cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Adapt programs to the new NET API

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-06-30 15:40:39 +02:00
parent 91895853ac
commit 5db64328ab
14 changed files with 141 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
programs/pkey/dh_client.c
View File

@ -71,7 +71,7 @@ int main( void )
int ret; int ret;
size_t n, buflen; size_t n, buflen;
int server_fd = -1; mbedtls_net_context server_fd;
unsigned char *p, *end; unsigned char *p, *end;
unsigned char buf[2048]; unsigned char buf[2048];
@ -84,7 +84,8 @@ int main( void )
mbedtls_dhm_context dhm; mbedtls_dhm_context dhm;
mbedtls_aes_context aes; mbedtls_aes_context aes;
memset( &rsa, 0, sizeof( rsa ) ); mbedtls_net_init( &server_fd );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm ); mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes ); mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ctr_drbg_init( &ctr_drbg );
@ -280,8 +281,7 @@ int main( void )
exit: exit:
if( server_fd != -1 ) mbedtls_net_close( &server_fd );
mbedtls_net_close( server_fd );
mbedtls_aes_free( &aes ); mbedtls_aes_free( &aes );
mbedtls_rsa_free( &rsa ); mbedtls_rsa_free( &rsa );

13
programs/pkey/dh_server.c
View File

@ -71,8 +71,7 @@ int main( void )
int ret; int ret;
size_t n, buflen; size_t n, buflen;
int listen_fd = -1; mbedtls_net_context listen_fd, client_fd;
int client_fd = -1;
unsigned char buf[2048]; unsigned char buf[2048];
unsigned char hash[20]; unsigned char hash[20];
@ -85,7 +84,9 @@ int main( void )
mbedtls_dhm_context dhm; mbedtls_dhm_context dhm;
mbedtls_aes_context aes; mbedtls_aes_context aes;
memset( &rsa, 0, sizeof( rsa ) ); mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm ); mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes ); mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ctr_drbg_init( &ctr_drbg );
@ -173,7 +174,7 @@ int main( void )
goto exit; goto exit;
} }
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 ) NULL, 0, NULL ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
@ -282,8 +283,8 @@ int main( void )
exit: exit:
if( client_fd != -1 ) mbedtls_net_close( &client_fd );
mbedtls_net_close( client_fd ); mbedtls_net_close( &listen_fd );
mbedtls_aes_free( &aes ); mbedtls_aes_free( &aes );
mbedtls_rsa_free( &rsa ); mbedtls_rsa_free( &rsa );

7
programs/ssl/dtls_client.c
View File

@ -83,7 +83,8 @@ static void my_debug( void *ctx, int level,
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret, len, server_fd = -1; int ret, len;
mbedtls_net_context server_fd;
uint32_t flags; uint32_t flags;
unsigned char buf[1024]; unsigned char buf[1024];
const char *pers = "dtls_client"; const char *pers = "dtls_client";
@ -106,6 +107,7 @@ int main( int argc, char *argv[] )
/* /*
* 0. Initialize the RNG and the session data * 0. Initialize the RNG and the session data
*/ */
mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &cacert );
@ -324,8 +326,7 @@ exit:
} }
#endif #endif
if( server_fd != -1 ) mbedtls_net_close( &server_fd );
mbedtls_net_close( server_fd );
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &cacert );
mbedtls_ssl_free( &ssl ); mbedtls_ssl_free( &ssl );

16
programs/ssl/dtls_server.c
View File

@ -92,8 +92,7 @@ static void my_debug( void *ctx, int level,
int main( void ) int main( void )
{ {
int ret, len; int ret, len;
int listen_fd; mbedtls_net_context listen_fd, client_fd;
int client_fd = -1;
unsigned char buf[1024]; unsigned char buf[1024];
const char *pers = "dtls_server"; const char *pers = "dtls_server";
unsigned char client_ip[16] = { 0 }; unsigned char client_ip[16] = { 0 };
@ -111,6 +110,8 @@ int main( void )
mbedtls_ssl_cache_context cache; mbedtls_ssl_cache_context cache;
#endif #endif
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_ssl_cookie_init( &cookie_ctx ); mbedtls_ssl_cookie_init( &cookie_ctx );
@ -255,20 +256,17 @@ reset:
} }
#endif #endif
if( client_fd != -1 ) mbedtls_net_close( &client_fd );
mbedtls_net_close( client_fd );
mbedtls_ssl_session_reset( &ssl ); mbedtls_ssl_session_reset( &ssl );
/* /*
* 3. Wait until a client connects * 3. Wait until a client connects
*/ */
client_fd = -1;
printf( " . Waiting for a remote connection ..." ); printf( " . Waiting for a remote connection ..." );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 ) client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
{ {
printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
@ -403,8 +401,8 @@ exit:
} }
#endif #endif
if( client_fd != -1 ) mbedtls_net_close( &client_fd );
mbedtls_net_close( client_fd ); mbedtls_net_close( &listen_fd );
mbedtls_x509_crt_free( &srvcert ); mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey ); mbedtls_pk_free( &pkey );

14
programs/ssl/mini_client.c
View File

@ -32,6 +32,10 @@
* NET module, in order to avoid the overhead of getaddrinfo() which tends to * NET module, in order to avoid the overhead of getaddrinfo() which tends to
* dominate memory usage in small configurations. For the sake of simplicity, * dominate memory usage in small configurations. For the sake of simplicity,
* only a Unix version is implemented. * only a Unix version is implemented.
*
* Warning: we are breaking some of the abtractions from the NET layer here.
* This is not a good example for general use. This programs has the specific
* goal of minimizing use of the libc functions on full-blown OSes.
*/ */
#if defined(unix) || defined(__unix__) || defined(__unix) #if defined(unix) || defined(__unix__) || defined(__unix)
#define UNIX #define UNIX
@ -160,7 +164,7 @@ enum exit_codes
int main( void ) int main( void )
{ {
int ret = exit_ok; int ret = exit_ok;
int server_fd = -1; mbedtls_net_context server_fd;
struct sockaddr_in addr; struct sockaddr_in addr;
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt ca; mbedtls_x509_crt ca;
@ -175,6 +179,7 @@ int main( void )
/* /*
* 0. Initialize and setup stuff * 0. Initialize and setup stuff
*/ */
mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -241,13 +246,13 @@ int main( void )
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE; addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
ret = 0; ret = 0;
if( ( server_fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{ {
ret = socket_failed; ret = socket_failed;
goto exit; goto exit;
} }
if( connect( server_fd, if( connect( server_fd.fd,
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 ) (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
{ {
ret = connect_failed; ret = connect_failed;
@ -275,8 +280,7 @@ int main( void )
mbedtls_ssl_close_notify( &ssl ); mbedtls_ssl_close_notify( &ssl );
exit: exit:
if( server_fd != -1 ) mbedtls_net_close( &server_fd );
mbedtls_net_close( server_fd );
mbedtls_ssl_free( &ssl ); mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf ); mbedtls_ssl_config_free( &conf );

7
programs/ssl/ssl_client1.c
View File

@ -78,7 +78,8 @@ static void my_debug( void *ctx, int level,
int main( void ) int main( void )
{ {
int ret, len, server_fd = -1; int ret, len;
mbedtls_net_context server_fd;
uint32_t flags; uint32_t flags;
unsigned char buf[1024]; unsigned char buf[1024];
const char *pers = "ssl_client1"; const char *pers = "ssl_client1";
@ -96,6 +97,7 @@ int main( void )
/* /*
* 0. Initialize the RNG and the session data * 0. Initialize the RNG and the session data
*/ */
mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &cacert );
@ -288,8 +290,7 @@ exit:
} }
#endif #endif
if( server_fd != -1 ) mbedtls_net_close( &server_fd );
mbedtls_net_close( server_fd );
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &cacert );
mbedtls_ssl_free( &ssl ); mbedtls_ssl_free( &ssl );

18
programs/ssl/ssl_client2.c
View File

@ -386,7 +386,8 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret = 0, len, tail_len, server_fd, i, written, frags, retry_left; int ret = 0, len, tail_len, i, written, frags, retry_left;
mbedtls_net_context server_fd;
unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1]; unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1];
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char psk[MBEDTLS_PSK_MAX_LEN]; unsigned char psk[MBEDTLS_PSK_MAX_LEN];
@ -417,7 +418,7 @@ int main( int argc, char *argv[] )
/* /*
* Make sure memory references are valid. * Make sure memory references are valid.
*/ */
server_fd = 0; mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
@ -1038,9 +1039,9 @@ int main( int argc, char *argv[] )
} }
if( opt.nbio > 0 ) if( opt.nbio > 0 )
ret = mbedtls_net_set_nonblock( server_fd ); ret = mbedtls_net_set_nonblock( &server_fd );
else else
ret = mbedtls_net_set_block( server_fd ); ret = mbedtls_net_set_block( &server_fd );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
@ -1502,7 +1503,7 @@ reconnect:
{ {
--opt.reconnect; --opt.reconnect;
mbedtls_net_close( server_fd ); mbedtls_net_close( &server_fd );
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
if( opt.reco_delay > 0 ) if( opt.reco_delay > 0 )
@ -1533,9 +1534,9 @@ reconnect:
} }
if( opt.nbio > 0 ) if( opt.nbio > 0 )
ret = mbedtls_net_set_nonblock( server_fd ); ret = mbedtls_net_set_nonblock( &server_fd );
else else
ret = mbedtls_net_set_block( server_fd ); ret = mbedtls_net_set_block( &server_fd );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
@ -1571,8 +1572,7 @@ exit:
} }
#endif #endif
if( server_fd ) mbedtls_net_close( &server_fd );
mbedtls_net_close( server_fd );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &clicert );

20
programs/ssl/ssl_fork_server.c
View File

@ -96,8 +96,7 @@ static void my_debug( void *ctx, int level,
int main( void ) int main( void )
{ {
int ret, len, cnt = 0, pid; int ret, len, cnt = 0, pid;
int listen_fd; mbedtls_net_context listen_fd, client_fd;
int client_fd = -1;
unsigned char buf[1024]; unsigned char buf[1024];
const char *pers = "ssl_fork_server"; const char *pers = "ssl_fork_server";
@ -108,6 +107,8 @@ int main( void )
mbedtls_x509_crt srvcert; mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey; mbedtls_pk_context pkey;
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( &entropy );
@ -216,13 +217,13 @@ int main( void )
/* /*
* 3. Wait until a client connects * 3. Wait until a client connects
*/ */
client_fd = -1; mbedtls_net_init( &client_fd );
memset( &ssl, 0, sizeof( ssl ) ); mbedtls_ssl_init( &ssl );
mbedtls_printf( " . Waiting for a remote connection ..." ); mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 ) NULL, 0, NULL ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
@ -258,11 +259,11 @@ int main( void )
goto exit; goto exit;
} }
close( client_fd ); mbedtls_net_close( &client_fd );
continue; continue;
} }
close( listen_fd ); mbedtls_net_close( &listen_fd );
/* /*
* 4. Setup stuff * 4. Setup stuff
@ -384,9 +385,8 @@ int main( void )
} }
exit: exit:
mbedtls_net_close( &client_fd );
if( client_fd != -1 ) mbedtls_net_close( &listen_fd );
mbedtls_net_close( client_fd );
mbedtls_x509_crt_free( &srvcert ); mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey ); mbedtls_pk_free( &pkey );

22
programs/ssl/ssl_mail_client.c
View File

@ -66,8 +66,6 @@ int main( void )
#include <unistd.h> #include <unistd.h>
#else #else
#include <io.h> #include <io.h>
#define read _read
#define write _write
#endif #endif
#if defined(_WIN32) || defined(_WIN32_WCE) #if defined(_WIN32) || defined(_WIN32_WCE)
@ -294,7 +292,7 @@ static int write_ssl_and_get_response( mbedtls_ssl_context *ssl, unsigned char *
while( 1 ); while( 1 );
} }
static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len ) static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *buf, size_t len )
{ {
int ret; int ret;
unsigned char data[128]; unsigned char data[128];
@ -302,7 +300,7 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len )
size_t i, idx = 0; size_t i, idx = 0;
mbedtls_printf("\n%s", buf); mbedtls_printf("\n%s", buf);
if( len && ( ret = write( sock_fd, buf, len ) ) <= 0 ) if( len && ( ret = mbedtls_net_send( sock_fd, buf, len ) ) <= 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
return -1; return -1;
@ -312,7 +310,7 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len )
{ {
len = sizeof( data ) - 1; len = sizeof( data ) - 1;
memset( data, 0, sizeof( data ) ); memset( data, 0, sizeof( data ) );
ret = read( sock_fd, data, len ); ret = mbedtls_net_recv( sock_fd, data, len );
if( ret <= 0 ) if( ret <= 0 )
{ {
@ -346,7 +344,8 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len )
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret = 0, len, server_fd; int ret = 0, len;
mbedtls_net_context server_fd;
unsigned char buf[1024]; unsigned char buf[1024];
#if defined(MBEDTLS_BASE64_C) #if defined(MBEDTLS_BASE64_C)
unsigned char base[1024]; unsigned char base[1024];
@ -369,7 +368,7 @@ int main( int argc, char *argv[] )
/* /*
* Make sure memory references are valid in case we exit early. * Make sure memory references are valid in case we exit early.
*/ */
server_fd = 0; mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
memset( &buf, 0, sizeof( buf ) ); memset( &buf, 0, sizeof( buf ) );
@ -658,7 +657,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( " > Get header from server:" ); mbedtls_printf( " > Get header from server:" );
fflush( stdout ); fflush( stdout );
ret = write_and_get_response( server_fd, buf, 0 ); ret = write_and_get_response( &server_fd, buf, 0 );
if( ret < 200 || ret > 299 ) if( ret < 200 || ret > 299 )
{ {
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret ); mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
@ -672,7 +671,7 @@ int main( int argc, char *argv[] )
gethostname( hostname, 32 ); gethostname( hostname, 32 );
len = sprintf( (char *) buf, "EHLO %s\r\n", hostname ); len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
ret = write_and_get_response( server_fd, buf, len ); ret = write_and_get_response( &server_fd, buf, len );
if( ret < 200 || ret > 299 ) if( ret < 200 || ret > 299 )
{ {
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret ); mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
@ -686,7 +685,7 @@ int main( int argc, char *argv[] )
gethostname( hostname, 32 ); gethostname( hostname, 32 );
len = sprintf( (char *) buf, "STARTTLS\r\n" ); len = sprintf( (char *) buf, "STARTTLS\r\n" );
ret = write_and_get_response( server_fd, buf, len ); ret = write_and_get_response( &server_fd, buf, len );
if( ret < 200 || ret > 299 ) if( ret < 200 || ret > 299 )
{ {
mbedtls_printf( " failed\n ! server responded with %d\n\n", ret ); mbedtls_printf( " failed\n ! server responded with %d\n\n", ret );
@ -820,8 +819,7 @@ int main( int argc, char *argv[] )
exit: exit:
if( server_fd ) mbedtls_net_close( &server_fd );
mbedtls_net_close( server_fd );
mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &clicert );
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &cacert );
mbedtls_pk_free( &pkey ); mbedtls_pk_free( &pkey );

30
programs/ssl/ssl_pthread_server.c
View File

@ -106,7 +106,7 @@ static void my_mutexed_debug( void *ctx, int level,
} }
typedef struct { typedef struct {
int client_fd; mbedtls_net_context client_fd;
int thread_complete; int thread_complete;
const mbedtls_ssl_config *config; const mbedtls_ssl_config *config;
} thread_info_t; } thread_info_t;
@ -124,7 +124,7 @@ static void *handle_ssl_connection( void *data )
{ {
int ret, len; int ret, len;
thread_info_t *thread_info = (thread_info_t *) data; thread_info_t *thread_info = (thread_info_t *) data;
int client_fd = thread_info->client_fd; mbedtls_net_context *client_fd = &thread_info->client_fd;
long int thread_id = (long int) pthread_self(); long int thread_id = (long int) pthread_self();
unsigned char buf[1024]; unsigned char buf[1024];
mbedtls_ssl_context ssl; mbedtls_ssl_context ssl;
@ -132,7 +132,7 @@ static void *handle_ssl_connection( void *data )
/* Make sure memory references are valid */ /* Make sure memory references are valid */
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_printf( " [ #%ld ] Client FD %d\n", thread_id, client_fd ); mbedtls_printf( " [ #%ld ] Setting up SSL/TLS data\n", thread_id );
/* /*
* 4. Get the SSL context ready * 4. Get the SSL context ready
@ -144,7 +144,7 @@ static void *handle_ssl_connection( void *data )
goto thread_exit; goto thread_exit;
} }
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); mbedtls_ssl_set_bio( &ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
/* /*
* 5. Handshake * 5. Handshake
@ -273,7 +273,7 @@ thread_exit:
return( NULL ); return( NULL );
} }
static int thread_create( int client_fd ) static int thread_create( mbedtls_net_context *client_fd )
{ {
int ret, i; int ret, i;
@ -302,9 +302,10 @@ static int thread_create( int client_fd )
*/ */
memcpy( &threads[i].data, &base_info, sizeof(base_info) ); memcpy( &threads[i].data, &base_info, sizeof(base_info) );
threads[i].active = 1; threads[i].active = 1;
threads[i].data.client_fd = client_fd; memcpy( &threads[i].data.client_fd, client_fd, sizeof( mbedtls_net_context ) );
if( ( ret = pthread_create( &threads[i].thread, NULL, handle_ssl_connection, &threads[i].data ) ) != 0 ) if( ( ret = pthread_create( &threads[i].thread, NULL, handle_ssl_connection,
&threads[i].data ) ) != 0 )
{ {
return( ret ); return( ret );
} }
@ -315,8 +316,7 @@ static int thread_create( int client_fd )
int main( void ) int main( void )
{ {
int ret; int ret;
int listen_fd; mbedtls_net_context listen_fd, client_fd;
int client_fd = -1;
const char pers[] = "ssl_pthread_server"; const char pers[] = "ssl_pthread_server";
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;
@ -346,6 +346,8 @@ int main( void )
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ctr_drbg_init( &ctr_drbg );
memset( threads, 0, sizeof(threads) ); memset( threads, 0, sizeof(threads) );
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_mutex_init( &debug_mutex ); mbedtls_mutex_init( &debug_mutex );
@ -474,11 +476,9 @@ reset:
/* /*
* 3. Wait until a client connects * 3. Wait until a client connects
*/ */
client_fd = -1;
mbedtls_printf( " [ main ] Waiting for a remote connection\n" ); mbedtls_printf( " [ main ] Waiting for a remote connection\n" );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 ) NULL, 0, NULL ) ) != 0 )
{ {
mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret ); mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n", ret );
@ -488,10 +488,10 @@ reset:
mbedtls_printf( " [ main ] ok\n" ); mbedtls_printf( " [ main ] ok\n" );
mbedtls_printf( " [ main ] Creating a new thread\n" ); mbedtls_printf( " [ main ] Creating a new thread\n" );
if( ( ret = thread_create( client_fd ) ) != 0 ) if( ( ret = thread_create( &client_fd ) ) != 0 )
{ {
mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret ); mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret );
mbedtls_net_close( client_fd ); mbedtls_net_close( &client_fd );
goto reset; goto reset;
} }
@ -508,6 +508,8 @@ exit:
mbedtls_entropy_free( &entropy ); mbedtls_entropy_free( &entropy );
mbedtls_ssl_config_free( &conf ); mbedtls_ssl_config_free( &conf );
mbedtls_net_free( &listen_fd );
mbedtls_mutex_free( &debug_mutex ); mbedtls_mutex_free( &debug_mutex );
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)

16
programs/ssl/ssl_server.c
View File

@ -91,8 +91,7 @@ static void my_debug( void *ctx, int level,
int main( void ) int main( void )
{ {
int ret, len; int ret, len;
int listen_fd; mbedtls_net_context listen_fd, client_fd;
int client_fd = -1;
unsigned char buf[1024]; unsigned char buf[1024];
const char *pers = "ssl_server"; const char *pers = "ssl_server";
@ -106,6 +105,8 @@ int main( void )
mbedtls_ssl_cache_context cache; mbedtls_ssl_cache_context cache;
#endif #endif
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
@ -236,20 +237,17 @@ reset:
} }
#endif #endif
if( client_fd != -1 ) mbedtls_net_close( &client_fd );
mbedtls_net_close( client_fd );
mbedtls_ssl_session_reset( &ssl ); mbedtls_ssl_session_reset( &ssl );
/* /*
* 3. Wait until a client connects * 3. Wait until a client connects
*/ */
client_fd = -1;
mbedtls_printf( " . Waiting for a remote connection ..." ); mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 ) NULL, 0, NULL ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
@ -375,8 +373,8 @@ exit:
} }
#endif #endif
if( client_fd != -1 ) mbedtls_net_close( &client_fd );
mbedtls_net_close( client_fd ); mbedtls_net_close( &listen_fd );
mbedtls_x509_crt_free( &srvcert ); mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey ); mbedtls_pk_free( &pkey );

24
programs/ssl/ssl_server2.c
View File

@ -746,7 +746,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
static int listen_fd, client_fd = -1; static mbedtls_net_context listen_fd, client_fd;
/* Interruption handler to ensure clean exit (for valgrind testing) */ /* Interruption handler to ensure clean exit (for valgrind testing) */
#if !defined(_WIN32) #if !defined(_WIN32)
@ -755,8 +755,8 @@ void term_handler( int sig )
{ {
((void) sig); ((void) sig);
received_sigterm = 1; received_sigterm = 1;
mbedtls_net_close( listen_fd ); /* causes mbedtls_net_accept() to abort */ mbedtls_net_close( &listen_fd ); /* causes mbedtls_net_accept() to abort */
mbedtls_net_close( client_fd ); /* causes net_read() to abort */ mbedtls_net_close( &client_fd ); /* causes net_read() to abort */
} }
#endif #endif
@ -826,7 +826,8 @@ int main( int argc, char *argv[] )
/* /*
* Make sure memory references are valid in case we exit early. * Make sure memory references are valid in case we exit early.
*/ */
listen_fd = 0; mbedtls_net_init( &client_fd );
mbedtls_net_init( &listen_fd );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ctr_drbg_init( &ctr_drbg );
@ -1842,20 +1843,17 @@ reset:
} }
#endif #endif
if( client_fd != -1 ) mbedtls_net_close( &client_fd );
mbedtls_net_close( client_fd );
mbedtls_ssl_session_reset( &ssl ); mbedtls_ssl_session_reset( &ssl );
/* /*
* 3. Wait until a client connects * 3. Wait until a client connects
*/ */
client_fd = -1;
mbedtls_printf( " . Waiting for a remote connection ..." ); mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 ) client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
{ {
#if !defined(_WIN32) #if !defined(_WIN32)
@ -1872,9 +1870,9 @@ reset:
} }
if( opt.nbio > 0 ) if( opt.nbio > 0 )
ret = mbedtls_net_set_nonblock( client_fd ); ret = mbedtls_net_set_nonblock( &client_fd );
else else
ret = mbedtls_net_set_block( client_fd ); ret = mbedtls_net_set_block( &client_fd );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
@ -2254,8 +2252,8 @@ exit:
mbedtls_printf( " . Cleaning up..." ); mbedtls_printf( " . Cleaning up..." );
fflush( stdout ); fflush( stdout );
if( client_fd != -1 ) mbedtls_net_close( &client_fd );
mbedtls_net_close( client_fd ); mbedtls_net_close( &listen_fd );
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
mbedtls_dhm_free( &dhm ); mbedtls_dhm_free( &dhm );

70
programs/test/udp_proxy.c
View File

@ -20,6 +20,12 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
/*
* Warning: this is an internal utility program we use for tests.
* It does break some abstractions from the NET layer, and is thus NOT an
* example of good general usage.
*/
#if !defined(MBEDTLS_CONFIG_FILE) #if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h" #include "mbedtls/config.h"
#else #else
@ -284,7 +290,7 @@ static unsigned long ellapsed_time( void )
typedef struct typedef struct
{ {
int dst; mbedtls_net_context *dst;
const char *way; const char *way;
const char *type; const char *type;
unsigned len; unsigned len;
@ -306,7 +312,7 @@ void print_packet( const packet *p, const char *why )
int send_packet( const packet *p, const char *why ) int send_packet( const packet *p, const char *why )
{ {
int ret; int ret;
int dst = p->dst; mbedtls_net_context *dst = p->dst;
/* insert corrupted ApplicationData record? */ /* insert corrupted ApplicationData record? */
if( opt.bad_ad && if( opt.bad_ad &&
@ -317,7 +323,7 @@ int send_packet( const packet *p, const char *why )
++buf[p->len - 1]; ++buf[p->len - 1];
print_packet( p, "corrupted" ); print_packet( p, "corrupted" );
if( ( ret = mbedtls_net_send( &dst, buf, p->len ) ) <= 0 ) if( ( ret = mbedtls_net_send( dst, buf, p->len ) ) <= 0 )
{ {
mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
return( ret ); return( ret );
@ -325,7 +331,7 @@ int send_packet( const packet *p, const char *why )
} }
print_packet( p, why ); print_packet( p, why );
if( ( ret = mbedtls_net_send( &dst, p->buf, p->len ) ) <= 0 ) if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 )
{ {
mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
return( ret ); return( ret );
@ -338,7 +344,7 @@ int send_packet( const packet *p, const char *why )
{ {
print_packet( p, "duplicated" ); print_packet( p, "duplicated" );
if( ( ret = mbedtls_net_send( &dst, p->buf, p->len ) ) <= 0 ) if( ( ret = mbedtls_net_send( dst, p->buf, p->len ) ) <= 0 )
{ {
mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret ); mbedtls_printf( " ! mbedtls_net_send returned %d\n", ret );
return( ret ); return( ret );
@ -392,14 +398,16 @@ void update_dropped( const packet *p )
} }
} }
int handle_message( const char *way, int dst, int src ) int handle_message( const char *way,
mbedtls_net_context *dst,
mbedtls_net_context *src )
{ {
int ret; int ret;
packet cur; packet cur;
size_t id; size_t id;
/* receive packet */ /* receive packet */
if( ( ret = mbedtls_net_recv( &src, cur.buf, sizeof( cur.buf ) ) ) <= 0 ) if( ( ret = mbedtls_net_recv( src, cur.buf, sizeof( cur.buf ) ) ) <= 0 )
{ {
mbedtls_printf( " ! mbedtls_net_recv returned %d\n", ret ); mbedtls_printf( " ! mbedtls_net_recv returned %d\n", ret );
return( ret ); return( ret );
@ -432,7 +440,7 @@ int handle_message( const char *way, int dst, int src )
strcmp( cur.type, "ApplicationData" ) != 0 && strcmp( cur.type, "ApplicationData" ) != 0 &&
! ( opt.protect_hvr && ! ( opt.protect_hvr &&
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) && strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
prev.dst == 0 && prev.dst == NULL &&
cur.len != (size_t) opt.protect_len && cur.len != (size_t) opt.protect_len &&
dropped[id] < DROP_MAX && dropped[id] < DROP_MAX &&
rand() % opt.delay == 0 ) ) rand() % opt.delay == 0 ) )
@ -446,7 +454,7 @@ int handle_message( const char *way, int dst, int src )
return( ret ); return( ret );
/* send previously delayed message if any */ /* send previously delayed message if any */
if( prev.dst != 0 ) if( prev.dst != NULL )
{ {
ret = send_packet( &prev, "delayed" ); ret = send_packet( &prev, "delayed" );
memset( &prev, 0, sizeof( packet ) ); memset( &prev, 0, sizeof( packet ) );
@ -462,13 +470,15 @@ int main( int argc, char *argv[] )
{ {
int ret; int ret;
int listen_fd = -1; mbedtls_net_context listen_fd, client_fd, server_fd;
int client_fd = -1;
int server_fd = -1;
int nb_fds; int nb_fds;
fd_set read_fds; fd_set read_fds;
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_net_init( &server_fd );
get_options( argc, argv ); get_options( argc, argv );
/* /*
@ -526,7 +536,7 @@ accept:
mbedtls_printf( " . Waiting for a remote connection ..." ); mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_net_accept( listen_fd, &client_fd, if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 ) NULL, 0, NULL ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
@ -555,19 +565,19 @@ accept:
clear_pending(); clear_pending();
memset( dropped, 0, sizeof( dropped ) ); memset( dropped, 0, sizeof( dropped ) );
nb_fds = client_fd; nb_fds = client_fd.fd;
if( nb_fds < server_fd ) if( nb_fds < server_fd.fd )
nb_fds = server_fd; nb_fds = server_fd.fd;
if( nb_fds < listen_fd ) if( nb_fds < listen_fd.fd )
nb_fds = listen_fd; nb_fds = listen_fd.fd;
++nb_fds; ++nb_fds;
while( 1 ) while( 1 )
{ {
FD_ZERO( &read_fds ); FD_ZERO( &read_fds );
FD_SET( server_fd, &read_fds ); FD_SET( server_fd.fd, &read_fds );
FD_SET( client_fd, &read_fds ); FD_SET( client_fd.fd, &read_fds );
FD_SET( listen_fd, &read_fds ); FD_SET( listen_fd.fd, &read_fds );
if( ( ret = select( nb_fds, &read_fds, NULL, NULL, NULL ) ) <= 0 ) if( ( ret = select( nb_fds, &read_fds, NULL, NULL, NULL ) ) <= 0 )
{ {
@ -575,20 +585,20 @@ accept:
goto exit; goto exit;
} }
if( FD_ISSET( listen_fd, &read_fds ) ) if( FD_ISSET( listen_fd.fd, &read_fds ) )
goto accept; goto accept;
if( FD_ISSET( client_fd, &read_fds ) ) if( FD_ISSET( client_fd.fd, &read_fds ) )
{ {
if( ( ret = handle_message( "S <- C", if( ( ret = handle_message( "S <- C",
server_fd, client_fd ) ) != 0 ) &server_fd, &client_fd ) ) != 0 )
goto accept; goto accept;
} }
if( FD_ISSET( server_fd, &read_fds ) ) if( FD_ISSET( server_fd.fd, &read_fds ) )
{ {
if( ( ret = handle_message( "S -> C", if( ( ret = handle_message( "S -> C",
client_fd, server_fd ) ) != 0 ) &client_fd, &server_fd ) ) != 0 )
goto accept; goto accept;
} }
} }
@ -605,11 +615,9 @@ exit:
} }
#endif #endif
if( client_fd != -1 ) mbedtls_net_close( &client_fd );
mbedtls_net_close( client_fd ); mbedtls_net_close( &server_fd );
mbedtls_net_close( &listen_fd );
if( listen_fd != -1 )
mbedtls_net_close( listen_fd );
#if defined(_WIN32) #if defined(_WIN32)
mbedtls_printf( " Press Enter to exit this program.\n" ); mbedtls_printf( " Press Enter to exit this program.\n" );

8
programs/x509/cert_app.c
View File

@ -142,7 +142,8 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret = 0, server_fd; int ret = 0;
mbedtls_net_context server_fd;
unsigned char buf[1024]; unsigned char buf[1024];
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
@ -161,7 +162,7 @@ int main( int argc, char *argv[] )
/* /*
* Set to sane values * Set to sane values
*/ */
server_fd = 0; mbedtls_net_init( &server_fd );
mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
@ -474,8 +475,7 @@ ssl_exit:
exit: exit:
if( server_fd ) mbedtls_net_close( &server_fd );
mbedtls_net_close( server_fd );
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &cacert );
mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &clicert );
#if defined(MBEDTLS_X509_CRL_PARSE_C) #if defined(MBEDTLS_X509_CRL_PARSE_C)