├── CMakeLists-1.3.patch ├── CMakeLists-2.patch ├── LICENSE ├── README.md ├── config-1.3.h ├── config-2.h ├── crash-analysis.sh ├── fuzz ├── CMakeLists.txt ├── compile.sh └── fuzz.sh ├── selftls-1.3.c ├── selftls-2.c ├── setup.sh ├── time-1.3.patch └── time-2.patch /CMakeLists-1.3.patch: -------------------------------------------------------------------------------- 1 | --- a/CMakeLists.txt 2 | +++ b/CMakeLists.txt 3 | @@ -73,6 +73,7 @@ endif(ENABLE_ZLIB_SUPPORT) 4 | 5 | add_subdirectory(library) 6 | add_subdirectory(include) 7 | +add_subdirectory(fuzz) 8 | 9 | if(ENABLE_TESTING) 10 | if(CMAKE_COMPILER_IS_GNUCC) 11 | -------------------------------------------------------------------------------- /CMakeLists-2.patch: -------------------------------------------------------------------------------- 1 | --- a/CMakeLists.txt 2 | +++ b/CMakeLists.txt 3 | @@ -70,6 +70,7 @@ endif(ENABLE_ZLIB_SUPPORT) 4 | 5 | add_subdirectory(library) 6 | add_subdirectory(include) 7 | +add_subdirectory(fuzz) 8 | 9 | if(ENABLE_PROGRAMS) 10 | add_subdirectory(programs) 11 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | {description} 294 | Copyright (C) {year} {fullname} 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | {signature of Ty Coon}, 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Fuzzing mbed TLS 2 | 3 | ## About 4 | 5 | This project provides code and tools which allow for fuzzing the [mbed TLS library](https://tls.mbed.org/) using the [american fuzzy lop (afl) fuzzer](http://lcamtuf.coredump.cx/afl/). 6 | An integral part of this project is the code for a self-communicating instance (the client and server run in a single process) of mbed TLS. 7 | 8 | More information about the project is available on the Gotham Digital Science blog: 9 | 10 | [Fuzzing the mbed TLS Library](http://blog.gdssecurity.com/labs/2015/9/21/fuzzing-the-mbed-tls-library.html) 11 | 12 | ## Installation 13 | 14 | Grab the latest version of afl from the [afl homepage](http://lcamtuf.coredump.cx/afl/) and compile it. 15 | 16 | Update the constants of the scripts in the `fuzz` folder so they point to the desired afl compiler. 17 | 18 | Run the following command which automatically downloads different versions of mbed TLS, patches them, compiles the code, and sets everything up for fuzzing. 19 | 20 | ~~~ 21 | ./setup.sh 22 | ~~~ 23 | 24 | ## Fuzzing 25 | 26 | Change to `fuzz` subdirectory inside the mbed TLS directory that you wish to fuzz. 27 | Run the `fuzz.sh` script. 28 | Running the script without arguments prints the usage screen including a description of the tool. 29 | The script requires the network packet number (at least `1`) that should be fuzzed and the fuzzer number (use `1` to launch the master instance; higher numbers launch slaves). 30 | 31 | In the following example, we launch a master instance to fuzz network packet 3 of the self-communicating mbed TLS 2.0.0 binary: 32 | 33 | ~~~ 34 | cd mbedtls-2.0.0/fuzz 35 | ./fuzz.sh 3 1 36 | ~~~ 37 | 38 | ## Crash Analysis 39 | 40 | If you want to analyze crashes using `gdb`, generate a file containing the paths of the crash files (the path must contain the packet number) and update the constants in `./crash-analysis.sh` accordingly. 41 | Finally, run `./crash-analysis.sh` which allows you to debug the crash using `gdb`. 42 | 43 | You can use a command such as the following command to create the file containing the paths of the crash files: 44 | 45 | ~~~ 46 | find . -name 'id*' -type f | grep crashes | sort > crash_files.txt 47 | ~~~ 48 | 49 | ## Copyright 50 | 51 | Fabian Foerg, Gotham Digital Science, 2015 52 | 53 | -------------------------------------------------------------------------------- /config-1.3.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file config.h 3 | * 4 | * \brief Configuration options (set of defines) 5 | * 6 | * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved 7 | * 8 | * This file is part of mbed TLS (https://tls.mbed.org) 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License as published by 12 | * the Free Software Foundation; either version 2 of the License, or 13 | * (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License along 21 | * with this program; if not, write to the Free Software Foundation, Inc., 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 23 | * 24 | * This set of compile-time options may be used to enable 25 | * or disable features selectively, and reduce the global 26 | * memory footprint. 27 | */ 28 | #ifndef POLARSSL_CONFIG_H 29 | #define POLARSSL_CONFIG_H 30 | 31 | #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) 32 | #define _CRT_SECURE_NO_DEPRECATE 1 33 | #endif 34 | 35 | /** 36 | * \name SECTION: System support 37 | * 38 | * This section sets system specific settings. 39 | * \{ 40 | */ 41 | 42 | /** 43 | * \def POLARSSL_HAVE_INT8 44 | * 45 | * The system uses 8-bit wide native integers. 46 | * 47 | * \deprecated The compiler should be able to generate code for 32-bit 48 | * arithmetic (required by C89). This code is likely to be at least as 49 | * efficient as ours. 50 | * 51 | * Uncomment if native integers are 8-bit wide. 52 | */ 53 | //#define POLARSSL_HAVE_INT8 54 | 55 | /** 56 | * \def POLARSSL_HAVE_INT16 57 | * 58 | * The system uses 16-bit wide native integers. 59 | * 60 | * \deprecated The compiler should be able to generate code for 32-bit 61 | * arithmetic (required by C89). This code is likely to be at least as 62 | * efficient as ours. 63 | * 64 | * Uncomment if native integers are 16-bit wide. 65 | */ 66 | //#define POLARSSL_HAVE_INT16 67 | 68 | /** 69 | * \def POLARSSL_HAVE_LONGLONG 70 | * 71 | * The compiler supports the 'long long' type. 72 | * (Only used on 32-bit platforms) 73 | */ 74 | #define POLARSSL_HAVE_LONGLONG 75 | 76 | /** 77 | * \def POLARSSL_HAVE_ASM 78 | * 79 | * The compiler has support for asm(). 80 | * 81 | * Requires support for asm() in compiler. 82 | * 83 | * Used in: 84 | * library/timing.c 85 | * library/padlock.c 86 | * include/polarssl/bn_mul.h 87 | * 88 | * Comment to disable the use of assembly code. 89 | */ 90 | #define POLARSSL_HAVE_ASM 91 | 92 | /** 93 | * \def POLARSSL_HAVE_SSE2 94 | * 95 | * CPU supports SSE2 instruction set. 96 | * 97 | * Uncomment if the CPU supports SSE2 (IA-32 specific). 98 | */ 99 | //#define POLARSSL_HAVE_SSE2 100 | 101 | /** 102 | * \def POLARSSL_HAVE_TIME 103 | * 104 | * System has time.h and time() / localtime() / gettimeofday(). 105 | * 106 | * Comment if your system does not support time functions 107 | */ 108 | //#define POLARSSL_HAVE_TIME 109 | 110 | /** 111 | * \def POLARSSL_HAVE_IPV6 112 | * 113 | * System supports the basic socket interface for IPv6 (RFC 3493), 114 | * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage. 115 | * 116 | * Note: on Windows/MingW, XP or higher is required. 117 | * 118 | * \warning As of 1.3.11, *not* using this flag when POLARSSL_NET_C is 119 | * defined, is deprecated. The alternative legacy code will be removed in 2.0. 120 | * 121 | * Comment if your system does not support the IPv6 socket interface 122 | */ 123 | #define POLARSSL_HAVE_IPV6 124 | 125 | /** 126 | * \def POLARSSL_PLATFORM_MEMORY 127 | * 128 | * Enable the memory allocation layer. 129 | * 130 | * By default mbed TLS uses the system-provided malloc() and free(). 131 | * This allows different allocators (self-implemented or provided) to be 132 | * provided to the platform abstraction layer. 133 | * 134 | * Enabling POLARSSL_PLATFORM_MEMORY without the 135 | * POLARSSL_PLATFORM_{FREE,MALLOC}_MACROs will provide 136 | * "platform_set_malloc_free()" allowing you to set an alternative malloc() and 137 | * free() function pointer at runtime. 138 | * 139 | * Enabling POLARSSL_PLATFORM_MEMORY and specifying 140 | * POLARSSL_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the 141 | * alternate function at compile time. 142 | * 143 | * Requires: POLARSSL_PLATFORM_C 144 | * 145 | * Enable this layer to allow use of alternative memory allocators. 146 | */ 147 | //#define POLARSSL_PLATFORM_MEMORY 148 | 149 | /** 150 | * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS 151 | * 152 | * Do not assign standard functions in the platform layer (e.g. malloc() to 153 | * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF) 154 | * 155 | * This makes sure there are no linking errors on platforms that do not support 156 | * these functions. You will HAVE to provide alternatives, either at runtime 157 | * via the platform_set_xxx() functions or at compile time by setting 158 | * the POLARSSL_PLATFORM_STD_XXX defines, or enabling a 159 | * POLARSSL_PLATFORM_XXX_MACRO. 160 | * 161 | * Requires: POLARSSL_PLATFORM_C 162 | * 163 | * Uncomment to prevent default assignment of standard functions in the 164 | * platform layer. 165 | */ 166 | //#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS 167 | 168 | /** 169 | * \def POLARSSL_PLATFORM_XXX_ALT 170 | * 171 | * Uncomment a macro to let mbed TLS support the function in the platform 172 | * abstraction layer. 173 | * 174 | * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, mbed TLS will 175 | * provide a function "platform_set_printf()" that allows you to set an 176 | * alternative printf function pointer. 177 | * 178 | * All these define require POLARSSL_PLATFORM_C to be defined! 179 | * 180 | * WARNING: POLARSSL_PLATFORM_SNPRINTF_ALT is not available on Windows 181 | * for compatibility reasons. 182 | * 183 | * WARNING: POLARSSL_PLATFORM_XXX_ALT cannot be defined at the same time as 184 | * POLARSSL_PLATFORM_XXX_MACRO! 185 | * 186 | * Uncomment a macro to enable alternate implementation of specific base 187 | * platform function 188 | */ 189 | //#define POLARSSL_PLATFORM_EXIT_ALT 190 | //#define POLARSSL_PLATFORM_FPRINTF_ALT 191 | //#define POLARSSL_PLATFORM_PRINTF_ALT 192 | //#define POLARSSL_PLATFORM_SNPRINTF_ALT 193 | 194 | /** 195 | * \def POLARSSL_DEPRECATED_WARNING 196 | * 197 | * Mark deprecated functions so that they generate a warning if used. 198 | * Functions deprecated in one version will usually be removed in the next 199 | * version. You can enable this to help you prepare the transition to a new 200 | * major version by making sure your code is not using these functions. 201 | * 202 | * This only works with GCC and Clang. With other compilers, you may want to 203 | * use POLARSSL_DEPRECATED_REMOVED 204 | * 205 | * Uncomment to get warnings on using deprecated functions. 206 | */ 207 | //#define POLARSSL_DEPRECATED_WARNING 208 | 209 | /** 210 | * \def POLARSSL_DEPRECATED_REMOVED 211 | * 212 | * Remove deprecated functions so that they generate an error if used. 213 | * Functions deprecated in one version will usually be removed in the next 214 | * version. You can enable this to help you prepare the transition to a new 215 | * major version by making sure your code is not using these functions. 216 | * 217 | * Uncomment to get errors on using deprecated functions. 218 | */ 219 | //#define POLARSSL_DEPRECATED_REMOVED 220 | 221 | /* \} name SECTION: System support */ 222 | 223 | /** 224 | * \name SECTION: mbed TLS feature support 225 | * 226 | * This section sets support for features that are or are not needed 227 | * within the modules that are enabled. 228 | * \{ 229 | */ 230 | 231 | /** 232 | * \def POLARSSL_TIMING_ALT 233 | * 234 | * Uncomment to provide your own alternate implementation for hardclock(), 235 | * get_timer(), set_alarm() and m_sleep(). 236 | * 237 | * Only works if you have POLARSSL_TIMING_C enabled. 238 | * 239 | * You will need to provide a header "timing_alt.h" and an implementation at 240 | * compile time. 241 | */ 242 | //#define POLARSSL_TIMING_ALT 243 | 244 | /** 245 | * \def POLARSSL_XXX_ALT 246 | * 247 | * Uncomment a macro to let mbed TLS use your alternate core implementation of 248 | * a symmetric or hash algorithm (e.g. platform specific assembly optimized 249 | * implementations). Keep in mind that the function prototypes should remain 250 | * the same. 251 | * 252 | * Example: In case you uncomment POLARSSL_AES_ALT, mbed TLS will no longer 253 | * provide the "struct aes_context" definition and omit the base function 254 | * declarations and implementations. "aes_alt.h" will be included from 255 | * "aes.h" to include the new function definitions. 256 | * 257 | * Uncomment a macro to enable alternate implementation for core algorithm 258 | * functions 259 | */ 260 | //#define POLARSSL_AES_ALT 261 | //#define POLARSSL_ARC4_ALT 262 | //#define POLARSSL_BLOWFISH_ALT 263 | //#define POLARSSL_CAMELLIA_ALT 264 | //#define POLARSSL_DES_ALT 265 | //#define POLARSSL_XTEA_ALT 266 | //#define POLARSSL_MD2_ALT 267 | //#define POLARSSL_MD4_ALT 268 | //#define POLARSSL_MD5_ALT 269 | //#define POLARSSL_RIPEMD160_ALT 270 | //#define POLARSSL_SHA1_ALT 271 | //#define POLARSSL_SHA256_ALT 272 | //#define POLARSSL_SHA512_ALT 273 | 274 | /** 275 | * \def POLARSSL_AES_ROM_TABLES 276 | * 277 | * Store the AES tables in ROM. 278 | * 279 | * Uncomment this macro to store the AES tables in ROM. 280 | */ 281 | //#define POLARSSL_AES_ROM_TABLES 282 | 283 | /** 284 | * \def POLARSSL_CAMELLIA_SMALL_MEMORY 285 | * 286 | * Use less ROM for the Camellia implementation (saves about 768 bytes). 287 | * 288 | * Uncomment this macro to use less memory for Camellia. 289 | */ 290 | //#define POLARSSL_CAMELLIA_SMALL_MEMORY 291 | 292 | /** 293 | * \def POLARSSL_CIPHER_MODE_CBC 294 | * 295 | * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. 296 | */ 297 | #define POLARSSL_CIPHER_MODE_CBC 298 | 299 | /** 300 | * \def POLARSSL_CIPHER_MODE_CFB 301 | * 302 | * Enable Cipher Feedback mode (CFB) for symmetric ciphers. 303 | */ 304 | #define POLARSSL_CIPHER_MODE_CFB 305 | 306 | /** 307 | * \def POLARSSL_CIPHER_MODE_CTR 308 | * 309 | * Enable Counter Block Cipher mode (CTR) for symmetric ciphers. 310 | */ 311 | #define POLARSSL_CIPHER_MODE_CTR 312 | 313 | /** 314 | * \def POLARSSL_CIPHER_NULL_CIPHER 315 | * 316 | * Enable NULL cipher. 317 | * Warning: Only do so when you know what you are doing. This allows for 318 | * encryption or channels without any security! 319 | * 320 | * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable 321 | * the following ciphersuites: 322 | * TLS_ECDH_ECDSA_WITH_NULL_SHA 323 | * TLS_ECDH_RSA_WITH_NULL_SHA 324 | * TLS_ECDHE_ECDSA_WITH_NULL_SHA 325 | * TLS_ECDHE_RSA_WITH_NULL_SHA 326 | * TLS_ECDHE_PSK_WITH_NULL_SHA384 327 | * TLS_ECDHE_PSK_WITH_NULL_SHA256 328 | * TLS_ECDHE_PSK_WITH_NULL_SHA 329 | * TLS_DHE_PSK_WITH_NULL_SHA384 330 | * TLS_DHE_PSK_WITH_NULL_SHA256 331 | * TLS_DHE_PSK_WITH_NULL_SHA 332 | * TLS_RSA_WITH_NULL_SHA256 333 | * TLS_RSA_WITH_NULL_SHA 334 | * TLS_RSA_WITH_NULL_MD5 335 | * TLS_RSA_PSK_WITH_NULL_SHA384 336 | * TLS_RSA_PSK_WITH_NULL_SHA256 337 | * TLS_RSA_PSK_WITH_NULL_SHA 338 | * TLS_PSK_WITH_NULL_SHA384 339 | * TLS_PSK_WITH_NULL_SHA256 340 | * TLS_PSK_WITH_NULL_SHA 341 | * 342 | * Uncomment this macro to enable the NULL cipher and ciphersuites 343 | */ 344 | //#define POLARSSL_CIPHER_NULL_CIPHER 345 | 346 | /** 347 | * \def POLARSSL_CIPHER_PADDING_XXX 348 | * 349 | * Uncomment or comment macros to add support for specific padding modes 350 | * in the cipher layer with cipher modes that support padding (e.g. CBC) 351 | * 352 | * If you disable all padding modes, only full blocks can be used with CBC. 353 | * 354 | * Enable padding modes in the cipher layer. 355 | */ 356 | #define POLARSSL_CIPHER_PADDING_PKCS7 357 | #define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS 358 | #define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN 359 | #define POLARSSL_CIPHER_PADDING_ZEROS 360 | 361 | /** 362 | * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES 363 | * 364 | * Enable weak ciphersuites in SSL / TLS. 365 | * Warning: Only do so when you know what you are doing. This allows for 366 | * channels with virtually no security at all! 367 | * 368 | * This enables the following ciphersuites: 369 | * TLS_RSA_WITH_DES_CBC_SHA 370 | * TLS_DHE_RSA_WITH_DES_CBC_SHA 371 | * 372 | * Uncomment this macro to enable weak ciphersuites 373 | */ 374 | //#define POLARSSL_ENABLE_WEAK_CIPHERSUITES 375 | 376 | /** 377 | * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES 378 | * 379 | * Remove RC4 ciphersuites by default in SSL / TLS. 380 | * This flag removes the ciphersuites based on RC4 from the default list as 381 | * returned by ssl_list_ciphersuites(). However, it is still possible to 382 | * enable (some of) them with ssl_set_ciphersuites() by including them 383 | * explicitly. 384 | * 385 | * Uncomment this macro to remove RC4 ciphersuites by default. 386 | */ 387 | //#define POLARSSL_REMOVE_ARC4_CIPHERSUITES 388 | 389 | /** 390 | * \def POLARSSL_ECP_XXXX_ENABLED 391 | * 392 | * Enables specific curves within the Elliptic Curve module. 393 | * By default all supported curves are enabled. 394 | * 395 | * Comment macros to disable the curve and functions for it 396 | */ 397 | #define POLARSSL_ECP_DP_SECP192R1_ENABLED 398 | #define POLARSSL_ECP_DP_SECP224R1_ENABLED 399 | #define POLARSSL_ECP_DP_SECP256R1_ENABLED 400 | #define POLARSSL_ECP_DP_SECP384R1_ENABLED 401 | #define POLARSSL_ECP_DP_SECP521R1_ENABLED 402 | #define POLARSSL_ECP_DP_SECP192K1_ENABLED 403 | #define POLARSSL_ECP_DP_SECP224K1_ENABLED 404 | #define POLARSSL_ECP_DP_SECP256K1_ENABLED 405 | #define POLARSSL_ECP_DP_BP256R1_ENABLED 406 | #define POLARSSL_ECP_DP_BP384R1_ENABLED 407 | #define POLARSSL_ECP_DP_BP512R1_ENABLED 408 | //#define POLARSSL_ECP_DP_M221_ENABLED // Not implemented yet! 409 | #define POLARSSL_ECP_DP_M255_ENABLED 410 | //#define POLARSSL_ECP_DP_M383_ENABLED // Not implemented yet! 411 | //#define POLARSSL_ECP_DP_M511_ENABLED // Not implemented yet! 412 | 413 | /** 414 | * \def POLARSSL_ECP_NIST_OPTIM 415 | * 416 | * Enable specific 'modulo p' routines for each NIST prime. 417 | * Depending on the prime and architecture, makes operations 4 to 8 times 418 | * faster on the corresponding curve. 419 | * 420 | * Comment this macro to disable NIST curves optimisation. 421 | */ 422 | #define POLARSSL_ECP_NIST_OPTIM 423 | 424 | /** 425 | * \def POLARSSL_ECDSA_DETERMINISTIC 426 | * 427 | * Enable deterministic ECDSA (RFC 6979). 428 | * Standard ECDSA is "fragile" in the sense that lack of entropy when signing 429 | * may result in a compromise of the long-term signing key. This is avoided by 430 | * the deterministic variant. 431 | * 432 | * Requires: POLARSSL_HMAC_DRBG_C 433 | * 434 | * Comment this macro to disable deterministic ECDSA. 435 | */ 436 | #define POLARSSL_ECDSA_DETERMINISTIC 437 | 438 | /** 439 | * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED 440 | * 441 | * Enable the PSK based ciphersuite modes in SSL / TLS. 442 | * 443 | * This enables the following ciphersuites (if other requisites are 444 | * enabled as well): 445 | * TLS_PSK_WITH_AES_256_GCM_SHA384 446 | * TLS_PSK_WITH_AES_256_CBC_SHA384 447 | * TLS_PSK_WITH_AES_256_CBC_SHA 448 | * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 449 | * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 450 | * TLS_PSK_WITH_AES_128_GCM_SHA256 451 | * TLS_PSK_WITH_AES_128_CBC_SHA256 452 | * TLS_PSK_WITH_AES_128_CBC_SHA 453 | * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 454 | * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 455 | * TLS_PSK_WITH_3DES_EDE_CBC_SHA 456 | * TLS_PSK_WITH_RC4_128_SHA 457 | */ 458 | #define POLARSSL_KEY_EXCHANGE_PSK_ENABLED 459 | 460 | /** 461 | * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED 462 | * 463 | * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. 464 | * 465 | * Requires: POLARSSL_DHM_C 466 | * 467 | * This enables the following ciphersuites (if other requisites are 468 | * enabled as well): 469 | * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 470 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 471 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA 472 | * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 473 | * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 474 | * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 475 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 476 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA 477 | * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 478 | * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 479 | * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 480 | * TLS_DHE_PSK_WITH_RC4_128_SHA 481 | */ 482 | #define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED 483 | 484 | /** 485 | * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED 486 | * 487 | * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. 488 | * 489 | * Requires: POLARSSL_ECDH_C 490 | * 491 | * This enables the following ciphersuites (if other requisites are 492 | * enabled as well): 493 | * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 494 | * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 495 | * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 496 | * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 497 | * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 498 | * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 499 | * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 500 | * TLS_ECDHE_PSK_WITH_RC4_128_SHA 501 | */ 502 | #define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED 503 | 504 | /** 505 | * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED 506 | * 507 | * Enable the RSA-PSK based ciphersuite modes in SSL / TLS. 508 | * 509 | * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 510 | * POLARSSL_X509_CRT_PARSE_C 511 | * 512 | * This enables the following ciphersuites (if other requisites are 513 | * enabled as well): 514 | * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 515 | * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 516 | * TLS_RSA_PSK_WITH_AES_256_CBC_SHA 517 | * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 518 | * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 519 | * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 520 | * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 521 | * TLS_RSA_PSK_WITH_AES_128_CBC_SHA 522 | * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 523 | * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 524 | * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 525 | * TLS_RSA_PSK_WITH_RC4_128_SHA 526 | */ 527 | #define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED 528 | 529 | /** 530 | * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED 531 | * 532 | * Enable the RSA-only based ciphersuite modes in SSL / TLS. 533 | * 534 | * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 535 | * POLARSSL_X509_CRT_PARSE_C 536 | * 537 | * This enables the following ciphersuites (if other requisites are 538 | * enabled as well): 539 | * TLS_RSA_WITH_AES_256_GCM_SHA384 540 | * TLS_RSA_WITH_AES_256_CBC_SHA256 541 | * TLS_RSA_WITH_AES_256_CBC_SHA 542 | * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 543 | * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 544 | * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 545 | * TLS_RSA_WITH_AES_128_GCM_SHA256 546 | * TLS_RSA_WITH_AES_128_CBC_SHA256 547 | * TLS_RSA_WITH_AES_128_CBC_SHA 548 | * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 549 | * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 550 | * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 551 | * TLS_RSA_WITH_3DES_EDE_CBC_SHA 552 | * TLS_RSA_WITH_RC4_128_SHA 553 | * TLS_RSA_WITH_RC4_128_MD5 554 | */ 555 | #define POLARSSL_KEY_EXCHANGE_RSA_ENABLED 556 | 557 | /** 558 | * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED 559 | * 560 | * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. 561 | * 562 | * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 563 | * POLARSSL_X509_CRT_PARSE_C 564 | * 565 | * This enables the following ciphersuites (if other requisites are 566 | * enabled as well): 567 | * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 568 | * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 569 | * TLS_DHE_RSA_WITH_AES_256_CBC_SHA 570 | * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 571 | * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 572 | * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 573 | * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 574 | * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 575 | * TLS_DHE_RSA_WITH_AES_128_CBC_SHA 576 | * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 577 | * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 578 | * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 579 | * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 580 | */ 581 | #define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED 582 | 583 | /** 584 | * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED 585 | * 586 | * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. 587 | * 588 | * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, 589 | * POLARSSL_X509_CRT_PARSE_C 590 | * 591 | * This enables the following ciphersuites (if other requisites are 592 | * enabled as well): 593 | * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 594 | * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 595 | * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 596 | * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 597 | * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 598 | * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 599 | * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 600 | * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 601 | * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 602 | * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 603 | * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 604 | * TLS_ECDHE_RSA_WITH_RC4_128_SHA 605 | */ 606 | #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED 607 | 608 | /** 609 | * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 610 | * 611 | * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. 612 | * 613 | * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, 614 | * 615 | * This enables the following ciphersuites (if other requisites are 616 | * enabled as well): 617 | * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 618 | * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 619 | * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 620 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 621 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 622 | * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 623 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 624 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 625 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 626 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 627 | * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 628 | * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 629 | */ 630 | #define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 631 | 632 | /** 633 | * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 634 | * 635 | * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. 636 | * 637 | * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C 638 | * 639 | * This enables the following ciphersuites (if other requisites are 640 | * enabled as well): 641 | * TLS_ECDH_ECDSA_WITH_RC4_128_SHA 642 | * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 643 | * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 644 | * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 645 | * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 646 | * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 647 | * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 648 | * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 649 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 650 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 651 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 652 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 653 | */ 654 | #define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 655 | 656 | /** 657 | * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED 658 | * 659 | * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. 660 | * 661 | * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C 662 | * 663 | * This enables the following ciphersuites (if other requisites are 664 | * enabled as well): 665 | * TLS_ECDH_RSA_WITH_RC4_128_SHA 666 | * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 667 | * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 668 | * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 669 | * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 670 | * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 671 | * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 672 | * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 673 | * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 674 | * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 675 | * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 676 | * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 677 | */ 678 | #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED 679 | 680 | /** 681 | * \def POLARSSL_PK_PARSE_EC_EXTENDED 682 | * 683 | * Enhance support for reading EC keys using variants of SEC1 not allowed by 684 | * RFC 5915 and RFC 5480. 685 | * 686 | * Currently this means parsing the SpecifiedECDomain choice of EC 687 | * parameters (only known groups are supported, not arbitrary domains, to 688 | * avoid validation issues). 689 | * 690 | * Disable if you only need to support RFC 5915 + 5480 key formats. 691 | */ 692 | #define POLARSSL_PK_PARSE_EC_EXTENDED 693 | 694 | /** 695 | * \def POLARSSL_ERROR_STRERROR_BC 696 | * 697 | * Make available the backward compatible error_strerror() next to the 698 | * current polarssl_strerror(). 699 | * 700 | * \deprecated Do not define this and use polarssl_strerror() instead 701 | * 702 | * Disable if you want to really remove the error_strerror() name 703 | */ 704 | #define POLARSSL_ERROR_STRERROR_BC 705 | 706 | /** 707 | * \def POLARSSL_ERROR_STRERROR_DUMMY 708 | * 709 | * Enable a dummy error function to make use of polarssl_strerror() in 710 | * third party libraries easier when POLARSSL_ERROR_C is disabled 711 | * (no effect when POLARSSL_ERROR_C is enabled). 712 | * 713 | * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're 714 | * not using polarssl_strerror() or error_strerror() in your application. 715 | * 716 | * Disable if you run into name conflicts and want to really remove the 717 | * polarssl_strerror() 718 | */ 719 | #define POLARSSL_ERROR_STRERROR_DUMMY 720 | 721 | /** 722 | * \def POLARSSL_GENPRIME 723 | * 724 | * Enable the prime-number generation code. 725 | * 726 | * Requires: POLARSSL_BIGNUM_C 727 | */ 728 | #define POLARSSL_GENPRIME 729 | 730 | /** 731 | * \def POLARSSL_FS_IO 732 | * 733 | * Enable functions that use the filesystem. 734 | */ 735 | #define POLARSSL_FS_IO 736 | 737 | /** 738 | * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES 739 | * 740 | * Do not add default entropy sources. These are the platform specific, 741 | * hardclock and HAVEGE based poll functions. 742 | * 743 | * This is useful to have more control over the added entropy sources in an 744 | * application. 745 | * 746 | * Uncomment this macro to prevent loading of default entropy functions. 747 | */ 748 | //#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES 749 | 750 | /** 751 | * \def POLARSSL_NO_PLATFORM_ENTROPY 752 | * 753 | * Do not use built-in platform entropy functions. 754 | * This is useful if your platform does not support 755 | * standards like the /dev/urandom or Windows CryptoAPI. 756 | * 757 | * Uncomment this macro to disable the built-in platform entropy functions. 758 | */ 759 | //#define POLARSSL_NO_PLATFORM_ENTROPY 760 | 761 | /** 762 | * \def POLARSSL_ENTROPY_FORCE_SHA256 763 | * 764 | * Force the entropy accumulator to use a SHA-256 accumulator instead of the 765 | * default SHA-512 based one (if both are available). 766 | * 767 | * Requires: POLARSSL_SHA256_C 768 | * 769 | * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option 770 | * if you have performance concerns. 771 | * 772 | * This option is only useful if both POLARSSL_SHA256_C and 773 | * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used. 774 | */ 775 | //#define POLARSSL_ENTROPY_FORCE_SHA256 776 | 777 | /** 778 | * \def POLARSSL_MEMORY_DEBUG 779 | * 780 | * Enable debugging of buffer allocator memory issues. Automatically prints 781 | * (to stderr) all (fatal) messages on memory allocation issues. Enables 782 | * function for 'debug output' of allocated memory. 783 | * 784 | * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C 785 | * 786 | * Uncomment this macro to let the buffer allocator print out error messages. 787 | */ 788 | //#define POLARSSL_MEMORY_DEBUG 789 | 790 | /** 791 | * \def POLARSSL_MEMORY_BACKTRACE 792 | * 793 | * Include backtrace information with each allocated block. 794 | * 795 | * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C 796 | * GLIBC-compatible backtrace() an backtrace_symbols() support 797 | * 798 | * Uncomment this macro to include backtrace information 799 | */ 800 | //#define POLARSSL_MEMORY_BACKTRACE 801 | 802 | /** 803 | * \def POLARSSL_PKCS1_V15 804 | * 805 | * Enable support for PKCS#1 v1.5 encoding. 806 | * 807 | * Requires: POLARSSL_RSA_C 808 | * 809 | * This enables support for PKCS#1 v1.5 operations. 810 | */ 811 | #define POLARSSL_PKCS1_V15 812 | 813 | /** 814 | * \def POLARSSL_PKCS1_V21 815 | * 816 | * Enable support for PKCS#1 v2.1 encoding. 817 | * 818 | * Requires: POLARSSL_MD_C, POLARSSL_RSA_C 819 | * 820 | * This enables support for RSAES-OAEP and RSASSA-PSS operations. 821 | */ 822 | #define POLARSSL_PKCS1_V21 823 | 824 | /** 825 | * \def POLARSSL_RSA_NO_CRT 826 | * 827 | * Do not use the Chinese Remainder Theorem for the RSA private operation. 828 | * 829 | * Uncomment this macro to disable the use of CRT in RSA. 830 | * 831 | */ 832 | //#define POLARSSL_RSA_NO_CRT 833 | 834 | /** 835 | * \def POLARSSL_SELF_TEST 836 | * 837 | * Enable the checkup functions (*_self_test). 838 | */ 839 | #define POLARSSL_SELF_TEST 840 | 841 | /** 842 | * \def POLARSSL_SSL_AEAD_RANDOM_IV 843 | * 844 | * Generate a random IV rather than using the record sequence number as a 845 | * nonce for ciphersuites using and AEAD algorithm (GCM or CCM). 846 | * 847 | * Using the sequence number is generally recommended. 848 | * 849 | * Uncomment this macro to always use random IVs with AEAD ciphersuites. 850 | */ 851 | //#define POLARSSL_SSL_AEAD_RANDOM_IV 852 | 853 | /** 854 | * \def POLARSSL_SSL_ALL_ALERT_MESSAGES 855 | * 856 | * Enable sending of alert messages in case of encountered errors as per RFC. 857 | * If you choose not to send the alert messages, mbed TLS can still communicate 858 | * with other servers, only debugging of failures is harder. 859 | * 860 | * The advantage of not sending alert messages, is that no information is given 861 | * about reasons for failures thus preventing adversaries of gaining intel. 862 | * 863 | * Enable sending of all alert messages 864 | */ 865 | #define POLARSSL_SSL_ALERT_MESSAGES 866 | 867 | /** 868 | * \def POLARSSL_SSL_DEBUG_ALL 869 | * 870 | * Enable the debug messages in SSL module for all issues. 871 | * Debug messages have been disabled in some places to prevent timing 872 | * attacks due to (unbalanced) debugging function calls. 873 | * 874 | * If you need all error reporting you should enable this during debugging, 875 | * but remove this for production servers that should log as well. 876 | * 877 | * Uncomment this macro to report all debug messages on errors introducing 878 | * a timing side-channel. 879 | * 880 | */ 881 | //#define POLARSSL_SSL_DEBUG_ALL 882 | 883 | /** \def POLARSSL_SSL_ENCRYPT_THEN_MAC 884 | * 885 | * Enable support for Encrypt-then-MAC, RFC 7366. 886 | * 887 | * This allows peers that both support it to use a more robust protection for 888 | * ciphersuites using CBC, providing deep resistance against timing attacks 889 | * on the padding or underlying cipher. 890 | * 891 | * This only affects CBC ciphersuites, and is useless if none is defined. 892 | * 893 | * Requires: POLARSSL_SSL_PROTO_TLS1 or 894 | * POLARSSL_SSL_PROTO_TLS1_1 or 895 | * POLARSSL_SSL_PROTO_TLS1_2 896 | * 897 | * Comment this macro to disable support for Encrypt-then-MAC 898 | */ 899 | #define POLARSSL_SSL_ENCRYPT_THEN_MAC 900 | 901 | /** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET 902 | * 903 | * Enable support for Extended Master Secret, aka Session Hash 904 | * (draft-ietf-tls-session-hash-02). 905 | * 906 | * This was introduced as "the proper fix" to the Triple Handshake familiy of 907 | * attacks, but it is recommended to always use it (even if you disable 908 | * renegotiation), since it actually fixes a more fundamental issue in the 909 | * original SSL/TLS design, and has implications beyond Triple Handshake. 910 | * 911 | * Requires: POLARSSL_SSL_PROTO_TLS1 or 912 | * POLARSSL_SSL_PROTO_TLS1_1 or 913 | * POLARSSL_SSL_PROTO_TLS1_2 914 | * 915 | * Comment this macro to disable support for Extended Master Secret. 916 | */ 917 | #define POLARSSL_SSL_EXTENDED_MASTER_SECRET 918 | 919 | /** 920 | * \def POLARSSL_SSL_FALLBACK_SCSV 921 | * 922 | * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00). 923 | * 924 | * For servers, it is recommended to always enable this, unless you support 925 | * only one version of TLS, or know for sure that none of your clients 926 | * implements a fallback strategy. 927 | * 928 | * For clients, you only need this if you're using a fallback strategy, which 929 | * is not recommended in the first place, unless you absolutely need it to 930 | * interoperate with buggy (version-intolerant) servers. 931 | * 932 | * Comment this macro to disable support for FALLBACK_SCSV 933 | */ 934 | #define POLARSSL_SSL_FALLBACK_SCSV 935 | 936 | /** 937 | * \def POLARSSL_SSL_HW_RECORD_ACCEL 938 | * 939 | * Enable hooking functions in SSL module for hardware acceleration of 940 | * individual records. 941 | * 942 | * Uncomment this macro to enable hooking functions. 943 | */ 944 | //#define POLARSSL_SSL_HW_RECORD_ACCEL 945 | 946 | /** 947 | * \def POLARSSL_SSL_CBC_RECORD_SPLITTING 948 | * 949 | * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0. 950 | * 951 | * This is a countermeasure to the BEAST attack, which also minimizes the risk 952 | * of interoperability issues compared to sending 0-length records. 953 | * 954 | * Comment this macro to disable 1/n-1 record splitting. 955 | */ 956 | #define POLARSSL_SSL_CBC_RECORD_SPLITTING 957 | 958 | /** 959 | * \def POLARSSL_SSL_DISABLE_RENEGOTIATION 960 | * 961 | * Disable support for TLS renegotiation. 962 | * 963 | * The two main uses of renegotiation are (1) refresh keys on long-lived 964 | * connections and (2) client authentication after the initial handshake. 965 | * If you don't need renegotiation, it's probably better to disable it, since 966 | * it has been associated with security issues in the past and is easy to 967 | * misuse/misunderstand. 968 | * 969 | * Warning: in the next stable branch, this switch will be replaced by 970 | * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation. 971 | * 972 | * Uncomment this to disable support for renegotiation. 973 | */ 974 | //#define POLARSSL_SSL_DISABLE_RENEGOTIATION 975 | 976 | /** 977 | * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 978 | * 979 | * Enable support for receiving and parsing SSLv2 Client Hello messages for the 980 | * SSL Server module (POLARSSL_SSL_SRV_C). 981 | * 982 | * Comment this macro to disable support for SSLv2 Client Hello messages. 983 | */ 984 | #define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO 985 | 986 | /** 987 | * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE 988 | * 989 | * Pick the ciphersuite according to the client's preferences rather than ours 990 | * in the SSL Server module (POLARSSL_SSL_SRV_C). 991 | * 992 | * Uncomment this macro to respect client's ciphersuite order 993 | */ 994 | //#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE 995 | 996 | /** 997 | * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH 998 | * 999 | * Enable support for RFC 6066 max_fragment_length extension in SSL. 1000 | * 1001 | * Comment this macro to disable support for the max_fragment_length extension 1002 | */ 1003 | #define POLARSSL_SSL_MAX_FRAGMENT_LENGTH 1004 | 1005 | /** 1006 | * \def POLARSSL_SSL_PROTO_SSL3 1007 | * 1008 | * Enable support for SSL 3.0. 1009 | * 1010 | * Requires: POLARSSL_MD5_C 1011 | * POLARSSL_SHA1_C 1012 | * 1013 | * Comment this macro to disable support for SSL 3.0 1014 | */ 1015 | #define POLARSSL_SSL_PROTO_SSL3 1016 | 1017 | /** 1018 | * \def POLARSSL_SSL_PROTO_TLS1 1019 | * 1020 | * Enable support for TLS 1.0. 1021 | * 1022 | * Requires: POLARSSL_MD5_C 1023 | * POLARSSL_SHA1_C 1024 | * 1025 | * Comment this macro to disable support for TLS 1.0 1026 | */ 1027 | #define POLARSSL_SSL_PROTO_TLS1 1028 | 1029 | /** 1030 | * \def POLARSSL_SSL_PROTO_TLS1_1 1031 | * 1032 | * Enable support for TLS 1.1. 1033 | * 1034 | * Requires: POLARSSL_MD5_C 1035 | * POLARSSL_SHA1_C 1036 | * 1037 | * Comment this macro to disable support for TLS 1.1 1038 | */ 1039 | #define POLARSSL_SSL_PROTO_TLS1_1 1040 | 1041 | /** 1042 | * \def POLARSSL_SSL_PROTO_TLS1_2 1043 | * 1044 | * Enable support for TLS 1.2. 1045 | * 1046 | * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C 1047 | * (Depends on ciphersuites) 1048 | * 1049 | * Comment this macro to disable support for TLS 1.2 1050 | */ 1051 | #define POLARSSL_SSL_PROTO_TLS1_2 1052 | 1053 | /** 1054 | * \def POLARSSL_SSL_ALPN 1055 | * 1056 | * Enable support for RFC 7301 Application Layer Protocol Negotiation. 1057 | * 1058 | * Comment this macro to disable support for ALPN. 1059 | */ 1060 | #define POLARSSL_SSL_ALPN 1061 | 1062 | /** 1063 | * \def POLARSSL_SSL_SESSION_TICKETS 1064 | * 1065 | * Enable support for RFC 5077 session tickets in SSL. 1066 | * 1067 | * Requires: POLARSSL_AES_C 1068 | * POLARSSL_SHA256_C 1069 | * POLARSSL_CIPHER_MODE_CBC 1070 | * 1071 | * Comment this macro to disable support for SSL session tickets 1072 | */ 1073 | #define POLARSSL_SSL_SESSION_TICKETS 1074 | 1075 | /** 1076 | * \def POLARSSL_SSL_SERVER_NAME_INDICATION 1077 | * 1078 | * Enable support for RFC 6066 server name indication (SNI) in SSL. 1079 | * 1080 | * Requires: POLARSSL_X509_CRT_PARSE_C 1081 | * 1082 | * Comment this macro to disable support for server name indication in SSL 1083 | */ 1084 | #define POLARSSL_SSL_SERVER_NAME_INDICATION 1085 | 1086 | /** 1087 | * \def POLARSSL_SSL_TRUNCATED_HMAC 1088 | * 1089 | * Enable support for RFC 6066 truncated HMAC in SSL. 1090 | * 1091 | * Comment this macro to disable support for truncated HMAC in SSL 1092 | */ 1093 | #define POLARSSL_SSL_TRUNCATED_HMAC 1094 | 1095 | /** 1096 | * \def POLARSSL_SSL_SET_CURVES 1097 | * 1098 | * Enable ssl_set_curves(). 1099 | * 1100 | * This is disabled by default since it breaks binary compatibility with the 1101 | * 1.3.x line. If you choose to enable it, you will need to rebuild your 1102 | * application against the new header files, relinking will not be enough. 1103 | * It will be enabled by default, or no longer an option, in the 1.4 branch. 1104 | * 1105 | * Uncomment to make ssl_set_curves() available. 1106 | */ 1107 | //#define POLARSSL_SSL_SET_CURVES 1108 | 1109 | /** 1110 | * \def POLARSSL_THREADING_ALT 1111 | * 1112 | * Provide your own alternate threading implementation. 1113 | * 1114 | * Requires: POLARSSL_THREADING_C 1115 | * 1116 | * Uncomment this to allow your own alternate threading implementation. 1117 | */ 1118 | //#define POLARSSL_THREADING_ALT 1119 | 1120 | /** 1121 | * \def POLARSSL_THREADING_PTHREAD 1122 | * 1123 | * Enable the pthread wrapper layer for the threading layer. 1124 | * 1125 | * Requires: POLARSSL_THREADING_C 1126 | * 1127 | * Uncomment this to enable pthread mutexes. 1128 | */ 1129 | //#define POLARSSL_THREADING_PTHREAD 1130 | 1131 | /** 1132 | * \def POLARSSL_VERSION_FEATURES 1133 | * 1134 | * Allow run-time checking of compile-time enabled features. Thus allowing users 1135 | * to check at run-time if the library is for instance compiled with threading 1136 | * support via version_check_feature(). 1137 | * 1138 | * Requires: POLARSSL_VERSION_C 1139 | * 1140 | * Comment this to disable run-time checking and save ROM space 1141 | */ 1142 | #define POLARSSL_VERSION_FEATURES 1143 | 1144 | /** 1145 | * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 1146 | * 1147 | * If set, the X509 parser will not break-off when parsing an X509 certificate 1148 | * and encountering an extension in a v1 or v2 certificate. 1149 | * 1150 | * Uncomment to prevent an error. 1151 | */ 1152 | //#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 1153 | 1154 | /** 1155 | * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 1156 | * 1157 | * If set, the X509 parser will not break-off when parsing an X509 certificate 1158 | * and encountering an unknown critical extension. 1159 | * 1160 | * Uncomment to prevent an error. 1161 | */ 1162 | //#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION 1163 | 1164 | /** 1165 | * \def POLARSSL_X509_CHECK_KEY_USAGE 1166 | * 1167 | * Enable verification of the keyUsage extension (CA and leaf certificates). 1168 | * 1169 | * Disabling this avoids problems with mis-issued and/or misused 1170 | * (intermediate) CA and leaf certificates. 1171 | * 1172 | * \warning Depending on your PKI use, disabling this can be a security risk! 1173 | * 1174 | * Comment to skip keyUsage checking for both CA and leaf certificates. 1175 | */ 1176 | #define POLARSSL_X509_CHECK_KEY_USAGE 1177 | 1178 | /** 1179 | * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE 1180 | * 1181 | * Enable verification of the extendedKeyUsage extension (leaf certificates). 1182 | * 1183 | * Disabling this avoids problems with mis-issued and/or misused certificates. 1184 | * 1185 | * \warning Depending on your PKI use, disabling this can be a security risk! 1186 | * 1187 | * Comment to skip extendedKeyUsage checking for certificates. 1188 | */ 1189 | #define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE 1190 | 1191 | /** 1192 | * \def POLARSSL_X509_RSASSA_PSS_SUPPORT 1193 | * 1194 | * Enable parsing and verification of X.509 certificates, CRLs and CSRS 1195 | * signed with RSASSA-PSS (aka PKCS#1 v2.1). 1196 | * 1197 | * Comment this macro to disallow using RSASSA-PSS in certificates. 1198 | */ 1199 | #define POLARSSL_X509_RSASSA_PSS_SUPPORT 1200 | 1201 | /** 1202 | * \def POLARSSL_ZLIB_SUPPORT 1203 | * 1204 | * If set, the SSL/TLS module uses ZLIB to support compression and 1205 | * decompression of packet data. 1206 | * 1207 | * \warning TLS-level compression MAY REDUCE SECURITY! See for example the 1208 | * CRIME attack. Before enabling this option, you should examine with care if 1209 | * CRIME or similar exploits may be a applicable to your use case. 1210 | * 1211 | * Used in: library/ssl_tls.c 1212 | * library/ssl_cli.c 1213 | * library/ssl_srv.c 1214 | * 1215 | * This feature requires zlib library and headers to be present. 1216 | * 1217 | * Uncomment to enable use of ZLIB 1218 | */ 1219 | //#define POLARSSL_ZLIB_SUPPORT 1220 | /* \} name SECTION: mbed TLS feature support */ 1221 | 1222 | /** 1223 | * \name SECTION: mbed TLS modules 1224 | * 1225 | * This section enables or disables entire modules in mbed TLS 1226 | * \{ 1227 | */ 1228 | 1229 | /** 1230 | * \def POLARSSL_AESNI_C 1231 | * 1232 | * Enable AES-NI support on x86-64. 1233 | * 1234 | * Module: library/aesni.c 1235 | * Caller: library/aes.c 1236 | * 1237 | * Requires: POLARSSL_HAVE_ASM 1238 | * 1239 | * This modules adds support for the AES-NI instructions on x86-64 1240 | */ 1241 | #define POLARSSL_AESNI_C 1242 | 1243 | /** 1244 | * \def POLARSSL_AES_C 1245 | * 1246 | * Enable the AES block cipher. 1247 | * 1248 | * Module: library/aes.c 1249 | * Caller: library/ssl_tls.c 1250 | * library/pem.c 1251 | * library/ctr_drbg.c 1252 | * 1253 | * This module enables the following ciphersuites (if other requisites are 1254 | * enabled as well): 1255 | * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 1256 | * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 1257 | * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 1258 | * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 1259 | * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 1260 | * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 1261 | * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 1262 | * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 1263 | * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 1264 | * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 1265 | * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 1266 | * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 1267 | * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 1268 | * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 1269 | * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 1270 | * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 1271 | * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 1272 | * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 1273 | * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 1274 | * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 1275 | * TLS_DHE_RSA_WITH_AES_256_CBC_SHA 1276 | * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 1277 | * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 1278 | * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 1279 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 1280 | * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 1281 | * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 1282 | * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 1283 | * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 1284 | * TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1285 | * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 1286 | * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 1287 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 1288 | * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 1289 | * TLS_DHE_PSK_WITH_AES_256_CBC_SHA 1290 | * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 1291 | * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 1292 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 1293 | * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 1294 | * TLS_DHE_PSK_WITH_AES_128_CBC_SHA 1295 | * TLS_RSA_WITH_AES_256_GCM_SHA384 1296 | * TLS_RSA_WITH_AES_256_CBC_SHA256 1297 | * TLS_RSA_WITH_AES_256_CBC_SHA 1298 | * TLS_RSA_WITH_AES_128_GCM_SHA256 1299 | * TLS_RSA_WITH_AES_128_CBC_SHA256 1300 | * TLS_RSA_WITH_AES_128_CBC_SHA 1301 | * TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 1302 | * TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 1303 | * TLS_RSA_PSK_WITH_AES_256_CBC_SHA 1304 | * TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 1305 | * TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 1306 | * TLS_RSA_PSK_WITH_AES_128_CBC_SHA 1307 | * TLS_PSK_WITH_AES_256_GCM_SHA384 1308 | * TLS_PSK_WITH_AES_256_CBC_SHA384 1309 | * TLS_PSK_WITH_AES_256_CBC_SHA 1310 | * TLS_PSK_WITH_AES_128_GCM_SHA256 1311 | * TLS_PSK_WITH_AES_128_CBC_SHA256 1312 | * TLS_PSK_WITH_AES_128_CBC_SHA 1313 | * 1314 | * PEM_PARSE uses AES for decrypting encrypted keys. 1315 | */ 1316 | #define POLARSSL_AES_C 1317 | 1318 | /** 1319 | * \def POLARSSL_ARC4_C 1320 | * 1321 | * Enable the ARCFOUR stream cipher. 1322 | * 1323 | * Module: library/arc4.c 1324 | * Caller: library/ssl_tls.c 1325 | * 1326 | * This module enables the following ciphersuites (if other requisites are 1327 | * enabled as well): 1328 | * TLS_ECDH_ECDSA_WITH_RC4_128_SHA 1329 | * TLS_ECDH_RSA_WITH_RC4_128_SHA 1330 | * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 1331 | * TLS_ECDHE_RSA_WITH_RC4_128_SHA 1332 | * TLS_ECDHE_PSK_WITH_RC4_128_SHA 1333 | * TLS_DHE_PSK_WITH_RC4_128_SHA 1334 | * TLS_RSA_WITH_RC4_128_SHA 1335 | * TLS_RSA_WITH_RC4_128_MD5 1336 | * TLS_RSA_PSK_WITH_RC4_128_SHA 1337 | * TLS_PSK_WITH_RC4_128_SHA 1338 | */ 1339 | #define POLARSSL_ARC4_C 1340 | 1341 | /** 1342 | * \def POLARSSL_ASN1_PARSE_C 1343 | * 1344 | * Enable the generic ASN1 parser. 1345 | * 1346 | * Module: library/asn1.c 1347 | * Caller: library/x509.c 1348 | * library/dhm.c 1349 | * library/pkcs12.c 1350 | * library/pkcs5.c 1351 | * library/pkparse.c 1352 | */ 1353 | #define POLARSSL_ASN1_PARSE_C 1354 | 1355 | /** 1356 | * \def POLARSSL_ASN1_WRITE_C 1357 | * 1358 | * Enable the generic ASN1 writer. 1359 | * 1360 | * Module: library/asn1write.c 1361 | * Caller: library/ecdsa.c 1362 | * library/pkwrite.c 1363 | * library/x509_create.c 1364 | * library/x509write_crt.c 1365 | * library/x509write_csr.c 1366 | */ 1367 | #define POLARSSL_ASN1_WRITE_C 1368 | 1369 | /** 1370 | * \def POLARSSL_BASE64_C 1371 | * 1372 | * Enable the Base64 module. 1373 | * 1374 | * Module: library/base64.c 1375 | * Caller: library/pem.c 1376 | * 1377 | * This module is required for PEM support (required by X.509). 1378 | */ 1379 | #define POLARSSL_BASE64_C 1380 | 1381 | /** 1382 | * \def POLARSSL_BIGNUM_C 1383 | * 1384 | * Enable the multi-precision integer library. 1385 | * 1386 | * Module: library/bignum.c 1387 | * Caller: library/dhm.c 1388 | * library/ecp.c 1389 | * library/ecdsa.c 1390 | * library/rsa.c 1391 | * library/ssl_tls.c 1392 | * 1393 | * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. 1394 | */ 1395 | #define POLARSSL_BIGNUM_C 1396 | 1397 | /** 1398 | * \def POLARSSL_BLOWFISH_C 1399 | * 1400 | * Enable the Blowfish block cipher. 1401 | * 1402 | * Module: library/blowfish.c 1403 | */ 1404 | #define POLARSSL_BLOWFISH_C 1405 | 1406 | /** 1407 | * \def POLARSSL_CAMELLIA_C 1408 | * 1409 | * Enable the Camellia block cipher. 1410 | * 1411 | * Module: library/camellia.c 1412 | * Caller: library/ssl_tls.c 1413 | * 1414 | * This module enables the following ciphersuites (if other requisites are 1415 | * enabled as well): 1416 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 1417 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 1418 | * TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 1419 | * TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 1420 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 1421 | * TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 1422 | * TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 1423 | * TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 1424 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 1425 | * TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 1426 | * TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 1427 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 1428 | * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 1429 | * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 1430 | * TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 1431 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 1432 | * TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 1433 | * TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 1434 | * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 1435 | * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 1436 | * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 1437 | * TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 1438 | * TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 1439 | * TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 1440 | * TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 1441 | * TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 1442 | * TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 1443 | * TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 1444 | * TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 1445 | * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 1446 | * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 1447 | * TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 1448 | * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 1449 | * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 1450 | * TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 1451 | * TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 1452 | * TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 1453 | * TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 1454 | * TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 1455 | * TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 1456 | * TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 1457 | * TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 1458 | */ 1459 | #define POLARSSL_CAMELLIA_C 1460 | 1461 | /** 1462 | * \def POLARSSL_CCM_C 1463 | * 1464 | * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. 1465 | * 1466 | * Module: library/ccm.c 1467 | * 1468 | * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C 1469 | * 1470 | * This module enables the AES-CCM ciphersuites, if other requisites are 1471 | * enabled as well. 1472 | */ 1473 | #define POLARSSL_CCM_C 1474 | 1475 | /** 1476 | * \def POLARSSL_CERTS_C 1477 | * 1478 | * Enable the test certificates. 1479 | * 1480 | * Module: library/certs.c 1481 | * Caller: 1482 | * 1483 | * Requires: POLARSSL_PEM_PARSE_C 1484 | * 1485 | * This module is used for testing (ssl_client/server). 1486 | */ 1487 | #define POLARSSL_CERTS_C 1488 | 1489 | /** 1490 | * \def POLARSSL_CIPHER_C 1491 | * 1492 | * Enable the generic cipher layer. 1493 | * 1494 | * Module: library/cipher.c 1495 | * Caller: library/ssl_tls.c 1496 | * 1497 | * Uncomment to enable generic cipher wrappers. 1498 | */ 1499 | #define POLARSSL_CIPHER_C 1500 | 1501 | /** 1502 | * \def POLARSSL_CTR_DRBG_C 1503 | * 1504 | * Enable the CTR_DRBG AES-256-based random generator. 1505 | * 1506 | * Module: library/ctr_drbg.c 1507 | * Caller: 1508 | * 1509 | * Requires: POLARSSL_AES_C 1510 | * 1511 | * This module provides the CTR_DRBG AES-256 random number generator. 1512 | */ 1513 | #define POLARSSL_CTR_DRBG_C 1514 | 1515 | /** 1516 | * \def POLARSSL_DEBUG_C 1517 | * 1518 | * Enable the debug functions. 1519 | * 1520 | * Module: library/debug.c 1521 | * Caller: library/ssl_cli.c 1522 | * library/ssl_srv.c 1523 | * library/ssl_tls.c 1524 | * 1525 | * This module provides debugging functions. 1526 | */ 1527 | #define POLARSSL_DEBUG_C 1528 | 1529 | /** 1530 | * \def POLARSSL_DES_C 1531 | * 1532 | * Enable the DES block cipher. 1533 | * 1534 | * Module: library/des.c 1535 | * Caller: library/pem.c 1536 | * library/ssl_tls.c 1537 | * 1538 | * This module enables the following ciphersuites (if other requisites are 1539 | * enabled as well): 1540 | * TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 1541 | * TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 1542 | * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 1543 | * TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 1544 | * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 1545 | * TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 1546 | * TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 1547 | * TLS_RSA_WITH_3DES_EDE_CBC_SHA 1548 | * TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 1549 | * TLS_PSK_WITH_3DES_EDE_CBC_SHA 1550 | * 1551 | * PEM_PARSE uses DES/3DES for decrypting encrypted keys. 1552 | */ 1553 | #define POLARSSL_DES_C 1554 | 1555 | /** 1556 | * \def POLARSSL_DHM_C 1557 | * 1558 | * Enable the Diffie-Hellman-Merkle module. 1559 | * 1560 | * Module: library/dhm.c 1561 | * Caller: library/ssl_cli.c 1562 | * library/ssl_srv.c 1563 | * 1564 | * This module is used by the following key exchanges: 1565 | * DHE-RSA, DHE-PSK 1566 | */ 1567 | #define POLARSSL_DHM_C 1568 | 1569 | /** 1570 | * \def POLARSSL_ECDH_C 1571 | * 1572 | * Enable the elliptic curve Diffie-Hellman library. 1573 | * 1574 | * Module: library/ecdh.c 1575 | * Caller: library/ssl_cli.c 1576 | * library/ssl_srv.c 1577 | * 1578 | * This module is used by the following key exchanges: 1579 | * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK 1580 | * 1581 | * Requires: POLARSSL_ECP_C 1582 | */ 1583 | #define POLARSSL_ECDH_C 1584 | 1585 | /** 1586 | * \def POLARSSL_ECDSA_C 1587 | * 1588 | * Enable the elliptic curve DSA library. 1589 | * 1590 | * Module: library/ecdsa.c 1591 | * Caller: 1592 | * 1593 | * This module is used by the following key exchanges: 1594 | * ECDHE-ECDSA 1595 | * 1596 | * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C 1597 | */ 1598 | #define POLARSSL_ECDSA_C 1599 | 1600 | /** 1601 | * \def POLARSSL_ECP_C 1602 | * 1603 | * Enable the elliptic curve over GF(p) library. 1604 | * 1605 | * Module: library/ecp.c 1606 | * Caller: library/ecdh.c 1607 | * library/ecdsa.c 1608 | * 1609 | * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED 1610 | */ 1611 | #define POLARSSL_ECP_C 1612 | 1613 | /** 1614 | * \def POLARSSL_ENTROPY_C 1615 | * 1616 | * Enable the platform-specific entropy code. 1617 | * 1618 | * Module: library/entropy.c 1619 | * Caller: 1620 | * 1621 | * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C 1622 | * 1623 | * This module provides a generic entropy pool 1624 | */ 1625 | #define POLARSSL_ENTROPY_C 1626 | 1627 | /** 1628 | * \def POLARSSL_ERROR_C 1629 | * 1630 | * Enable error code to error string conversion. 1631 | * 1632 | * Module: library/error.c 1633 | * Caller: 1634 | * 1635 | * This module enables polarssl_strerror(). 1636 | */ 1637 | #define POLARSSL_ERROR_C 1638 | 1639 | /** 1640 | * \def POLARSSL_GCM_C 1641 | * 1642 | * Enable the Galois/Counter Mode (GCM) for AES. 1643 | * 1644 | * Module: library/gcm.c 1645 | * 1646 | * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C 1647 | * 1648 | * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other 1649 | * requisites are enabled as well. 1650 | */ 1651 | #define POLARSSL_GCM_C 1652 | 1653 | /** 1654 | * \def POLARSSL_HAVEGE_C 1655 | * 1656 | * Enable the HAVEGE random generator. 1657 | * 1658 | * Warning: the HAVEGE random generator is not suitable for virtualized 1659 | * environments 1660 | * 1661 | * Warning: the HAVEGE random generator is dependent on timing and specific 1662 | * processor traits. It is therefore not advised to use HAVEGE as 1663 | * your applications primary random generator or primary entropy pool 1664 | * input. As a secondary input to your entropy pool, it IS able add 1665 | * the (limited) extra entropy it provides. 1666 | * 1667 | * Module: library/havege.c 1668 | * Caller: 1669 | * 1670 | * Requires: POLARSSL_TIMING_C 1671 | * 1672 | * Uncomment to enable the HAVEGE random generator. 1673 | */ 1674 | //#define POLARSSL_HAVEGE_C 1675 | 1676 | /** 1677 | * \def POLARSSL_HMAC_DRBG_C 1678 | * 1679 | * Enable the HMAC_DRBG random generator. 1680 | * 1681 | * Module: library/hmac_drbg.c 1682 | * Caller: 1683 | * 1684 | * Requires: POLARSSL_MD_C 1685 | * 1686 | * Uncomment to enable the HMAC_DRBG random number geerator. 1687 | */ 1688 | #define POLARSSL_HMAC_DRBG_C 1689 | 1690 | /** 1691 | * \def POLARSSL_MD_C 1692 | * 1693 | * Enable the generic message digest layer. 1694 | * 1695 | * Module: library/md.c 1696 | * Caller: 1697 | * 1698 | * Uncomment to enable generic message digest wrappers. 1699 | */ 1700 | #define POLARSSL_MD_C 1701 | 1702 | /** 1703 | * \def POLARSSL_MD2_C 1704 | * 1705 | * Enable the MD2 hash algorithm. 1706 | * 1707 | * Module: library/md2.c 1708 | * Caller: 1709 | * 1710 | * Uncomment to enable support for (rare) MD2-signed X.509 certs. 1711 | */ 1712 | //#define POLARSSL_MD2_C 1713 | 1714 | /** 1715 | * \def POLARSSL_MD4_C 1716 | * 1717 | * Enable the MD4 hash algorithm. 1718 | * 1719 | * Module: library/md4.c 1720 | * Caller: 1721 | * 1722 | * Uncomment to enable support for (rare) MD4-signed X.509 certs. 1723 | */ 1724 | //#define POLARSSL_MD4_C 1725 | 1726 | /** 1727 | * \def POLARSSL_MD5_C 1728 | * 1729 | * Enable the MD5 hash algorithm. 1730 | * 1731 | * Module: library/md5.c 1732 | * Caller: library/md.c 1733 | * library/pem.c 1734 | * library/ssl_tls.c 1735 | * 1736 | * This module is required for SSL/TLS and X.509. 1737 | * PEM_PARSE uses MD5 for decrypting encrypted keys. 1738 | */ 1739 | #define POLARSSL_MD5_C 1740 | 1741 | /** 1742 | * \def POLARSSL_MEMORY_C 1743 | * 1744 | * \deprecated Use POLARSSL_PLATFORM_MEMORY instead. 1745 | * 1746 | * Depends on: POLARSSL_PLATFORM_C 1747 | */ 1748 | //#define POLARSSL_MEMORY_C 1749 | 1750 | /** 1751 | * \def POLARSSL_MEMORY_BUFFER_ALLOC_C 1752 | * 1753 | * Enable the buffer allocator implementation that makes use of a (stack) 1754 | * based buffer to 'allocate' dynamic memory. (replaces malloc() and free() 1755 | * calls) 1756 | * 1757 | * Module: library/memory_buffer_alloc.c 1758 | * 1759 | * Requires: POLARSSL_PLATFORM_C 1760 | * POLARSSL_PLATFORM_MEMORY (to use it within mbed TLS) 1761 | * 1762 | * Enable this module to enable the buffer memory allocator. 1763 | */ 1764 | //#define POLARSSL_MEMORY_BUFFER_ALLOC_C 1765 | 1766 | /** 1767 | * \def POLARSSL_NET_C 1768 | * 1769 | * Enable the TCP/IP networking routines. 1770 | * 1771 | * \warning As of 1.3.11, it is deprecated to enable this module without 1772 | * POLARSSL_HAVE_IPV6. The alternative legacy code will be removed in 2.0. 1773 | * 1774 | * Module: library/net.c 1775 | * 1776 | * This module provides TCP/IP networking routines. 1777 | */ 1778 | #define POLARSSL_NET_C 1779 | 1780 | /** 1781 | * \def POLARSSL_OID_C 1782 | * 1783 | * Enable the OID database. 1784 | * 1785 | * Module: library/oid.c 1786 | * Caller: library/asn1write.c 1787 | * library/pkcs5.c 1788 | * library/pkparse.c 1789 | * library/pkwrite.c 1790 | * library/rsa.c 1791 | * library/x509.c 1792 | * library/x509_create.c 1793 | * library/x509_crl.c 1794 | * library/x509_crt.c 1795 | * library/x509_csr.c 1796 | * library/x509write_crt.c 1797 | * library/x509write_csr.c 1798 | * 1799 | * This modules translates between OIDs and internal values. 1800 | */ 1801 | #define POLARSSL_OID_C 1802 | 1803 | /** 1804 | * \def POLARSSL_PADLOCK_C 1805 | * 1806 | * Enable VIA Padlock support on x86. 1807 | * 1808 | * Module: library/padlock.c 1809 | * Caller: library/aes.c 1810 | * 1811 | * Requires: POLARSSL_HAVE_ASM 1812 | * 1813 | * This modules adds support for the VIA PadLock on x86. 1814 | */ 1815 | #define POLARSSL_PADLOCK_C 1816 | 1817 | /** 1818 | * \def POLARSSL_PBKDF2_C 1819 | * 1820 | * Enable PKCS#5 PBKDF2 key derivation function. 1821 | * 1822 | * \deprecated Use POLARSSL_PKCS5_C instead 1823 | * 1824 | * Module: library/pbkdf2.c 1825 | * 1826 | * Requires: POLARSSL_PKCS5_C 1827 | * 1828 | * This module adds support for the PKCS#5 PBKDF2 key derivation function. 1829 | */ 1830 | #define POLARSSL_PBKDF2_C 1831 | 1832 | /** 1833 | * \def POLARSSL_PEM_PARSE_C 1834 | * 1835 | * Enable PEM decoding / parsing. 1836 | * 1837 | * Module: library/pem.c 1838 | * Caller: library/dhm.c 1839 | * library/pkparse.c 1840 | * library/x509_crl.c 1841 | * library/x509_crt.c 1842 | * library/x509_csr.c 1843 | * 1844 | * Requires: POLARSSL_BASE64_C 1845 | * 1846 | * This modules adds support for decoding / parsing PEM files. 1847 | */ 1848 | #define POLARSSL_PEM_PARSE_C 1849 | 1850 | /** 1851 | * \def POLARSSL_PEM_WRITE_C 1852 | * 1853 | * Enable PEM encoding / writing. 1854 | * 1855 | * Module: library/pem.c 1856 | * Caller: library/pkwrite.c 1857 | * library/x509write_crt.c 1858 | * library/x509write_csr.c 1859 | * 1860 | * Requires: POLARSSL_BASE64_C 1861 | * 1862 | * This modules adds support for encoding / writing PEM files. 1863 | */ 1864 | #define POLARSSL_PEM_WRITE_C 1865 | 1866 | /** 1867 | * \def POLARSSL_PK_C 1868 | * 1869 | * Enable the generic public (asymetric) key layer. 1870 | * 1871 | * Module: library/pk.c 1872 | * Caller: library/ssl_tls.c 1873 | * library/ssl_cli.c 1874 | * library/ssl_srv.c 1875 | * 1876 | * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C 1877 | * 1878 | * Uncomment to enable generic public key wrappers. 1879 | */ 1880 | #define POLARSSL_PK_C 1881 | 1882 | /** 1883 | * \def POLARSSL_PK_PARSE_C 1884 | * 1885 | * Enable the generic public (asymetric) key parser. 1886 | * 1887 | * Module: library/pkparse.c 1888 | * Caller: library/x509_crt.c 1889 | * library/x509_csr.c 1890 | * 1891 | * Requires: POLARSSL_PK_C 1892 | * 1893 | * Uncomment to enable generic public key parse functions. 1894 | */ 1895 | #define POLARSSL_PK_PARSE_C 1896 | 1897 | /** 1898 | * \def POLARSSL_PK_WRITE_C 1899 | * 1900 | * Enable the generic public (asymetric) key writer. 1901 | * 1902 | * Module: library/pkwrite.c 1903 | * Caller: library/x509write.c 1904 | * 1905 | * Requires: POLARSSL_PK_C 1906 | * 1907 | * Uncomment to enable generic public key write functions. 1908 | */ 1909 | #define POLARSSL_PK_WRITE_C 1910 | 1911 | /** 1912 | * \def POLARSSL_PKCS5_C 1913 | * 1914 | * Enable PKCS#5 functions. 1915 | * 1916 | * Module: library/pkcs5.c 1917 | * 1918 | * Requires: POLARSSL_MD_C 1919 | * 1920 | * This module adds support for the PKCS#5 functions. 1921 | */ 1922 | #define POLARSSL_PKCS5_C 1923 | 1924 | /** 1925 | * \def POLARSSL_PKCS11_C 1926 | * 1927 | * Enable wrapper for PKCS#11 smartcard support. 1928 | * 1929 | * Module: library/pkcs11.c 1930 | * Caller: library/pk.c 1931 | * 1932 | * Requires: POLARSSL_PK_C 1933 | * 1934 | * This module enables SSL/TLS PKCS #11 smartcard support. 1935 | * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) 1936 | */ 1937 | //#define POLARSSL_PKCS11_C 1938 | 1939 | /** 1940 | * \def POLARSSL_PKCS12_C 1941 | * 1942 | * Enable PKCS#12 PBE functions. 1943 | * Adds algorithms for parsing PKCS#8 encrypted private keys 1944 | * 1945 | * Module: library/pkcs12.c 1946 | * Caller: library/pkparse.c 1947 | * 1948 | * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C 1949 | * Can use: POLARSSL_ARC4_C 1950 | * 1951 | * This module enables PKCS#12 functions. 1952 | */ 1953 | #define POLARSSL_PKCS12_C 1954 | 1955 | /** 1956 | * \def POLARSSL_PLATFORM_C 1957 | * 1958 | * Enable the platform abstraction layer that allows you to re-assign 1959 | * functions like malloc(), free(), snprintf(), printf(), fprintf(), exit() 1960 | * 1961 | * Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT 1962 | * or POLARSSL_PLATFORM_XXX_MACRO directives, allowing the functions mentioned 1963 | * above to be specified at runtime or compile time respectively. 1964 | * 1965 | * Module: library/platform.c 1966 | * Caller: Most other .c files 1967 | * 1968 | * This module enables abstraction of common (libc) functions. 1969 | */ 1970 | #define POLARSSL_PLATFORM_C 1971 | 1972 | /** 1973 | * \def POLARSSL_RIPEMD160_C 1974 | * 1975 | * Enable the RIPEMD-160 hash algorithm. 1976 | * 1977 | * Module: library/ripemd160.c 1978 | * Caller: library/md.c 1979 | * 1980 | */ 1981 | #define POLARSSL_RIPEMD160_C 1982 | 1983 | /** 1984 | * \def POLARSSL_RSA_C 1985 | * 1986 | * Enable the RSA public-key cryptosystem. 1987 | * 1988 | * Module: library/rsa.c 1989 | * Caller: library/ssl_cli.c 1990 | * library/ssl_srv.c 1991 | * library/ssl_tls.c 1992 | * library/x509.c 1993 | * 1994 | * This module is used by the following key exchanges: 1995 | * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK 1996 | * 1997 | * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C 1998 | */ 1999 | #define POLARSSL_RSA_C 2000 | 2001 | /** 2002 | * \def POLARSSL_SHA1_C 2003 | * 2004 | * Enable the SHA1 cryptographic hash algorithm. 2005 | * 2006 | * Module: library/sha1.c 2007 | * Caller: library/md.c 2008 | * library/ssl_cli.c 2009 | * library/ssl_srv.c 2010 | * library/ssl_tls.c 2011 | * library/x509write_crt.c 2012 | * 2013 | * This module is required for SSL/TLS and SHA1-signed certificates. 2014 | */ 2015 | #define POLARSSL_SHA1_C 2016 | 2017 | /** 2018 | * \def POLARSSL_SHA256_C 2019 | * 2020 | * Enable the SHA-224 and SHA-256 cryptographic hash algorithms. 2021 | * (Used to be POLARSSL_SHA2_C) 2022 | * 2023 | * Module: library/sha256.c 2024 | * Caller: library/entropy.c 2025 | * library/md.c 2026 | * library/ssl_cli.c 2027 | * library/ssl_srv.c 2028 | * library/ssl_tls.c 2029 | * 2030 | * This module adds support for SHA-224 and SHA-256. 2031 | * This module is required for the SSL/TLS 1.2 PRF function. 2032 | */ 2033 | #define POLARSSL_SHA256_C 2034 | 2035 | /** 2036 | * \def POLARSSL_SHA512_C 2037 | * 2038 | * Enable the SHA-384 and SHA-512 cryptographic hash algorithms. 2039 | * (Used to be POLARSSL_SHA4_C) 2040 | * 2041 | * Module: library/sha512.c 2042 | * Caller: library/entropy.c 2043 | * library/md.c 2044 | * library/ssl_cli.c 2045 | * library/ssl_srv.c 2046 | * 2047 | * This module adds support for SHA-384 and SHA-512. 2048 | */ 2049 | #define POLARSSL_SHA512_C 2050 | 2051 | /** 2052 | * \def POLARSSL_SSL_CACHE_C 2053 | * 2054 | * Enable simple SSL cache implementation. 2055 | * 2056 | * Module: library/ssl_cache.c 2057 | * Caller: 2058 | * 2059 | * Requires: POLARSSL_SSL_CACHE_C 2060 | */ 2061 | //#define POLARSSL_SSL_CACHE_C 2062 | 2063 | /** 2064 | * \def POLARSSL_SSL_CLI_C 2065 | * 2066 | * Enable the SSL/TLS client code. 2067 | * 2068 | * Module: library/ssl_cli.c 2069 | * Caller: 2070 | * 2071 | * Requires: POLARSSL_SSL_TLS_C 2072 | * 2073 | * This module is required for SSL/TLS client support. 2074 | */ 2075 | #define POLARSSL_SSL_CLI_C 2076 | 2077 | /** 2078 | * \def POLARSSL_SSL_SRV_C 2079 | * 2080 | * Enable the SSL/TLS server code. 2081 | * 2082 | * Module: library/ssl_srv.c 2083 | * Caller: 2084 | * 2085 | * Requires: POLARSSL_SSL_TLS_C 2086 | * 2087 | * This module is required for SSL/TLS server support. 2088 | */ 2089 | #define POLARSSL_SSL_SRV_C 2090 | 2091 | /** 2092 | * \def POLARSSL_SSL_TLS_C 2093 | * 2094 | * Enable the generic SSL/TLS code. 2095 | * 2096 | * Module: library/ssl_tls.c 2097 | * Caller: library/ssl_cli.c 2098 | * library/ssl_srv.c 2099 | * 2100 | * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C 2101 | * and at least one of the POLARSSL_SSL_PROTO_* defines 2102 | * 2103 | * This module is required for SSL/TLS. 2104 | */ 2105 | #define POLARSSL_SSL_TLS_C 2106 | 2107 | /** 2108 | * \def POLARSSL_THREADING_C 2109 | * 2110 | * Enable the threading abstraction layer. 2111 | * By default mbed TLS assumes it is used in a non-threaded environment or that 2112 | * contexts are not shared between threads. If you do intend to use contexts 2113 | * between threads, you will need to enable this layer to prevent race 2114 | * conditions. 2115 | * 2116 | * Module: library/threading.c 2117 | * 2118 | * This allows different threading implementations (self-implemented or 2119 | * provided). 2120 | * 2121 | * You will have to enable either POLARSSL_THREADING_ALT or 2122 | * POLARSSL_THREADING_PTHREAD. 2123 | * 2124 | * Enable this layer to allow use of mutexes within mbed TLS 2125 | */ 2126 | //#define POLARSSL_THREADING_C 2127 | 2128 | /** 2129 | * \def POLARSSL_TIMING_C 2130 | * 2131 | * Enable the portable timing interface. 2132 | * 2133 | * Module: library/timing.c 2134 | * Caller: library/havege.c 2135 | * 2136 | * This module is used by the HAVEGE random number generator. 2137 | */ 2138 | #define POLARSSL_TIMING_C 2139 | 2140 | /** 2141 | * \def POLARSSL_VERSION_C 2142 | * 2143 | * Enable run-time version information. 2144 | * 2145 | * Module: library/version.c 2146 | * 2147 | * This module provides run-time version information. 2148 | */ 2149 | #define POLARSSL_VERSION_C 2150 | 2151 | /** 2152 | * \def POLARSSL_X509_USE_C 2153 | * 2154 | * Enable X.509 core for using certificates. 2155 | * 2156 | * Module: library/x509.c 2157 | * Caller: library/x509_crl.c 2158 | * library/x509_crt.c 2159 | * library/x509_csr.c 2160 | * 2161 | * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C, 2162 | * POLARSSL_PK_PARSE_C 2163 | * 2164 | * This module is required for the X.509 parsing modules. 2165 | */ 2166 | #define POLARSSL_X509_USE_C 2167 | 2168 | /** 2169 | * \def POLARSSL_X509_CRT_PARSE_C 2170 | * 2171 | * Enable X.509 certificate parsing. 2172 | * 2173 | * Module: library/x509_crt.c 2174 | * Caller: library/ssl_cli.c 2175 | * library/ssl_srv.c 2176 | * library/ssl_tls.c 2177 | * 2178 | * Requires: POLARSSL_X509_USE_C 2179 | * 2180 | * This module is required for X.509 certificate parsing. 2181 | */ 2182 | #define POLARSSL_X509_CRT_PARSE_C 2183 | 2184 | /** 2185 | * \def POLARSSL_X509_CRL_PARSE_C 2186 | * 2187 | * Enable X.509 CRL parsing. 2188 | * 2189 | * Module: library/x509_crl.c 2190 | * Caller: library/x509_crt.c 2191 | * 2192 | * Requires: POLARSSL_X509_USE_C 2193 | * 2194 | * This module is required for X.509 CRL parsing. 2195 | */ 2196 | #define POLARSSL_X509_CRL_PARSE_C 2197 | 2198 | /** 2199 | * \def POLARSSL_X509_CSR_PARSE_C 2200 | * 2201 | * Enable X.509 Certificate Signing Request (CSR) parsing. 2202 | * 2203 | * Module: library/x509_csr.c 2204 | * Caller: library/x509_crt_write.c 2205 | * 2206 | * Requires: POLARSSL_X509_USE_C 2207 | * 2208 | * This module is used for reading X.509 certificate request. 2209 | */ 2210 | #define POLARSSL_X509_CSR_PARSE_C 2211 | 2212 | /** 2213 | * \def POLARSSL_X509_CREATE_C 2214 | * 2215 | * Enable X.509 core for creating certificates. 2216 | * 2217 | * Module: library/x509_create.c 2218 | * 2219 | * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C 2220 | * 2221 | * This module is the basis for creating X.509 certificates and CSRs. 2222 | */ 2223 | #define POLARSSL_X509_CREATE_C 2224 | 2225 | /** 2226 | * \def POLARSSL_X509_CRT_WRITE_C 2227 | * 2228 | * Enable creating X.509 certificates. 2229 | * 2230 | * Module: library/x509_crt_write.c 2231 | * 2232 | * Requires: POLARSSL_CREATE_C 2233 | * 2234 | * This module is required for X.509 certificate creation. 2235 | */ 2236 | #define POLARSSL_X509_CRT_WRITE_C 2237 | 2238 | /** 2239 | * \def POLARSSL_X509_CSR_WRITE_C 2240 | * 2241 | * Enable creating X.509 Certificate Signing Requests (CSR). 2242 | * 2243 | * Module: library/x509_csr_write.c 2244 | * 2245 | * Requires: POLARSSL_CREATE_C 2246 | * 2247 | * This module is required for X.509 certificate request writing. 2248 | */ 2249 | #define POLARSSL_X509_CSR_WRITE_C 2250 | 2251 | /** 2252 | * \def POLARSSL_XTEA_C 2253 | * 2254 | * Enable the XTEA block cipher. 2255 | * 2256 | * Module: library/xtea.c 2257 | * Caller: 2258 | */ 2259 | #define POLARSSL_XTEA_C 2260 | 2261 | /* \} name SECTION: mbed TLS modules */ 2262 | 2263 | /** 2264 | * \name SECTION: Module configuration options 2265 | * 2266 | * This section allows for the setting of module specific sizes and 2267 | * configuration options. The default values are already present in the 2268 | * relevant header files and should suffice for the regular use cases. 2269 | * 2270 | * Our advice is to enable options and change their values here 2271 | * only if you have a good reason and know the consequences. 2272 | * 2273 | * Please check the respective header file for documentation on these 2274 | * parameters (to prevent duplicate documentation). 2275 | * \{ 2276 | */ 2277 | 2278 | /* MPI / BIGNUM options */ 2279 | //#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ 2280 | //#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ 2281 | 2282 | /* CTR_DRBG options */ 2283 | //#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */ 2284 | //#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 2285 | //#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 2286 | //#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 2287 | //#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 2288 | 2289 | /* HMAC_DRBG options */ 2290 | //#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */ 2291 | //#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */ 2292 | //#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */ 2293 | //#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ 2294 | 2295 | /* ECP options */ 2296 | //#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ 2297 | //#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ 2298 | //#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ 2299 | 2300 | /* Entropy options */ 2301 | //#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ 2302 | //#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ 2303 | 2304 | /* Memory buffer allocator options */ 2305 | //#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */ 2306 | 2307 | /* Platform options */ 2308 | //#define POLARSSL_PLATFORM_STD_MEM_HDR /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */ 2309 | //#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */ 2310 | //#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */ 2311 | //#define POLARSSL_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */ 2312 | //#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */ 2313 | //#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */ 2314 | //#define POLARSSL_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */ 2315 | 2316 | /* To Use Function Macros POLARSSL_PLATFORM_C must be enabled */ 2317 | /* POLARSSL_PLATFORM_XXX_MACRO and POLARSSL_PLATFORM_XXX_ALT cannot both be defined */ 2318 | //#define POLARSSL_PLATFORM_MALLOC_MACRO malloc /**< Default allocator macro to use, can be undefined */ 2319 | //#define POLARSSL_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */ 2320 | //#define POLARSSL_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */ 2321 | //#define POLARSSL_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */ 2322 | //#define POLARSSL_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */ 2323 | //#define POLARSSL_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */ 2324 | 2325 | /* SSL Cache options */ 2326 | //#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ 2327 | //#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ 2328 | 2329 | /* SSL options */ 2330 | //#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ 2331 | //#define SSL_MIN_DHM_BYTES 128 /**< Min size of the Diffie-Hellman prime */ 2332 | //#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */ 2333 | //#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */ 2334 | 2335 | /** 2336 | * Complete list of ciphersuites to use, in order of preference. 2337 | * 2338 | * \warning No dependency checking is done on that field! This option can only 2339 | * be used to restrict the set of available ciphersuites. It is your 2340 | * responsibility to make sure the needed modules are active. 2341 | * 2342 | * Use this to save a few hundred bytes of ROM (default ordering of all 2343 | * available ciphersuites) and a few to a few hundred bytes of RAM. 2344 | * 2345 | * The value below is only an example, not the default. 2346 | */ 2347 | //#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 2348 | 2349 | /* Debug options */ 2350 | //#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */ 2351 | 2352 | /* X509 options */ 2353 | //#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ 2354 | 2355 | /* \} name SECTION: Module configuration options */ 2356 | 2357 | #include "check_config.h" 2358 | 2359 | #endif /* POLARSSL_CONFIG_H */ 2360 | -------------------------------------------------------------------------------- /crash-analysis.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # To find crash files, use a command such as the following: 4 | # find . -name 'id*' -type f | grep crashes | sort > crash_files.txt 5 | 6 | readonly GDB="gdb" 7 | readonly SELFTLS="mbedtls-1.3.12/fuzz/selftls" 8 | readonly CRASH_FILES="./crash_files.txt" 9 | 10 | usage() { 11 | local progname=$1 12 | 13 | cat <<- EOF 14 | Usage: $progname [crash number (>= 1)] 15 | 16 | This program uses gdb to analyze an afl crash. 17 | EOF 18 | } 19 | 20 | main() { 21 | if [ -z "$1" ]; then 22 | usage "$0" 23 | exit 1 24 | fi 25 | if (! [[ $1 =~ '^[0-9]+$' ]]) && [[ $1 -lt 1 ]]; then 26 | echo "the crash number must be at least 1" 27 | exit 1 28 | fi 29 | if [ ! -f "$CRASH_FILES" ]; then 30 | echo "crash file does not exist or is not a regular file" 31 | exit 1 32 | fi 33 | 34 | local lines=$(cat "$CRASH_FILES" | wc -l) 35 | 36 | if [ $lines -lt $1 ]; then 37 | echo "the crash number does not exist" 38 | exit 1 39 | fi 40 | 41 | local crashfile=$(sed -n "${1}p" "$CRASH_FILES") 42 | local packet_no=$(echo "$crashfile" | grep -Po 'packet-\d+' | grep -Po '\d+') 43 | 44 | echo "Starting gdb..." 45 | echo "Packet number: $packet_no" 46 | echo "Crashing packet content: $crashfile" 47 | "$GDB" --args "$SELFTLS" "$packet_no" "$crashfile" 48 | } 49 | 50 | main "$@" 51 | 52 | -------------------------------------------------------------------------------- /fuzz/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | set(THREADS_USE_PTHREADS_WIN32 true) 2 | find_package(Threads) 3 | 4 | set(libs 5 | mbedtls 6 | ) 7 | 8 | set(targets 9 | selftls 10 | ) 11 | 12 | if(USE_PKCS11_HELPER_LIBRARY) 13 | set(libs ${libs} pkcs11-helper) 14 | endif(USE_PKCS11_HELPER_LIBRARY) 15 | 16 | if(ENABLE_ZLIB_SUPPORT) 17 | set(libs ${libs} ${ZLIB_LIBRARIES}) 18 | endif(ENABLE_ZLIB_SUPPORT) 19 | 20 | add_executable(selftls selftls.c) 21 | target_link_libraries(selftls ${libs}) 22 | 23 | install(TARGETS ${targets} 24 | DESTINATION "bin" 25 | PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) 26 | 27 | -------------------------------------------------------------------------------- /fuzz/compile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Variable AFL_CC is already taken! 4 | # Add afl-clang-fast to your PATH and/or adapt the following variable: 5 | #readonly AFL_CC_BIN='afl-clang-fast' 6 | readonly AFL_CC_BIN='afl-gcc' 7 | 8 | export CC="$AFL_CC_BIN" 9 | 10 | if [[ "$CC" = 'afl-gcc' ]]; then 11 | export CFLAGS="-fsanitize=address -ggdb" 12 | export CXXFLAGS="-fsanitize=address -ggdb" 13 | fi 14 | 15 | # the following flags are mutually exclusive 16 | export AFL_USE_ASAN=1 17 | #export AFL_USE_MSAN=1 18 | #export AFL_HARDEN=1 19 | 20 | export AFL_DONT_OPTIMIZE=0 21 | 22 | cd .. 23 | find . -name CMakeCache.txt -type f -print | xargs /bin/rm -f 24 | cmake -DCMAKE_C_COMPILER="$AFL_CC_BIN" -DBUILD_SHARED_LIBS=Off -DENABLE_TESTING=Off -DCMAKE_BUILD_TYPE=Debug --clean-first . 25 | make clean all 26 | 27 | -------------------------------------------------------------------------------- /fuzz/fuzz.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | readonly SELFTLS_BIN="../selftls" 4 | # Add afl-fuzz to your PATH or the change the following variable: 5 | readonly AFL_FUZZ="afl-fuzz" 6 | readonly RAMDISK_PATH="/tmp/afl-ramdisk/mbedtls" 7 | # The following parameter is the peak virtual memory use in MiB of selftls. 8 | # The parameter is only necessary for ASAN-enabled builds on x86-64. 9 | # You can determine the value for your selftls using the tool from 10 | # http://jwilk.net/software/recidivm 11 | # by running 'recidivm -u M selftls'. 12 | readonly MEM_REQUIRED="300000000" 13 | # If you want to use the experimental cgroups script under Linux for 14 | # ASAN-enabled builds on x86-64, set the following path correctly and 15 | # uncomment the relevant code further down: 16 | readonly AFL_ASAN_CGROUPS="${HOME}/afl/afl-2.??b/experimental/asan_cgroups/limit_memory.sh" 17 | # Set to 0, if you do not have an ASAN-enabled build. 18 | export AFL_USE_ASAN=1 19 | 20 | usage() { 21 | local progname=$1 22 | 23 | cat <<- EOF 24 | Usage: $progname [packet number] [fuzzer number] 25 | 26 | This program fuzzes mbed TLS using afl-fuzz. 27 | Calling this program without arguments writes the network packets to files. 28 | Alternatively, run './selftls' manually to write the packets to files. 29 | Running './selftls' allows you to check if there are any errors running the program that we fuzz. 30 | A specific network packet can be replaced with the content from a file which allows for fuzzing that packet. 31 | To fuzz a specific packet, provide the packet number (1-based; check names of the 'packet-*' files to get the possible packet numbers) and the fuzzer number as command-line arguments. 32 | The master fuzzer has number 1, while slaves can have any other number. 33 | 34 | mbedtls-fuzz v3.0 35 | Fabian Foerg 36 | https://blog.gdssecurity.com/labs/2015/9/21/fuzzing-the-mbed-tls-library.html 37 | Copyright 2015 Gotham Digital Science 38 | EOF 39 | } 40 | 41 | main() { 42 | if [ -z "$2" ]; then 43 | usage "$0" 44 | ./selftls > /dev/null 45 | exit 1 46 | fi 47 | 48 | # Mount RAM disk if necessary 49 | local is_mounted=$(mount | grep "$RAMDISK_PATH") 50 | if [ -z "$is_mounted" ]; then 51 | mkdir -p "$RAMDISK_PATH" 52 | chmod 777 "$RAMDISK_PATH" 53 | sudo mount -t tmpfs -o size=512M tmpfs "$RAMDISK_PATH" 54 | fi 55 | cp -R . "$RAMDISK_PATH" 56 | cd "$RAMDISK_PATH" 57 | 58 | local subfolder="" 59 | if [ "1" = "$2" ]; then 60 | # Master creates subfolder 61 | subfolder="$(date --rfc-3339=seconds)" 62 | mkdir "$subfolder" 63 | else 64 | # Slaves use the folder with newest date in the name 65 | subfolder=$(find . -maxdepth 1 -type d -regextype posix-egrep -iregex ".*[0-9]{4}-[0-9]{2}-[0-9]{2} .*" -print | sort | tail -1) 66 | fi 67 | cd "$subfolder" 68 | 69 | local packet_no="$1" 70 | local FUZZER_NAME="packet-${packet_no}--fuzzer-$2" 71 | if [ "1" = "$2" ]; then 72 | # Master mode 73 | 74 | # Configure system for fuzzing 75 | echo core | sudo tee /proc/sys/kernel/core_pattern 76 | sudo sh -c "cd /sys/devices/system/cpu && echo performance | tee cpu*/cpufreq/scaling_governor > /dev/null" 77 | 78 | # Create directories 79 | mkdir -p fin sync 80 | 81 | # Run selftls to get files containing network packets 82 | rm -f fin/* 83 | "$SELFTLS_BIN" 84 | cp "packet-$packet_no" fin 85 | 86 | if [ "1" = "$AFL_USE_ASAN" ]; then 87 | "$AFL_FUZZ" -i fin -o sync -m "$MEM_REQUIRED" -M "$FUZZER_NAME" "$SELFTLS_BIN" "$packet_no" @@ 88 | # If you want to use the experimental cgroups script under Linux: 89 | #sudo swapoff -a; sudo "$AFL_ASAN_CGROUPS" -u "$USER" "$AFL_FUZZ" -i fin -o sync -m none "$SELFTLS_BIN" "$packet_no" @@ 90 | else 91 | "$AFL_FUZZ" -i fin -o sync -M "$FUZZER_NAME" "$SELFTLS_BIN" "$packet_no" @@ 92 | fi 93 | 94 | else 95 | # Slave mode 96 | if [ "1" = "$AFL_USE_ASAN" ]; then 97 | "$AFL_FUZZ" -i fin -o sync -m "$MEM_REQUIRED" -S "$FUZZER_NAME" "$SELFTLS_BIN" "$packet_no" @@ 98 | else 99 | "$AFL_FUZZ" -i fin -o sync -S "$FUZZER_NAME" "$SELFTLS_BIN" "$packet_no" @@ 100 | fi 101 | fi 102 | } 103 | 104 | main "$@" 105 | 106 | -------------------------------------------------------------------------------- /selftls-1.3.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Sets up a TLS server and a TLS client instance and lets the instances 3 | * talk to each other. 4 | * The purpose of this program is to allow for fuzzing the mbed TLS 5 | * library using afl. 6 | * 7 | * Copyright (C) 2015, Fabian Foerg, Gotham Digital Science, All Rights Reserved 8 | * 9 | * Based on code by: 10 | * 11 | * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved 12 | * 13 | * This file is part of mbed TLS (https://tls.mbed.org) 14 | * 15 | * This program is free software; you can redistribute it and/or modify 16 | * it under the terms of the GNU General Public License as published by 17 | * the Free Software Foundation; either version 2 of the License, or 18 | * (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License along 26 | * with this program; if not, write to the Free Software Foundation, Inc., 27 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 28 | */ 29 | 30 | #if !defined(POLARSSL_CONFIG_FILE) 31 | #include "polarssl/config.h" 32 | #else 33 | #include POLARSSL_CONFIG_FILE 34 | #endif 35 | 36 | #if defined(POLARSSL_PLATFORM_C) 37 | #include "polarssl/platform.h" 38 | #else 39 | #include 40 | #define polarssl_fprintf fprintf 41 | #define polarssl_printf printf 42 | #endif 43 | 44 | #if defined(_WIN32) 45 | #include 46 | #endif 47 | 48 | #if defined(POLARSSL_BIGNUM_C) && defined(POLARSSL_CERTS_C) && \ 49 | defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SSL_TLS_C) && \ 50 | defined(POLARSSL_SSL_SRV_C) && defined(POLARSSL_NET_C) && \ 51 | defined(POLARSSL_RSA_C) && defined(POLARSSL_CTR_DRBG_C) && \ 52 | defined(POLARSSL_X509_CRT_PARSE_C) && defined(POLARSSL_FS_IO) 53 | #include "polarssl/entropy.h" 54 | #include "polarssl/ctr_drbg.h" 55 | #include "polarssl/certs.h" 56 | #include "polarssl/x509.h" 57 | #include "polarssl/ssl.h" 58 | #include "polarssl/net.h" 59 | #include "polarssl/error.h" 60 | #include "polarssl/debug.h" 61 | 62 | #include 63 | #include 64 | #include 65 | #endif 66 | 67 | #if defined(POLARSSL_SSL_CACHE_C) 68 | #include "polarssl/ssl_cache.h" 69 | #endif 70 | 71 | #define DEBUG_LEVEL 0 72 | 73 | #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \ 74 | !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ 75 | !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ 76 | !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \ 77 | !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) 78 | int main( void ) 79 | { 80 | polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " 81 | "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " 82 | "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " 83 | "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C " 84 | "not defined.\n"); 85 | return( 0 ); 86 | } 87 | #else 88 | static void my_debug( void *ctx, int level, const char *str ) 89 | { 90 | ((void) level); 91 | 92 | polarssl_fprintf( (FILE *) ctx, "%s", str ); 93 | fflush( (FILE *) ctx ); 94 | } 95 | 96 | #if defined(_MSC_VER) 97 | #if defined(_WIN32_WCE) 98 | #pragma comment( lib, "ws2.lib" ) 99 | #else 100 | #pragma comment( lib, "ws2_32.lib" ) 101 | #endif 102 | #endif /* _MSC_VER */ 103 | 104 | #ifdef _WIN32 105 | #define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0 ) 106 | #define write(fd,buf,len) send(fd,(char*)buf,(int) len,0 ) 107 | #define close(fd) closesocket(fd) 108 | 109 | static int wsa_init_done = 0; 110 | 111 | #else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ 112 | 113 | #include 114 | #include 115 | #include 116 | #include 117 | #include 118 | #include 119 | #include 120 | #include 121 | #include 122 | #include 123 | 124 | #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ 125 | 126 | /* 127 | * Highly recommended to set the following value to 0. 128 | * If the value is 0, a buffer in memory will be used for communication between 129 | * the client and server. Otherwise, communication occurs over network sockets. 130 | */ 131 | #define SOCKET_COMMUNICATION 0 132 | 133 | #if SOCKET_COMMUNICATION 134 | #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ 135 | !defined(EFI32) 136 | /* 137 | * Check if the requested operation would be blocking on a non-blocking socket 138 | * and thus 'failed' with a negative return value. 139 | */ 140 | static int net_would_block( int fd ) 141 | { 142 | ((void) fd); 143 | return( WSAGetLastError() == WSAEWOULDBLOCK ); 144 | } 145 | #else 146 | /* 147 | * Check if the requested operation would be blocking on a non-blocking socket 148 | * and thus 'failed' with a negative return value. 149 | * 150 | * Note: on a blocking socket this function always returns 0! 151 | */ 152 | static int net_would_block( int fd ) 153 | { 154 | /* 155 | * Never return 'WOULD BLOCK' on a non-blocking socket 156 | */ 157 | if( ( fcntl( fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK ) 158 | return( 0 ); 159 | 160 | switch( errno ) 161 | { 162 | #if defined EAGAIN 163 | case EAGAIN: 164 | #endif 165 | #if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN 166 | case EWOULDBLOCK: 167 | #endif 168 | return( 1 ); 169 | } 170 | return( 0 ); 171 | } 172 | #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ 173 | 174 | #define SERVER_PORT 44433 175 | #define SERVER_NAME "localhost" 176 | #endif 177 | 178 | #define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" 179 | #define HTTP_RESPONSE \ 180 | "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ 181 | "

mbed TLS Test Server

\r\n" \ 182 | "

Successful connection!

\r\n" 183 | 184 | #define MAX_HANDSHAKE_STEPS (sizeof(client_steps)/sizeof(client_steps[0])) 185 | 186 | /* Store sent messages in files for fuzzing. */ 187 | #if !defined(PACKET_FILE_PREFIX) 188 | #define PACKET_FILE_PREFIX "./packet-" 189 | #endif 190 | static size_t packet_count = 1; 191 | static size_t packet_in_num = 0; 192 | static const char *packet_in_file = NULL; 193 | 194 | #if !SOCKET_COMMUNICATION 195 | #define BUF_SIZE 4096 196 | 197 | static unsigned char server_send_buf[BUF_SIZE]; 198 | static size_t server_send_off = 0; 199 | static size_t server_recv_off = 0; 200 | 201 | static unsigned char client_send_buf[BUF_SIZE]; 202 | static size_t client_send_off = 0; 203 | static size_t client_recv_off = 0; 204 | 205 | static unsigned char *shared_buf = NULL; 206 | static size_t *send_off = NULL; 207 | static size_t *recv_off = NULL; 208 | 209 | #else 210 | static int recv_would_block = 0; 211 | #endif 212 | 213 | #define DEBUG_LEVEL 0 214 | 215 | /* 216 | * Write at most 'len' characters to shared buffer or file. 217 | * Multiple sends can occur before a receive; therefore, maintain an 218 | * offset. 219 | * Also, write content of file to shared buffer, if desired (determined 220 | * by command-line options). 221 | */ 222 | static int send_custom( void *ctx, const unsigned char *buf, 223 | size_t len ) 224 | { 225 | int ret; 226 | #if SOCKET_COMMUNICATION 227 | int fd = *((int *) ctx); 228 | 229 | if( fd < 0 ) 230 | return( POLARSSL_ERR_NET_SOCKET_FAILED ); 231 | #else 232 | ((void) ctx); 233 | #endif 234 | 235 | /* Read packet from file or write packet to file */ 236 | if( packet_count == packet_in_num ) 237 | { 238 | FILE *in_file; 239 | #if !SOCKET_COMMUNICATION 240 | size_t rlen; 241 | #endif 242 | 243 | if( !packet_in_file ) 244 | { 245 | polarssl_fprintf( stderr, "Packet input file not specified!\n" ); 246 | exit(1); 247 | } 248 | 249 | /* Read packet from file, ignoring buf */ 250 | in_file = fopen( packet_in_file, "rb" ); 251 | 252 | if( !in_file ) 253 | { 254 | perror( "Unable to open packet input file" ); 255 | exit( 1 ); 256 | } 257 | 258 | /* Write packet to socket/buffer. */ 259 | #if SOCKET_COMMUNICATION 260 | ret = (int) write( fd, buf, len ); 261 | #else 262 | rlen = fread( shared_buf, sizeof(shared_buf[0]), BUF_SIZE, 263 | in_file ); 264 | #endif 265 | if ( ferror( in_file ) ) 266 | { 267 | perror( "Unable to read packet input file" ); 268 | exit( 1 ); 269 | } 270 | #if !SOCKET_COMMUNICATION 271 | else { 272 | *send_off += rlen; 273 | ret = rlen; 274 | } 275 | #endif 276 | fclose( in_file ); 277 | } 278 | else 279 | { 280 | /* Write packet to socket/buffer. */ 281 | #if SOCKET_COMMUNICATION 282 | ret = (int) write( fd, buf, len ); 283 | #else 284 | if ( (len <= BUF_SIZE) && memcpy( shared_buf, buf, len ) ) 285 | { 286 | *send_off += len; 287 | ret = len; 288 | } 289 | else 290 | { 291 | ret = -1; 292 | } 293 | #endif 294 | 295 | if( packet_in_num == 0 ) 296 | { 297 | char out_filename[100]; 298 | FILE *out_file; 299 | 300 | /* Write packet to file. */ 301 | snprintf( out_filename, sizeof(out_filename), "%s%zd", 302 | PACKET_FILE_PREFIX, packet_count ); 303 | out_file = fopen( out_filename, "wb" ); 304 | fwrite( buf, sizeof(char), len, out_file ); 305 | fclose( out_file ); 306 | } 307 | } 308 | packet_count++; 309 | 310 | #if SOCKET_COMMUNICATION 311 | if( ret < 0 ) 312 | { 313 | if( net_would_block( fd ) != 0 ) 314 | return( POLARSSL_ERR_NET_WANT_WRITE ); 315 | 316 | #if( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ 317 | !defined(EFI32) 318 | if( WSAGetLastError() == WSAECONNRESET ) 319 | return( POLARSSL_ERR_NET_CONN_RESET ); 320 | #else 321 | if( errno == EPIPE || errno == ECONNRESET ) 322 | return( POLARSSL_ERR_NET_CONN_RESET ); 323 | 324 | if( errno == EINTR ) 325 | return( POLARSSL_ERR_NET_WANT_WRITE ); 326 | #endif 327 | 328 | return( POLARSSL_ERR_NET_SEND_FAILED ); 329 | } 330 | #endif 331 | 332 | return( ret ); 333 | } 334 | 335 | /* 336 | * Read at most 'len' characters and write to buf. 337 | */ 338 | static int recv_custom( void *ctx, unsigned char *buf, size_t len ) 339 | { 340 | int ret; 341 | #if SOCKET_COMMUNICATION 342 | int fd = *((int *) ctx); 343 | 344 | if( fd < 0 ) 345 | return( POLARSSL_ERR_NET_SOCKET_FAILED ); 346 | ret = (int) read( fd, buf, len ); 347 | #else 348 | ((void) ctx); 349 | ((void) len); 350 | 351 | if ( ((*recv_off + len) <= BUF_SIZE) && memcpy( buf, &shared_buf[*recv_off], len ) ) 352 | { 353 | *recv_off += len; 354 | if( *recv_off == *send_off ) 355 | { 356 | /* 357 | * Done copying buffer. 358 | * Reset offsets for next calls of send and rcv functions. 359 | */ 360 | *recv_off = 0; 361 | *send_off = 0; 362 | } 363 | /* Imitate the return value of read(2). */ 364 | ret = len; 365 | } 366 | else 367 | { 368 | ret = -1; 369 | } 370 | #endif 371 | 372 | #if SOCKET_COMMUNICATION 373 | if( ret < 0 ) 374 | { 375 | if( net_would_block( fd ) != 0 ) 376 | return( POLARSSL_ERR_NET_WANT_READ ); 377 | 378 | #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ 379 | !defined(EFI32) 380 | if( WSAGetLastError() == WSAECONNRESET ) 381 | return( POLARSSL_ERR_NET_CONN_RESET ); 382 | #else 383 | if( errno == EPIPE || errno == ECONNRESET ) 384 | return( POLARSSL_ERR_NET_CONN_RESET ); 385 | 386 | if( errno == EINTR ) 387 | return( POLARSSL_ERR_NET_WANT_READ ); 388 | #endif 389 | 390 | return( POLARSSL_ERR_NET_RECV_FAILED ); 391 | } 392 | #endif 393 | 394 | return( ret ); 395 | } 396 | 397 | /* 398 | * Make the program deterministic for fuzzing: always generate 1 bytes 399 | * instead of random numbers. 400 | */ 401 | static int ctr_drbg_deterministic( void *p_rng, unsigned char *output, size_t output_len ) 402 | { 403 | ((void) p_rng); 404 | 405 | /* Note that key generation would fail with 0 bytes. */ 406 | memset( output, 1, output_len ); 407 | 408 | return 0; 409 | } 410 | 411 | #if !SOCKET_COMMUNICATION 412 | static int func_server_send_buf( void *ctx, const unsigned char *buf, 413 | size_t len ) 414 | { 415 | shared_buf = server_send_buf; 416 | send_off = &server_send_off; 417 | 418 | return send_custom(ctx, buf, len); 419 | } 420 | 421 | static int func_client_send_buf( void *ctx, const unsigned char *buf, 422 | size_t len ) 423 | { 424 | shared_buf = client_send_buf; 425 | send_off = &client_send_off; 426 | 427 | return send_custom(ctx, buf, len); 428 | } 429 | 430 | static int func_server_recv_buf( void *ctx, unsigned char *buf, 431 | size_t len ) 432 | { 433 | shared_buf = client_send_buf; 434 | send_off = &client_send_off; 435 | recv_off = &server_recv_off; 436 | 437 | return recv_custom(ctx, buf, len); 438 | } 439 | 440 | static int func_client_recv_buf( void *ctx, unsigned char *buf, 441 | size_t len ) 442 | { 443 | shared_buf = server_send_buf; 444 | send_off = &server_send_off; 445 | recv_off = &client_recv_off; 446 | 447 | return recv_custom(ctx, buf, len); 448 | } 449 | #endif 450 | 451 | static void usage( const char *prog ) 452 | { 453 | polarssl_fprintf( stderr, "Usage: %s [packet number] [packet file]\n", prog ); 454 | } 455 | 456 | int main( int argc, const char *argv[] ) 457 | { 458 | /* Client and server declarations. */ 459 | int ret; 460 | int len; 461 | #if SOCKET_COMMUNICATION 462 | int listen_fd = -1; 463 | int client_fd = -1; 464 | int server_fd = -1; 465 | #endif 466 | unsigned char buf[1024]; 467 | /* Handshake step counter */ 468 | size_t step = 1; 469 | int flags; 470 | /* 471 | * The following number of steps are hardcoded to ensure 472 | * that the client and server complete the handshake without 473 | * waiting infinitely for the other side to send data. 474 | * 475 | * 1 2 3 4 5 6 7 8 9 476 | */ 477 | int client_steps[] = { 2, 1, 1, 1, 4, 2, 1, 1, 3 }; 478 | int server_steps[] = { 3, 1, 1, 3, 2, 1, 2, 1, 2 }; 479 | 480 | ssl_context s_ssl, c_ssl; 481 | x509_crt srvcert; 482 | pk_context pkey; 483 | #if defined(POLARSSL_SSL_CACHE_C) 484 | ssl_cache_context cache; 485 | #endif 486 | 487 | if( argc == 3) 488 | { 489 | packet_in_num = atoi(argv[1]); 490 | packet_in_file = argv[2]; 491 | } 492 | else if( argc != 1) 493 | { 494 | usage(argv[0]); 495 | exit(1); 496 | } 497 | 498 | /* Server init */ 499 | memset( &s_ssl, 0, sizeof( ssl_context ) ); 500 | #if defined(POLARSSL_SSL_CACHE_C) 501 | ssl_cache_init( &cache ); 502 | #endif 503 | x509_crt_init( &srvcert ); 504 | pk_init( &pkey ); 505 | 506 | /* Client init */ 507 | memset( &c_ssl, 0, sizeof( ssl_context ) ); 508 | /*x509_crt_init( &cacert );*/ 509 | 510 | #if defined(POLARSSL_DEBUG_C) 511 | debug_set_threshold( DEBUG_LEVEL ); 512 | #endif 513 | 514 | /* 515 | * Server: 516 | * Load the certificates and private RSA key 517 | */ 518 | if( packet_in_num == 0 ) 519 | { 520 | printf( " . Loading the server cert. and key..." ); 521 | fflush( stdout ); 522 | } 523 | 524 | /* 525 | * This demonstration program uses embedded test certificates. 526 | * Instead, you may want to use x509_crt_parse_file() to read the 527 | * server and CA certificates, as well as pk_parse_keyfile(). 528 | */ 529 | ret = x509_crt_parse( &srvcert, (const unsigned char *) test_srv_crt, 530 | strlen( test_srv_crt ) ); 531 | if( ret != 0 ) 532 | { 533 | printf( " failed\n ! x509_crt_parse returned %d\n\n", ret ); 534 | goto exit; 535 | } 536 | 537 | ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list, 538 | strlen( test_ca_list ) ); 539 | if( ret != 0 ) 540 | { 541 | polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret ); 542 | goto exit; 543 | } 544 | 545 | ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, 546 | strlen( test_srv_key ), NULL, 0 ); 547 | if( ret != 0 ) 548 | { 549 | printf( " failed\n ! pk_parse_key returned %d\n\n", ret ); 550 | goto exit; 551 | } 552 | 553 | if( packet_in_num == 0 ) 554 | { 555 | printf( " ok\n" ); 556 | } 557 | 558 | /* 559 | * Server: 560 | * Setup stuff 561 | */ 562 | if( packet_in_num == 0 ) 563 | { 564 | printf( " . Server: Setting up the SSL data...." ); 565 | fflush( stdout ); 566 | } 567 | 568 | if( ( ret = ssl_init( &s_ssl ) ) != 0 ) 569 | { 570 | polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret ); 571 | goto exit; 572 | } 573 | 574 | ssl_set_endpoint( &s_ssl, SSL_IS_SERVER ); 575 | ssl_set_authmode( &s_ssl, SSL_VERIFY_NONE ); 576 | 577 | /* SSLv3 is deprecated, set minimum to TLS 1.0 */ 578 | ssl_set_min_version( &s_ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); 579 | /* RC4 is deprecated, disable it */ 580 | ssl_set_arc4_support( &s_ssl, SSL_ARC4_DISABLED ); 581 | 582 | ssl_set_rng( &s_ssl, ctr_drbg_deterministic, NULL ); 583 | ssl_set_dbg( &s_ssl, my_debug, stdout ); 584 | 585 | #if defined(POLARSSL_SSL_CACHE_C) 586 | ssl_set_session_cache( &s_ssl, ssl_cache_get, &cache, 587 | ssl_cache_set, &cache ); 588 | #endif 589 | 590 | ssl_set_ca_chain( &s_ssl, srvcert.next, NULL, NULL ); 591 | if( ( ret = ssl_set_own_cert( &s_ssl, &srvcert, &pkey ) ) != 0 ) 592 | { 593 | printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret ); 594 | goto exit; 595 | } 596 | 597 | if( packet_in_num == 0 ) 598 | { 599 | printf( " ok\n" ); 600 | } 601 | 602 | ssl_session_reset( &s_ssl ); 603 | 604 | #if SOCKET_COMMUNICATION 605 | /* 606 | * Server: 607 | * Setup the listening TCP socket 608 | */ 609 | if( packet_in_num == 0 ) 610 | { 611 | printf( " . Bind on https://localhost:%d/ ...", SERVER_PORT ); 612 | fflush( stdout ); 613 | } 614 | 615 | if( ( ret = net_bind( &listen_fd, NULL, SERVER_PORT ) ) != 0 ) 616 | { 617 | printf( " failed\n ! net_bind returned %d\n\n", ret ); 618 | goto exit; 619 | } 620 | 621 | if( packet_in_num == 0 ) 622 | { 623 | printf( " ok\n" ); 624 | } 625 | 626 | /* 627 | * Client: 628 | * Start the connection 629 | */ 630 | if( packet_in_num == 0 ) 631 | { 632 | printf( " . Connecting to tcp/%s/%d...", SERVER_NAME, SERVER_PORT ); 633 | fflush( stdout ); 634 | } 635 | 636 | if( ( ret = net_connect( &server_fd, SERVER_NAME, 637 | SERVER_PORT ) ) != 0 ) 638 | { 639 | printf( " failed\n ! net_connect returned %d\n\n", ret ); 640 | goto exit; 641 | } 642 | 643 | if( packet_in_num == 0 ) 644 | { 645 | printf( " ok\n" ); 646 | } 647 | 648 | /* 649 | * Server: 650 | * Start listening for client connections 651 | */ 652 | if( packet_in_num == 0 ) 653 | { 654 | printf( " . Waiting for a remote connection ..." ); 655 | fflush( stdout ); 656 | } 657 | 658 | /* 659 | * Server: 660 | * Accept client connection (socket is set non-blocking in 661 | * library/net.c) 662 | */ 663 | if( ( ret = net_accept( listen_fd, &client_fd, 664 | NULL ) ) != 0 ) 665 | { 666 | printf( " failed\n ! net_accept returned %d\n\n", ret ); 667 | goto exit; 668 | } 669 | 670 | if( packet_in_num == 0 ) 671 | { 672 | printf( " ok\n" ); 673 | } 674 | 675 | ssl_set_bio( &s_ssl, recv_custom, &client_fd, send_custom, &client_fd ); 676 | #else 677 | ssl_set_bio( &s_ssl, func_server_recv_buf, NULL, func_server_send_buf, NULL ); 678 | #endif 679 | 680 | /* 681 | * Client: 682 | * Setup stuff 683 | */ 684 | if( packet_in_num == 0 ) 685 | { 686 | printf( " . Client: Setting up the SSL/TLS structure..." ); 687 | fflush( stdout ); 688 | } 689 | 690 | if( ( ret = ssl_init( &c_ssl ) ) != 0 ) 691 | { 692 | polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret ); 693 | goto exit; 694 | } 695 | 696 | if( packet_in_num == 0 ) 697 | { 698 | polarssl_printf( " ok\n" ); 699 | } 700 | 701 | ssl_set_endpoint( &c_ssl, SSL_IS_CLIENT ); 702 | /* OPTIONAL is not optimal for security, 703 | * but makes interop easier in this simplified example */ 704 | ssl_set_authmode( &c_ssl, SSL_VERIFY_OPTIONAL ); 705 | /* NONE permits man-in-the-middle attacks. */ 706 | /*ssl_set_authmode( &c_ssl, VERIFY_NONE );*/ 707 | /*ssl_set_authmode( &c_ssl, SSL_VERIFY_REQUIRED );*/ 708 | ssl_set_ca_chain( &c_ssl, &srvcert, NULL, "PolarSSL Server 1" ); 709 | 710 | /* SSLv3 is deprecated, set minimum to TLS 1.0 */ 711 | ssl_set_min_version( &c_ssl, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1 ); 712 | /* RC4 is deprecated, disable it */ 713 | ssl_set_arc4_support( &c_ssl, SSL_ARC4_DISABLED ); 714 | 715 | ssl_set_rng( &c_ssl, ctr_drbg_deterministic, NULL ); 716 | ssl_set_dbg( &c_ssl, my_debug, stdout ); 717 | 718 | if( ( ret = ssl_set_hostname( &c_ssl, "mbed TLS Server 1" ) ) != 0 ) 719 | { 720 | printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret ); 721 | goto exit; 722 | } 723 | 724 | #if SOCKET_COMMUNICATION 725 | ssl_set_bio( &c_ssl, recv_custom, &server_fd, send_custom, &server_fd ); 726 | #else 727 | ssl_set_bio( &c_ssl, func_client_recv_buf, NULL, func_client_send_buf, NULL ); 728 | #endif 729 | 730 | if( packet_in_num == 0 ) 731 | { 732 | printf( " . Performing the SSL/TLS handshake...\n" ); 733 | fflush( stdout ); 734 | } 735 | 736 | do { 737 | /* 738 | * Client: 739 | * Handshake step 740 | */ 741 | int i; 742 | int no_steps; 743 | 744 | if( c_ssl.state == SSL_HANDSHAKE_OVER ) { 745 | no_steps = 0; 746 | } else { 747 | no_steps = client_steps[step - 1]; 748 | } 749 | 750 | for (i = 0; i < no_steps; i++) { 751 | if( ( ret = ssl_handshake_step( &c_ssl ) ) != 0 ) 752 | { 753 | if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) 754 | { 755 | printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret ); 756 | goto exit; 757 | } 758 | } 759 | } 760 | 761 | if( packet_in_num == 0 ) 762 | { 763 | printf( "--- client handshake step %zd ok\n", step ); 764 | } 765 | 766 | /* 767 | * Server: 768 | * Handshake step 769 | */ 770 | if( s_ssl.state == SSL_HANDSHAKE_OVER ) { 771 | printf("over\n"); 772 | no_steps = 0; 773 | } else { 774 | no_steps = server_steps[step - 1]; 775 | } 776 | 777 | for (i = 0; i < no_steps; i++) { 778 | if( ( ret = ssl_handshake_step( &s_ssl ) ) != 0 ) 779 | { 780 | if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) 781 | { 782 | printf( " failed\n ! ssl_handshake returned %d\n\n", ret ); 783 | goto exit; 784 | } 785 | } 786 | } 787 | 788 | if( packet_in_num == 0 ) 789 | { 790 | printf( "--- server handshake step %zd ok\n", step ); 791 | } 792 | 793 | step++; 794 | } while( ((c_ssl.state != SSL_HANDSHAKE_OVER) 795 | || (s_ssl.state != SSL_HANDSHAKE_OVER)) 796 | && (step <= MAX_HANDSHAKE_STEPS) ); 797 | 798 | if( packet_in_num == 0 ) 799 | { 800 | printf( "c_ssl.state: %d\n", c_ssl.state != SSL_HANDSHAKE_OVER ); 801 | printf( "s_ssl.state: %d\n", s_ssl.state != SSL_HANDSHAKE_OVER ); 802 | } 803 | 804 | /* 805 | * Client: 806 | * Verify the server certificate 807 | */ 808 | if( packet_in_num == 0 ) 809 | { 810 | printf( " . Verifying peer X.509 certificate..." ); 811 | } 812 | 813 | /* In real life, we probably want to bail out when ret != 0 */ 814 | if( ( flags = ssl_get_verify_result( &c_ssl ) ) != 0 ) 815 | { 816 | char vrfy_buf[512]; 817 | 818 | printf( " failed\n" ); 819 | 820 | x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); 821 | 822 | printf( "%s\n", vrfy_buf ); 823 | } 824 | else if( packet_in_num == 0 ) 825 | { 826 | printf( " ok\n" ); 827 | } 828 | 829 | /* 830 | * Client: 831 | * Write the GET request 832 | */ 833 | if( packet_in_num == 0 ) 834 | { 835 | printf( " > Write to server:" ); 836 | fflush( stdout ); 837 | } 838 | 839 | len = snprintf( (char *) buf, sizeof( buf ), GET_REQUEST ); 840 | 841 | while( ( ret = ssl_write( &c_ssl, buf, len ) ) <= 0 ) 842 | { 843 | if( ret !=POLARSSL_ERR_NET_WANT_READ && ret !=POLARSSL_ERR_NET_WANT_WRITE ) 844 | { 845 | printf( " failed\n ! ssl_write returned %d\n\n", ret ); 846 | goto exit; 847 | } 848 | } 849 | 850 | len = ret; 851 | if( packet_in_num == 0 ) 852 | { 853 | printf( " %d bytes written\n\n%s", len, (char *) buf ); 854 | } 855 | 856 | /* 857 | * Server: 858 | * Read the HTTP Request 859 | */ 860 | if( packet_in_num == 0 ) 861 | { 862 | printf( " < Read from client:" ); 863 | fflush( stdout ); 864 | } 865 | 866 | do 867 | { 868 | len = sizeof( buf ) - 1; 869 | memset( buf, 0, sizeof( buf ) ); 870 | ret = ssl_read( &s_ssl, buf, len ); 871 | 872 | if( ret ==POLARSSL_ERR_NET_WANT_READ || ret ==POLARSSL_ERR_NET_WANT_WRITE ) 873 | continue; 874 | 875 | if( ret <= 0 ) 876 | { 877 | switch( ret ) 878 | { 879 | case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY: 880 | printf( " connection was closed gracefully\n" ); 881 | break; 882 | 883 | case POLARSSL_ERR_NET_CONN_RESET: 884 | printf( " connection was reset by peer\n" ); 885 | break; 886 | 887 | default: 888 | printf( " ssl_read returned -0x%x\n", -ret ); 889 | break; 890 | } 891 | 892 | break; 893 | } 894 | 895 | len = ret; 896 | if( packet_in_num == 0 ) 897 | { 898 | printf( " %d bytes read\n\n%s", len, (char *) buf ); 899 | } 900 | 901 | if( ret > 0 ) 902 | break; 903 | } 904 | while( 1 ); 905 | 906 | /* 907 | * Server: 908 | * Write the 200 Response 909 | */ 910 | if( packet_in_num == 0 ) 911 | { 912 | printf( " > Write to client:" ); 913 | fflush( stdout ); 914 | } 915 | 916 | len = snprintf( (char *) buf, sizeof( buf ), HTTP_RESPONSE ); 917 | 918 | while( ( ret = ssl_write( &s_ssl, buf, len ) ) <= 0 ) 919 | { 920 | if( ret == POLARSSL_ERR_NET_CONN_RESET ) 921 | { 922 | printf( " failed\n ! peer closed the connection\n\n" ); 923 | goto exit; 924 | } 925 | 926 | if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) 927 | { 928 | printf( " failed\n ! ssl_write returned %d\n\n", ret ); 929 | goto exit; 930 | } 931 | } 932 | 933 | len = ret; 934 | if( packet_in_num == 0 ) 935 | { 936 | printf( " %d bytes written\n\n%s\n", len, (char *) buf ); 937 | } 938 | 939 | /* 940 | * Client: 941 | * Read the HTTP response 942 | */ 943 | if( packet_in_num == 0 ) 944 | { 945 | printf( " < Read from server:" ); 946 | fflush( stdout ); 947 | } 948 | 949 | do 950 | { 951 | len = sizeof( buf ) - 1; 952 | memset( buf, 0, sizeof( buf ) ); 953 | ret = ssl_read( &c_ssl, buf, len ); 954 | 955 | if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE ) 956 | continue; 957 | 958 | if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ) 959 | { 960 | ret = 0; 961 | break; 962 | } 963 | 964 | if( ret < 0 ) 965 | { 966 | printf( "failed\n ! ssl_read returned %d\n\n", ret ); 967 | break; 968 | } 969 | 970 | if( ret == 0 ) 971 | { 972 | printf( "\n\nEOF\n\n" ); 973 | break; 974 | } 975 | 976 | len = ret; 977 | if( packet_in_num == 0 ) 978 | { 979 | printf( " %d bytes read\n\n%s", len, (char *) buf ); 980 | } 981 | 982 | /* 983 | * Server: 984 | * Client read response. Close connection. 985 | */ 986 | if ( packet_in_num == 0 ) 987 | { 988 | printf( " . Closing the connection..." ); 989 | fflush( stdout ); 990 | } 991 | 992 | while( ( ret = ssl_close_notify( &s_ssl ) ) < 0 ) 993 | { 994 | if( ret != POLARSSL_ERR_NET_WANT_READ && 995 | ret != POLARSSL_ERR_NET_WANT_WRITE ) 996 | { 997 | printf( " failed\n ! ssl_close_notify returned %d\n\n", ret ); 998 | goto exit; 999 | } 1000 | } 1001 | 1002 | if( packet_in_num == 0 ) 1003 | { 1004 | printf( " ok\n" ); 1005 | } 1006 | } 1007 | while( 1 ); 1008 | 1009 | /* 1010 | * Client: 1011 | * Close connection. 1012 | */ 1013 | if( packet_in_num == 0 ) 1014 | { 1015 | printf( " . Closing the connection..." ); 1016 | fflush( stdout ); 1017 | } 1018 | 1019 | ssl_close_notify( &c_ssl ); 1020 | 1021 | if( packet_in_num == 0 ) 1022 | { 1023 | printf( " ok\n" ); 1024 | } 1025 | 1026 | /* 1027 | * Server: 1028 | * We do not have multiple clients and therefore do not goto reset. 1029 | */ 1030 | /*ret = 0;*/ 1031 | /*goto reset;*/ 1032 | 1033 | exit: 1034 | 1035 | #ifdef POLARSSL_ERROR_C 1036 | if( ret != 0 ) 1037 | { 1038 | char error_buf[100]; 1039 | polarssl_strerror( ret, error_buf, 100 ); 1040 | printf("Last error was: %d - %s\n\n", ret, error_buf ); 1041 | } 1042 | #endif 1043 | 1044 | #if SOCKET_COMMUNICATION 1045 | if ( client_fd != 1 ) 1046 | net_close( client_fd ); 1047 | if( server_fd != -1 ) 1048 | net_close( server_fd ); 1049 | if ( listen_fd != 1 ) 1050 | net_close( listen_fd ); 1051 | #endif 1052 | 1053 | x509_crt_free( &srvcert ); 1054 | pk_free( &pkey ); 1055 | ssl_free( &s_ssl ); 1056 | ssl_free( &c_ssl ); 1057 | #if defined(POLARSSL_SSL_CACHE_C) 1058 | ssl_cache_free( &cache ); 1059 | #endif 1060 | 1061 | #if defined(_WIN32) 1062 | printf( " Press Enter to exit this program.\n" ); 1063 | fflush( stdout ); getchar(); 1064 | #endif 1065 | 1066 | return( ret ); 1067 | } 1068 | #endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C && 1069 | POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C && 1070 | POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C && POLARSSL_X509_CRT_PARSE_C 1071 | && POLARSSL_FS_IO && POLARSSL_PEM_PARSE_C */ 1072 | -------------------------------------------------------------------------------- /selftls-2.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Sets up a TLS server and a TLS client instance and lets the instances 3 | * talk to each other. 4 | * The purpose of this program is to allow for fuzzing the mbed TLS 5 | * library using afl. 6 | * 7 | * Copyright (C) 2015, Fabian Foerg, Gotham Digital Science, All Rights Reserved 8 | * 9 | * Based on code by: 10 | * 11 | * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved 12 | * 13 | * This file is part of mbed TLS (https://tls.mbed.org) 14 | * 15 | * This program is free software; you can redistribute it and/or modify 16 | * it under the terms of the GNU General Public License as published by 17 | * the Free Software Foundation; either version 2 of the License, or 18 | * (at your option) any later version. 19 | * 20 | * This program is distributed in the hope that it will be useful, 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | * GNU General Public License for more details. 24 | * 25 | * You should have received a copy of the GNU General Public License along 26 | * with this program; if not, write to the Free Software Foundation, Inc., 27 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 28 | */ 29 | 30 | #if !defined(MBEDTLS_CONFIG_FILE) 31 | #include "mbedtls/config.h" 32 | #else 33 | #include MBEDTLS_CONFIG_FILE 34 | #endif 35 | 36 | #if defined(MBEDTLS_PLATFORM_C) 37 | #include "mbedtls/platform.h" 38 | #else 39 | #include 40 | #define mbedtls_fprintf fprintf 41 | #define mbedtls_printf printf 42 | #endif 43 | 44 | #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) || \ 45 | !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \ 46 | !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \ 47 | !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ 48 | !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ 49 | !defined(MBEDTLS_PEM_PARSE_C) 50 | int main( void ) 51 | { 52 | mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C " 53 | "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or " 54 | "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " 55 | "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " 56 | "and/or MBEDTLS_PEM_PARSE_C not defined.\n"); 57 | return( 0 ); 58 | } 59 | #else 60 | 61 | #include 62 | #include 63 | 64 | #if defined(_WIN32) 65 | #include 66 | #endif 67 | 68 | /*#if defined(MBEDTLS_NET_C)*/ 69 | 70 | #include "mbedtls/net.h" 71 | 72 | #include 73 | 74 | #if( defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ 75 | !defined(EFI32) 76 | 77 | #ifdef _WIN32_WINNT 78 | #undef _WIN32_WINNT 79 | #endif 80 | /* Enables getaddrinfo() & Co */ 81 | #define _WIN32_WINNT 0x0501 82 | #include 83 | 84 | #include 85 | #include 86 | 87 | #if defined(_MSC_VER) 88 | #if defined(_WIN32_WCE) 89 | #pragma comment( lib, "ws2.lib" ) 90 | #else 91 | #pragma comment( lib, "ws2_32.lib" ) 92 | #endif 93 | #endif /* _MSC_VER */ 94 | 95 | #define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0 ) 96 | #define write(fd,buf,len) send(fd,(char*)buf,(int) len,0 ) 97 | #define close(fd) closesocket(fd) 98 | 99 | static int wsa_init_done = 0; 100 | 101 | #else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ 102 | 103 | #include 104 | #include 105 | #include 106 | #include 107 | #include 108 | #include 109 | #include 110 | #include 111 | #include 112 | #include 113 | 114 | #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ 115 | 116 | #include "mbedtls/entropy.h" 117 | #include "mbedtls/ctr_drbg.h" 118 | #include "mbedtls/certs.h" 119 | #include "mbedtls/x509.h" 120 | #include "mbedtls/ssl.h" 121 | #include "mbedtls/net.h" 122 | #include "mbedtls/error.h" 123 | #include "mbedtls/debug.h" 124 | #include "mbedtls/net.h" 125 | 126 | #if defined(MBEDTLS_SSL_CACHE_C) 127 | #include "mbedtls/ssl_cache.h" 128 | #endif 129 | 130 | /* 131 | * Highly recommended to set the following value to 0. 132 | * If the value is 0, a buffer in memory will be used for communication between 133 | * the client and server. Otherwise, communication occurs over network sockets. 134 | */ 135 | #define SOCKET_COMMUNICATION 0 136 | 137 | #if SOCKET_COMMUNICATION 138 | #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ 139 | !defined(EFI32) 140 | /* 141 | * Check if the requested operation would be blocking on a non-blocking socket 142 | * and thus 'failed' with a negative return value. 143 | */ 144 | static int net_would_block( const mbedtls_net_context *ctx ) 145 | { 146 | ((void) ctx); 147 | return( WSAGetLastError() == WSAEWOULDBLOCK ); 148 | } 149 | #else 150 | /* 151 | * Check if the requested operation would be blocking on a non-blocking socket 152 | * and thus 'failed' with a negative return value. 153 | * 154 | * Note: on a blocking socket this function always returns 0! 155 | */ 156 | static int net_would_block( const mbedtls_net_context *ctx ) 157 | { 158 | /* 159 | * Never return 'WOULD BLOCK' on a non-blocking socket 160 | */ 161 | if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK ) 162 | return( 0 ); 163 | 164 | switch( errno ) 165 | { 166 | #if defined EAGAIN 167 | case EAGAIN: 168 | #endif 169 | #if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN 170 | case EWOULDBLOCK: 171 | #endif 172 | return( 1 ); 173 | } 174 | return( 0 ); 175 | } 176 | #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ 177 | 178 | #define SERVER_PORT "44433" 179 | #define SERVER_NAME "localhost" 180 | #endif 181 | 182 | #define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" 183 | #define HTTP_RESPONSE \ 184 | "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ 185 | "

mbed TLS Test Server

\r\n" \ 186 | "

Successful connection!\r\n" 187 | 188 | #define MAX_HANDSHAKE_STEPS (sizeof(client_steps)/sizeof(client_steps[0])) 189 | 190 | /* Store sent messages in files for fuzzing. */ 191 | #if !defined(PACKET_FILE_PREFIX) 192 | #define PACKET_FILE_PREFIX "./packet-" 193 | #endif 194 | static size_t packet_count = 1; 195 | static size_t packet_in_num = 0; 196 | static const char *packet_in_file = NULL; 197 | 198 | #if !SOCKET_COMMUNICATION 199 | #define BUF_SIZE (4096) 200 | 201 | static unsigned char server_send_buf[BUF_SIZE]; 202 | static size_t server_send_off = 0; 203 | static size_t server_recv_off = 0; 204 | 205 | static unsigned char client_send_buf[BUF_SIZE]; 206 | static size_t client_send_off = 0; 207 | static size_t client_recv_off = 0; 208 | 209 | static unsigned char *shared_buf = NULL; 210 | static size_t *send_off = NULL; 211 | static size_t *recv_off = NULL; 212 | #endif 213 | 214 | #define DEBUG_LEVEL 0 215 | 216 | static void my_debug( void *ctx, int level, 217 | const char *file, int line, 218 | const char *str ) 219 | { 220 | ((void) level); 221 | 222 | mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str ); 223 | fflush( (FILE *) ctx ); 224 | } 225 | 226 | /* 227 | * Write at most 'len' characters to shared buffer or file. 228 | * Multiple sends can occur before a receive; therefore, maintain an 229 | * offset. 230 | * Also, write content of file to shared buffer, if desired (determined 231 | * by command-line options). 232 | */ 233 | static int mbedtls_send_custom( void *ctx, const unsigned char *buf, 234 | size_t len ) 235 | { 236 | int ret; 237 | #if SOCKET_COMMUNICATION 238 | int fd = ((mbedtls_net_context *) ctx)->fd; 239 | 240 | if( fd < 0 ) 241 | return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); 242 | #else 243 | ((void) ctx); 244 | #endif 245 | 246 | /* Read packet from file or write packet to file */ 247 | if( packet_count == packet_in_num ) 248 | { 249 | FILE *in_file; 250 | #if !SOCKET_COMMUNICATION 251 | size_t rlen; 252 | #endif 253 | 254 | if( !packet_in_file ) 255 | { 256 | mbedtls_fprintf( stderr, "Packet input file not specified!\n" ); 257 | exit(1); 258 | } 259 | 260 | /* Read packet from file, ignoring buf */ 261 | in_file = fopen( packet_in_file, "rb" ); 262 | 263 | if( !in_file ) 264 | { 265 | perror( "Unable to open packet input file" ); 266 | exit( 1 ); 267 | } 268 | 269 | /* Write packet to socket/buffer. */ 270 | #if SOCKET_COMMUNICATION 271 | ret = (int) write( fd, buf, len ); 272 | #else 273 | rlen = fread( shared_buf, sizeof(shared_buf[0]), BUF_SIZE, 274 | in_file ); 275 | #endif 276 | if ( ferror( in_file ) ) 277 | { 278 | perror( "Unable to read packet input file" ); 279 | exit( 1 ); 280 | } 281 | #if !SOCKET_COMMUNICATION 282 | else { 283 | *send_off += rlen; 284 | ret = rlen; 285 | } 286 | #endif 287 | fclose( in_file ); 288 | } 289 | else 290 | { 291 | /* Write packet to socket/buffer. */ 292 | #if SOCKET_COMMUNICATION 293 | ret = (int) write( fd, buf, len ); 294 | #else 295 | if ( (len <= BUF_SIZE) && memcpy( shared_buf, buf, len ) ) 296 | { 297 | *send_off += len; 298 | ret = len; 299 | } 300 | else 301 | { 302 | ret = -1; 303 | } 304 | #endif 305 | 306 | if( packet_in_num == 0 ) 307 | { 308 | char out_filename[100]; 309 | FILE *out_file; 310 | 311 | /* Write packet to file. */ 312 | snprintf( out_filename, sizeof(out_filename), "%s%zd", 313 | PACKET_FILE_PREFIX, packet_count ); 314 | out_file = fopen( out_filename, "wb" ); 315 | fwrite( buf, sizeof(char), len, out_file ); 316 | fclose( out_file ); 317 | } 318 | } 319 | packet_count++; 320 | 321 | #if SOCKET_COMMUNICATION 322 | if( ret < 0 ) 323 | { 324 | if( net_would_block( ctx ) != 0 ) 325 | return( MBEDTLS_ERR_SSL_WANT_WRITE ); 326 | 327 | #if( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ 328 | !defined(EFI32) 329 | if( WSAGetLastError() == WSAECONNRESET ) 330 | return( MBEDTLS_ERR_NET_CONN_RESET ); 331 | #else 332 | if( errno == EPIPE || errno == ECONNRESET ) 333 | return( MBEDTLS_ERR_NET_CONN_RESET ); 334 | 335 | if( errno == EINTR ) 336 | return( MBEDTLS_ERR_SSL_WANT_WRITE ); 337 | #endif 338 | 339 | return( MBEDTLS_ERR_NET_SEND_FAILED ); 340 | } 341 | #endif 342 | 343 | return( ret ); 344 | } 345 | 346 | /* 347 | * Read at most 'len' characters and write to buf. 348 | */ 349 | static int mbedtls_recv_custom( void *ctx, unsigned char *buf, size_t len ) 350 | { 351 | int ret; 352 | #if SOCKET_COMMUNICATION 353 | int fd = ((mbedtls_net_context *) ctx)->fd; 354 | 355 | if( fd < 0 ) 356 | return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); 357 | ret = (int) read( fd, buf, len ); 358 | #else 359 | ((void) ctx); 360 | ((void) len); 361 | 362 | if ( ((*recv_off + len) <= BUF_SIZE) && memcpy( buf, &shared_buf[*recv_off], len ) ) 363 | { 364 | *recv_off += len; 365 | if (*recv_off == *send_off) 366 | { 367 | /* 368 | * Done copying buffer. 369 | * Reset offsets for next calls of send and rcv functions. 370 | */ 371 | *recv_off = 0; 372 | *send_off = 0; 373 | } 374 | /* Imitate the return value of read(2). */ 375 | ret = len; 376 | } 377 | else 378 | { 379 | ret = -1; 380 | } 381 | #endif 382 | 383 | #if SOCKET_COMMUNICATION 384 | if( ret < 0 ) 385 | { 386 | if( net_would_block( ctx ) != 0 ) 387 | return( MBEDTLS_ERR_SSL_WANT_READ ); 388 | 389 | #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ 390 | !defined(EFI32) 391 | if( WSAGetLastError() == WSAECONNRESET ) 392 | return( MBEDTLS_ERR_NET_CONN_RESET ); 393 | #else 394 | if( errno == EPIPE || errno == ECONNRESET ) 395 | return( MBEDTLS_ERR_NET_CONN_RESET ); 396 | 397 | if( errno == EINTR ) 398 | return( MBEDTLS_ERR_SSL_WANT_READ ); 399 | #endif 400 | 401 | return( MBEDTLS_ERR_NET_RECV_FAILED ); 402 | } 403 | #endif 404 | 405 | return( ret ); 406 | } 407 | 408 | /* 409 | * Make the program deterministic for fuzzing: always generate 1 bytes 410 | * instead of random numbers. 411 | */ 412 | static int mbedtls_ctr_drbg_deterministic( void *p_rng, unsigned char *output, size_t output_len ) 413 | { 414 | ((void) p_rng); 415 | 416 | /* Note that key generation would fail with 0 bytes. */ 417 | memset( output, 1, output_len ); 418 | 419 | return 0; 420 | } 421 | 422 | #if !SOCKET_COMMUNICATION 423 | static int mbedtls_server_send_buf( void *ctx, const unsigned char *buf, 424 | size_t len ) 425 | { 426 | shared_buf = server_send_buf; 427 | send_off = &server_send_off; 428 | 429 | return mbedtls_send_custom(ctx, buf, len); 430 | } 431 | 432 | static int mbedtls_client_send_buf( void *ctx, const unsigned char *buf, 433 | size_t len ) 434 | { 435 | shared_buf = client_send_buf; 436 | send_off = &client_send_off; 437 | 438 | return mbedtls_send_custom(ctx, buf, len); 439 | } 440 | 441 | static int mbedtls_server_recv_buf( void *ctx, unsigned char *buf, 442 | size_t len ) 443 | { 444 | shared_buf = client_send_buf; 445 | send_off = &client_send_off; 446 | recv_off = &server_recv_off; 447 | 448 | return mbedtls_recv_custom(ctx, buf, len); 449 | } 450 | 451 | static int mbedtls_client_recv_buf( void *ctx, unsigned char *buf, 452 | size_t len ) 453 | { 454 | shared_buf = server_send_buf; 455 | send_off = &server_send_off; 456 | recv_off = &client_recv_off; 457 | 458 | return mbedtls_recv_custom(ctx, buf, len); 459 | } 460 | #endif 461 | 462 | static void usage( const char *prog ) 463 | { 464 | fprintf( stderr, "Usage: %s [packet number] [packet file]\n", prog ); 465 | } 466 | 467 | int main( int argc, const char *argv[] ) 468 | { 469 | /* Client and server declarations. */ 470 | int ret; 471 | int len; 472 | #if SOCKET_COMMUNICATION 473 | mbedtls_net_context listen_fd, client_fd, server_fd; 474 | #endif 475 | unsigned char buf[1024]; 476 | /* Handshake step counter */ 477 | size_t step = 1; 478 | int flags; 479 | /* 480 | * The following number of steps are hardcoded to ensure 481 | * that the client and server complete the handshake without 482 | * waiting infinitely for the other side to send data. 483 | * 484 | * 1 2 3 4 5 6 7 8 9 10 485 | */ 486 | int client_steps[] = { 2, 1, 1, 1, 4, 2, 1, 1, 2, 1 }; 487 | int server_steps[] = { 3, 1, 1, 2, 3, 1, 2, 1, 1, 1 }; 488 | 489 | mbedtls_ssl_context s_ssl, c_ssl; 490 | mbedtls_ssl_config s_conf, c_conf; 491 | mbedtls_x509_crt srvcert; 492 | mbedtls_pk_context pkey; 493 | #if defined(MBEDTLS_SSL_CACHE_C) 494 | mbedtls_ssl_cache_context cache; 495 | #endif 496 | 497 | if( argc == 3) 498 | { 499 | packet_in_num = atoi(argv[1]); 500 | packet_in_file = argv[2]; 501 | } 502 | else if( argc != 1) 503 | { 504 | usage(argv[0]); 505 | exit(1); 506 | } 507 | 508 | /* Server init */ 509 | #if SOCKET_COMMUNICATION 510 | mbedtls_net_init( &listen_fd ); 511 | mbedtls_net_init( &client_fd ); 512 | #endif 513 | mbedtls_ssl_init( &s_ssl ); 514 | mbedtls_ssl_config_init( &s_conf ); 515 | #if defined(MBEDTLS_SSL_CACHE_C) 516 | mbedtls_ssl_cache_init( &cache ); 517 | #endif 518 | mbedtls_x509_crt_init( &srvcert ); 519 | mbedtls_pk_init( &pkey ); 520 | 521 | /* Client init */ 522 | #if SOCKET_COMMUNICATION 523 | mbedtls_net_init( &server_fd ); 524 | #endif 525 | mbedtls_ssl_init( &c_ssl ); 526 | mbedtls_ssl_config_init( &c_conf ); 527 | /*mbedtls_x509_crt_init( &cacert );*/ 528 | 529 | #if defined(MBEDTLS_DEBUG_C) 530 | mbedtls_debug_set_threshold( DEBUG_LEVEL ); 531 | #endif 532 | 533 | /* 534 | * Server: 535 | * Load the certificates and private RSA key 536 | */ 537 | if( packet_in_num == 0 ) 538 | { 539 | mbedtls_printf( " . Loading the server cert. and key..." ); 540 | fflush( stdout ); 541 | } 542 | 543 | /* 544 | * This demonstration program uses embedded test certificates. 545 | * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the 546 | * server and CA certificates, as well as mbedtls_pk_parse_keyfile(). 547 | */ 548 | ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt, 549 | mbedtls_test_srv_crt_len ); 550 | if( ret != 0 ) 551 | { 552 | mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); 553 | goto exit; 554 | } 555 | 556 | ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem, 557 | mbedtls_test_cas_pem_len ); 558 | if( ret != 0 ) 559 | { 560 | mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret ); 561 | goto exit; 562 | } 563 | 564 | ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, 565 | mbedtls_test_srv_key_len, NULL, 0 ); 566 | if( ret != 0 ) 567 | { 568 | mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); 569 | goto exit; 570 | } 571 | 572 | if( packet_in_num == 0 ) 573 | { 574 | mbedtls_printf( " ok\n" ); 575 | } 576 | 577 | /* 578 | * Server: 579 | * Setup stuff 580 | */ 581 | if( packet_in_num == 0 ) 582 | { 583 | mbedtls_printf( " . Server: Setting up the SSL data...." ); 584 | fflush( stdout ); 585 | } 586 | 587 | if( ( ret = mbedtls_ssl_config_defaults( &s_conf, 588 | MBEDTLS_SSL_IS_SERVER, 589 | MBEDTLS_SSL_TRANSPORT_STREAM, 590 | MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) 591 | { 592 | mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); 593 | goto exit; 594 | } 595 | 596 | mbedtls_ssl_conf_rng( &s_conf, mbedtls_ctr_drbg_deterministic, NULL ); 597 | mbedtls_ssl_conf_dbg( &s_conf, my_debug, stdout ); 598 | 599 | #if defined(MBEDTLS_SSL_CACHE_C) 600 | mbedtls_ssl_conf_session_cache( &s_conf, &cache, 601 | mbedtls_ssl_cache_get, 602 | mbedtls_ssl_cache_set ); 603 | #endif 604 | 605 | mbedtls_ssl_conf_ca_chain( &s_conf, srvcert.next, NULL ); 606 | if( ( ret = mbedtls_ssl_conf_own_cert( &s_conf, &srvcert, &pkey ) ) != 0 ) 607 | { 608 | mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); 609 | goto exit; 610 | } 611 | 612 | if( ( ret = mbedtls_ssl_setup( &s_ssl, &s_conf ) ) != 0 ) 613 | { 614 | mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); 615 | goto exit; 616 | } 617 | 618 | if( packet_in_num == 0 ) 619 | { 620 | mbedtls_printf( " ok\n" ); 621 | } 622 | 623 | mbedtls_ssl_session_reset( &s_ssl ); 624 | 625 | #if SOCKET_COMMUNICATION 626 | /* 627 | * Server: 628 | * Setup the listening TCP socket 629 | */ 630 | if( packet_in_num == 0 ) 631 | { 632 | mbedtls_printf( " . Bind on https://localhost:%s/ ...", SERVER_PORT ); 633 | fflush( stdout ); 634 | } 635 | 636 | if( ( ret = mbedtls_net_bind( &listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) 637 | { 638 | mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret ); 639 | goto exit; 640 | } 641 | 642 | if( packet_in_num == 0 ) 643 | { 644 | mbedtls_printf( " ok\n" ); 645 | } 646 | 647 | /* 648 | * Client: 649 | * Start the connection 650 | */ 651 | if( packet_in_num == 0 ) 652 | { 653 | mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT ); 654 | fflush( stdout ); 655 | } 656 | 657 | if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME, 658 | SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) 659 | { 660 | mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret ); 661 | goto exit; 662 | } 663 | 664 | if( packet_in_num == 0 ) 665 | { 666 | mbedtls_printf( " ok\n" ); 667 | } 668 | 669 | /* 670 | * Server: 671 | * Start listening for client connections 672 | */ 673 | if( packet_in_num == 0 ) 674 | { 675 | mbedtls_printf( " . Waiting for a remote connection ..." ); 676 | fflush( stdout ); 677 | } 678 | 679 | /* 680 | * Server: 681 | * Accept client connection (socket is set non-blocking in 682 | * library/net.c) 683 | */ 684 | if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, 685 | NULL, 0, NULL ) ) != 0 ) 686 | { 687 | mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); 688 | goto exit; 689 | } 690 | 691 | if( packet_in_num == 0 ) 692 | { 693 | mbedtls_printf( " ok\n" ); 694 | } 695 | 696 | mbedtls_ssl_set_bio( &s_ssl, &client_fd, mbedtls_send_custom, mbedtls_recv_custom, NULL ); 697 | #else 698 | mbedtls_ssl_set_bio( &s_ssl, NULL, mbedtls_server_send_buf, mbedtls_server_recv_buf, NULL ); 699 | #endif 700 | 701 | /* 702 | * Client: 703 | * Setup stuff 704 | */ 705 | if( packet_in_num == 0 ) 706 | { 707 | mbedtls_printf( " . Client: Setting up the SSL/TLS structure..." ); 708 | fflush( stdout ); 709 | } 710 | 711 | if( ( ret = mbedtls_ssl_config_defaults( &c_conf, 712 | MBEDTLS_SSL_IS_CLIENT, 713 | MBEDTLS_SSL_TRANSPORT_STREAM, 714 | MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ) 715 | { 716 | mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); 717 | goto exit; 718 | } 719 | 720 | if( packet_in_num == 0 ) 721 | { 722 | mbedtls_printf( " ok\n" ); 723 | } 724 | 725 | /* OPTIONAL is not optimal for security, 726 | * but makes interop easier in this simplified example */ 727 | mbedtls_ssl_conf_authmode( &c_conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); 728 | /* NONE permits man-in-the-middle attacks. */ 729 | /*mbedtls_ssl_conf_authmode( &c_conf, MBEDTLS_SSL_VERIFY_NONE );*/ 730 | /*mbedtls_ssl_conf_authmode( &c_conf, MBEDTLS_SSL_VERIFY_REQUIRED );*/ 731 | mbedtls_ssl_conf_ca_chain( &c_conf, &srvcert, NULL ); 732 | mbedtls_ssl_conf_rng( &c_conf, mbedtls_ctr_drbg_deterministic, NULL ); 733 | mbedtls_ssl_conf_dbg( &c_conf, my_debug, stdout ); 734 | 735 | if( ( ret = mbedtls_ssl_setup( &c_ssl, &c_conf ) ) != 0 ) 736 | { 737 | mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); 738 | goto exit; 739 | } 740 | 741 | if( ( ret = mbedtls_ssl_set_hostname( &c_ssl, "mbed TLS Server 1" ) ) != 0 ) 742 | { 743 | mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); 744 | goto exit; 745 | } 746 | 747 | #if SOCKET_COMMUNICATION 748 | mbedtls_ssl_set_bio( &c_ssl, &server_fd, mbedtls_send_custom, mbedtls_recv_custom, NULL ); 749 | #else 750 | mbedtls_ssl_set_bio( &c_ssl, NULL, mbedtls_client_send_buf, mbedtls_client_recv_buf, NULL ); 751 | #endif 752 | 753 | if( packet_in_num == 0 ) 754 | { 755 | mbedtls_printf( " . Performing the SSL/TLS handshake...\n" ); 756 | fflush( stdout ); 757 | } 758 | 759 | do { 760 | /* 761 | * Client: 762 | * Handshake step 763 | */ 764 | int i; 765 | int no_steps; 766 | 767 | if( c_ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER) { 768 | no_steps = 0; 769 | } else { 770 | no_steps = client_steps[step - 1]; 771 | } 772 | 773 | for (i = 0; i < no_steps; i++) { 774 | if( ( ret = mbedtls_ssl_handshake_step( &c_ssl ) ) != 0 ) 775 | { 776 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) 777 | { 778 | mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret ); 779 | goto exit; 780 | } 781 | } 782 | } 783 | 784 | if( packet_in_num == 0 ) 785 | { 786 | mbedtls_printf( "--- client handshake step %zd ok\n", step ); 787 | } 788 | 789 | /* 790 | * Server: 791 | * Handshake step 792 | */ 793 | if( s_ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER) { 794 | no_steps = 0; 795 | } else { 796 | no_steps = server_steps[step - 1]; 797 | } 798 | 799 | for (i = 0; i < no_steps; i++) { 800 | if( ( ret = mbedtls_ssl_handshake_step( &s_ssl ) ) != 0 ) 801 | { 802 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) 803 | { 804 | mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret ); 805 | goto exit; 806 | } 807 | } 808 | } 809 | 810 | if( packet_in_num == 0 ) 811 | { 812 | mbedtls_printf( "--- server handshake step %zd ok\n", step ); 813 | } 814 | 815 | step++; 816 | } while( ((c_ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) 817 | || (s_ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER)) 818 | && (step <= MAX_HANDSHAKE_STEPS) ); 819 | 820 | if( packet_in_num == 0 ) 821 | { 822 | mbedtls_printf( "c_ssl.state: %d\n", c_ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER ); 823 | mbedtls_printf( "s_ssl.state: %d\n", s_ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER ); 824 | } 825 | 826 | /* 827 | * Client: 828 | * Verify the server certificate 829 | */ 830 | if( packet_in_num == 0 ) 831 | { 832 | mbedtls_printf( " . Verifying peer X.509 certificate..." ); 833 | } 834 | 835 | /* In real life, we probably want to bail out when ret != 0 */ 836 | if( ( flags = mbedtls_ssl_get_verify_result( &c_ssl ) ) != 0 ) 837 | { 838 | char vrfy_buf[512]; 839 | 840 | mbedtls_printf( " failed\n" ); 841 | 842 | mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); 843 | 844 | mbedtls_printf( "%s\n", vrfy_buf ); 845 | } 846 | else if( packet_in_num == 0 ) 847 | { 848 | mbedtls_printf( " ok\n" ); 849 | } 850 | 851 | /* 852 | * Client: 853 | * Write the GET request 854 | */ 855 | if( packet_in_num == 0 ) 856 | { 857 | mbedtls_printf( " > Write to server:" ); 858 | fflush( stdout ); 859 | } 860 | 861 | len = snprintf( (char *) buf, sizeof( buf ), GET_REQUEST ); 862 | 863 | while( ( ret = mbedtls_ssl_write( &c_ssl, buf, len ) ) <= 0 ) 864 | { 865 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) 866 | { 867 | mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); 868 | goto exit; 869 | } 870 | } 871 | 872 | len = ret; 873 | if( packet_in_num == 0 ) 874 | { 875 | mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf ); 876 | } 877 | 878 | /* 879 | * Server: 880 | * Read the HTTP Request 881 | */ 882 | if( packet_in_num == 0 ) 883 | { 884 | mbedtls_printf( " < Read from client:" ); 885 | fflush( stdout ); 886 | } 887 | 888 | do 889 | { 890 | len = sizeof( buf ) - 1; 891 | memset( buf, 0, sizeof( buf ) ); 892 | ret = mbedtls_ssl_read( &s_ssl, buf, len ); 893 | 894 | if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) 895 | continue; 896 | 897 | if( ret <= 0 ) 898 | { 899 | switch( ret ) 900 | { 901 | case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: 902 | mbedtls_printf( " connection was closed gracefully\n" ); 903 | break; 904 | 905 | case MBEDTLS_ERR_NET_CONN_RESET: 906 | mbedtls_printf( " connection was reset by peer\n" ); 907 | break; 908 | 909 | default: 910 | mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret ); 911 | break; 912 | } 913 | 914 | break; 915 | } 916 | 917 | len = ret; 918 | if( packet_in_num == 0 ) 919 | { 920 | mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); 921 | } 922 | 923 | if( ret > 0 ) 924 | break; 925 | } 926 | while( 1 ); 927 | 928 | /* 929 | * Server: 930 | * Write the 200 Response 931 | */ 932 | if( packet_in_num == 0 ) 933 | { 934 | mbedtls_printf( " > Write to client:" ); 935 | fflush( stdout ); 936 | } 937 | 938 | len = snprintf( (char *) buf, sizeof( buf ), HTTP_RESPONSE ); 939 | 940 | while( ( ret = mbedtls_ssl_write( &s_ssl, buf, len ) ) <= 0 ) 941 | { 942 | if( ret == MBEDTLS_ERR_NET_CONN_RESET ) 943 | { 944 | mbedtls_printf( " failed\n ! peer closed the connection\n\n" ); 945 | goto exit; 946 | } 947 | 948 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) 949 | { 950 | mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret ); 951 | goto exit; 952 | } 953 | } 954 | 955 | len = ret; 956 | if( packet_in_num == 0 ) 957 | { 958 | mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf ); 959 | } 960 | 961 | /* 962 | * Client: 963 | * Read the HTTP response 964 | */ 965 | if( packet_in_num == 0 ) 966 | { 967 | mbedtls_printf( " < Read from server:" ); 968 | fflush( stdout ); 969 | } 970 | 971 | do 972 | { 973 | len = sizeof( buf ) - 1; 974 | memset( buf, 0, sizeof( buf ) ); 975 | ret = mbedtls_ssl_read( &c_ssl, buf, len ); 976 | 977 | if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) 978 | continue; 979 | 980 | if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ) 981 | { 982 | ret = 0; 983 | break; 984 | } 985 | 986 | if( ret < 0 ) 987 | { 988 | mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret ); 989 | break; 990 | } 991 | 992 | if( ret == 0 ) 993 | { 994 | mbedtls_printf( "\n\nEOF\n\n" ); 995 | break; 996 | } 997 | 998 | len = ret; 999 | if( packet_in_num == 0 ) 1000 | { 1001 | mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf ); 1002 | } 1003 | 1004 | /* 1005 | * Server: 1006 | * Client read response. Close connection. 1007 | */ 1008 | if ( packet_in_num == 0 ) 1009 | { 1010 | mbedtls_printf( " . Closing the connection..." ); 1011 | fflush( stdout ); 1012 | } 1013 | 1014 | while( ( ret = mbedtls_ssl_close_notify( &s_ssl ) ) < 0 ) 1015 | { 1016 | if( ret != MBEDTLS_ERR_SSL_WANT_READ && 1017 | ret != MBEDTLS_ERR_SSL_WANT_WRITE ) 1018 | { 1019 | mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret ); 1020 | goto exit; 1021 | } 1022 | } 1023 | 1024 | if( packet_in_num == 0 ) 1025 | { 1026 | mbedtls_printf( " ok\n" ); 1027 | } 1028 | } 1029 | while( 1 ); 1030 | 1031 | /* 1032 | * Client: 1033 | * Close connection. 1034 | */ 1035 | if( packet_in_num == 0 ) 1036 | { 1037 | mbedtls_printf( " . Closing the connection..." ); 1038 | fflush( stdout ); 1039 | } 1040 | 1041 | mbedtls_ssl_close_notify( &c_ssl ); 1042 | 1043 | if( packet_in_num == 0 ) 1044 | { 1045 | mbedtls_printf( " ok\n" ); 1046 | } 1047 | 1048 | /* 1049 | * Server: 1050 | * We do not have multiple clients and therefore do not goto reset. 1051 | */ 1052 | /*ret = 0;*/ 1053 | /*goto reset;*/ 1054 | 1055 | exit: 1056 | 1057 | #ifdef MBEDTLS_ERROR_C 1058 | if( ret != 0 ) 1059 | { 1060 | char error_buf[100]; 1061 | mbedtls_strerror( ret, error_buf, 100 ); 1062 | mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf ); 1063 | } 1064 | #endif 1065 | 1066 | #if SOCKET_COMMUNICATION 1067 | mbedtls_net_free( &client_fd ); 1068 | mbedtls_net_free( &listen_fd ); 1069 | mbedtls_net_free( &server_fd ); 1070 | #endif 1071 | 1072 | mbedtls_x509_crt_free( &srvcert ); 1073 | mbedtls_pk_free( &pkey ); 1074 | mbedtls_ssl_free( &s_ssl ); 1075 | mbedtls_ssl_free( &c_ssl ); 1076 | mbedtls_ssl_config_free( &s_conf ); 1077 | mbedtls_ssl_config_free( &c_conf ); 1078 | #if defined(MBEDTLS_SSL_CACHE_C) 1079 | mbedtls_ssl_cache_free( &cache ); 1080 | #endif 1081 | 1082 | #if defined(_WIN32) 1083 | mbedtls_printf( " Press Enter to exit this program.\n" ); 1084 | fflush( stdout ); getchar(); 1085 | #endif 1086 | 1087 | return( ret ); 1088 | } 1089 | #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && 1090 | MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && 1091 | MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C 1092 | && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */ 1093 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | readonly ARCHIVE_SUFFIX='-gpl.tgz' 4 | readonly MBEDTLS_2_3='mbedtls-2.3.0' 5 | readonly SHA_256_2_3='21237014f779bde70b2d71399cc1ea53365eb7f10cdd74a13ee6329a1910cb49' 6 | readonly MBEDTLS_2_1='mbedtls-2.1.5' 7 | readonly SHA_256_2_1='119ff3ee2788a2c5f0604b247bdffd401c439c8e551561cbb4b1f9d3a21a120d' 8 | readonly MBEDTLS_1_3='mbedtls-1.3.17' 9 | readonly SHA_256_1_3='f5beb43e850283915e3e0f8d37495eade3bfb5beedfb61e7b8da70d4c68edb82' 10 | readonly MBEDTLS_A=( "$MBEDTLS_2_3" "$MBEDTLS_2_1" "$MBEDTLS_1_3" ) 11 | readonly SHA_256_A=( "$SHA_256_2_3" "$SHA_256_2_1" "$SHA_256_1_3" ) 12 | readonly NO_TIME=1 13 | 14 | main() { 15 | # sudo apt-get install build-essential automake cmake wget 16 | 17 | echo -e " ************\n Please make sure to update the constants of scripts in the 'fuzz' folder!\n ************\n" 18 | 19 | for i in "${!MBEDTLS_A[@]}"; do 20 | # download if necessary 21 | wget -nc https://tls.mbed.org/download/"${MBEDTLS_A[$i]}${ARCHIVE_SUFFIX}" 22 | 23 | # validate the checksum of the code archives 24 | CHECKSUM=$(shasum -a 256 "${MBEDTLS_A[$i]}${ARCHIVE_SUFFIX}") 25 | 26 | if [[ "$CHECKSUM" != "${SHA_256_A[$i]} ${MBEDTLS_A[$i]}${ARCHIVE_SUFFIX}" ]]; then 27 | echo "Error: ${MBEDTLS_A[$i]}${ARCHIVE_SUFFIX} checksum check failed!" 28 | exit 1 29 | fi 30 | 31 | # extract archives 32 | tar xzf "${MBEDTLS_A[$i]}${ARCHIVE_SUFFIX}" 33 | 34 | VERSION='2' 35 | INCLUDE_DIR='mbedtls' 36 | 37 | if [[ "${MBEDTLS_A[$i]}" = "$MBEDTLS_1_3" ]]; then 38 | VERSION='1.3' 39 | INCLUDE_DIR='polarssl' 40 | fi 41 | 42 | # copy fuzzing code and configuration 43 | cp -R fuzz "${MBEDTLS_A[$i]}" 44 | cp "selftls-${VERSION}.c" "${MBEDTLS_A[$i]}/fuzz/selftls.c" 45 | 46 | # patch CMakeLists 47 | pushd "${MBEDTLS_A[$i]}" && patch -p1 < "../CMakeLists-${VERSION}.patch"; popd 48 | 49 | # make sure TLS time field is constant 50 | if [[ "$NO_TIME" = "1" ]]; then 51 | cp "config-${VERSION}.h" "${MBEDTLS_A[$i]}/include/${INCLUDE_DIR}/config.h" 52 | else 53 | pushd "${MBEDTLS_A[$i]}" && patch -p1 < "../time-${VERSION}.patch"; popd 54 | fi 55 | 56 | # compile the code 57 | pushd "${MBEDTLS_A[$i]}/fuzz" && ./compile.sh; popd 58 | done 59 | 60 | echo -e "\n ************\n If everything compiled correctly, go into one of the 'mbedtls-2.?.?/fuzz/' folders and run './fuzz.sh'\n ************" 61 | } 62 | 63 | main "$@" 64 | 65 | -------------------------------------------------------------------------------- /time-1.3.patch: -------------------------------------------------------------------------------- 1 | --- a/library/ssl_cli.c 2 | +++ b/library/ssl_cli.c 3 | @@ -551,7 +551,8 @@ static int ssl_write_client_hello( ssl_context *ssl ) 4 | buf[4], buf[5] ) ); 5 | 6 | #if defined(POLARSSL_HAVE_TIME) 7 | - t = time( NULL ); 8 | + /*t = time( NULL );*/ 9 | + t = 1; 10 | *p++ = (unsigned char)( t >> 24 ); 11 | *p++ = (unsigned char)( t >> 16 ); 12 | *p++ = (unsigned char)( t >> 8 ); 13 | --- a/library/ssl_srv.c 14 | +++ b/library/ssl_srv.c 15 | @@ -2099,7 +2099,8 @@ static int ssl_write_server_hello( ssl_context *ssl ) 16 | buf[4], buf[5] ) ); 17 | 18 | #if defined(POLARSSL_HAVE_TIME) 19 | - t = time( NULL ); 20 | + /*t = time( NULL );*/ 21 | + t = 1; 22 | *p++ = (unsigned char)( t >> 24 ); 23 | *p++ = (unsigned char)( t >> 16 ); 24 | *p++ = (unsigned char)( t >> 8 ); 25 | -------------------------------------------------------------------------------- /time-2.patch: -------------------------------------------------------------------------------- 1 | --- a/library/ssl_cli.c 2 | +++ b/library/ssl_cli.c 3 | @@ -490,7 +490,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) 4 | #endif 5 | 6 | #if defined(MBEDTLS_HAVE_TIME) 7 | - t = time( NULL ); 8 | + /*t = time( NULL );*/ 9 | + t = 1; 10 | *p++ = (unsigned char)( t >> 24 ); 11 | *p++ = (unsigned char)( t >> 16 ); 12 | *p++ = (unsigned char)( t >> 8 ); 13 | --- a/library/ssl_srv.c 14 | +++ b/library/ssl_srv.c 15 | @@ -2153,7 +2153,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) 16 | buf[4], buf[5] ) ); 17 | 18 | #if defined(MBEDTLS_HAVE_TIME) 19 | - t = time( NULL ); 20 | + /*t = time( NULL );*/ 21 | + t = 1; 22 | *p++ = (unsigned char)( t >> 24 ); 23 | *p++ = (unsigned char)( t >> 16 ); 24 | *p++ = (unsigned char)( t >> 8 ); 25 | --------------------------------------------------------------------------------