedtls_ssl_conf_rng
  Adding usage and removing dummy random
  comment alignment
  Commit to C90 style
  Adds missing ret definition
  More clarity for ifdef orders
  Only warns if MBEDTLS_HAVE_TIME
  Option used added in string
  Code review
  Style fixes
  SSL reproducible test mode
2019-06-21 13:20:02 +01:00
Philippe Antoine
b94cf822f3 unconditional mbedtls_ssl_conf_rng 2019-06-19 15:19:38 +02:00
Philippe Antoine
738153a048 Adding usage and removing dummy random 2019-06-18 20:16:43 +02:00
Jaeden Amero
e1b02df515 Merge remote-tracking branch 'origin/pr/2260' into development
* origin/pr/2260:
  Update crypto submodule
  Remove heading spaces in tests/data_files/Makefile
  Re-generate library/certs.c from script
  Add new line at the end of test-ca2.key.enc
  Use strict syntax to annotate origin of test data in certs.c
  Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
  Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
  ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
  Document origin of hardcoded certificates in library/certs.c
  Adapt ChangeLog
  Rename server1.der to server1.crt.der
  Add DER encoded files to git tree
  Add build instructions to generate DER versions of CRTs and keys
  Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  Correct white spaces in ssl_server2 and ssl_client2
  Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
  Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
2019-06-14 08:46:48 +01:00
Gilles Peskine
3abbcedc68 Remove mbedtls_param_failed from programs
All sample and test programs had a definition of mbedtls_param_failed.
This was necessary because we wanted to be able to build them in a
configuration with MBEDTLS_CHECK_PARAMS set but without a definition
of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of
MBEDTLS_PARAM_FAILED in config.h when testing with
MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed.
2019-06-13 16:51:59 +02:00
Philippe Antoine
154feb21e8 comment alignment 2019-06-11 17:50:23 +02:00
Philippe Antoine
d2235f2a41 Commit to C90 style 2019-06-11 16:29:28 +02:00
Philippe Antoine
12e85de964 Adds missing ret definition 2019-06-11 16:07:53 +02:00