From c11eb1fa0721a4667db00e99fc8c7dd11389bfc9 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 5 Jan 2021 22:23:14 +0100
Subject: [PATCH] Prepare to merge identical code from ssl_client2.c and
 ssl_server2.c

Adjust whitespace and comments in code of ssl_client2.c and
ssl_server2.c that was almost identical to make these chunks exactly
identical.

Make the common functions non-static.

This is in preparation for moving the common code to ssl_test_lib.c.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/ssl/ssl_client2.c | 90 +++++++++++++++++++-------------------
 programs/ssl/ssl_server2.c | 90 +++++++++++++++++++-------------------
 2 files changed, 92 insertions(+), 88 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 3dd13acdb..a337fd7ee 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -529,15 +529,15 @@ typedef struct eap_tls_keys
     mbedtls_tls_prf_types tls_prf_type;
 } eap_tls_keys;
 
-static int eap_tls_key_derivation ( void *p_expkey,
-                                    const unsigned char *ms,
-                                    const unsigned char *kb,
-                                    size_t maclen,
-                                    size_t keylen,
-                                    size_t ivlen,
-                                    const unsigned char client_random[32],
-                                    const unsigned char server_random[32],
-                                    mbedtls_tls_prf_types tls_prf_type )
+int eap_tls_key_derivation( void *p_expkey,
+                            const unsigned char *ms,
+                            const unsigned char *kb,
+                            size_t maclen,
+                            size_t keylen,
+                            size_t ivlen,
+                            const unsigned char client_random[32],
+                            const unsigned char server_random[32],
+                            mbedtls_tls_prf_types tls_prf_type )
 {
     eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
 
@@ -556,15 +556,15 @@ static int eap_tls_key_derivation ( void *p_expkey,
     return( 0 );
 }
 
-static int nss_keylog_export( void *p_expkey,
-                              const unsigned char *ms,
-                              const unsigned char *kb,
-                              size_t maclen,
-                              size_t keylen,
-                              size_t ivlen,
-                              const unsigned char client_random[32],
-                              const unsigned char server_random[32],
-                              mbedtls_tls_prf_types tls_prf_type )
+int nss_keylog_export( void *p_expkey,
+                       const unsigned char *ms,
+                       const unsigned char *kb,
+                       size_t maclen,
+                       size_t keylen,
+                       size_t ivlen,
+                       const unsigned char client_random[32],
+                       const unsigned char server_random[32],
+                       mbedtls_tls_prf_types tls_prf_type )
 {
     char nss_keylog_line[ 200 ];
     size_t const client_random_len = 32;
@@ -646,15 +646,15 @@ typedef struct dtls_srtp_keys
     mbedtls_tls_prf_types tls_prf_type;
 } dtls_srtp_keys;
 
-static int dtls_srtp_key_derivation( void *p_expkey,
-                                     const unsigned char *ms,
-                                     const unsigned char *kb,
-                                     size_t maclen,
-                                     size_t keylen,
-                                     size_t ivlen,
-                                     const unsigned char client_random[32],
-                                     const unsigned char server_random[32],
-                                     mbedtls_tls_prf_types tls_prf_type )
+int dtls_srtp_key_derivation( void *p_expkey,
+                              const unsigned char *ms,
+                              const unsigned char *kb,
+                              size_t maclen,
+                              size_t keylen,
+                              size_t ivlen,
+                              const unsigned char client_random[32],
+                              const unsigned char server_random[32],
+                              mbedtls_tls_prf_types tls_prf_type )
 {
     dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
 
@@ -673,11 +673,12 @@ static int dtls_srtp_key_derivation( void *p_expkey,
     return( 0 );
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
+
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
-static void my_debug( void *ctx, int level,
-                      const char *file, int line,
-                      const char *str )
+void my_debug( void *ctx, int level,
+               const char *file, int line,
+               const char *str )
 {
     const char *p, *basename;
 
@@ -688,10 +689,9 @@ static void my_debug( void *ctx, int level,
 
     mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s",
                      basename, line, level, str );
-    fflush(  (FILE *) ctx  );
+    fflush( (FILE *) ctx  );
 }
 
-
 mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
 {
     (void) time;
@@ -705,7 +705,7 @@ int dummy_entropy( void *data, unsigned char *output, size_t len )
     (void) data;
 
     ret = mbedtls_entropy_func( data, output, len );
-    for ( i = 0; i < len; i++ )
+    for( i = 0; i < len; i++ )
     {
         //replace result with pseudo random
         output[i] = (unsigned char) rand();
@@ -773,8 +773,7 @@ exit:
  * Test recv/send functions that make sure each try returns
  * WANT_READ/WANT_WRITE at least once before sucesseding
  */
-
-static int delayed_recv( void *ctx, unsigned char *buf, size_t len )
+int delayed_recv( void *ctx, unsigned char *buf, size_t len )
 {
     static int first_try = 1;
     int ret;
@@ -791,7 +790,7 @@ static int delayed_recv( void *ctx, unsigned char *buf, size_t len )
     return( ret );
 }
 
-static int delayed_send( void *ctx, const unsigned char *buf, size_t len )
+int delayed_send( void *ctx, const unsigned char *buf, size_t len )
 {
     static int first_try = 1;
     int ret;
@@ -815,12 +814,14 @@ typedef struct
 } io_ctx_t;
 
 #if defined(MBEDTLS_SSL_RECORD_CHECKING)
-static int ssl_check_record( mbedtls_ssl_context const *ssl,
-                             unsigned char const *buf, size_t len )
+int ssl_check_record( mbedtls_ssl_context const *ssl,
+                      unsigned char const *buf, size_t len )
 {
     int ret;
     unsigned char *tmp_buf;
 
+    /* Record checking may modify the input buffer,
+     * so make a copy. */
     tmp_buf = mbedtls_calloc( 1, len );
     if( tmp_buf == NULL )
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
@@ -875,7 +876,7 @@ static int ssl_check_record( mbedtls_ssl_context const *ssl,
 }
 #endif /* MBEDTLS_SSL_RECORD_CHECKING */
 
-static int recv_cb( void *ctx, unsigned char *buf, size_t len )
+int recv_cb( void *ctx, unsigned char *buf, size_t len )
 {
     io_ctx_t *io_ctx = (io_ctx_t*) ctx;
     size_t recv_len;
@@ -903,8 +904,8 @@ static int recv_cb( void *ctx, unsigned char *buf, size_t len )
     return( (int) recv_len );
 }
 
-static int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
-                            uint32_t timeout )
+int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
+                     uint32_t timeout )
 {
     io_ctx_t *io_ctx = (io_ctx_t*) ctx;
     int ret;
@@ -929,7 +930,7 @@ static int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
     return( (int) recv_len );
 }
 
-static int send_cb( void *ctx, unsigned char const *buf, size_t len )
+int send_cb( void *ctx, unsigned char const *buf, size_t len )
 {
     io_ctx_t *io_ctx = (io_ctx_t*) ctx;
 
@@ -972,8 +973,10 @@ static int my_verify( void *data, mbedtls_x509_crt *crt,
 
     return( 0 );
 }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-static int ssl_sig_hashes_for_test[] = {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+int ssl_sig_hashes_for_test[] = {
 #if defined(MBEDTLS_SHA512_C)
     MBEDTLS_MD_SHA512,
     MBEDTLS_MD_SHA384,
@@ -1003,7 +1006,6 @@ int idle( mbedtls_net_context *fd,
           int idle_reason )
 #endif
 {
-
     int ret;
     int poll_type = 0;
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 25d5289d3..37eb39f8a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -632,15 +632,15 @@ typedef struct eap_tls_keys
     mbedtls_tls_prf_types tls_prf_type;
 } eap_tls_keys;
 
-static int eap_tls_key_derivation ( void *p_expkey,
-                                    const unsigned char *ms,
-                                    const unsigned char *kb,
-                                    size_t maclen,
-                                    size_t keylen,
-                                    size_t ivlen,
-                                    const unsigned char client_random[32],
-                                    const unsigned char server_random[32],
-                                    mbedtls_tls_prf_types tls_prf_type )
+int eap_tls_key_derivation( void *p_expkey,
+                            const unsigned char *ms,
+                            const unsigned char *kb,
+                            size_t maclen,
+                            size_t keylen,
+                            size_t ivlen,
+                            const unsigned char client_random[32],
+                            const unsigned char server_random[32],
+                            mbedtls_tls_prf_types tls_prf_type )
 {
     eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
 
@@ -659,15 +659,15 @@ static int eap_tls_key_derivation ( void *p_expkey,
     return( 0 );
 }
 
-static int nss_keylog_export( void *p_expkey,
-                              const unsigned char *ms,
-                              const unsigned char *kb,
-                              size_t maclen,
-                              size_t keylen,
-                              size_t ivlen,
-                              const unsigned char client_random[32],
-                              const unsigned char server_random[32],
-                              mbedtls_tls_prf_types tls_prf_type )
+int nss_keylog_export( void *p_expkey,
+                       const unsigned char *ms,
+                       const unsigned char *kb,
+                       size_t maclen,
+                       size_t keylen,
+                       size_t ivlen,
+                       const unsigned char client_random[32],
+                       const unsigned char server_random[32],
+                       mbedtls_tls_prf_types tls_prf_type )
 {
     char nss_keylog_line[ 200 ];
     size_t const client_random_len = 32;
@@ -749,15 +749,15 @@ typedef struct dtls_srtp_keys
     mbedtls_tls_prf_types tls_prf_type;
 } dtls_srtp_keys;
 
-static int dtls_srtp_key_derivation( void *p_expkey,
-                                     const unsigned char *ms,
-                                     const unsigned char *kb,
-                                     size_t maclen,
-                                     size_t keylen,
-                                     size_t ivlen,
-                                     const unsigned char client_random[32],
-                                     const unsigned char server_random[32],
-                                     mbedtls_tls_prf_types tls_prf_type )
+int dtls_srtp_key_derivation( void *p_expkey,
+                              const unsigned char *ms,
+                              const unsigned char *kb,
+                              size_t maclen,
+                              size_t keylen,
+                              size_t ivlen,
+                              const unsigned char client_random[32],
+                              const unsigned char server_random[32],
+                              mbedtls_tls_prf_types tls_prf_type )
 {
     dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
 
@@ -779,9 +779,9 @@ static int dtls_srtp_key_derivation( void *p_expkey,
 
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
-static void my_debug( void *ctx, int level,
-                      const char *file, int line,
-                      const char *str )
+void my_debug( void *ctx, int level,
+               const char *file, int line,
+               const char *str )
 {
     const char *p, *basename;
 
@@ -790,8 +790,9 @@ static void my_debug( void *ctx, int level,
         if( *p == '/' || *p == '\\' )
             basename = p + 1;
 
-    mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str );
-    fflush(  (FILE *) ctx  );
+    mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s",
+                     basename, line, level, str );
+    fflush( (FILE *) ctx  );
 }
 
 mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
@@ -807,7 +808,8 @@ int dummy_entropy( void *data, unsigned char *output, size_t len )
     (void) data;
 
     ret = mbedtls_entropy_func( data, output, len );
-    for (i = 0; i < len; i++ ) {
+    for( i = 0; i < len; i++ )
+    {
         //replace result with pseudo random
         output[i] = (unsigned char) rand();
     }
@@ -816,7 +818,7 @@ int dummy_entropy( void *data, unsigned char *output, size_t len )
 
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
 int ca_callback( void *data, mbedtls_x509_crt const *child,
-                 mbedtls_x509_crt **candidates)
+                 mbedtls_x509_crt **candidates )
 {
     int ret = 0;
     mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
@@ -829,7 +831,7 @@ int ca_callback( void *data, mbedtls_x509_crt const *child,
      * set of trusted certificates (such as a hashtable) and only
      * return those trusted certificates which satisfy basic
      * parental checks, such as the matching of child `Issuer`
-     * and parent `Subject` field. */
+     * and parent `Subject` field or matching key identifiers. */
     ((void) child);
 
     first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
@@ -874,7 +876,7 @@ exit:
  * Test recv/send functions that make sure each try returns
  * WANT_READ/WANT_WRITE at least once before sucesseding
  */
-static int delayed_recv( void *ctx, unsigned char *buf, size_t len )
+int delayed_recv( void *ctx, unsigned char *buf, size_t len )
 {
     static int first_try = 1;
     int ret;
@@ -891,7 +893,7 @@ static int delayed_recv( void *ctx, unsigned char *buf, size_t len )
     return( ret );
 }
 
-static int delayed_send( void *ctx, const unsigned char *buf, size_t len )
+int delayed_send( void *ctx, const unsigned char *buf, size_t len )
 {
     static int first_try = 1;
     int ret;
@@ -915,8 +917,8 @@ typedef struct
 } io_ctx_t;
 
 #if defined(MBEDTLS_SSL_RECORD_CHECKING)
-static int ssl_check_record( mbedtls_ssl_context const *ssl,
-                             unsigned char const *buf, size_t len )
+int ssl_check_record( mbedtls_ssl_context const *ssl,
+                      unsigned char const *buf, size_t len )
 {
     int ret;
     unsigned char *tmp_buf;
@@ -977,7 +979,7 @@ static int ssl_check_record( mbedtls_ssl_context const *ssl,
 }
 #endif /* MBEDTLS_SSL_RECORD_CHECKING */
 
-static int recv_cb( void *ctx, unsigned char *buf, size_t len )
+int recv_cb( void *ctx, unsigned char *buf, size_t len )
 {
     io_ctx_t *io_ctx = (io_ctx_t*) ctx;
     size_t recv_len;
@@ -1005,8 +1007,8 @@ static int recv_cb( void *ctx, unsigned char *buf, size_t len )
     return( (int) recv_len );
 }
 
-static int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
-                            uint32_t timeout )
+int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
+                     uint32_t timeout )
 {
     io_ctx_t *io_ctx = (io_ctx_t*) ctx;
     int ret;
@@ -1031,7 +1033,7 @@ static int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
     return( (int) recv_len );
 }
 
-static int send_cb( void *ctx, unsigned char const *buf, size_t len )
+int send_cb( void *ctx, unsigned char const *buf, size_t len )
 {
     io_ctx_t *io_ctx = (io_ctx_t*) ctx;
 
@@ -1360,7 +1362,7 @@ void term_handler( int sig )
 #endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-static int ssl_sig_hashes_for_test[] = {
+int ssl_sig_hashes_for_test[] = {
 #if defined(MBEDTLS_SHA512_C)
     MBEDTLS_MD_SHA512,
     MBEDTLS_MD_SHA384,