The UDP proxy corrupts application data at the end of the datagram. If
there are multiple DTLS records within the same datagram, this leads
to the wrong message being corrupted. This commit always corrupts the
beginning of the message to prevent this.
Overall, the UDP proxy needs reworking if it is supposed to reliably
support multiple records within a single datagram, because it
determines its actions from the type of the first record in the
current datagram only.
This commit provides the new option pack=TIME for the udp proxy
./programs/test/udp_proxy. If used, udp packets with the same
destination will be queued and concatenated for up to TIME
milliseconds before being delivered.
This is useful to test how mbed TLS's deals with multiple DTLS records
within a single datagram.
This commit introduces the script `programs/test/udp_proxy_wrapper.sh` which can
be used to wrap the SSL server binary `programs/ssl/ssl_server2` by the UDP
proxy application `programs/test/udp_proxy` while maintaining the same
interface from the command line.
Specifically, given UDP proxy arguments ARGS_UDP and SSL server arguments
ARGS_SSL, the command line
> ./udp_proxy_wrapper.sh ARGS_UDP -- ARGS_SSL
behaves like
> ./ssl_server2 ARGS_SSL
wrapped by
> ./udp_proxy ARGS_UDP
The motivation and benefit of this is that scripts like `ssl-opt.sh` can be used
with the server command line `P_SRV` modified to `./udp_proxy_wrapper.sh
ARGS_UDP -- DEFAULT_ARGS_SSL` which will result in all tests being executed for
an SSL server behind a UDP proxy.
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:
- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
at byte, word and long word sizes.
Now counts and displays the number of test suites executed, which can vary
depending on build configurations.
All tests are now executed as this is a sample and test program, rather than
exit on first failure.
Exit code now restricted to SUCCESS or FAILURE.
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
- Added in each tests program to be sure they are run (putting them in a test
suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
past [1], so make sure to catch that if it ever happens again.
[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
