Merge remote-tracking branch 'origin/pr/2681' into development

* origin/pr/2681:
  unconditional mbedtls_ssl_conf_rng
  Adding usage and removing dummy random
  comment alignment
  Commit to C90 style
  Adds missing ret definition
  More clarity for ifdef orders
  Only warns if MBEDTLS_HAVE_TIME
  Option used added in string
  Code review
  Style fixes
  SSL reproducible test mode
This commit is contained in:
Jaeden Amero 2019-06-21 13:20:02 +01:00
commit 8d936e87fb
2 changed files with 126 additions and 12 deletions

View File

@ -131,6 +131,7 @@ int main( void )
#define DFL_ETM -1 #define DFL_ETM -1
#define DFL_CA_CALLBACK 0 #define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0 #define DFL_EAP_TLS 0
#define DFL_REPRODUCIBLE 0
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n" #define GET_REQUEST_END "\r\n\r\n"
@ -313,6 +314,9 @@ int main( void )
#define USAGE_ETM "" #define USAGE_ETM ""
#endif #endif
#define USAGE_REPRODUCIBLE \
" reproducible=0/1 default: 0 (disabled)\n"
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
#define USAGE_RENEGO \ #define USAGE_RENEGO \
" renegotiation=%%d default: 0 (disabled)\n" \ " renegotiation=%%d default: 0 (disabled)\n" \
@ -384,6 +388,7 @@ int main( void )
USAGE_FALLBACK \ USAGE_FALLBACK \
USAGE_EMS \ USAGE_EMS \
USAGE_ETM \ USAGE_ETM \
USAGE_REPRODUCIBLE \
USAGE_CURVES \ USAGE_CURVES \
USAGE_RECSPLIT \ USAGE_RECSPLIT \
USAGE_DHMLEN \ USAGE_DHMLEN \
@ -484,6 +489,7 @@ struct options
const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val; /* the CID to use for incoming messages */
const char *cid_val_renego; /* the CID to use for incoming messages const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */ * after renegotiation */
int reproducible; /* make communication reproducible */
} opt; } opt;
int query_config( const char *config ); int query_config( const char *config );
@ -540,6 +546,28 @@ static void my_debug( void *ctx, int level,
fflush( (FILE *) ctx ); fflush( (FILE *) ctx );
} }
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
{
(void) time;
return 0x5af2a056;
}
int dummy_entropy( void *data, unsigned char *output, size_t len )
{
size_t i;
int ret;
(void) data;
ret = mbedtls_entropy_func( data, output, len );
for ( i = 0; i < len; i++ )
{
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( ret );
}
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child, int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates ) mbedtls_x509_crt **candidates )
@ -1027,6 +1055,7 @@ int main( int argc, char *argv[] )
opt.etm = DFL_ETM; opt.etm = DFL_ETM;
opt.dgram_packing = DFL_DGRAM_PACKING; opt.dgram_packing = DFL_DGRAM_PACKING;
opt.eap_tls = DFL_EAP_TLS; opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE;
for( i = 1; i < argc; i++ ) for( i = 1; i < argc; i++ )
{ {
@ -1413,6 +1442,10 @@ int main( int argc, char *argv[] )
if( opt.eap_tls < 0 || opt.eap_tls > 1 ) if( opt.eap_tls < 0 || opt.eap_tls > 1 )
goto usage; goto usage;
} }
else if( strcmp( p, "reproducible" ) == 0 )
{
opt.reproducible = 1;
}
else else
goto usage; goto usage;
} }
@ -1665,6 +1698,20 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( &entropy );
if (opt.reproducible)
{
srand( 1 );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret );
goto exit;
}
}
else
{
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers, &entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
@ -1673,6 +1720,7 @@ int main( int argc, char *argv[] )
-ret ); -ret );
goto exit; goto exit;
} }
}
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
@ -1964,6 +2012,16 @@ int main( int argc, char *argv[] )
} }
#endif #endif
if (opt.reproducible)
{
#if defined(MBEDTLS_HAVE_TIME)
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_platform_set_time( dummy_constant_time );
#else
fprintf( stderr, "Warning: reproducible option used without constant time\n" );
#endif
#endif
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );

View File

@ -173,6 +173,7 @@ int main( void )
#define DFL_ETM -1 #define DFL_ETM -1
#define DFL_CA_CALLBACK 0 #define DFL_CA_CALLBACK 0
#define DFL_EAP_TLS 0 #define DFL_EAP_TLS 0
#define DFL_REPRODUCIBLE 0
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ #define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@ -403,6 +404,9 @@ int main( void )
#define USAGE_ETM "" #define USAGE_ETM ""
#endif #endif
#define USAGE_REPRODUCIBLE \
" reproducible=0/1 default: 0 (disabled)\n"
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
#define USAGE_RENEGO \ #define USAGE_RENEGO \
" renegotiation=%%d default: 0 (disabled)\n" \ " renegotiation=%%d default: 0 (disabled)\n" \
@ -471,6 +475,7 @@ int main( void )
"\n" \ "\n" \
USAGE_TICKETS \ USAGE_TICKETS \
USAGE_EAP_TLS \ USAGE_EAP_TLS \
USAGE_REPRODUCIBLE \
USAGE_CACHE \ USAGE_CACHE \
USAGE_MAX_FRAG_LEN \ USAGE_MAX_FRAG_LEN \
USAGE_TRUNC_HMAC \ USAGE_TRUNC_HMAC \
@ -599,6 +604,7 @@ struct options
const char *cid_val; /* the CID to use for incoming messages */ const char *cid_val; /* the CID to use for incoming messages */
const char *cid_val_renego; /* the CID to use for incoming messages const char *cid_val_renego; /* the CID to use for incoming messages
* after renegotiation */ * after renegotiation */
int reproducible; /* make communication reproducible */
} opt; } opt;
int query_config( const char *config ); int query_config( const char *config );
@ -654,6 +660,26 @@ static void my_debug( void *ctx, int level,
fflush( (FILE *) ctx ); fflush( (FILE *) ctx );
} }
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
{
(void) time;
return 0x5af2a056;
}
int dummy_entropy( void *data, unsigned char *output, size_t len )
{
size_t i;
int ret;
(void) data;
ret = mbedtls_entropy_func( data, output, len );
for (i = 0; i < len; i++ ) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( ret );
}
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child, int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates) mbedtls_x509_crt **candidates)
@ -1730,6 +1756,7 @@ int main( int argc, char *argv[] )
opt.extended_ms = DFL_EXTENDED_MS; opt.extended_ms = DFL_EXTENDED_MS;
opt.etm = DFL_ETM; opt.etm = DFL_ETM;
opt.eap_tls = DFL_EAP_TLS; opt.eap_tls = DFL_EAP_TLS;
opt.reproducible = DFL_REPRODUCIBLE;
for( i = 1; i < argc; i++ ) for( i = 1; i < argc; i++ )
{ {
@ -2148,6 +2175,10 @@ int main( int argc, char *argv[] )
if( opt.eap_tls < 0 || opt.eap_tls > 1 ) if( opt.eap_tls < 0 || opt.eap_tls > 1 )
goto usage; goto usage;
} }
else if( strcmp( p, "reproducible" ) == 0 )
{
opt.reproducible = 1;
}
else else
goto usage; goto usage;
} }
@ -2448,6 +2479,20 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( &entropy );
if (opt.reproducible)
{
srand( 1 );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret );
goto exit;
}
}
else
{
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers, &entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 ) strlen( pers ) ) ) != 0 )
@ -2456,6 +2501,7 @@ int main( int argc, char *argv[] )
-ret ); -ret );
goto exit; goto exit;
} }
}
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
@ -2786,6 +2832,16 @@ int main( int argc, char *argv[] )
} }
#endif #endif
if (opt.reproducible)
{
#if defined(MBEDTLS_HAVE_TIME)
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_platform_set_time( dummy_constant_time );
#else
fprintf( stderr, "Warning: reproducible option used without constant time\n" );
#endif
#endif
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );