hdkv/yuzu
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

early-access version 1503

Browse Source
This commit is contained in:
pineappleEA
2021-03-06 01:41:47 +01:00
parent a37fdd48d5
commit 3fd627d0ba
558 changed files with 55823 additions and 15727 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
externals/mbedtls/programs/ssl/ssl_client2.c vendored
View File

@@ -1,8 +1,31 @@
/*
* SSL client with certificate authentication
*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: GPL-2.0
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*
* This file is provided under the Apache License 2.0, or the
* GNU General Public License v2.0 or later.
*
* **********
* Apache License 2.0:
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* **********
*
* **********
* GNU General Public License v2.0 or later:
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -18,7 +41,7 @@
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* **********
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -37,6 +60,9 @@
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_snprintf snprintf
#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
#if !defined(MBEDTLS_ENTROPY_C) || \
@@ -47,7 +73,7 @@ int main( void )
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
return( 0 );
mbedtls_exit( 0 );
}
#else
@@ -85,6 +111,7 @@ int main( void )
#define DFL_PSK ""
#define DFL_PSK_IDENTITY "Client_identity"
#define DFL_ECJPAKE_PW NULL
#define DFL_EC_MAX_OPS -1
#define DFL_FORCE_CIPHER 0
#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY -2
@@ -108,9 +135,12 @@ int main( void )
#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
#define DFL_HS_TO_MIN 0
#define DFL_HS_TO_MAX 0
#define DFL_DTLS_MTU -1
#define DFL_DGRAM_PACKING 1
#define DFL_FALLBACK -1
#define DFL_EXTENDED_MS -1
#define DFL_ETM -1
#define DFL_SKIP_CLOSE_NOTIFY 0
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
@@ -120,8 +150,10 @@ int main( void )
#define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
" default: \"\" (pre-loaded)\n" \
" use \"none\" to skip loading any top-level CAs.\n" \
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
" use \"none\" to skip loading any top-level CAs.\n" \
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
" default: \"\" (pre-loaded)\n" \
" key_file=%%s default: \"\" (pre-loaded)\n"
@@ -200,7 +232,11 @@ int main( void )
#define USAGE_DTLS \
" dtls=%%d default: 0 (TLS)\n" \
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
" range of DTLS handshake timeouts in millisecs\n"
" range of DTLS handshake timeouts in millisecs\n" \
" mtu=%%d default: (library default: unlimited)\n" \
" dgram_packing=%%d default: 1 (allowed)\n" \
" allow or forbid packing of multiple\n" \
" records within a single datgram.\n"
#else
#define USAGE_DTLS ""
#endif
@@ -241,7 +277,16 @@ int main( void )
#define USAGE_ECJPAKE ""
#endif
#define USAGE \
#if defined(MBEDTLS_ECP_RESTARTABLE)
#define USAGE_ECRESTART \
" ec_max_ops=%%s default: library default (restart disabled)\n"
#else
#define USAGE_ECRESTART ""
#endif
/* USAGE is arbitrarily split to stay under the portable string literal
* length limit: 4095 bytes in C99. */
#define USAGE1 \
"\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \
@@ -261,16 +306,20 @@ int main( void )
" options: 1 (level-triggered, implies nbio=1),\n" \
" read_timeout=%%d default: 0 ms (no timeout)\n" \
" max_resend=%%d default: 0 (no resend on timeout)\n" \
" skip_close_notify=%%d default: 0 (send close_notify)\n" \
"\n" \
USAGE_DTLS \
"\n" \
"\n"
#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
USAGE_IO \
"\n" \
USAGE_PSK \
USAGE_ECJPAKE \
"\n" \
USAGE_ECRESTART \
"\n"
#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -287,7 +336,8 @@ int main( void )
USAGE_CURVES \
USAGE_RECSPLIT \
USAGE_DHMLEN \
"\n" \
"\n"
#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
@@ -296,11 +346,16 @@ int main( void )
" options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
"\n" \
" force_ciphersuite=<name> default: all enabled\n"\
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
" acceptable ciphersuite names:\n"
#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
/*
* global options
*/
@@ -323,6 +378,7 @@ struct options
const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */
const char *ecjpake_pw; /* the EC J-PAKE password */
int ec_max_ops; /* EC consecutive operations limit */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
int renegotiation; /* enable / disable renegotiation */
int allow_legacy; /* allow legacy renegotiation */
@@ -347,11 +403,16 @@ struct options
int transport; /* TLS or DTLS? */
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
int fallback; /* is this a fallback connection? */
int dgram_packing; /* allow/forbid datagram packing */
int extended_ms; /* negotiate extended master secret? */
int etm; /* negotiate encrypt then mac? */
int skip_close_notify; /* skip sending the close_notify alert */
} opt;
int query_config( const char *config );
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
@@ -563,7 +624,10 @@ int main( int argc, char *argv[] )
if( ret == 0 )
ret = 1;
mbedtls_printf( USAGE );
mbedtls_printf( USAGE1 );
mbedtls_printf( USAGE2 );
mbedtls_printf( USAGE3 );
mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
@@ -596,6 +660,7 @@ int main( int argc, char *argv[] )
opt.psk = DFL_PSK;
opt.psk_identity = DFL_PSK_IDENTITY;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
opt.ec_max_ops = DFL_EC_MAX_OPS;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
@@ -619,9 +684,12 @@ int main( int argc, char *argv[] )
opt.transport = DFL_TRANSPORT;
opt.hs_to_min = DFL_HS_TO_MIN;
opt.hs_to_max = DFL_HS_TO_MAX;
opt.dtls_mtu = DFL_DTLS_MTU;
opt.fallback = DFL_FALLBACK;
opt.extended_ms = DFL_EXTENDED_MS;
opt.etm = DFL_ETM;
opt.dgram_packing = DFL_DGRAM_PACKING;
opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
for( i = 1; i < argc; i++ )
{
@@ -695,6 +763,8 @@ int main( int argc, char *argv[] )
opt.psk_identity = q;
else if( strcmp( p, "ecjpake_pw" ) == 0 )
opt.ecjpake_pw = q;
else if( strcmp( p, "ec_max_ops" ) == 0 )
opt.ec_max_ops = atoi( q );
else if( strcmp( p, "force_ciphersuite" ) == 0 )
{
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
@@ -929,6 +999,21 @@ int main( int argc, char *argv[] )
if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
goto usage;
}
else if( strcmp( p, "mtu" ) == 0 )
{
opt.dtls_mtu = atoi( q );
if( opt.dtls_mtu < 0 )
goto usage;
}
else if( strcmp( p, "dgram_packing" ) == 0 )
{
opt.dgram_packing = atoi( q );
if( opt.dgram_packing != 0 &&
opt.dgram_packing != 1 )
{
goto usage;
}
}
else if( strcmp( p, "recsplit" ) == 0 )
{
opt.recsplit = atoi( q );
@@ -941,6 +1026,16 @@ int main( int argc, char *argv[] )
if( opt.dhmlen < 0 )
goto usage;
}
else if( strcmp( p, "query_config" ) == 0 )
{
mbedtls_exit( query_config( q ) );
}
else if( strcmp( p, "skip_close_notify" ) == 0 )
{
opt.skip_close_notify = atoi( q );
if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 )
goto usage;
}
else
goto usage;
}
@@ -1160,20 +1255,22 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
if( strcmp( opt.ca_path, "none" ) == 0 ||
strcmp( opt.ca_file, "none" ) == 0 )
{
ret = 0;
}
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_path ) )
if( strcmp( opt.ca_path, "none" ) == 0 )
ret = 0;
else
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
else if( strlen( opt.ca_file ) )
if( strcmp( opt.ca_file, "none" ) == 0 )
ret = 0;
else
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
{
#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
{
ret = mbedtls_x509_crt_parse( &cacert,
@@ -1182,12 +1279,23 @@ int main( int argc, char *argv[] )
if( ret != 0 )
break;
}
if( ret == 0 )
#endif /* MBEDTLS_PEM_PARSE_C */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
ret = mbedtls_x509_crt_parse_der( &cacert,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i] );
if( ret != 0 )
break;
}
}
#else
{
ret = 1;
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
#endif /* MBEDTLS_CERTS_C */
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
@@ -1205,12 +1313,12 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Loading the client cert. and key..." );
fflush( stdout );
if( strcmp( opt.crt_file, "none" ) == 0 )
ret = 0;
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.crt_file ) )
if( strcmp( opt.crt_file, "none" ) == 0 )
ret = 0;
else
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
@@ -1220,7 +1328,7 @@ int main( int argc, char *argv[] )
#else
{
ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
if( ret != 0 )
@@ -1230,12 +1338,12 @@ int main( int argc, char *argv[] )
goto exit;
}
if( strcmp( opt.key_file, "none" ) == 0 )
ret = 0;
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
if( strcmp( opt.key_file, "none" ) == 0 )
ret = 0;
else
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(MBEDTLS_CERTS_C)
@@ -1245,7 +1353,7 @@ int main( int argc, char *argv[] )
#else
{
ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
}
#endif
if( ret != 0 )
@@ -1329,6 +1437,9 @@ int main( int argc, char *argv[] )
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
opt.hs_to_max );
if( opt.dgram_packing != DFL_DGRAM_PACKING )
mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -1487,11 +1598,21 @@ int main( int argc, char *argv[] )
mbedtls_net_send, mbedtls_net_recv,
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU )
mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
#endif
#if defined(MBEDTLS_TIMING_C)
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( opt.ec_max_ops != DFL_EC_MAX_OPS )
mbedtls_ecp_set_max_ops( opt.ec_max_ops );
#endif
mbedtls_printf( " ok\n" );
/*
@@ -1503,7 +1624,8 @@ int main( int argc, char *argv[] )
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
-ret );
@@ -1519,6 +1641,11 @@ int main( int argc, char *argv[] )
goto exit;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
continue;
#endif
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
@@ -1611,13 +1738,19 @@ int main( int argc, char *argv[] )
while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
ret );
goto exit;
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
continue;
#endif
/* For event-driven IO, wait for socket to become available */
if( opt.event == 1 /* level triggered IO */ )
{
@@ -1678,7 +1811,8 @@ send_request:
len - written ) ) < 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
-ret );
@@ -1707,6 +1841,11 @@ send_request:
{
ret = mbedtls_ssl_write( &ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
continue;
#endif
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
@@ -1767,6 +1906,11 @@ send_request:
memset( buf, 0, sizeof( buf ) );
ret = mbedtls_ssl_read( &ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
continue;
#endif
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE )
{
@@ -1827,6 +1971,11 @@ send_request:
{
ret = mbedtls_ssl_read( &ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
continue;
#endif
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
break;
@@ -1889,7 +2038,8 @@ send_request:
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
-ret );
@@ -1925,10 +2075,25 @@ close_notify:
mbedtls_printf( " . Closing the connection..." );
fflush( stdout );
/* No error checking, the connection might be closed already */
do ret = mbedtls_ssl_close_notify( &ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
ret = 0;
/*
* Most of the time sending a close_notify before closing is the right
* thing to do. However, when the server already knows how many messages
* are expected and closes the connection by itself, this alert becomes
* redundant. Sometimes with DTLS this redundancy becomes a problem by
* leading to a race condition where the server might close the connection
* before seeing the alert, and since UDP is connection-less when the
* alert arrives it will be seen as a new connection, which will fail as
* the alert is clearly not a valid ClientHello. This may cause spurious
* failures in tests that use DTLS and resumption with ssl_server2 in
* ssl-opt.sh, avoided by enabling skip_close_notify client-side.
*/
if( opt.skip_close_notify == 0 )
{
/* No error checking, the connection might be closed already */
do ret = mbedtls_ssl_close_notify( &ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
ret = 0;
}
mbedtls_printf( " done\n" );
@@ -1987,7 +2152,8 @@ reconnect:
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
-ret );
@@ -2035,7 +2201,7 @@ exit:
if( ret < 0 )
ret = 1;
return( ret );
mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&