1 /*
2 * SSL client with certificate authentication
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7
8 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
9
10 #include "ssl_test_lib.h"
11
12 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
13 #include "test/psa_crypto_helpers.h"
14 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
15
16 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
main(void)17 int main(void)
18 {
19 mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE);
20 mbedtls_exit(0);
21 }
22 #elif !defined(MBEDTLS_SSL_CLI_C)
main(void)23 int main(void)
24 {
25 mbedtls_printf("MBEDTLS_SSL_CLI_C not defined.\n");
26 mbedtls_exit(0);
27 }
28 #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
29
30 /* Size of memory to be allocated for the heap, when using the library's memory
31 * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
32 #define MEMORY_HEAP_SIZE 120000
33
34 #define MAX_REQUEST_SIZE 20000
35 #define MAX_REQUEST_SIZE_STR "20000"
36
37 #define DFL_SERVER_NAME "localhost"
38 #define DFL_SERVER_ADDR NULL
39 #define DFL_SERVER_PORT "4433"
40 #define DFL_REQUEST_PAGE "/"
41 #define DFL_REQUEST_SIZE -1
42 #define DFL_DEBUG_LEVEL 0
43 #define DFL_CONTEXT_CRT_CB 0
44 #define DFL_NBIO 0
45 #define DFL_EVENT 0
46 #define DFL_READ_TIMEOUT 0
47 #define DFL_MAX_RESEND 0
48 #define DFL_CA_FILE ""
49 #define DFL_CA_PATH ""
50 #define DFL_CRT_FILE ""
51 #define DFL_KEY_FILE ""
52 #define DFL_KEY_OPAQUE 0
53 #define DFL_KEY_PWD ""
54 #define DFL_PSK ""
55 #define DFL_EARLY_DATA -1
56 #define DFL_PSK_OPAQUE 0
57 #define DFL_PSK_IDENTITY "Client_identity"
58 #define DFL_ECJPAKE_PW NULL
59 #define DFL_ECJPAKE_PW_OPAQUE 0
60 #define DFL_EC_MAX_OPS -1
61 #define DFL_FORCE_CIPHER 0
62 #define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
63 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
64 #define DFL_ALLOW_LEGACY -2
65 #define DFL_RENEGOTIATE 0
66 #define DFL_EXCHANGES 1
67 #define DFL_MIN_VERSION -1
68 #define DFL_MAX_VERSION -1
69 #define DFL_SHA1 -1
70 #define DFL_AUTH_MODE -1
71 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
72 #define DFL_TRUNC_HMAC -1
73 #define DFL_RECSPLIT -1
74 #define DFL_DHMLEN -1
75 #define DFL_RECONNECT 0
76 #define DFL_RECO_SERVER_NAME NULL
77 #define DFL_RECO_DELAY 0
78 #define DFL_RECO_MODE 1
79 #define DFL_CID_ENABLED 0
80 #define DFL_CID_VALUE ""
81 #define DFL_CID_ENABLED_RENEGO -1
82 #define DFL_CID_VALUE_RENEGO NULL
83 #define DFL_RECONNECT_HARD 0
84 #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
85 #define DFL_ALPN_STRING NULL
86 #define DFL_GROUPS NULL
87 #define DFL_SIG_ALGS NULL
88 #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
89 #define DFL_HS_TO_MIN 0
90 #define DFL_HS_TO_MAX 0
91 #define DFL_DTLS_MTU -1
92 #define DFL_DGRAM_PACKING 1
93 #define DFL_FALLBACK -1
94 #define DFL_EXTENDED_MS -1
95 #define DFL_ETM -1
96 #define DFL_SERIALIZE 0
97 #define DFL_CONTEXT_FILE ""
98 #define DFL_EXTENDED_MS_ENFORCE -1
99 #define DFL_CA_CALLBACK 0
100 #define DFL_EAP_TLS 0
101 #define DFL_REPRODUCIBLE 0
102 #define DFL_NSS_KEYLOG 0
103 #define DFL_NSS_KEYLOG_FILE NULL
104 #define DFL_SKIP_CLOSE_NOTIFY 0
105 #define DFL_QUERY_CONFIG_MODE 0
106 #define DFL_USE_SRTP 0
107 #define DFL_SRTP_FORCE_PROFILE 0
108 #define DFL_SRTP_MKI ""
109 #define DFL_KEY_OPAQUE_ALG "none"
110
111 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
112 #define GET_REQUEST_END "\r\n\r\n"
113
114 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
115 #define USAGE_CONTEXT_CRT_CB \
116 " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
117 " to the SSL configuration of the SSL context.\n" \
118 " Possible values:\n" \
119 " - 0 (default): Use CRT callback bound to configuration\n" \
120 " - 1: Use CRT callback bound to SSL context\n"
121 #else
122 #define USAGE_CONTEXT_CRT_CB ""
123 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
124 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
125 #if defined(MBEDTLS_FS_IO)
126 #define USAGE_IO \
127 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
128 " default: \"\" (pre-loaded)\n" \
129 " use \"none\" to skip loading any top-level CAs.\n" \
130 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
131 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
132 " use \"none\" to skip loading any top-level CAs.\n" \
133 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
134 " default: \"\" (pre-loaded)\n" \
135 " key_file=%%s default: \"\" (pre-loaded)\n" \
136 " key_pwd=%%s Password for key specified by key_file argument\n" \
137 " default: none\n"
138 #else
139 #define USAGE_IO \
140 " No file operations available (MBEDTLS_FS_IO not defined)\n"
141 #endif /* MBEDTLS_FS_IO */
142 #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
143 #define USAGE_IO ""
144 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
145 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
146 #define USAGE_KEY_OPAQUE \
147 " key_opaque=%%d Handle your private key as if it were opaque\n" \
148 " default: 0 (disabled)\n"
149 #else
150 #define USAGE_KEY_OPAQUE ""
151 #endif
152
153 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
154 #define USAGE_CID \
155 " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
156 " default: 0 (disabled)\n" \
157 " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
158 " default: same as 'cid' parameter\n" \
159 " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
160 " default: \"\"\n" \
161 " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
162 " default: same as 'cid_val' parameter\n"
163 #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
164 #define USAGE_CID ""
165 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
166
167 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
168 #define USAGE_PSK_RAW \
169 " psk=%%s default: \"\" (disabled)\n" \
170 " The PSK values are in hex, without 0x.\n" \
171 " psk_identity=%%s default: \"Client_identity\"\n"
172 #if defined(MBEDTLS_USE_PSA_CRYPTO)
173 #define USAGE_PSK_SLOT \
174 " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
175 " Enable this to store the PSK configured through command line\n" \
176 " parameter `psk` in a PSA-based key slot.\n" \
177 " Note: Currently only supported in conjunction with\n" \
178 " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
179 " to force a particular PSK-only ciphersuite.\n" \
180 " Note: This is to test integration of PSA-based opaque PSKs with\n" \
181 " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
182 " with prepopulated key slots instead of importing raw key material.\n"
183 #else
184 #define USAGE_PSK_SLOT ""
185 #endif /* MBEDTLS_USE_PSA_CRYPTO */
186 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
187 #else
188 #define USAGE_PSK ""
189 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
190
191 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
192 #define USAGE_CA_CALLBACK \
193 " ca_callback=%%d default: 0 (disabled)\n" \
194 " Enable this to use the trusted certificate callback function\n"
195 #else
196 #define USAGE_CA_CALLBACK ""
197 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
198
199 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
200 #define USAGE_TICKETS \
201 " tickets=%%d default: 1 (enabled)\n"
202 #else
203 #define USAGE_TICKETS ""
204 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
205
206 #define USAGE_EAP_TLS \
207 " eap_tls=%%d default: 0 (disabled)\n"
208 #define USAGE_NSS_KEYLOG \
209 " nss_keylog=%%d default: 0 (disabled)\n" \
210 " This cannot be used with eap_tls=1\n"
211 #define USAGE_NSS_KEYLOG_FILE \
212 " nss_keylog_file=%%s\n"
213 #if defined(MBEDTLS_SSL_DTLS_SRTP)
214 #define USAGE_SRTP \
215 " use_srtp=%%d default: 0 (disabled)\n" \
216 " This cannot be used with eap_tls=1 or " \
217 " nss_keylog=1\n" \
218 " srtp_force_profile=%%d default: 0 (all enabled)\n" \
219 " available profiles:\n" \
220 " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
221 " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
222 " 3 - SRTP_NULL_HMAC_SHA1_80\n" \
223 " 4 - SRTP_NULL_HMAC_SHA1_32\n" \
224 " mki=%%s default: \"\" (in hex, without 0x)\n"
225 #else /* MBEDTLS_SSL_DTLS_SRTP */
226 #define USAGE_SRTP ""
227 #endif
228
229 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
230 #define USAGE_MAX_FRAG_LEN \
231 " max_frag_len=%%d default: 16384 (tls default)\n" \
232 " options: 512, 1024, 2048, 4096\n"
233 #else
234 #define USAGE_MAX_FRAG_LEN ""
235 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
236
237 #if defined(MBEDTLS_DHM_C)
238 #define USAGE_DHMLEN \
239 " dhmlen=%%d default: (library default: 1024 bits)\n"
240 #else
241 #define USAGE_DHMLEN
242 #endif
243
244 #if defined(MBEDTLS_SSL_ALPN)
245 #define USAGE_ALPN \
246 " alpn=%%s default: \"\" (disabled)\n" \
247 " example: spdy/1,http/1.1\n"
248 #else
249 #define USAGE_ALPN ""
250 #endif /* MBEDTLS_SSL_ALPN */
251
252 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
253 (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
254 defined(PSA_WANT_ALG_FFDH))
255 #define USAGE_GROUPS \
256 " groups=a,b,c,d default: \"default\" (library default)\n" \
257 " example: \"secp521r1,brainpoolP512r1\"\n" \
258 " - use \"none\" for empty list\n" \
259 " - see mbedtls_ecp_curve_list()\n" \
260 " for acceptable EC group names\n" \
261 " - the following ffdh groups are supported:\n" \
262 " ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \
263 " ffdhe8192\n"
264 #else
265 #define USAGE_GROUPS ""
266 #endif
267
268 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
269 #define USAGE_SIG_ALGS \
270 " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
271 " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
272 #else
273 #define USAGE_SIG_ALGS ""
274 #endif
275
276 #if defined(MBEDTLS_SSL_PROTO_DTLS)
277 #define USAGE_DTLS \
278 " dtls=%%d default: 0 (TLS)\n" \
279 " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
280 " range of DTLS handshake timeouts in millisecs\n" \
281 " mtu=%%d default: (library default: unlimited)\n" \
282 " dgram_packing=%%d default: 1 (allowed)\n" \
283 " allow or forbid packing of multiple\n" \
284 " records within a single datgram.\n"
285 #else
286 #define USAGE_DTLS ""
287 #endif
288
289 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
290 #define USAGE_EMS \
291 " extended_ms=0/1 default: (library default: on)\n"
292 #else
293 #define USAGE_EMS ""
294 #endif
295
296 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
297 #define USAGE_ETM \
298 " etm=0/1 default: (library default: on)\n"
299 #else
300 #define USAGE_ETM ""
301 #endif
302
303 #define USAGE_REPRODUCIBLE \
304 " reproducible=0/1 default: 0 (disabled)\n"
305
306 #if defined(MBEDTLS_SSL_RENEGOTIATION)
307 #define USAGE_RENEGO \
308 " renegotiation=%%d default: 0 (disabled)\n" \
309 " renegotiate=%%d default: 0 (disabled)\n"
310 #else
311 #define USAGE_RENEGO ""
312 #endif
313
314 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
315 #if defined(MBEDTLS_USE_PSA_CRYPTO)
316 #define USAGE_ECJPAKE \
317 " ecjpake_pw=%%s default: none (disabled)\n" \
318 " ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
319 #else /* MBEDTLS_USE_PSA_CRYPTO */
320 #define USAGE_ECJPAKE \
321 " ecjpake_pw=%%s default: none (disabled)\n"
322 #endif /* MBEDTLS_USE_PSA_CRYPTO */
323 #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
324 #define USAGE_ECJPAKE ""
325 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
326
327 #if defined(MBEDTLS_ECP_RESTARTABLE)
328 #define USAGE_ECRESTART \
329 " ec_max_ops=%%s default: library default (restart disabled)\n"
330 #else
331 #define USAGE_ECRESTART ""
332 #endif
333
334 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
335 #define USAGE_SERIALIZATION \
336 " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
337 " options: 1 (serialize)\n" \
338 " 2 (serialize with re-initialization)\n" \
339 " context_file=%%s The file path to write a serialized connection\n" \
340 " in the form of base64 code (serialize option\n" \
341 " must be set)\n" \
342 " default: \"\" (do nothing)\n" \
343 " option: a file path\n"
344 #else
345 #define USAGE_SERIALIZATION ""
346 #endif
347
348 #if defined(MBEDTLS_SSL_EARLY_DATA)
349 #define USAGE_EARLY_DATA \
350 " early_data=%%d default: library default\n" \
351 " options: 0 (disabled), 1 (enabled)\n"
352 #else
353 #define USAGE_EARLY_DATA ""
354 #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
355
356 #define USAGE_KEY_OPAQUE_ALGS \
357 " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
358 " comma-separated pair of values among the following:\n" \
359 " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
360 " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
361 " ecdsa-sign, ecdh, none (only acceptable for\n" \
362 " the second value).\n" \
363
364 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
365 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
366 " tls13_kex_modes=%%s default: all\n" \
367 " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \
368 " ephemeral_all, all, psk_or_ephemeral\n"
369 #else
370 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
371 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
372
373 /* USAGE is arbitrarily split to stay under the portable string literal
374 * length limit: 4095 bytes in C99. */
375 #define USAGE1 \
376 "\n usage: ssl_client2 param=<>...\n" \
377 "\n acceptable parameters:\n" \
378 " server_name=%%s default: localhost\n" \
379 " server_addr=%%s default: given by name\n" \
380 " server_port=%%d default: 4433\n" \
381 " request_page=%%s default: \".\"\n" \
382 " request_size=%%d default: about 34 (basic request)\n" \
383 " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
384 " If 0, in the first exchange only an empty\n" \
385 " application data message is sent followed by\n" \
386 " a second non-empty message before attempting\n" \
387 " to read a response from the server\n" \
388 " debug_level=%%d default: 0 (disabled)\n" \
389 " build_version=%%d default: none (disabled)\n" \
390 " option: 1 (print build version only and stop)\n" \
391 " nbio=%%d default: 0 (blocking I/O)\n" \
392 " options: 1 (non-blocking), 2 (added delays)\n" \
393 " event=%%d default: 0 (loop)\n" \
394 " options: 1 (level-triggered, implies nbio=1),\n" \
395 " read_timeout=%%d default: 0 ms (no timeout)\n" \
396 " max_resend=%%d default: 0 (no resend on timeout)\n" \
397 " skip_close_notify=%%d default: 0 (send close_notify)\n" \
398 "\n" \
399 USAGE_DTLS \
400 USAGE_CID \
401 USAGE_SRTP \
402 "\n"
403 #define USAGE2 \
404 " auth_mode=%%s default: (library default: none)\n" \
405 " options: none, optional, required\n" \
406 USAGE_IO \
407 USAGE_KEY_OPAQUE \
408 USAGE_CA_CALLBACK \
409 "\n" \
410 USAGE_PSK \
411 USAGE_ECJPAKE \
412 USAGE_ECRESTART \
413 "\n"
414 #define USAGE3 \
415 " allow_legacy=%%d default: (library default: no)\n" \
416 USAGE_RENEGO \
417 " exchanges=%%d default: 1\n" \
418 " reconnect=%%d number of reconnections using session resumption\n" \
419 " default: 0 (disabled)\n" \
420 " reco_server_name=%%s default: NULL\n" \
421 " reco_delay=%%d default: 0 milliseconds\n" \
422 " reco_mode=%%d 0: copy session, 1: serialize session\n" \
423 " default: 1\n" \
424 " reconnect_hard=%%d default: 0 (disabled)\n" \
425 USAGE_TICKETS \
426 USAGE_EAP_TLS \
427 USAGE_MAX_FRAG_LEN \
428 USAGE_CONTEXT_CRT_CB \
429 USAGE_ALPN \
430 USAGE_EMS \
431 USAGE_ETM \
432 USAGE_REPRODUCIBLE \
433 USAGE_GROUPS \
434 USAGE_SIG_ALGS \
435 USAGE_EARLY_DATA \
436 USAGE_DHMLEN \
437 USAGE_KEY_OPAQUE_ALGS \
438 "\n"
439
440 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
441 #define TLS1_3_VERSION_OPTIONS ", tls13"
442 #else /* MBEDTLS_SSL_PROTO_TLS1_3 */
443 #define TLS1_3_VERSION_OPTIONS ""
444 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
445
446 #define USAGE4 \
447 " allow_sha1=%%d default: 0\n" \
448 " min_version=%%s default: (library default: tls12)\n" \
449 " max_version=%%s default: (library default: tls12)\n" \
450 " force_version=%%s default: \"\" (none)\n" \
451 " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \
452 "\n\n" \
453 " force_ciphersuite=<name> default: all enabled\n" \
454 USAGE_TLS1_3_KEY_EXCHANGE_MODES \
455 " query_config=<name> return 0 if the specified\n" \
456 " configuration macro is defined and 1\n" \
457 " otherwise. The expansion of the macro\n" \
458 " is printed if it is defined\n" \
459 USAGE_SERIALIZATION \
460 "\n"
461
462 /*
463 * global options
464 */
465 struct options {
466 const char *server_name; /* hostname of the server (client only) */
467 const char *server_addr; /* address of the server (client only) */
468 const char *server_port; /* port on which the ssl service runs */
469 int debug_level; /* level of debugging */
470 int nbio; /* should I/O be blocking? */
471 int event; /* loop or event-driven IO? level or edge triggered? */
472 uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
473 int max_resend; /* DTLS times to resend on read timeout */
474 const char *request_page; /* page on server to request */
475 int request_size; /* pad request with header to requested size */
476 const char *ca_file; /* the file with the CA certificate(s) */
477 const char *ca_path; /* the path with the CA certificate(s) reside */
478 const char *crt_file; /* the file with the client certificate */
479 const char *key_file; /* the file with the client key */
480 int key_opaque; /* handle private key as if it were opaque */
481 #if defined(MBEDTLS_USE_PSA_CRYPTO)
482 int psk_opaque;
483 #endif
484 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
485 int ca_callback; /* Use callback for trusted certificate list */
486 #endif
487 const char *key_pwd; /* the password for the client key */
488 const char *psk; /* the pre-shared key */
489 const char *psk_identity; /* the pre-shared key identity */
490 const char *ecjpake_pw; /* the EC J-PAKE password */
491 #if defined(MBEDTLS_USE_PSA_CRYPTO)
492 int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
493 #endif
494 int ec_max_ops; /* EC consecutive operations limit */
495 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
496 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
497 int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
498 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
499 int renegotiation; /* enable / disable renegotiation */
500 int allow_legacy; /* allow legacy renegotiation */
501 int renegotiate; /* attempt renegotiation? */
502 int renego_delay; /* delay before enforcing renegotiation */
503 int exchanges; /* number of data exchanges */
504 int min_version; /* minimum protocol version accepted */
505 int max_version; /* maximum protocol version accepted */
506 int allow_sha1; /* flag for SHA-1 support */
507 int auth_mode; /* verify mode for connection */
508 unsigned char mfl_code; /* code for maximum fragment length */
509 int trunc_hmac; /* negotiate truncated hmac or not */
510 int recsplit; /* enable record splitting? */
511 int dhmlen; /* minimum DHM params len in bits */
512 int reconnect; /* attempt to resume session */
513 const char *reco_server_name; /* hostname of the server (re-connect) */
514 int reco_delay; /* delay in seconds before resuming session */
515 int reco_mode; /* how to keep the session around */
516 int reconnect_hard; /* unexpectedly reconnect from the same port */
517 int tickets; /* enable / disable session tickets */
518 const char *groups; /* list of supported groups */
519 const char *sig_algs; /* supported TLS 1.3 signature algorithms */
520 const char *alpn_string; /* ALPN supported protocols */
521 int transport; /* TLS or DTLS? */
522 uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
523 uint32_t hs_to_max; /* Max value of DTLS handshake timer */
524 int dtls_mtu; /* UDP Maximum transport unit for DTLS */
525 int fallback; /* is this a fallback connection? */
526 int dgram_packing; /* allow/forbid datagram packing */
527 int extended_ms; /* negotiate extended master secret? */
528 int etm; /* negotiate encrypt then mac? */
529 int context_crt_cb; /* use context-specific CRT verify callback */
530 int eap_tls; /* derive EAP-TLS keying material? */
531 int nss_keylog; /* export NSS key log material */
532 const char *nss_keylog_file; /* NSS key log file */
533 int cid_enabled; /* whether to use the CID extension or not */
534 int cid_enabled_renego; /* whether to use the CID extension or not
535 * during renegotiation */
536 const char *cid_val; /* the CID to use for incoming messages */
537 int serialize; /* serialize/deserialize connection */
538 const char *context_file; /* the file to write a serialized connection
539 * in the form of base64 code (serialize
540 * option must be set) */
541 const char *cid_val_renego; /* the CID to use for incoming messages
542 * after renegotiation */
543 int reproducible; /* make communication reproducible */
544 int skip_close_notify; /* skip sending the close_notify alert */
545 #if defined(MBEDTLS_SSL_EARLY_DATA)
546 int early_data; /* early data enablement flag */
547 #endif
548 int query_config_mode; /* whether to read config */
549 int use_srtp; /* Support SRTP */
550 int force_srtp_profile; /* SRTP protection profile to use or all */
551 const char *mki; /* The dtls mki value to use */
552 const char *key_opaque_alg1; /* Allowed opaque key alg 1 */
553 const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */
554 } opt;
555
556 #include "ssl_test_common_source.c"
557
558 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
559 static unsigned char peer_crt_info[1024];
560
561 /*
562 * Enabled if debug_level > 1 in code below
563 */
my_verify(void * data,mbedtls_x509_crt * crt,int depth,uint32_t * flags)564 static int my_verify(void *data, mbedtls_x509_crt *crt,
565 int depth, uint32_t *flags)
566 {
567 char buf[1024];
568 ((void) data);
569
570 mbedtls_printf("\nVerify requested for (Depth %d):\n", depth);
571
572 #if !defined(MBEDTLS_X509_REMOVE_INFO)
573 mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
574 if (depth == 0) {
575 memcpy(peer_crt_info, buf, sizeof(buf));
576 }
577
578 if (opt.debug_level == 0) {
579 return 0;
580 }
581
582 mbedtls_printf("%s", buf);
583 #else
584 ((void) crt);
585 ((void) depth);
586 #endif
587
588 if ((*flags) == 0) {
589 mbedtls_printf(" This certificate has no flags\n");
590 } else {
591 x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags);
592 mbedtls_printf("%s\n", buf);
593 }
594
595 return 0;
596 }
597 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
598
599 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
report_cid_usage(mbedtls_ssl_context * ssl,const char * additional_description)600 int report_cid_usage(mbedtls_ssl_context *ssl,
601 const char *additional_description)
602 {
603 int ret;
604 unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
605 size_t peer_cid_len;
606 int cid_negotiated;
607
608 if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
609 return 0;
610 }
611
612 /* Check if the use of a CID has been negotiated,
613 * but don't ask for the CID value and length.
614 *
615 * Note: Here and below, we're demonstrating the various ways
616 * in which mbedtls_ssl_get_peer_cid() can be called,
617 * depending on whether or not the length/value of the
618 * peer's CID is needed.
619 *
620 * An actual application, however, should use
621 * just one call to mbedtls_ssl_get_peer_cid(). */
622 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
623 NULL, NULL);
624 if (ret != 0) {
625 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
626 (unsigned int) -ret);
627 return ret;
628 }
629
630 if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) {
631 if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) {
632 mbedtls_printf("(%s) Use of Connection ID was rejected by the server.\n",
633 additional_description);
634 }
635 } else {
636 size_t idx = 0;
637 mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n",
638 additional_description);
639
640 /* Ask for just the length of the peer's CID. */
641 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
642 NULL, &peer_cid_len);
643 if (ret != 0) {
644 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
645 (unsigned int) -ret);
646 return ret;
647 }
648
649 /* Ask for just length + value of the peer's CID. */
650 ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
651 peer_cid, &peer_cid_len);
652 if (ret != 0) {
653 mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
654 (unsigned int) -ret);
655 return ret;
656 }
657 mbedtls_printf("(%s) Peer CID (length %u Bytes): ",
658 additional_description,
659 (unsigned) peer_cid_len);
660 while (idx < peer_cid_len) {
661 mbedtls_printf("%02x ", peer_cid[idx]);
662 idx++;
663 }
664 mbedtls_printf("\n");
665 }
666
667 return 0;
668 }
669 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
670
ssl_save_session_serialize(mbedtls_ssl_context * ssl,unsigned char ** session_data,size_t * session_data_len)671 static int ssl_save_session_serialize(mbedtls_ssl_context *ssl,
672 unsigned char **session_data,
673 size_t *session_data_len)
674 {
675 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
676 mbedtls_ssl_session exported_session;
677
678 /* free any previously saved data */
679 if (*session_data != NULL) {
680 mbedtls_platform_zeroize(*session_data, *session_data_len);
681 mbedtls_free(*session_data);
682 *session_data = NULL;
683 *session_data_len = 0;
684 }
685
686 mbedtls_ssl_session_init(&exported_session);
687 ret = mbedtls_ssl_get_session(ssl, &exported_session);
688 if (ret != 0) {
689 mbedtls_printf(
690 "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
691 (unsigned) -ret);
692 goto exit;
693 }
694
695 /* get size of the buffer needed */
696 (void) mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
697 *session_data = mbedtls_calloc(1, *session_data_len);
698 if (*session_data == NULL) {
699 mbedtls_printf(" failed\n ! alloc %u bytes for session data\n",
700 (unsigned) *session_data_len);
701 ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
702 goto exit;
703 }
704
705 /* actually save session data */
706 if ((ret = mbedtls_ssl_session_save(&exported_session,
707 *session_data, *session_data_len,
708 session_data_len)) != 0) {
709 mbedtls_printf(" failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
710 (unsigned int) -ret);
711 goto exit;
712 }
713
714 exit:
715 mbedtls_ssl_session_free(&exported_session);
716 return ret;
717 }
718
719 /*
720 * Build HTTP request
721 */
build_http_request(unsigned char * buf,size_t buf_size,size_t * request_len)722 static int build_http_request(unsigned char *buf, size_t buf_size, size_t *request_len)
723 {
724 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
725 size_t len, tail_len, request_size;
726
727 ret = mbedtls_snprintf((char *) buf, buf_size, GET_REQUEST, opt.request_page);
728 if (ret < 0) {
729 return ret;
730 }
731
732 len = (size_t) ret;
733 tail_len = strlen(GET_REQUEST_END);
734 if (opt.request_size != DFL_REQUEST_SIZE) {
735 request_size = (size_t) opt.request_size;
736 } else {
737 request_size = len + tail_len;
738 }
739
740 if (request_size > buf_size) {
741 return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
742 }
743
744 /* Add padding to GET request to reach opt.request_size in length */
745 if (opt.request_size != DFL_REQUEST_SIZE &&
746 len + tail_len < request_size) {
747 memset(buf + len, 'A', request_size - len - tail_len);
748 len = request_size - tail_len;
749 }
750
751 strncpy((char *) buf + len, GET_REQUEST_END, buf_size - len);
752 len += tail_len;
753
754 /* Truncate if request size is smaller than the "natural" size */
755 if (opt.request_size != DFL_REQUEST_SIZE &&
756 len > request_size) {
757 len = request_size;
758
759 /* Still end with \r\n unless that's really not possible */
760 if (len >= 2) {
761 buf[len - 2] = '\r';
762 }
763 if (len >= 1) {
764 buf[len - 1] = '\n';
765 }
766 }
767
768 *request_len = len;
769
770 return 0;
771 }
772
main(int argc,char * argv[])773 int main(int argc, char *argv[])
774 {
775 int ret = 0, i;
776 size_t len, written, frags, retry_left;
777 int query_config_ret = 0;
778 mbedtls_net_context server_fd;
779 io_ctx_t io_ctx;
780
781 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
782 uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
783 #endif
784
785 unsigned char buf[MAX_REQUEST_SIZE + 1];
786
787 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
788 unsigned char psk[MBEDTLS_PSK_MAX_LEN];
789 size_t psk_len = 0;
790 #endif
791
792 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
793 unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
794 unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
795 size_t cid_len = 0;
796 size_t cid_renego_len = 0;
797 #endif
798
799 #if defined(MBEDTLS_SSL_ALPN)
800 const char *alpn_list[ALPN_LIST_SIZE];
801 #endif
802
803 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
804 unsigned char alloc_buf[MEMORY_HEAP_SIZE];
805 #endif
806 uint16_t group_list[GROUP_LIST_SIZE];
807 #if defined(MBEDTLS_SSL_DTLS_SRTP)
808 unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
809 size_t mki_len = 0;
810 #endif
811
812 const char *pers = "ssl_client2";
813
814 #if defined(MBEDTLS_USE_PSA_CRYPTO)
815 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
816 mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
817 psa_algorithm_t alg = 0;
818 psa_key_attributes_t key_attributes;
819 #endif
820 psa_status_t status;
821 #elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
822 psa_status_t status;
823 #endif
824
825 rng_context_t rng;
826 mbedtls_ssl_context ssl;
827 mbedtls_ssl_config conf;
828 mbedtls_ssl_session saved_session;
829 unsigned char *session_data = NULL;
830 size_t session_data_len = 0;
831 #if defined(MBEDTLS_TIMING_C)
832 mbedtls_timing_delay_context timer;
833 #endif
834 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
835 uint32_t flags;
836 mbedtls_x509_crt cacert;
837 mbedtls_x509_crt clicert;
838 mbedtls_pk_context pkey;
839 mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
840 #if defined(MBEDTLS_USE_PSA_CRYPTO)
841 mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
842 #endif
843 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
844 char *p, *q;
845 const int *list;
846 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
847 unsigned char *context_buf = NULL;
848 size_t context_buf_len;
849 #endif
850 unsigned char eap_tls_keymaterial[16];
851 unsigned char eap_tls_iv[8];
852 const char *eap_tls_label = "client EAP encryption";
853 eap_tls_keys eap_tls_keying;
854 #if defined(MBEDTLS_SSL_DTLS_SRTP)
855 /*! master keys and master salt for SRTP generated during handshake */
856 unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
857 const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp";
858 dtls_srtp_keys dtls_srtp_keying;
859 const mbedtls_ssl_srtp_profile default_profiles[] = {
860 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
861 MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
862 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
863 MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
864 MBEDTLS_TLS_SRTP_UNSET
865 };
866 #endif /* MBEDTLS_SSL_DTLS_SRTP */
867 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
868 defined(MBEDTLS_USE_PSA_CRYPTO)
869 mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
870 #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
871
872 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
873 mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
874 #endif
875
876 #if defined(MBEDTLS_TEST_HOOKS)
877 test_hooks_init();
878 #endif /* MBEDTLS_TEST_HOOKS */
879
880 /*
881 * Make sure memory references are valid.
882 */
883 mbedtls_net_init(&server_fd);
884 mbedtls_ssl_init(&ssl);
885 mbedtls_ssl_config_init(&conf);
886 mbedtls_ssl_session_init(&saved_session);
887 rng_init(&rng);
888 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
889 mbedtls_x509_crt_init(&cacert);
890 mbedtls_x509_crt_init(&clicert);
891 mbedtls_pk_init(&pkey);
892 #endif
893 #if defined(MBEDTLS_SSL_ALPN)
894 memset((void *) alpn_list, 0, sizeof(alpn_list));
895 #endif
896
897 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
898 status = psa_crypto_init();
899 if (status != PSA_SUCCESS) {
900 mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
901 (int) status);
902 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
903 goto exit;
904 }
905 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
906 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
907 mbedtls_test_enable_insecure_external_rng();
908 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
909
910 opt.server_name = DFL_SERVER_NAME;
911 opt.server_addr = DFL_SERVER_ADDR;
912 opt.server_port = DFL_SERVER_PORT;
913 opt.debug_level = DFL_DEBUG_LEVEL;
914 opt.cid_enabled = DFL_CID_ENABLED;
915 opt.cid_val = DFL_CID_VALUE;
916 opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
917 opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
918 opt.nbio = DFL_NBIO;
919 opt.event = DFL_EVENT;
920 opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
921 opt.read_timeout = DFL_READ_TIMEOUT;
922 opt.max_resend = DFL_MAX_RESEND;
923 opt.request_page = DFL_REQUEST_PAGE;
924 opt.request_size = DFL_REQUEST_SIZE;
925 opt.ca_file = DFL_CA_FILE;
926 opt.ca_path = DFL_CA_PATH;
927 opt.crt_file = DFL_CRT_FILE;
928 opt.key_file = DFL_KEY_FILE;
929 opt.key_opaque = DFL_KEY_OPAQUE;
930 opt.key_pwd = DFL_KEY_PWD;
931 opt.psk = DFL_PSK;
932 #if defined(MBEDTLS_USE_PSA_CRYPTO)
933 opt.psk_opaque = DFL_PSK_OPAQUE;
934 #endif
935 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
936 opt.ca_callback = DFL_CA_CALLBACK;
937 #endif
938 opt.psk_identity = DFL_PSK_IDENTITY;
939 opt.ecjpake_pw = DFL_ECJPAKE_PW;
940 #if defined(MBEDTLS_USE_PSA_CRYPTO)
941 opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
942 #endif
943 opt.ec_max_ops = DFL_EC_MAX_OPS;
944 opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
945 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
946 opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
947 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
948 opt.renegotiation = DFL_RENEGOTIATION;
949 opt.allow_legacy = DFL_ALLOW_LEGACY;
950 opt.renegotiate = DFL_RENEGOTIATE;
951 opt.exchanges = DFL_EXCHANGES;
952 opt.min_version = DFL_MIN_VERSION;
953 opt.max_version = DFL_MAX_VERSION;
954 opt.allow_sha1 = DFL_SHA1;
955 opt.auth_mode = DFL_AUTH_MODE;
956 opt.mfl_code = DFL_MFL_CODE;
957 opt.trunc_hmac = DFL_TRUNC_HMAC;
958 opt.recsplit = DFL_RECSPLIT;
959 opt.dhmlen = DFL_DHMLEN;
960 opt.reconnect = DFL_RECONNECT;
961 opt.reco_server_name = DFL_RECO_SERVER_NAME;
962 opt.reco_delay = DFL_RECO_DELAY;
963 opt.reco_mode = DFL_RECO_MODE;
964 opt.reconnect_hard = DFL_RECONNECT_HARD;
965 opt.tickets = DFL_TICKETS;
966 opt.alpn_string = DFL_ALPN_STRING;
967 opt.groups = DFL_GROUPS;
968 opt.sig_algs = DFL_SIG_ALGS;
969 #if defined(MBEDTLS_SSL_EARLY_DATA)
970 opt.early_data = DFL_EARLY_DATA;
971 #endif
972 opt.transport = DFL_TRANSPORT;
973 opt.hs_to_min = DFL_HS_TO_MIN;
974 opt.hs_to_max = DFL_HS_TO_MAX;
975 opt.dtls_mtu = DFL_DTLS_MTU;
976 opt.fallback = DFL_FALLBACK;
977 opt.extended_ms = DFL_EXTENDED_MS;
978 opt.etm = DFL_ETM;
979 opt.dgram_packing = DFL_DGRAM_PACKING;
980 opt.serialize = DFL_SERIALIZE;
981 opt.context_file = DFL_CONTEXT_FILE;
982 opt.eap_tls = DFL_EAP_TLS;
983 opt.reproducible = DFL_REPRODUCIBLE;
984 opt.nss_keylog = DFL_NSS_KEYLOG;
985 opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
986 opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
987 opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
988 opt.use_srtp = DFL_USE_SRTP;
989 opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
990 opt.mki = DFL_SRTP_MKI;
991 opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
992 opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
993
994 p = q = NULL;
995 if (argc < 1) {
996 usage:
997 if (p != NULL && q != NULL) {
998 printf("unrecognized value for '%s': '%s'\n", p, q);
999 } else if (p != NULL && q == NULL) {
1000 printf("unrecognized param: '%s'\n", p);
1001 }
1002
1003 mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
1004 mbedtls_printf(" ssl_client2 help[_theme]\n");
1005 mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
1006 mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
1007 mbedtls_printf("\n");
1008
1009 if (ret == 0) {
1010 ret = 1;
1011 }
1012 goto exit;
1013 }
1014
1015 for (i = 1; i < argc; i++) {
1016 p = argv[i];
1017
1018 if (strcmp(p, "help") == 0) {
1019 mbedtls_printf(USAGE1);
1020 mbedtls_printf(USAGE2);
1021 mbedtls_printf(USAGE3);
1022 mbedtls_printf(USAGE4);
1023
1024 ret = 0;
1025 goto exit;
1026 }
1027 if (strcmp(p, "help_ciphersuites") == 0) {
1028 mbedtls_printf(" acceptable ciphersuite names:\n");
1029 for (list = mbedtls_ssl_list_ciphersuites();
1030 *list != 0;
1031 list++) {
1032 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
1033 }
1034
1035 ret = 0;
1036 goto exit;
1037 }
1038
1039 if ((q = strchr(p, '=')) == NULL) {
1040 mbedtls_printf("param requires a value: '%s'\n", p);
1041 p = NULL; // avoid "unrecnognized param" message
1042 goto usage;
1043 }
1044 *q++ = '\0';
1045
1046 if (strcmp(p, "server_name") == 0) {
1047 opt.server_name = q;
1048 } else if (strcmp(p, "server_addr") == 0) {
1049 opt.server_addr = q;
1050 } else if (strcmp(p, "server_port") == 0) {
1051 opt.server_port = q;
1052 } else if (strcmp(p, "dtls") == 0) {
1053 int t = atoi(q);
1054 if (t == 0) {
1055 opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
1056 } else if (t == 1) {
1057 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1058 } else {
1059 goto usage;
1060 }
1061 } else if (strcmp(p, "debug_level") == 0) {
1062 opt.debug_level = atoi(q);
1063 if (opt.debug_level < 0 || opt.debug_level > 65535) {
1064 goto usage;
1065 }
1066 } else if (strcmp(p, "build_version") == 0) {
1067 if (strcmp(q, "1") == 0) {
1068 mbedtls_printf("build version: %s (build %d)\n",
1069 MBEDTLS_VERSION_STRING_FULL,
1070 MBEDTLS_VERSION_NUMBER);
1071 goto exit;
1072 }
1073 } else if (strcmp(p, "context_crt_cb") == 0) {
1074 opt.context_crt_cb = atoi(q);
1075 if (opt.context_crt_cb != 0 && opt.context_crt_cb != 1) {
1076 goto usage;
1077 }
1078 } else if (strcmp(p, "nbio") == 0) {
1079 opt.nbio = atoi(q);
1080 if (opt.nbio < 0 || opt.nbio > 2) {
1081 goto usage;
1082 }
1083 } else if (strcmp(p, "event") == 0) {
1084 opt.event = atoi(q);
1085 if (opt.event < 0 || opt.event > 2) {
1086 goto usage;
1087 }
1088 } else if (strcmp(p, "read_timeout") == 0) {
1089 opt.read_timeout = atoi(q);
1090 } else if (strcmp(p, "max_resend") == 0) {
1091 opt.max_resend = atoi(q);
1092 if (opt.max_resend < 0) {
1093 goto usage;
1094 }
1095 } else if (strcmp(p, "request_page") == 0) {
1096 opt.request_page = q;
1097 } else if (strcmp(p, "request_size") == 0) {
1098 opt.request_size = atoi(q);
1099 if (opt.request_size < 0 ||
1100 opt.request_size > MAX_REQUEST_SIZE) {
1101 goto usage;
1102 }
1103 } else if (strcmp(p, "ca_file") == 0) {
1104 opt.ca_file = q;
1105 } else if (strcmp(p, "ca_path") == 0) {
1106 opt.ca_path = q;
1107 } else if (strcmp(p, "crt_file") == 0) {
1108 opt.crt_file = q;
1109 } else if (strcmp(p, "key_file") == 0) {
1110 opt.key_file = q;
1111 } else if (strcmp(p, "key_pwd") == 0) {
1112 opt.key_pwd = q;
1113 }
1114 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1115 else if (strcmp(p, "key_opaque") == 0) {
1116 opt.key_opaque = atoi(q);
1117 }
1118 #endif
1119 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1120 else if (strcmp(p, "cid") == 0) {
1121 opt.cid_enabled = atoi(q);
1122 if (opt.cid_enabled != 0 && opt.cid_enabled != 1) {
1123 goto usage;
1124 }
1125 } else if (strcmp(p, "cid_renego") == 0) {
1126 opt.cid_enabled_renego = atoi(q);
1127 if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) {
1128 goto usage;
1129 }
1130 } else if (strcmp(p, "cid_val") == 0) {
1131 opt.cid_val = q;
1132 } else if (strcmp(p, "cid_val_renego") == 0) {
1133 opt.cid_val_renego = q;
1134 }
1135 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1136 else if (strcmp(p, "psk") == 0) {
1137 opt.psk = q;
1138 }
1139 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1140 else if (strcmp(p, "psk_opaque") == 0) {
1141 opt.psk_opaque = atoi(q);
1142 }
1143 #endif
1144 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1145 else if (strcmp(p, "ca_callback") == 0) {
1146 opt.ca_callback = atoi(q);
1147 }
1148 #endif
1149 else if (strcmp(p, "psk_identity") == 0) {
1150 opt.psk_identity = q;
1151 } else if (strcmp(p, "ecjpake_pw") == 0) {
1152 opt.ecjpake_pw = q;
1153 }
1154 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1155 else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
1156 opt.ecjpake_pw_opaque = atoi(q);
1157 }
1158 #endif
1159 else if (strcmp(p, "ec_max_ops") == 0) {
1160 opt.ec_max_ops = atoi(q);
1161 } else if (strcmp(p, "force_ciphersuite") == 0) {
1162 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
1163
1164 if (opt.force_ciphersuite[0] == 0) {
1165 ret = 2;
1166 goto usage;
1167 }
1168 opt.force_ciphersuite[1] = 0;
1169 } else if (strcmp(p, "renegotiation") == 0) {
1170 opt.renegotiation = (atoi(q)) ?
1171 MBEDTLS_SSL_RENEGOTIATION_ENABLED :
1172 MBEDTLS_SSL_RENEGOTIATION_DISABLED;
1173 } else if (strcmp(p, "allow_legacy") == 0) {
1174 switch (atoi(q)) {
1175 case -1:
1176 opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
1177 break;
1178 case 0:
1179 opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
1180 break;
1181 case 1:
1182 opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
1183 break;
1184 default: goto usage;
1185 }
1186 } else if (strcmp(p, "renegotiate") == 0) {
1187 opt.renegotiate = atoi(q);
1188 if (opt.renegotiate < 0 || opt.renegotiate > 1) {
1189 goto usage;
1190 }
1191 } else if (strcmp(p, "exchanges") == 0) {
1192 opt.exchanges = atoi(q);
1193 if (opt.exchanges < 1) {
1194 goto usage;
1195 }
1196 } else if (strcmp(p, "reconnect") == 0) {
1197 opt.reconnect = atoi(q);
1198 if (opt.reconnect < 0 || opt.reconnect > 2) {
1199 goto usage;
1200 }
1201 } else if (strcmp(p, "reco_server_name") == 0) {
1202 opt.reco_server_name = q;
1203 } else if (strcmp(p, "reco_delay") == 0) {
1204 opt.reco_delay = atoi(q);
1205 if (opt.reco_delay < 0) {
1206 goto usage;
1207 }
1208 } else if (strcmp(p, "reco_mode") == 0) {
1209 opt.reco_mode = atoi(q);
1210 if (opt.reco_mode < 0) {
1211 goto usage;
1212 }
1213 } else if (strcmp(p, "reconnect_hard") == 0) {
1214 opt.reconnect_hard = atoi(q);
1215 if (opt.reconnect_hard < 0 || opt.reconnect_hard > 1) {
1216 goto usage;
1217 }
1218 } else if (strcmp(p, "tickets") == 0) {
1219 opt.tickets = atoi(q);
1220 if (opt.tickets < 0) {
1221 goto usage;
1222 }
1223 } else if (strcmp(p, "alpn") == 0) {
1224 opt.alpn_string = q;
1225 } else if (strcmp(p, "extended_ms") == 0) {
1226 switch (atoi(q)) {
1227 case 0:
1228 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
1229 break;
1230 case 1:
1231 opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
1232 break;
1233 default: goto usage;
1234 }
1235 } else if (strcmp(p, "groups") == 0) {
1236 opt.groups = q;
1237 }
1238 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1239 else if (strcmp(p, "sig_algs") == 0) {
1240 opt.sig_algs = q;
1241 }
1242 #endif
1243 else if (strcmp(p, "etm") == 0) {
1244 switch (atoi(q)) {
1245 case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
1246 case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
1247 default: goto usage;
1248 }
1249 }
1250
1251 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1252 #if defined(MBEDTLS_SSL_EARLY_DATA)
1253 else if (strcmp(p, "early_data") == 0) {
1254 switch (atoi(q)) {
1255 case 0:
1256 opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
1257 break;
1258 case 1:
1259 opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
1260 break;
1261 default: goto usage;
1262 }
1263 }
1264 #endif /* MBEDTLS_SSL_EARLY_DATA */
1265
1266 else if (strcmp(p, "tls13_kex_modes") == 0) {
1267 if (strcmp(q, "psk") == 0) {
1268 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
1269 } else if (strcmp(q, "psk_ephemeral") == 0) {
1270 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
1271 } else if (strcmp(q, "ephemeral") == 0) {
1272 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
1273 } else if (strcmp(q, "ephemeral_all") == 0) {
1274 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
1275 } else if (strcmp(q, "psk_all") == 0) {
1276 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
1277 } else if (strcmp(q, "all") == 0) {
1278 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
1279 } else if (strcmp(q, "psk_or_ephemeral") == 0) {
1280 opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
1281 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
1282 } else {
1283 goto usage;
1284 }
1285 }
1286 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1287 else if (strcmp(p, "min_version") == 0) {
1288 if (strcmp(q, "tls12") == 0 ||
1289 strcmp(q, "dtls12") == 0) {
1290 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1291 }
1292 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1293 else if (strcmp(q, "tls13") == 0) {
1294 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
1295 }
1296 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1297 else {
1298 goto usage;
1299 }
1300 } else if (strcmp(p, "max_version") == 0) {
1301 if (strcmp(q, "tls12") == 0 ||
1302 strcmp(q, "dtls12") == 0) {
1303 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1304 }
1305 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1306 else if (strcmp(q, "tls13") == 0) {
1307 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
1308 }
1309 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1310 else {
1311 goto usage;
1312 }
1313 } else if (strcmp(p, "allow_sha1") == 0) {
1314 switch (atoi(q)) {
1315 case 0: opt.allow_sha1 = 0; break;
1316 case 1: opt.allow_sha1 = 1; break;
1317 default: goto usage;
1318 }
1319 } else if (strcmp(p, "force_version") == 0) {
1320 if (strcmp(q, "tls12") == 0) {
1321 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1322 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1323 } else if (strcmp(q, "dtls12") == 0) {
1324 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1325 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
1326 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
1327 }
1328 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1329 else if (strcmp(q, "tls13") == 0) {
1330 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
1331 opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
1332 }
1333 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1334 else {
1335 goto usage;
1336 }
1337 } else if (strcmp(p, "auth_mode") == 0) {
1338 if (strcmp(q, "none") == 0) {
1339 opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
1340 } else if (strcmp(q, "optional") == 0) {
1341 opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
1342 } else if (strcmp(q, "required") == 0) {
1343 opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
1344 } else {
1345 goto usage;
1346 }
1347 } else if (strcmp(p, "max_frag_len") == 0) {
1348 if (strcmp(q, "512") == 0) {
1349 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
1350 } else if (strcmp(q, "1024") == 0) {
1351 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
1352 } else if (strcmp(q, "2048") == 0) {
1353 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
1354 } else if (strcmp(q, "4096") == 0) {
1355 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
1356 } else {
1357 goto usage;
1358 }
1359 } else if (strcmp(p, "trunc_hmac") == 0) {
1360 switch (atoi(q)) {
1361 case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
1362 case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
1363 default: goto usage;
1364 }
1365 } else if (strcmp(p, "hs_timeout") == 0) {
1366 if ((p = strchr(q, '-')) == NULL) {
1367 goto usage;
1368 }
1369 *p++ = '\0';
1370 opt.hs_to_min = atoi(q);
1371 opt.hs_to_max = atoi(p);
1372 if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) {
1373 goto usage;
1374 }
1375 } else if (strcmp(p, "mtu") == 0) {
1376 opt.dtls_mtu = atoi(q);
1377 if (opt.dtls_mtu < 0) {
1378 goto usage;
1379 }
1380 } else if (strcmp(p, "dgram_packing") == 0) {
1381 opt.dgram_packing = atoi(q);
1382 if (opt.dgram_packing != 0 &&
1383 opt.dgram_packing != 1) {
1384 goto usage;
1385 }
1386 } else if (strcmp(p, "recsplit") == 0) {
1387 opt.recsplit = atoi(q);
1388 if (opt.recsplit < 0 || opt.recsplit > 1) {
1389 goto usage;
1390 }
1391 } else if (strcmp(p, "dhmlen") == 0) {
1392 opt.dhmlen = atoi(q);
1393 if (opt.dhmlen < 0) {
1394 goto usage;
1395 }
1396 } else if (strcmp(p, "query_config") == 0) {
1397 opt.query_config_mode = 1;
1398 query_config_ret = query_config(q);
1399 goto exit;
1400 } else if (strcmp(p, "serialize") == 0) {
1401 opt.serialize = atoi(q);
1402 if (opt.serialize < 0 || opt.serialize > 2) {
1403 goto usage;
1404 }
1405 } else if (strcmp(p, "context_file") == 0) {
1406 opt.context_file = q;
1407 } else if (strcmp(p, "eap_tls") == 0) {
1408 opt.eap_tls = atoi(q);
1409 if (opt.eap_tls < 0 || opt.eap_tls > 1) {
1410 goto usage;
1411 }
1412 } else if (strcmp(p, "reproducible") == 0) {
1413 opt.reproducible = 1;
1414 } else if (strcmp(p, "nss_keylog") == 0) {
1415 opt.nss_keylog = atoi(q);
1416 if (opt.nss_keylog < 0 || opt.nss_keylog > 1) {
1417 goto usage;
1418 }
1419 } else if (strcmp(p, "nss_keylog_file") == 0) {
1420 opt.nss_keylog_file = q;
1421 } else if (strcmp(p, "skip_close_notify") == 0) {
1422 opt.skip_close_notify = atoi(q);
1423 if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) {
1424 goto usage;
1425 }
1426 } else if (strcmp(p, "use_srtp") == 0) {
1427 opt.use_srtp = atoi(q);
1428 } else if (strcmp(p, "srtp_force_profile") == 0) {
1429 opt.force_srtp_profile = atoi(q);
1430 } else if (strcmp(p, "mki") == 0) {
1431 opt.mki = q;
1432 } else if (strcmp(p, "key_opaque_algs") == 0) {
1433 if (key_opaque_alg_parse(q, &opt.key_opaque_alg1,
1434 &opt.key_opaque_alg2) != 0) {
1435 goto usage;
1436 }
1437 } else {
1438 /* This signals that the problem is with p not q */
1439 q = NULL;
1440 goto usage;
1441 }
1442 }
1443 /* This signals that any further errors are not with a single option */
1444 p = q = NULL;
1445
1446 if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
1447 mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
1448 goto usage;
1449 }
1450
1451 /* Event-driven IO is incompatible with the above custom
1452 * receive and send functions, as the polling builds on
1453 * refers to the underlying net_context. */
1454 if (opt.event == 1 && opt.nbio != 1) {
1455 mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n");
1456 opt.nbio = 1;
1457 }
1458
1459 #if defined(MBEDTLS_DEBUG_C)
1460 mbedtls_debug_set_threshold(opt.debug_level);
1461 #endif
1462
1463 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1464 /*
1465 * Unhexify the pre-shared key if any is given
1466 */
1467 if (strlen(opt.psk)) {
1468 if (mbedtls_test_unhexify(psk, sizeof(psk),
1469 opt.psk, &psk_len) != 0) {
1470 mbedtls_printf("pre-shared key not valid\n");
1471 goto exit;
1472 }
1473 }
1474 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
1475
1476 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1477 if (opt.psk_opaque != 0) {
1478 if (opt.psk == NULL) {
1479 mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
1480 ret = 2;
1481 goto usage;
1482 }
1483
1484 if (opt.force_ciphersuite[0] <= 0) {
1485 mbedtls_printf(
1486 "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
1487 ret = 2;
1488 goto usage;
1489 }
1490 }
1491 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1492
1493 if (opt.force_ciphersuite[0] > 0) {
1494 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
1495 ciphersuite_info =
1496 mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]);
1497
1498 if (opt.max_version != -1 &&
1499 ciphersuite_info->min_tls_version > opt.max_version) {
1500 mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
1501 ret = 2;
1502 goto usage;
1503 }
1504 if (opt.min_version != -1 &&
1505 ciphersuite_info->max_tls_version < opt.min_version) {
1506 mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
1507 ret = 2;
1508 goto usage;
1509 }
1510
1511 /* If the server selects a version that's not supported by
1512 * this suite, then there will be no common ciphersuite... */
1513 if (opt.max_version == -1 ||
1514 opt.max_version > ciphersuite_info->max_tls_version) {
1515 opt.max_version = ciphersuite_info->max_tls_version;
1516 }
1517 if (opt.min_version < ciphersuite_info->min_tls_version) {
1518 opt.min_version = ciphersuite_info->min_tls_version;
1519 /* DTLS starts with TLS 1.2 */
1520 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
1521 opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2) {
1522 opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
1523 }
1524 }
1525
1526 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1527 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1528 if (opt.psk_opaque != 0) {
1529 /* Determine KDF algorithm the opaque PSK will be used in. */
1530 #if defined(MBEDTLS_MD_CAN_SHA384)
1531 if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
1532 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
1533 } else
1534 #endif /* MBEDTLS_MD_CAN_SHA384 */
1535 alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
1536 }
1537 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
1538 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1539 }
1540
1541 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1542 if (mbedtls_test_unhexify(cid, sizeof(cid),
1543 opt.cid_val, &cid_len) != 0) {
1544 mbedtls_printf("CID not valid\n");
1545 goto exit;
1546 }
1547
1548 /* Keep CID settings for renegotiation unless
1549 * specified otherwise. */
1550 if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) {
1551 opt.cid_enabled_renego = opt.cid_enabled;
1552 }
1553 if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) {
1554 opt.cid_val_renego = opt.cid_val;
1555 }
1556
1557 if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego),
1558 opt.cid_val_renego, &cid_renego_len) != 0) {
1559 mbedtls_printf("CID not valid\n");
1560 goto exit;
1561 }
1562 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1563
1564 if (opt.groups != NULL) {
1565 if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) {
1566 goto exit;
1567 }
1568 }
1569
1570 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1571 if (opt.sig_algs != NULL) {
1572 p = (char *) opt.sig_algs;
1573 i = 0;
1574
1575 /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */
1576 while (i < SIG_ALG_LIST_SIZE - 1 && *p != '\0') {
1577 q = p;
1578
1579 /* Terminate the current string */
1580 while (*p != ',' && *p != '\0') {
1581 p++;
1582 }
1583 if (*p == ',') {
1584 *p++ = '\0';
1585 }
1586
1587 if (strcmp(q, "rsa_pkcs1_sha256") == 0) {
1588 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
1589 } else if (strcmp(q, "rsa_pkcs1_sha384") == 0) {
1590 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384;
1591 } else if (strcmp(q, "rsa_pkcs1_sha512") == 0) {
1592 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512;
1593 } else if (strcmp(q, "ecdsa_secp256r1_sha256") == 0) {
1594 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
1595 } else if (strcmp(q, "ecdsa_secp384r1_sha384") == 0) {
1596 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
1597 } else if (strcmp(q, "ecdsa_secp521r1_sha512") == 0) {
1598 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
1599 } else if (strcmp(q, "rsa_pss_rsae_sha256") == 0) {
1600 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
1601 } else if (strcmp(q, "rsa_pss_rsae_sha384") == 0) {
1602 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
1603 } else if (strcmp(q, "rsa_pss_rsae_sha512") == 0) {
1604 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
1605 } else if (strcmp(q, "ed25519") == 0) {
1606 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519;
1607 } else if (strcmp(q, "ed448") == 0) {
1608 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448;
1609 } else if (strcmp(q, "rsa_pss_pss_sha256") == 0) {
1610 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256;
1611 } else if (strcmp(q, "rsa_pss_pss_sha384") == 0) {
1612 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384;
1613 } else if (strcmp(q, "rsa_pss_pss_sha512") == 0) {
1614 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512;
1615 } else if (strcmp(q, "rsa_pkcs1_sha1") == 0) {
1616 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1;
1617 } else if (strcmp(q, "ecdsa_sha1") == 0) {
1618 sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1;
1619 } else {
1620 ret = -1;
1621 mbedtls_printf("unknown signature algorithm \"%s\"\n", q);
1622 mbedtls_print_supported_sig_algs();
1623 goto exit;
1624 }
1625 }
1626
1627 if (i == (SIG_ALG_LIST_SIZE - 1) && *p != '\0') {
1628 mbedtls_printf("signature algorithm list too long, maximum %d",
1629 SIG_ALG_LIST_SIZE - 1);
1630 goto exit;
1631 }
1632
1633 sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
1634 }
1635 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1636
1637 #if defined(MBEDTLS_SSL_ALPN)
1638 if (opt.alpn_string != NULL) {
1639 p = (char *) opt.alpn_string;
1640 i = 0;
1641
1642 /* Leave room for a final NULL in alpn_list */
1643 while (i < ALPN_LIST_SIZE - 1 && *p != '\0') {
1644 alpn_list[i++] = p;
1645
1646 /* Terminate the current string and move on to next one */
1647 while (*p != ',' && *p != '\0') {
1648 p++;
1649 }
1650 if (*p == ',') {
1651 *p++ = '\0';
1652 }
1653 }
1654 }
1655 #endif /* MBEDTLS_SSL_ALPN */
1656
1657 mbedtls_printf("build version: %s (build %d)\n",
1658 MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER);
1659
1660 /*
1661 * 0. Initialize the RNG and the session data
1662 */
1663 mbedtls_printf("\n . Seeding the random number generator...");
1664 fflush(stdout);
1665
1666 ret = rng_seed(&rng, opt.reproducible, pers);
1667 if (ret != 0) {
1668 goto exit;
1669 }
1670 mbedtls_printf(" ok\n");
1671
1672 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1673 /*
1674 * 1.1. Load the trusted CA
1675 */
1676 mbedtls_printf(" . Loading the CA root certificate ...");
1677 fflush(stdout);
1678
1679 if (strcmp(opt.ca_path, "none") == 0 ||
1680 strcmp(opt.ca_file, "none") == 0) {
1681 ret = 0;
1682 } else
1683 #if defined(MBEDTLS_FS_IO)
1684 if (strlen(opt.ca_path)) {
1685 ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path);
1686 } else if (strlen(opt.ca_file)) {
1687 ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
1688 } else
1689 #endif
1690 {
1691 #if defined(MBEDTLS_PEM_PARSE_C)
1692 for (i = 0; mbedtls_test_cas[i] != NULL; i++) {
1693 ret = mbedtls_x509_crt_parse(&cacert,
1694 (const unsigned char *) mbedtls_test_cas[i],
1695 mbedtls_test_cas_len[i]);
1696 if (ret != 0) {
1697 break;
1698 }
1699 }
1700 #endif /* MBEDTLS_PEM_PARSE_C */
1701 if (ret == 0) {
1702 for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
1703 ret = mbedtls_x509_crt_parse_der(&cacert,
1704 (const unsigned char *) mbedtls_test_cas_der[i],
1705 mbedtls_test_cas_der_len[i]);
1706 if (ret != 0) {
1707 break;
1708 }
1709 }
1710 }
1711 }
1712 if (ret < 0) {
1713 mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1714 (unsigned int) -ret);
1715 goto exit;
1716 }
1717
1718 mbedtls_printf(" ok (%d skipped)\n", ret);
1719
1720 /*
1721 * 1.2. Load own certificate and private key
1722 *
1723 * (can be skipped if client authentication is not required)
1724 */
1725 mbedtls_printf(" . Loading the client cert. and key...");
1726 fflush(stdout);
1727
1728 if (strcmp(opt.crt_file, "none") == 0) {
1729 ret = 0;
1730 } else
1731 #if defined(MBEDTLS_FS_IO)
1732 if (strlen(opt.crt_file)) {
1733 ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
1734 } else
1735 #endif
1736 { ret = mbedtls_x509_crt_parse(&clicert,
1737 (const unsigned char *) mbedtls_test_cli_crt,
1738 mbedtls_test_cli_crt_len); }
1739 if (ret != 0) {
1740 mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
1741 (unsigned int) -ret);
1742 goto exit;
1743 }
1744
1745 if (strcmp(opt.key_file, "none") == 0) {
1746 ret = 0;
1747 } else
1748 #if defined(MBEDTLS_FS_IO)
1749 if (strlen(opt.key_file)) {
1750 ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
1751 } else
1752 #endif
1753 { ret = mbedtls_pk_parse_key(&pkey,
1754 (const unsigned char *) mbedtls_test_cli_key,
1755 mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
1756 if (ret != 0) {
1757 mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
1758 (unsigned int) -ret);
1759 goto exit;
1760 }
1761
1762 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1763 if (opt.key_opaque != 0) {
1764 psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
1765 psa_key_usage_t usage = 0;
1766
1767 if (key_opaque_set_alg_usage(opt.key_opaque_alg1,
1768 opt.key_opaque_alg2,
1769 &psa_alg, &psa_alg2,
1770 &usage,
1771 mbedtls_pk_get_type(&pkey)) == 0) {
1772 ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot);
1773 if (ret != 0) {
1774 mbedtls_printf(" failed\n ! "
1775 "mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
1776 (unsigned int) -ret);
1777 goto exit;
1778 }
1779 }
1780 }
1781 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1782
1783 mbedtls_printf(" ok (key type: %s)\n",
1784 strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
1785 mbedtls_pk_get_name(&pkey) : "none");
1786 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1787
1788 /*
1789 * 2. Setup stuff
1790 */
1791 mbedtls_printf(" . Setting up the SSL/TLS structure...");
1792 fflush(stdout);
1793
1794 if ((ret = mbedtls_ssl_config_defaults(&conf,
1795 MBEDTLS_SSL_IS_CLIENT,
1796 opt.transport,
1797 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
1798 mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
1799 (unsigned int) -ret);
1800 goto exit;
1801 }
1802
1803 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1804 /* The default algorithms profile disables SHA-1, but our tests still
1805 rely on it heavily. */
1806 if (opt.allow_sha1 > 0) {
1807 crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1);
1808 mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test);
1809 mbedtls_ssl_conf_sig_algs(&conf, ssl_sig_algs_for_test);
1810 }
1811 if (opt.context_crt_cb == 0) {
1812 mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
1813 }
1814
1815 memset(peer_crt_info, 0, sizeof(peer_crt_info));
1816 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1817
1818 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
1819 if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) {
1820 if (opt.cid_enabled == 1 &&
1821 opt.cid_enabled_renego == 1 &&
1822 cid_len != cid_renego_len) {
1823 mbedtls_printf("CID length must not change during renegotiation\n");
1824 goto usage;
1825 }
1826
1827 if (opt.cid_enabled == 1) {
1828 ret = mbedtls_ssl_conf_cid(&conf, cid_len,
1829 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
1830 } else {
1831 ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len,
1832 MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
1833 }
1834
1835 if (ret != 0) {
1836 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
1837 (unsigned int) -ret);
1838 goto exit;
1839 }
1840 }
1841 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
1842
1843 if (opt.auth_mode != DFL_AUTH_MODE) {
1844 mbedtls_ssl_conf_authmode(&conf, opt.auth_mode);
1845 }
1846
1847 #if defined(MBEDTLS_SSL_PROTO_DTLS)
1848 if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) {
1849 mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min,
1850 opt.hs_to_max);
1851 }
1852
1853 if (opt.dgram_packing != DFL_DGRAM_PACKING) {
1854 mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing);
1855 }
1856 #endif /* MBEDTLS_SSL_PROTO_DTLS */
1857
1858 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
1859 if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) {
1860 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
1861 ret);
1862 goto exit;
1863 }
1864 #endif
1865
1866 #if defined(MBEDTLS_SSL_DTLS_SRTP)
1867 const mbedtls_ssl_srtp_profile forced_profile[] =
1868 { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
1869 if (opt.use_srtp == 1) {
1870 if (opt.force_srtp_profile != 0) {
1871 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile);
1872 } else {
1873 ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles);
1874 }
1875
1876 if (ret != 0) {
1877 mbedtls_printf(" failed\n ! "
1878 "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
1879 ret);
1880 goto exit;
1881 }
1882
1883 } else if (opt.force_srtp_profile != 0) {
1884 mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n");
1885 goto exit;
1886 }
1887 #endif /* MBEDTLS_SSL_DTLS_SRTP */
1888
1889 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
1890 if (opt.extended_ms != DFL_EXTENDED_MS) {
1891 mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms);
1892 }
1893 #endif
1894
1895 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
1896 if (opt.etm != DFL_ETM) {
1897 mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm);
1898 }
1899 #endif
1900
1901 #if defined(MBEDTLS_DHM_C)
1902 if (opt.dhmlen != DFL_DHMLEN) {
1903 mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen);
1904 }
1905 #endif
1906
1907 #if defined(MBEDTLS_SSL_ALPN)
1908 if (opt.alpn_string != NULL) {
1909 if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
1910 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
1911 ret);
1912 goto exit;
1913 }
1914 }
1915 #endif
1916
1917 if (opt.reproducible) {
1918 #if defined(MBEDTLS_HAVE_TIME)
1919 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
1920 mbedtls_platform_set_time(dummy_constant_time);
1921 #else
1922 fprintf(stderr, "Warning: reproducible option used without constant time\n");
1923 #endif
1924 #endif /* MBEDTLS_HAVE_TIME */
1925 }
1926 mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
1927 mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
1928
1929 mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
1930
1931 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
1932 mbedtls_ssl_conf_session_tickets(&conf, opt.tickets);
1933 #endif
1934
1935 if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
1936 mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
1937 }
1938
1939 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
1940 mbedtls_ssl_conf_tls13_key_exchange_modes(&conf, opt.tls13_kex_modes);
1941 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
1942
1943 if (opt.allow_legacy != DFL_ALLOW_LEGACY) {
1944 mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy);
1945 }
1946 #if defined(MBEDTLS_SSL_RENEGOTIATION)
1947 mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation);
1948 #endif
1949
1950 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1951 if (strcmp(opt.ca_path, "none") != 0 &&
1952 strcmp(opt.ca_file, "none") != 0) {
1953 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
1954 if (opt.ca_callback != 0) {
1955 mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert);
1956 } else
1957 #endif
1958 mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
1959 }
1960 if (strcmp(opt.crt_file, "none") != 0 &&
1961 strcmp(opt.key_file, "none") != 0) {
1962 if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
1963 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
1964 ret);
1965 goto exit;
1966 }
1967 }
1968 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
1969
1970 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
1971 (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
1972 defined(PSA_WANT_ALG_FFDH))
1973 if (opt.groups != NULL &&
1974 strcmp(opt.groups, "default") != 0) {
1975 mbedtls_ssl_conf_groups(&conf, group_list);
1976 }
1977 #endif
1978
1979 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
1980 if (opt.sig_algs != NULL) {
1981 mbedtls_ssl_conf_sig_algs(&conf, sig_alg_list);
1982 }
1983 #endif
1984
1985 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
1986 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1987 if (opt.psk_opaque != 0) {
1988 key_attributes = psa_key_attributes_init();
1989 psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
1990 psa_set_key_algorithm(&key_attributes, alg);
1991 psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
1992
1993 status = psa_import_key(&key_attributes, psk, psk_len, &slot);
1994 if (status != PSA_SUCCESS) {
1995 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
1996 goto exit;
1997 }
1998
1999 if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, slot,
2000 (const unsigned char *) opt.psk_identity,
2001 strlen(opt.psk_identity))) != 0) {
2002 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
2003 ret);
2004 goto exit;
2005 }
2006 } else
2007 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2008 if (psk_len > 0) {
2009 ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
2010 (const unsigned char *) opt.psk_identity,
2011 strlen(opt.psk_identity));
2012 if (ret != 0) {
2013 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret);
2014 goto exit;
2015 }
2016 }
2017 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
2018
2019 if (opt.min_version != DFL_MIN_VERSION) {
2020 mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version);
2021 }
2022
2023 if (opt.max_version != DFL_MAX_VERSION) {
2024 mbedtls_ssl_conf_max_tls_version(&conf, opt.max_version);
2025 }
2026
2027 #if defined(MBEDTLS_SSL_EARLY_DATA)
2028 if (opt.early_data != DFL_EARLY_DATA) {
2029 mbedtls_ssl_conf_early_data(&conf, opt.early_data);
2030 }
2031 #endif /* MBEDTLS_SSL_EARLY_DATA */
2032
2033 if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
2034 mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
2035 (unsigned int) -ret);
2036 goto exit;
2037 }
2038
2039 if (opt.eap_tls != 0) {
2040 mbedtls_ssl_set_export_keys_cb(&ssl, eap_tls_key_derivation,
2041 &eap_tls_keying);
2042 } else if (opt.nss_keylog != 0) {
2043 mbedtls_ssl_set_export_keys_cb(&ssl,
2044 nss_keylog_export,
2045 NULL);
2046 }
2047 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2048 else if (opt.use_srtp != 0) {
2049 mbedtls_ssl_set_export_keys_cb(&ssl, dtls_srtp_key_derivation,
2050 &dtls_srtp_keying);
2051 }
2052 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2053
2054 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2055 if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
2056 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
2057 ret);
2058 goto exit;
2059 }
2060 #endif
2061
2062 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
2063 if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
2064 #if defined(MBEDTLS_USE_PSA_CRYPTO)
2065 if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
2066 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
2067
2068 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
2069 psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
2070 psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
2071
2072 status = psa_import_key(&attributes,
2073 (const unsigned char *) opt.ecjpake_pw,
2074 strlen(opt.ecjpake_pw),
2075 &ecjpake_pw_slot);
2076 if (status != PSA_SUCCESS) {
2077 mbedtls_printf(" failed\n ! psa_import_key returned %d\n\n",
2078 status);
2079 goto exit;
2080 }
2081 if ((ret = mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl,
2082 ecjpake_pw_slot)) != 0) {
2083 mbedtls_printf(
2084 " failed\n ! mbedtls_ssl_set_hs_ecjpake_password_opaque returned %d\n\n",
2085 ret);
2086 goto exit;
2087 }
2088 mbedtls_printf("using opaque password\n");
2089 } else
2090 #endif /* MBEDTLS_USE_PSA_CRYPTO */
2091 {
2092 if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
2093 (const unsigned char *) opt.ecjpake_pw,
2094 strlen(opt.ecjpake_pw))) != 0) {
2095 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
2096 ret);
2097 goto exit;
2098 }
2099 }
2100 }
2101 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
2102
2103 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2104 if (opt.context_crt_cb == 1) {
2105 mbedtls_ssl_set_verify(&ssl, my_verify, NULL);
2106 }
2107 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2108
2109 io_ctx.ssl = &ssl;
2110 io_ctx.net = &server_fd;
2111 mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb,
2112 opt.nbio == 0 ? recv_timeout_cb : NULL);
2113
2114 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2115 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2116 if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled,
2117 cid, cid_len)) != 0) {
2118 mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2119 ret);
2120 goto exit;
2121 }
2122 }
2123 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2124
2125 #if defined(MBEDTLS_SSL_PROTO_DTLS)
2126 if (opt.dtls_mtu != DFL_DTLS_MTU) {
2127 mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu);
2128 }
2129 #endif
2130
2131 #if defined(MBEDTLS_TIMING_C)
2132 mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
2133 mbedtls_timing_get_delay);
2134 #endif
2135
2136 #if defined(MBEDTLS_ECP_RESTARTABLE)
2137 if (opt.ec_max_ops != DFL_EC_MAX_OPS) {
2138 mbedtls_ecp_set_max_ops(opt.ec_max_ops);
2139 }
2140 #endif
2141
2142 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2143 if (opt.use_srtp != 0 && strlen(opt.mki) != 0) {
2144 if (mbedtls_test_unhexify(mki, sizeof(mki),
2145 opt.mki, &mki_len) != 0) {
2146 mbedtls_printf("mki value not valid hex\n");
2147 goto exit;
2148 }
2149
2150 mbedtls_ssl_conf_srtp_mki_value_supported(&conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED);
2151 if ((ret = mbedtls_ssl_dtls_srtp_set_mki_value(&ssl, mki,
2152 (uint16_t) strlen(opt.mki) / 2)) != 0) {
2153 mbedtls_printf(" failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret);
2154 goto exit;
2155 }
2156 }
2157 #endif
2158
2159 mbedtls_printf(" ok\n");
2160
2161 /*
2162 * 3. Start the connection
2163 */
2164 if (opt.server_addr == NULL) {
2165 opt.server_addr = opt.server_name;
2166 }
2167
2168 mbedtls_printf(" . Connecting to %s/%s/%s...",
2169 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
2170 opt.server_addr, opt.server_port);
2171 fflush(stdout);
2172
2173 if ((ret = mbedtls_net_connect(&server_fd,
2174 opt.server_addr, opt.server_port,
2175 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
2176 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
2177 mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
2178 (unsigned int) -ret);
2179 goto exit;
2180 }
2181
2182 if (opt.nbio > 0) {
2183 ret = mbedtls_net_set_nonblock(&server_fd);
2184 } else {
2185 ret = mbedtls_net_set_block(&server_fd);
2186 }
2187 if (ret != 0) {
2188 mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
2189 (unsigned int) -ret);
2190 goto exit;
2191 }
2192
2193 mbedtls_printf(" ok\n");
2194
2195 /*
2196 * 4. Handshake
2197 */
2198 mbedtls_printf(" . Performing the SSL/TLS handshake...");
2199 fflush(stdout);
2200
2201 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
2202 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2203 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2204 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2205 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
2206 (unsigned int) -ret);
2207 if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
2208 mbedtls_printf(
2209 " Unable to verify the server's certificate. "
2210 "Either it is invalid,\n"
2211 " or you didn't set ca_file or ca_path "
2212 "to an appropriate value.\n"
2213 " Alternatively, you may want to use "
2214 "auth_mode=optional for testing purposes if "
2215 "not using TLS 1.3.\n"
2216 " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`"
2217 "or other folder that has root certificates\n");
2218 }
2219 mbedtls_printf("\n");
2220 goto exit;
2221 }
2222
2223 #if defined(MBEDTLS_ECP_RESTARTABLE)
2224 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2225 continue;
2226 }
2227 #endif
2228
2229 /* For event-driven IO, wait for socket to become available */
2230 if (opt.event == 1 /* level triggered IO */) {
2231 #if defined(MBEDTLS_TIMING_C)
2232 ret = idle(&server_fd, &timer, ret);
2233 #else
2234 ret = idle(&server_fd, ret);
2235 #endif
2236 if (ret != 0) {
2237 goto exit;
2238 }
2239 }
2240 }
2241
2242 {
2243 int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&ssl);
2244 const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
2245 ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id);
2246
2247 mbedtls_printf(" ok\n [ Protocol is %s ]\n"
2248 " [ Ciphersuite is %s ]\n"
2249 " [ Key size is %u ]\n",
2250 mbedtls_ssl_get_version(&ssl),
2251 mbedtls_ssl_ciphersuite_get_name(ciphersuite_info),
2252 (unsigned int)
2253 mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info));
2254 }
2255
2256 if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) {
2257 mbedtls_printf(" [ Record expansion is %d ]\n", ret);
2258 } else {
2259 mbedtls_printf(" [ Record expansion is unknown ]\n");
2260 }
2261
2262 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
2263 mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n",
2264 (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl));
2265 mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n",
2266 (unsigned int) mbedtls_ssl_get_max_out_record_payload(&ssl));
2267 #endif
2268
2269 #if defined(MBEDTLS_SSL_ALPN)
2270 if (opt.alpn_string != NULL) {
2271 const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl);
2272 mbedtls_printf(" [ Application Layer Protocol is %s ]\n",
2273 alp ? alp : "(none)");
2274 }
2275 #endif
2276
2277 if (opt.eap_tls != 0) {
2278 size_t j = 0;
2279
2280 if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type,
2281 eap_tls_keying.master_secret,
2282 sizeof(eap_tls_keying.master_secret),
2283 eap_tls_label,
2284 eap_tls_keying.randbytes,
2285 sizeof(eap_tls_keying.randbytes),
2286 eap_tls_keymaterial,
2287 sizeof(eap_tls_keymaterial)))
2288 != 0) {
2289 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2290 (unsigned int) -ret);
2291 goto exit;
2292 }
2293
2294 mbedtls_printf(" EAP-TLS key material is:");
2295 for (j = 0; j < sizeof(eap_tls_keymaterial); j++) {
2296 if (j % 8 == 0) {
2297 mbedtls_printf("\n ");
2298 }
2299 mbedtls_printf("%02x ", eap_tls_keymaterial[j]);
2300 }
2301 mbedtls_printf("\n");
2302
2303 if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0,
2304 eap_tls_label,
2305 eap_tls_keying.randbytes,
2306 sizeof(eap_tls_keying.randbytes),
2307 eap_tls_iv,
2308 sizeof(eap_tls_iv))) != 0) {
2309 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2310 (unsigned int) -ret);
2311 goto exit;
2312 }
2313
2314 mbedtls_printf(" EAP-TLS IV is:");
2315 for (j = 0; j < sizeof(eap_tls_iv); j++) {
2316 if (j % 8 == 0) {
2317 mbedtls_printf("\n ");
2318 }
2319 mbedtls_printf("%02x ", eap_tls_iv[j]);
2320 }
2321 mbedtls_printf("\n");
2322 }
2323
2324 #if defined(MBEDTLS_SSL_DTLS_SRTP)
2325 else if (opt.use_srtp != 0) {
2326 size_t j = 0;
2327 mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
2328 mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result);
2329
2330 if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
2331 == MBEDTLS_TLS_SRTP_UNSET) {
2332 mbedtls_printf(" Unable to negotiate "
2333 "the use of DTLS-SRTP\n");
2334 } else {
2335 if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type,
2336 dtls_srtp_keying.master_secret,
2337 sizeof(dtls_srtp_keying.master_secret),
2338 dtls_srtp_label,
2339 dtls_srtp_keying.randbytes,
2340 sizeof(dtls_srtp_keying.randbytes),
2341 dtls_srtp_key_material,
2342 sizeof(dtls_srtp_key_material)))
2343 != 0) {
2344 mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
2345 (unsigned int) -ret);
2346 goto exit;
2347 }
2348
2349 mbedtls_printf(" DTLS-SRTP key material is:");
2350 for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
2351 if (j % 8 == 0) {
2352 mbedtls_printf("\n ");
2353 }
2354 mbedtls_printf("%02x ", dtls_srtp_key_material[j]);
2355 }
2356 mbedtls_printf("\n");
2357
2358 /* produce a less readable output used to perform automatic checks
2359 * - compare client and server output
2360 * - interop test with openssl which client produces this kind of output
2361 */
2362 mbedtls_printf(" Keying material: ");
2363 for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
2364 mbedtls_printf("%02X", dtls_srtp_key_material[j]);
2365 }
2366 mbedtls_printf("\n");
2367
2368 if (dtls_srtp_negotiation_result.mki_len > 0) {
2369 mbedtls_printf(" DTLS-SRTP mki value: ");
2370 for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) {
2371 mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]);
2372 }
2373 } else {
2374 mbedtls_printf(" DTLS-SRTP no mki value negotiated");
2375 }
2376 mbedtls_printf("\n");
2377 }
2378 }
2379 #endif /* MBEDTLS_SSL_DTLS_SRTP */
2380 if (opt.reconnect != 0 && ssl.tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
2381 mbedtls_printf(" . Saving session for reuse...");
2382 fflush(stdout);
2383
2384 if (opt.reco_mode == 1) {
2385 if ((ret = ssl_save_session_serialize(&ssl,
2386 &session_data, &session_data_len)) != 0) {
2387 mbedtls_printf(" failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
2388 (unsigned int) -ret);
2389 goto exit;
2390 }
2391
2392 } else {
2393 if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) {
2394 mbedtls_printf(" failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2395 (unsigned int) -ret);
2396 goto exit;
2397 }
2398 }
2399
2400 mbedtls_printf(" ok\n");
2401
2402 if (opt.reco_mode == 1) {
2403 mbedtls_printf(" [ Saved %u bytes of session data]\n",
2404 (unsigned) session_data_len);
2405 }
2406 }
2407
2408 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2409 /*
2410 * 5. Verify the server certificate
2411 */
2412 mbedtls_printf(" . Verifying peer X.509 certificate...");
2413
2414 if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
2415 char vrfy_buf[512];
2416 mbedtls_printf(" failed\n");
2417
2418 x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf),
2419 " ! ", flags);
2420
2421 mbedtls_printf("%s\n", vrfy_buf);
2422 } else {
2423 mbedtls_printf(" ok\n");
2424 }
2425
2426 #if !defined(MBEDTLS_X509_REMOVE_INFO)
2427 mbedtls_printf(" . Peer certificate information ...\n");
2428 mbedtls_printf("%s\n", peer_crt_info);
2429 #endif /* !MBEDTLS_X509_REMOVE_INFO */
2430 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2431
2432 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2433 ret = report_cid_usage(&ssl, "initial handshake");
2434 if (ret != 0) {
2435 goto exit;
2436 }
2437
2438 if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
2439 if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego,
2440 cid_renego,
2441 cid_renego_len)) != 0) {
2442 mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
2443 ret);
2444 goto exit;
2445 }
2446 }
2447 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2448
2449 #if defined(MBEDTLS_SSL_RENEGOTIATION)
2450 if (opt.renegotiate) {
2451 /*
2452 * Perform renegotiation (this must be done when the server is waiting
2453 * for input from our side).
2454 */
2455 mbedtls_printf(" . Performing renegotiation...");
2456 fflush(stdout);
2457 while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) {
2458 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2459 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2460 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2461 mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
2462 ret);
2463 goto exit;
2464 }
2465
2466 #if defined(MBEDTLS_ECP_RESTARTABLE)
2467 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2468 continue;
2469 }
2470 #endif
2471
2472 /* For event-driven IO, wait for socket to become available */
2473 if (opt.event == 1 /* level triggered IO */) {
2474 #if defined(MBEDTLS_TIMING_C)
2475 idle(&server_fd, &timer, ret);
2476 #else
2477 idle(&server_fd, ret);
2478 #endif
2479 }
2480
2481 }
2482 mbedtls_printf(" ok\n");
2483 }
2484 #endif /* MBEDTLS_SSL_RENEGOTIATION */
2485
2486 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
2487 ret = report_cid_usage(&ssl, "after renegotiation");
2488 if (ret != 0) {
2489 goto exit;
2490 }
2491 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
2492
2493 /*
2494 * 6. Write the GET request
2495 */
2496 retry_left = opt.max_resend;
2497 send_request:
2498 mbedtls_printf(" > Write to server:");
2499 fflush(stdout);
2500
2501 ret = build_http_request(buf, sizeof(buf) - 1, &len);
2502 if (ret != 0) {
2503 goto exit;
2504 }
2505
2506 if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
2507 written = 0;
2508 frags = 0;
2509
2510 do {
2511 while ((ret = mbedtls_ssl_write(&ssl, buf + written,
2512 len - written)) < 0) {
2513 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2514 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2515 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2516 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
2517 (unsigned int) -ret);
2518 goto exit;
2519 }
2520
2521 /* For event-driven IO, wait for socket to become available */
2522 if (opt.event == 1 /* level triggered IO */) {
2523 #if defined(MBEDTLS_TIMING_C)
2524 idle(&server_fd, &timer, ret);
2525 #else
2526 idle(&server_fd, ret);
2527 #endif
2528 }
2529 }
2530
2531 frags++;
2532 written += ret;
2533 } while (written < len);
2534 } else { /* Not stream, so datagram */
2535 while (1) {
2536 ret = mbedtls_ssl_write(&ssl, buf, len);
2537
2538 #if defined(MBEDTLS_ECP_RESTARTABLE)
2539 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2540 continue;
2541 }
2542 #endif
2543
2544 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2545 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
2546 break;
2547 }
2548
2549 /* For event-driven IO, wait for socket to become available */
2550 if (opt.event == 1 /* level triggered IO */) {
2551 #if defined(MBEDTLS_TIMING_C)
2552 idle(&server_fd, &timer, ret);
2553 #else
2554 idle(&server_fd, ret);
2555 #endif
2556 }
2557 }
2558
2559 if (ret < 0) {
2560 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n",
2561 ret);
2562 goto exit;
2563 }
2564
2565 frags = 1;
2566 written = ret;
2567
2568 if (written < len) {
2569 mbedtls_printf(" warning\n ! request didn't fit into single datagram and "
2570 "was truncated to size %u", (unsigned) written);
2571 }
2572 }
2573
2574 buf[written] = '\0';
2575 mbedtls_printf(
2576 " %" MBEDTLS_PRINTF_SIZET " bytes written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n",
2577 written,
2578 frags,
2579 (char *) buf);
2580
2581 /* Send a non-empty request if request_size == 0 */
2582 if (len == 0) {
2583 opt.request_size = DFL_REQUEST_SIZE;
2584 goto send_request;
2585 }
2586
2587 /*
2588 * 7. Read the HTTP response
2589 */
2590
2591 /*
2592 * TLS and DTLS need different reading styles (stream vs datagram)
2593 */
2594 if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
2595 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
2596 int ticket_id = 0;
2597 #endif
2598 do {
2599 len = sizeof(buf) - 1;
2600 memset(buf, 0, sizeof(buf));
2601 ret = mbedtls_ssl_read(&ssl, buf, len);
2602
2603 #if defined(MBEDTLS_ECP_RESTARTABLE)
2604 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2605 continue;
2606 }
2607 #endif
2608
2609 if (ret == MBEDTLS_ERR_SSL_WANT_READ ||
2610 ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
2611 /* For event-driven IO, wait for socket to become available */
2612 if (opt.event == 1 /* level triggered IO */) {
2613 #if defined(MBEDTLS_TIMING_C)
2614 idle(&server_fd, &timer, ret);
2615 #else
2616 idle(&server_fd, ret);
2617 #endif
2618 }
2619 continue;
2620 }
2621
2622 if (ret <= 0) {
2623 switch (ret) {
2624 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2625 mbedtls_printf(" connection was closed gracefully\n");
2626 ret = 0;
2627 goto close_notify;
2628
2629 case 0:
2630 case MBEDTLS_ERR_NET_CONN_RESET:
2631 mbedtls_printf(" connection was reset by peer\n");
2632 ret = 0;
2633 goto reconnect;
2634
2635 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
2636
2637 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
2638 case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
2639 /* We were waiting for application data but got
2640 * a NewSessionTicket instead. */
2641 mbedtls_printf(" got new session ticket ( %d ).\n",
2642 ticket_id++);
2643 if (opt.reconnect != 0) {
2644 mbedtls_printf(" . Saving session for reuse...");
2645 fflush(stdout);
2646
2647 if (opt.reco_mode == 1) {
2648 if ((ret = ssl_save_session_serialize(&ssl,
2649 &session_data,
2650 &session_data_len)) != 0) {
2651 mbedtls_printf(
2652 " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
2653 (unsigned int) -ret);
2654 goto exit;
2655 }
2656 } else {
2657 if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) {
2658 mbedtls_printf(
2659 " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
2660 (unsigned int) -ret);
2661 goto exit;
2662 }
2663 }
2664
2665 mbedtls_printf(" ok\n");
2666
2667 if (opt.reco_mode == 1) {
2668 mbedtls_printf(" [ Saved %u bytes of session data]\n",
2669 (unsigned) session_data_len);
2670 }
2671 }
2672 continue;
2673 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
2674
2675 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
2676
2677 default:
2678 mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n",
2679 (unsigned int) -ret);
2680 goto exit;
2681 }
2682 }
2683
2684 len = ret;
2685 buf[len] = '\0';
2686 mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s",
2687 len,
2688 (char *) buf);
2689 fflush(stdout);
2690 /* End of message should be detected according to the syntax of the
2691 * application protocol (eg HTTP), just use a dummy test here. */
2692 if (ret > 0 && buf[len-1] == '\n') {
2693 ret = 0;
2694 break;
2695 }
2696 } while (1);
2697 } else { /* Not stream, so datagram */
2698 len = sizeof(buf) - 1;
2699 memset(buf, 0, sizeof(buf));
2700
2701 while (1) {
2702 ret = mbedtls_ssl_read(&ssl, buf, len);
2703
2704 #if defined(MBEDTLS_ECP_RESTARTABLE)
2705 if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2706 continue;
2707 }
2708 #endif
2709
2710 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2711 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
2712 break;
2713 }
2714
2715 /* For event-driven IO, wait for socket to become available */
2716 if (opt.event == 1 /* level triggered IO */) {
2717 #if defined(MBEDTLS_TIMING_C)
2718 idle(&server_fd, &timer, ret);
2719 #else
2720 idle(&server_fd, ret);
2721 #endif
2722 }
2723 }
2724
2725 if (ret <= 0) {
2726 switch (ret) {
2727 case MBEDTLS_ERR_SSL_TIMEOUT:
2728 mbedtls_printf(" timeout\n");
2729 if (retry_left-- > 0) {
2730 goto send_request;
2731 }
2732 goto exit;
2733
2734 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
2735 mbedtls_printf(" connection was closed gracefully\n");
2736 ret = 0;
2737 goto close_notify;
2738
2739 default:
2740 mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
2741 goto exit;
2742 }
2743 }
2744
2745 len = ret;
2746 buf[len] = '\0';
2747 mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s",
2748 len,
2749 (char *) buf);
2750 ret = 0;
2751 }
2752
2753 /*
2754 * 7b. Simulate hard reset and reconnect from same port?
2755 */
2756 if (opt.reconnect_hard != 0) {
2757 opt.reconnect_hard = 0;
2758
2759 mbedtls_printf(" . Restarting connection from same port...");
2760 fflush(stdout);
2761
2762 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2763 memset(peer_crt_info, 0, sizeof(peer_crt_info));
2764 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2765
2766 if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
2767 mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2768 (unsigned int) -ret);
2769 goto exit;
2770 }
2771
2772 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
2773 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
2774 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
2775 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
2776 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
2777 (unsigned int) -ret);
2778 goto exit;
2779 }
2780
2781 /* For event-driven IO, wait for socket to become available */
2782 if (opt.event == 1 /* level triggered IO */) {
2783 #if defined(MBEDTLS_TIMING_C)
2784 idle(&server_fd, &timer, ret);
2785 #else
2786 idle(&server_fd, ret);
2787 #endif
2788 }
2789 }
2790
2791 mbedtls_printf(" ok\n");
2792
2793 goto send_request;
2794 }
2795
2796 /*
2797 * 7c. Simulate serialize/deserialize and go back to data exchange
2798 */
2799 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
2800 if (opt.serialize != 0) {
2801 size_t buf_len;
2802
2803 mbedtls_printf(" . Serializing live connection...");
2804
2805 ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len);
2806 if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
2807 mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
2808 "-0x%x\n\n", (unsigned int) -ret);
2809
2810 goto exit;
2811 }
2812
2813 if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) {
2814 mbedtls_printf(" failed\n ! Couldn't allocate buffer for "
2815 "serialized context");
2816
2817 goto exit;
2818 }
2819 context_buf_len = buf_len;
2820
2821 if ((ret = mbedtls_ssl_context_save(&ssl, context_buf,
2822 buf_len, &buf_len)) != 0) {
2823 mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
2824 "-0x%x\n\n", (unsigned int) -ret);
2825
2826 goto exit;
2827 }
2828
2829 mbedtls_printf(" ok\n");
2830
2831 /* Save serialized context to the 'opt.context_file' as a base64 code */
2832 if (0 < strlen(opt.context_file)) {
2833 FILE *b64_file;
2834 uint8_t *b64_buf;
2835 size_t b64_len;
2836
2837 mbedtls_printf(" . Save serialized context to a file... ");
2838
2839 mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len);
2840
2841 if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) {
2842 mbedtls_printf("failed\n ! Couldn't allocate buffer for "
2843 "the base64 code\n");
2844 goto exit;
2845 }
2846
2847 if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len,
2848 context_buf, buf_len)) != 0) {
2849 mbedtls_printf("failed\n ! mbedtls_base64_encode returned "
2850 "-0x%x\n", (unsigned int) -ret);
2851 mbedtls_free(b64_buf);
2852 goto exit;
2853 }
2854
2855 if ((b64_file = fopen(opt.context_file, "w")) == NULL) {
2856 mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n",
2857 opt.context_file);
2858 mbedtls_free(b64_buf);
2859 goto exit;
2860 }
2861
2862 if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) {
2863 mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n",
2864 (long) b64_len);
2865 mbedtls_free(b64_buf);
2866 fclose(b64_file);
2867 goto exit;
2868 }
2869
2870 mbedtls_free(b64_buf);
2871 fclose(b64_file);
2872
2873 mbedtls_printf("ok\n");
2874 }
2875
2876 if (opt.serialize == 1) {
2877 /* nothing to do here, done by context_save() already */
2878 mbedtls_printf(" . Context has been reset... ok\n");
2879 }
2880
2881 if (opt.serialize == 2) {
2882 mbedtls_printf(" . Freeing and reinitializing context...");
2883
2884 mbedtls_ssl_free(&ssl);
2885
2886 mbedtls_ssl_init(&ssl);
2887
2888 if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
2889 mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned "
2890 "-0x%x\n\n", (unsigned int) -ret);
2891 goto exit;
2892 }
2893
2894 if (opt.nbio == 2) {
2895 mbedtls_ssl_set_bio(&ssl, &server_fd, delayed_send,
2896 delayed_recv, NULL);
2897 } else {
2898 mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send,
2899 mbedtls_net_recv,
2900 opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL);
2901 }
2902
2903 #if defined(MBEDTLS_TIMING_C)
2904 mbedtls_ssl_set_timer_cb(&ssl, &timer,
2905 mbedtls_timing_set_delay,
2906 mbedtls_timing_get_delay);
2907 #endif /* MBEDTLS_TIMING_C */
2908
2909 mbedtls_printf(" ok\n");
2910 }
2911
2912 mbedtls_printf(" . Deserializing connection...");
2913
2914 if ((ret = mbedtls_ssl_context_load(&ssl, context_buf,
2915 buf_len)) != 0) {
2916 mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned "
2917 "-0x%x\n\n", (unsigned int) -ret);
2918
2919 goto exit;
2920 }
2921
2922 mbedtls_free(context_buf);
2923 context_buf = NULL;
2924 context_buf_len = 0;
2925
2926 mbedtls_printf(" ok\n");
2927 }
2928 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
2929
2930 /*
2931 * 7d. Continue doing data exchanges?
2932 */
2933 if (--opt.exchanges > 0) {
2934 goto send_request;
2935 }
2936
2937 /*
2938 * 8. Done, cleanly close the connection
2939 */
2940 close_notify:
2941 mbedtls_printf(" . Closing the connection...");
2942 fflush(stdout);
2943
2944 /*
2945 * Most of the time sending a close_notify before closing is the right
2946 * thing to do. However, when the server already knows how many messages
2947 * are expected and closes the connection by itself, this alert becomes
2948 * redundant. Sometimes with DTLS this redundancy becomes a problem by
2949 * leading to a race condition where the server might close the connection
2950 * before seeing the alert, and since UDP is connection-less when the
2951 * alert arrives it will be seen as a new connection, which will fail as
2952 * the alert is clearly not a valid ClientHello. This may cause spurious
2953 * failures in tests that use DTLS and resumption with ssl_server2 in
2954 * ssl-opt.sh, avoided by enabling skip_close_notify client-side.
2955 */
2956 if (opt.skip_close_notify == 0) {
2957 /* No error checking, the connection might be closed already */
2958 do {
2959 ret = mbedtls_ssl_close_notify(&ssl);
2960 } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
2961 ret = 0;
2962 }
2963
2964 mbedtls_printf(" done\n");
2965
2966 /*
2967 * 9. Reconnect?
2968 */
2969 reconnect:
2970 if (opt.reconnect != 0) {
2971 --opt.reconnect;
2972
2973 mbedtls_net_free(&server_fd);
2974
2975 #if defined(MBEDTLS_TIMING_C)
2976 if (opt.reco_delay > 0) {
2977 mbedtls_net_usleep(1000 * opt.reco_delay);
2978 }
2979 #endif
2980
2981 mbedtls_printf(" . Reconnecting with saved session...");
2982
2983 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
2984 memset(peer_crt_info, 0, sizeof(peer_crt_info));
2985 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
2986
2987 if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
2988 mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
2989 (unsigned int) -ret);
2990 goto exit;
2991 }
2992
2993 if (opt.reco_mode == 1) {
2994 if ((ret = mbedtls_ssl_session_load(&saved_session,
2995 session_data,
2996 session_data_len)) != 0) {
2997 mbedtls_printf(" failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
2998 (unsigned int) -ret);
2999 goto exit;
3000 }
3001 }
3002
3003 if ((ret = mbedtls_ssl_set_session(&ssl, &saved_session)) != 0) {
3004 mbedtls_printf(" failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
3005 (unsigned int) -ret);
3006 goto exit;
3007 }
3008
3009 #if defined(MBEDTLS_X509_CRT_PARSE_C)
3010 if (opt.reco_server_name != NULL &&
3011 (ret = mbedtls_ssl_set_hostname(&ssl,
3012 opt.reco_server_name)) != 0) {
3013 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
3014 ret);
3015 goto exit;
3016 }
3017 #endif
3018
3019 if ((ret = mbedtls_net_connect(&server_fd,
3020 opt.server_addr, opt.server_port,
3021 opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
3022 MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
3023 mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
3024 (unsigned int) -ret);
3025 goto exit;
3026 }
3027
3028 if (opt.nbio > 0) {
3029 ret = mbedtls_net_set_nonblock(&server_fd);
3030 } else {
3031 ret = mbedtls_net_set_block(&server_fd);
3032 }
3033 if (ret != 0) {
3034 mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
3035 (unsigned int) -ret);
3036 goto exit;
3037 }
3038
3039 ret = build_http_request(buf, sizeof(buf) - 1, &len);
3040 if (ret != 0) {
3041 goto exit;
3042 }
3043
3044 #if defined(MBEDTLS_SSL_EARLY_DATA)
3045 if (ssl.conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
3046 frags = 0;
3047 written = 0;
3048 do {
3049 while ((ret = mbedtls_ssl_write_early_data(&ssl, buf + written,
3050 len - written)) < 0) {
3051 if (ret == MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) {
3052 goto end_of_early_data;
3053 }
3054 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
3055 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
3056 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
3057 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
3058 (unsigned int) -ret);
3059 goto exit;
3060 }
3061
3062 /* For event-driven IO, wait for socket to become available */
3063 if (opt.event == 1 /* level triggered IO */) {
3064 #if defined(MBEDTLS_TIMING_C)
3065 idle(&server_fd, &timer, ret);
3066 #else
3067 idle(&server_fd, ret);
3068 #endif
3069 }
3070 }
3071
3072 frags++;
3073 written += ret;
3074 } while (written < len);
3075
3076 end_of_early_data:
3077
3078 buf[written] = '\0';
3079 mbedtls_printf(
3080 " %" MBEDTLS_PRINTF_SIZET " bytes of early data written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n",
3081 written,
3082 frags,
3083 (char *) buf);
3084 }
3085 #endif /* MBEDTLS_SSL_EARLY_DATA */
3086
3087 while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
3088 if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
3089 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
3090 ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
3091 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
3092 (unsigned int) -ret);
3093 goto exit;
3094 }
3095 }
3096
3097 mbedtls_printf(" ok\n");
3098
3099 goto send_request;
3100 }
3101
3102 /*
3103 * Cleanup and exit
3104 */
3105 exit:
3106 #ifdef MBEDTLS_ERROR_C
3107 if (ret != 0) {
3108 char error_buf[100];
3109 mbedtls_strerror(ret, error_buf, 100);
3110 mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf);
3111 }
3112 #endif
3113
3114 mbedtls_net_free(&server_fd);
3115
3116 mbedtls_ssl_free(&ssl);
3117 mbedtls_ssl_config_free(&conf);
3118 mbedtls_ssl_session_free(&saved_session);
3119
3120 if (session_data != NULL) {
3121 mbedtls_platform_zeroize(session_data, session_data_len);
3122 }
3123 mbedtls_free(session_data);
3124 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
3125 if (context_buf != NULL) {
3126 mbedtls_platform_zeroize(context_buf, context_buf_len);
3127 }
3128 mbedtls_free(context_buf);
3129 #endif
3130
3131 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
3132 mbedtls_x509_crt_free(&clicert);
3133 mbedtls_x509_crt_free(&cacert);
3134 mbedtls_pk_free(&pkey);
3135 #if defined(MBEDTLS_USE_PSA_CRYPTO)
3136 psa_destroy_key(key_slot);
3137 #endif
3138 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
3139
3140 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
3141 defined(MBEDTLS_USE_PSA_CRYPTO)
3142 if (opt.psk_opaque != 0) {
3143 /* This is ok even if the slot hasn't been
3144 * initialized (we might have jumed here
3145 * immediately because of bad cmd line params,
3146 * for example). */
3147 status = psa_destroy_key(slot);
3148 if ((status != PSA_SUCCESS) &&
3149 (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
3150 mbedtls_printf("Failed to destroy key slot %u - error was %d",
3151 (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot),
3152 (int) status);
3153 if (ret == 0) {
3154 ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
3155 }
3156 }
3157 }
3158 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
3159 MBEDTLS_USE_PSA_CRYPTO */
3160
3161 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
3162 defined(MBEDTLS_USE_PSA_CRYPTO)
3163 /*
3164 * In case opaque keys it's the user responsibility to keep the key valid
3165 * for the duration of the handshake and destroy it at the end
3166 */
3167 if ((opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE)) {
3168 psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
3169
3170 /* Verify that the key is still valid before destroying it */
3171 if (psa_get_key_attributes(ecjpake_pw_slot, &check_attributes) !=
3172 PSA_SUCCESS) {
3173 if (ret == 0) {
3174 ret = 1;
3175 }
3176 mbedtls_printf("The EC J-PAKE password key has unexpectedly been already destroyed\n");
3177 } else {
3178 psa_destroy_key(ecjpake_pw_slot);
3179 }
3180 }
3181 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
3182
3183 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
3184 const char *message = mbedtls_test_helper_is_psa_leaking();
3185 if (message) {
3186 if (ret == 0) {
3187 ret = 1;
3188 }
3189 mbedtls_printf("PSA memory leak detected: %s\n", message);
3190 }
3191 #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
3192
3193 /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
3194 * resources are freed by rng_free(). */
3195 #if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
3196 !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
3197 mbedtls_psa_crypto_free();
3198 #endif
3199
3200 rng_free(&rng);
3201
3202 #if defined(MBEDTLS_TEST_HOOKS)
3203 if (test_hooks_failure_detected()) {
3204 if (ret == 0) {
3205 ret = 1;
3206 }
3207 mbedtls_printf("Test hooks detected errors.\n");
3208 }
3209 test_hooks_free();
3210 #endif /* MBEDTLS_TEST_HOOKS */
3211
3212 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
3213 #if defined(MBEDTLS_MEMORY_DEBUG)
3214 mbedtls_memory_buffer_alloc_status();
3215 #endif
3216 mbedtls_memory_buffer_alloc_free();
3217 #endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
3218
3219 // Shell can not handle large exit numbers -> 1 for errors
3220 if (ret < 0) {
3221 ret = 1;
3222 }
3223
3224 if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
3225 mbedtls_exit(ret);
3226 } else {
3227 mbedtls_exit(query_config_ret);
3228 }
3229 }
3230 #endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
3231
