mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 23:55:36 +00:00
Merge remote-tracking branch 'origin/pr/585' into baremetal
This commit is contained in:
commit
01a8eb21d3
|
@ -41,6 +41,7 @@
|
||||||
/* mbed TLS feature support */
|
/* mbed TLS feature support */
|
||||||
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
|
||||||
#define MBEDTLS_SSL_PROTO_TLS1_2
|
#define MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
#define MBEDTLS_SSL_PROTO_TLS
|
||||||
|
|
||||||
/* mbed TLS modules */
|
/* mbed TLS modules */
|
||||||
#define MBEDTLS_AES_C
|
#define MBEDTLS_AES_C
|
||||||
|
|
|
@ -40,6 +40,7 @@
|
||||||
#define MBEDTLS_PKCS1_V15
|
#define MBEDTLS_PKCS1_V15
|
||||||
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||||
#define MBEDTLS_SSL_PROTO_TLS1_1
|
#define MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
#define MBEDTLS_SSL_PROTO_TLS
|
||||||
|
|
||||||
/* mbed TLS modules */
|
/* mbed TLS modules */
|
||||||
#define MBEDTLS_AES_C
|
#define MBEDTLS_AES_C
|
||||||
|
|
|
@ -47,6 +47,7 @@
|
||||||
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||||
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
#define MBEDTLS_SSL_PROTO_TLS1_2
|
#define MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
#define MBEDTLS_SSL_PROTO_TLS
|
||||||
|
|
||||||
/* mbed TLS modules */
|
/* mbed TLS modules */
|
||||||
#define MBEDTLS_AES_C
|
#define MBEDTLS_AES_C
|
||||||
|
|
|
@ -29,6 +29,7 @@
|
||||||
* Distinguishing features:
|
* Distinguishing features:
|
||||||
* - no RSA or classic DH, fully based on ECC
|
* - no RSA or classic DH, fully based on ECC
|
||||||
* - no X.509
|
* - no X.509
|
||||||
|
* - no TLS, only DTLS
|
||||||
* - support for experimental EC J-PAKE key exchange
|
* - support for experimental EC J-PAKE key exchange
|
||||||
*
|
*
|
||||||
* See README.txt for usage instructions.
|
* See README.txt for usage instructions.
|
||||||
|
|
|
@ -562,7 +562,12 @@
|
||||||
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
||||||
!defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
!defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
|
||||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2))
|
!defined(MBEDTLS_SSL_PROTO_TLS1_2))
|
||||||
#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
|
#error "MBEDTLS_SSL_TLS_C defined, but no protocol version is active"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_TLS_C) && \
|
||||||
|
( !defined(MBEDTLS_SSL_PROTO_TLS) && !defined(MBEDTLS_SSL_PROTO_DTLS) )
|
||||||
|
#error "MBEDTLS_SSL_TLS_C defined, but neither TLS or DTLS is active"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
|
||||||
|
|
|
@ -1453,7 +1453,7 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_PROTO_SSL3
|
* \def MBEDTLS_SSL_PROTO_SSL3
|
||||||
*
|
*
|
||||||
* Enable support for SSL 3.0.
|
* Enable support for SSL 3.0 (if TLS is enabled).
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_MD5_C
|
* Requires: MBEDTLS_MD5_C
|
||||||
* MBEDTLS_SHA1_C
|
* MBEDTLS_SHA1_C
|
||||||
|
@ -1465,7 +1465,7 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_PROTO_TLS1
|
* \def MBEDTLS_SSL_PROTO_TLS1
|
||||||
*
|
*
|
||||||
* Enable support for TLS 1.0.
|
* Enable support for TLS 1.0 (if TLS is enabled).
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_MD5_C
|
* Requires: MBEDTLS_MD5_C
|
||||||
* MBEDTLS_SHA1_C
|
* MBEDTLS_SHA1_C
|
||||||
|
@ -1477,7 +1477,8 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_PROTO_TLS1_1
|
* \def MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
*
|
*
|
||||||
* Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
|
* Enable support for TLS 1.1 (if TLS is enabled) and DTLS 1.0 (if DTLS is
|
||||||
|
* enabled).
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_MD5_C
|
* Requires: MBEDTLS_MD5_C
|
||||||
* MBEDTLS_SHA1_C
|
* MBEDTLS_SHA1_C
|
||||||
|
@ -1489,7 +1490,8 @@
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_PROTO_TLS1_2
|
* \def MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
*
|
*
|
||||||
* Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
|
* Enable support for TLS 1.2 (if TLS is enabled) and DTLS 1.2 (if DTLS is
|
||||||
|
* enabled).
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
|
* Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
|
||||||
* (Depends on ciphersuites)
|
* (Depends on ciphersuites)
|
||||||
|
@ -1503,8 +1505,10 @@
|
||||||
*
|
*
|
||||||
* Enable support for DTLS (all available versions).
|
* Enable support for DTLS (all available versions).
|
||||||
*
|
*
|
||||||
* Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
|
* Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2,
|
||||||
* and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
|
* and/or this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0.
|
||||||
|
*
|
||||||
|
* \see MBEDTLS_SSL_PROTO_TLS
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_SSL_PROTO_TLS1_1
|
* Requires: MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
* or MBEDTLS_SSL_PROTO_TLS1_2
|
* or MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
@ -1513,6 +1517,27 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_PROTO_DTLS
|
#define MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_SSL_PROTO_TLS
|
||||||
|
*
|
||||||
|
* Enable support for SSL/TLS (all available versions).
|
||||||
|
*
|
||||||
|
* Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable TLS 1.2;
|
||||||
|
* enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable TLS 1.1;
|
||||||
|
* enable this and MBEDTLS_SSL_PROTO_TLS1 to enable TLS 1.0;
|
||||||
|
* and/or this and MBEDTLS_SSL_PROTO_SSL3 to enable SSL 3.0 (deprecated).
|
||||||
|
*
|
||||||
|
* \see MBEDTLS_SSL_PROTO_DTLS
|
||||||
|
*
|
||||||
|
* Requires: MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
* or MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
* or MBEDTLS_SSL_PROTO_TLS1
|
||||||
|
* or MBEDTLS_SSL_PROTO_SSL3 (deprecated)
|
||||||
|
*
|
||||||
|
* Comment this macro to disable support for TLS
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_SSL_PROTO_TLS
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_ALPN
|
* \def MBEDTLS_SSL_ALPN
|
||||||
*
|
*
|
||||||
|
|
|
@ -1337,7 +1337,8 @@ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the transport type (TLS or DTLS).
|
* \brief Set the transport type (TLS or DTLS).
|
||||||
* Default: TLS
|
* Default: TLS if #MBEDTLS_SSL_PROTO_TLS is defined, else
|
||||||
|
* DTLS.
|
||||||
*
|
*
|
||||||
* \note For DTLS, you must either provide a recv callback that
|
* \note For DTLS, you must either provide a recv callback that
|
||||||
* doesn't block, or one that handles timeouts, see
|
* doesn't block, or one that handles timeouts, see
|
||||||
|
|
|
@ -264,6 +264,57 @@
|
||||||
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
|
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
|
||||||
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
|
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Helpers for code specific to TLS or DTLS.
|
||||||
|
*
|
||||||
|
* Goals for these helpers:
|
||||||
|
* - generate minimal code, eg don't test if mode is DTLS in a DTLS-only build
|
||||||
|
* - make the flow clear to the compiler, so that in TLS and DTLS combined
|
||||||
|
* builds, when there are two branches, it knows exactly one of them is taken
|
||||||
|
* - preserve readability
|
||||||
|
*
|
||||||
|
* There are three macros:
|
||||||
|
* - MBEDTLS_SSL_TRANSPORT_IS_TLS( transport )
|
||||||
|
* - MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport )
|
||||||
|
* - MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
|
*
|
||||||
|
* The first two are macros rather than static inline functions because some
|
||||||
|
* compilers (eg arm-none-eabi-gcc 5.4.1 20160919) don't propagate constants
|
||||||
|
* well enough for us with static inline functions.
|
||||||
|
*
|
||||||
|
* Usage 1 (can replace DTLS with TLS):
|
||||||
|
* #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
* if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
|
||||||
|
* // DTLS-specific code
|
||||||
|
* #endif
|
||||||
|
*
|
||||||
|
* Usage 2 (can swap DTLS and TLS);
|
||||||
|
* #if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
* if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
|
||||||
|
* // DTLS-specific code
|
||||||
|
* MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
|
* #endif
|
||||||
|
* #if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
* // TLS-specific code
|
||||||
|
* #endif
|
||||||
|
*/
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_PROTO_TLS) /* both */
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT__BOTH /* shortcut for future tests */
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_IS_TLS( transport ) \
|
||||||
|
( (transport) == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) \
|
||||||
|
( (transport) == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_ELSE else
|
||||||
|
#elif defined(MBEDTLS_SSL_PROTO_DTLS) /* DTLS only */
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_IS_TLS( transport ) 0
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) 1
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_ELSE /* empty: no other branch */
|
||||||
|
#else /* TLS only */
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_IS_TLS( transport ) 1
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) 0
|
||||||
|
#define MBEDTLS_SSL_TRANSPORT_ELSE /* empty: no other branch */
|
||||||
|
#endif /* TLS and/or DTLS */
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
@ -905,12 +956,14 @@ static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if !defined(MBEDTLS_SSL_PROTO__BOTH)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
|
||||||
return( 12 );
|
|
||||||
#else
|
|
||||||
((void) ssl);
|
((void) ssl);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
|
return( 12 );
|
||||||
|
#endif
|
||||||
return( 4 );
|
return( 4 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -452,7 +452,7 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
|
||||||
*/
|
*/
|
||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) ||
|
||||||
ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
|
ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
|
@ -734,7 +734,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
||||||
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
|
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->handshake->verify_cookie != NULL )
|
ssl->handshake->verify_cookie != NULL )
|
||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -785,7 +785,7 @@ static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_inf
|
||||||
return( 1 );
|
return( 1 );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
||||||
return( 1 );
|
return( 1 );
|
||||||
#endif
|
#endif
|
||||||
|
@ -926,7 +926,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
* DTLS cookie
|
* DTLS cookie
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
if( ssl->handshake->verify_cookie == NULL )
|
if( ssl->handshake->verify_cookie == NULL )
|
||||||
{
|
{
|
||||||
|
@ -1021,7 +1021,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
* an actual need for it.
|
* an actual need for it.
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
offer_compress = 0;
|
offer_compress = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1137,7 +1137,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
mbedtls_ssl_send_flight_completed( ssl );
|
mbedtls_ssl_send_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1148,7 +1148,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||||
|
@ -1252,7 +1252,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
||||||
size_t peer_cid_len;
|
size_t peer_cid_len;
|
||||||
|
|
||||||
if( /* CID extension only makes sense in DTLS */
|
if( /* CID extension only makes sense in DTLS */
|
||||||
ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
|
MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) ||
|
||||||
/* The server must only send the CID extension if we have offered it. */
|
/* The server must only send the CID extension if we have offered it. */
|
||||||
ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
|
ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
|
||||||
{
|
{
|
||||||
|
@ -1645,7 +1645,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
||||||
{
|
{
|
||||||
|
@ -1762,12 +1762,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
/* See comments in ssl_write_client_hello() */
|
/* See comments in ssl_write_client_hello() */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
accept_comp = MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport );
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
|
||||||
accept_comp = 0;
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
accept_comp = 1;
|
|
||||||
|
|
||||||
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
|
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
|
||||||
( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
|
( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
|
||||||
|
@ -3001,7 +2996,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
mbedtls_ssl_recv_flight_completed( ssl );
|
mbedtls_ssl_recv_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -3642,7 +3637,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
|
|
|
@ -441,7 +441,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
|
||||||
size_t peer_cid_len;
|
size_t peer_cid_len;
|
||||||
|
|
||||||
/* CID extension only makes sense in DTLS */
|
/* CID extension only makes sense in DTLS */
|
||||||
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
|
@ -899,7 +899,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
#endif
|
#endif
|
||||||
|
@ -1304,12 +1304,13 @@ read_record_header:
|
||||||
|
|
||||||
buf = ssl->in_hdr;
|
buf = ssl->in_hdr;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) && \
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) &&
|
||||||
#endif
|
( buf[0] & 0x80 ) != 0 )
|
||||||
if( ( buf[0] & 0x80 ) != 0 )
|
{
|
||||||
return( ssl_parse_client_hello_v2( ssl ) );
|
return( ssl_parse_client_hello_v2( ssl ) );
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
|
||||||
|
@ -1353,7 +1354,7 @@ read_record_header:
|
||||||
/* For DTLS if this is the initial handshake, remember the client sequence
|
/* For DTLS if this is the initial handshake, remember the client sequence
|
||||||
* number to use it in our next message (RFC 6347 4.2.1) */
|
* number to use it in our next message (RFC 6347 4.2.1) */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport )
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
|
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
|
||||||
#endif
|
#endif
|
||||||
|
@ -1407,13 +1408,19 @@ read_record_header:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Done reading this record, get ready for the next one */
|
/* Done reading this record, get ready for the next one */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
|
{
|
||||||
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
|
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
|
||||||
else
|
}
|
||||||
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
{
|
||||||
ssl->in_left = 0;
|
ssl->in_left = 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
buf = ssl->in_msg;
|
buf = ssl->in_msg;
|
||||||
|
@ -1456,7 +1463,7 @@ read_record_header:
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Copy the client's handshake message_seq on initial handshakes,
|
* Copy the client's handshake message_seq on initial handshakes,
|
||||||
|
@ -1595,7 +1602,7 @@ read_record_header:
|
||||||
* Check the cookie length and content
|
* Check the cookie length and content
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
cookie_offset = 35 + sess_len;
|
cookie_offset = 35 + sess_len;
|
||||||
cookie_len = buf[cookie_offset];
|
cookie_len = buf[cookie_offset];
|
||||||
|
@ -1650,9 +1657,13 @@ read_record_header:
|
||||||
*/
|
*/
|
||||||
ciph_offset = cookie_offset + 1 + cookie_len;
|
ciph_offset = cookie_offset + 1 + cookie_len;
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
{
|
||||||
ciph_offset = 35 + sess_len;
|
ciph_offset = 35 + sess_len;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
ciph_len = ( buf[ciph_offset + 0] << 8 )
|
ciph_len = ( buf[ciph_offset + 0] << 8 )
|
||||||
| ( buf[ciph_offset + 1] );
|
| ( buf[ciph_offset + 1] );
|
||||||
|
@ -1704,7 +1715,7 @@ read_record_header:
|
||||||
|
|
||||||
/* See comments in ssl_write_client_hello() */
|
/* See comments in ssl_write_client_hello() */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -2086,7 +2097,7 @@ have_ciphersuite:
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
mbedtls_ssl_recv_flight_completed( ssl );
|
mbedtls_ssl_recv_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -2521,7 +2532,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||||
|
@ -2547,7 +2558,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->handshake->verify_cookie_len != 0 )
|
ssl->handshake->verify_cookie_len != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
|
||||||
|
@ -3505,7 +3516,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
mbedtls_ssl_send_flight_completed( ssl );
|
mbedtls_ssl_send_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -3516,7 +3527,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||||
|
@ -4401,7 +4412,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
|
|
|
@ -61,12 +61,14 @@ static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
|
||||||
/* Length of the "epoch" field in the record header */
|
/* Length of the "epoch" field in the record header */
|
||||||
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
|
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
|
||||||
return( 2 );
|
|
||||||
#else
|
|
||||||
((void) ssl);
|
((void) ssl);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
|
return( 2 );
|
||||||
|
#endif
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -135,7 +137,7 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
|
||||||
unsigned char const *own_cid,
|
unsigned char const *own_cid,
|
||||||
size_t own_cid_len )
|
size_t own_cid_len )
|
||||||
{
|
{
|
||||||
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
ssl->negotiate_cid = enable;
|
ssl->negotiate_cid = enable;
|
||||||
|
@ -170,7 +172,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
*enabled = MBEDTLS_SSL_CID_DISABLED;
|
*enabled = MBEDTLS_SSL_CID_DISABLED;
|
||||||
|
|
||||||
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) ||
|
||||||
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
|
ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
@ -3023,7 +3025,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
uint32_t timeout;
|
uint32_t timeout;
|
||||||
|
|
||||||
|
@ -3164,8 +3166,9 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
|
|
||||||
ssl->in_left = ret;
|
ssl->in_left = ret;
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
|
@ -3212,6 +3215,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
ssl->in_left += ret;
|
ssl->in_left += ret;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
|
||||||
|
|
||||||
|
@ -3267,15 +3271,17 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
ssl->out_hdr = ssl->out_buf;
|
ssl->out_hdr = ssl->out_buf;
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
{
|
||||||
ssl->out_hdr = ssl->out_buf + 8;
|
ssl->out_hdr = ssl->out_buf + 8;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
ssl_update_out_pointers( ssl, ssl->transform_out );
|
ssl_update_out_pointers( ssl, ssl->transform_out );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
|
||||||
|
@ -3686,7 +3692,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->handshake != NULL &&
|
ssl->handshake != NULL &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
|
@ -3729,7 +3735,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
* uint24 fragment_length;
|
* uint24 fragment_length;
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
/* Make room for the additional DTLS fields */
|
/* Make room for the additional DTLS fields */
|
||||||
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
|
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
|
||||||
|
@ -3771,7 +3777,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
/* Either send now, or just save to be sent (and resent) later */
|
/* Either send now, or just save to be sent (and resent) later */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||||
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
|
hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) )
|
||||||
{
|
{
|
||||||
|
@ -3909,7 +3915,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
/* In case of DTLS, double-check that we don't exceed
|
/* In case of DTLS, double-check that we don't exceed
|
||||||
* the remaining space in the datagram. */
|
* the remaining space in the datagram. */
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
ret = ssl_get_remaining_space_in_datagram( ssl );
|
ret = ssl_get_remaining_space_in_datagram( ssl );
|
||||||
if( ret < 0 )
|
if( ret < 0 )
|
||||||
|
@ -3951,7 +3957,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
flush == SSL_DONT_FORCE_FLUSH )
|
flush == SSL_DONT_FORCE_FLUSH )
|
||||||
{
|
{
|
||||||
size_t remaining;
|
size_t remaining;
|
||||||
|
@ -4135,7 +4141,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
|
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
|
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
|
||||||
|
@ -4199,14 +4205,18 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
|
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
/* With TLS we don't handle fragmentation (for now) */
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
if( ssl->in_msglen < ssl->in_hslen )
|
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
|
/* With TLS we don't handle fragmentation (for now) */
|
||||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
if( ssl->in_msglen < ssl->in_hslen )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
|
||||||
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -4222,7 +4232,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
/* Handshake message is complete, increment counter */
|
/* Handshake message is complete, increment counter */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->handshake != NULL )
|
ssl->handshake != NULL )
|
||||||
{
|
{
|
||||||
unsigned offset;
|
unsigned offset;
|
||||||
|
@ -4574,7 +4584,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
/* Check record type */
|
/* Check record type */
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_CID &&
|
ssl->in_msgtype == MBEDTLS_SSL_MSG_CID &&
|
||||||
ssl->conf->cid_len != 0 )
|
ssl->conf->cid_len != 0 )
|
||||||
{
|
{
|
||||||
|
@ -4602,13 +4612,15 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
/* Silently ignore invalid DTLS records as recommended by RFC 6347
|
/* Silently ignore invalid DTLS records as recommended by RFC 6347
|
||||||
* Section 4.1.2.7 */
|
* Section 4.1.2.7, that is, send alert only with TLS */
|
||||||
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
{
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
|
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
@ -4669,7 +4681,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
||||||
* record leads to the entire datagram being dropped.
|
* record leads to the entire datagram being dropped.
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
|
||||||
|
|
||||||
|
@ -4904,26 +4916,23 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
|
||||||
else
|
else
|
||||||
ssl->nb_zero = 0;
|
ssl->nb_zero = 0;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
/* Only needed for TLS, as with DTLS in_ctr is read from the header */
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
|
||||||
; /* in_ctr read from peer, not maintained internally */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
unsigned i;
|
unsigned i;
|
||||||
for( i = 8; i > ssl_ep_len( ssl ); i-- )
|
for( i = 8; i > 0; i-- )
|
||||||
if( ++ssl->in_ctr[i - 1] != 0 )
|
if( ++ssl->in_ctr[i - 1] != 0 )
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/* The loop goes to its end iff the counter is wrapping */
|
/* The loop goes to its end only if the counter is wrapping around */
|
||||||
if( i == ssl_ep_len( ssl ) )
|
if( i == 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
|
||||||
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
|
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4940,7 +4949,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_ZLIB_SUPPORT */
|
#endif /* MBEDTLS_ZLIB_SUPPORT */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_dtls_replay_update( ssl );
|
mbedtls_ssl_dtls_replay_update( ssl );
|
||||||
}
|
}
|
||||||
|
@ -4986,7 +4995,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
/* We only check for buffered messages if the
|
/* We only check for buffered messages if the
|
||||||
* current datagram is fully consumed. */
|
* current datagram is fully consumed. */
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl_next_record_is_in_datagram( ssl ) == 0 )
|
ssl_next_record_is_in_datagram( ssl ) == 0 )
|
||||||
{
|
{
|
||||||
if( ssl_load_buffered_message( ssl ) == 0 )
|
if( ssl_load_buffered_message( ssl ) == 0 )
|
||||||
|
@ -5509,7 +5518,7 @@ static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
|
||||||
size_t rec_len;
|
size_t rec_len;
|
||||||
unsigned rec_epoch;
|
unsigned rec_epoch;
|
||||||
|
|
||||||
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
if( hs == NULL )
|
if( hs == NULL )
|
||||||
|
@ -5647,7 +5656,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||||
if( ( ret = ssl_parse_record_header( ssl ) ) != 0 )
|
if( ( ret = ssl_parse_record_header( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
|
ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
|
||||||
{
|
{
|
||||||
if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
|
if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
|
||||||
|
@ -5698,7 +5707,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
/* Done reading this record, get ready for the next one */
|
/* Done reading this record, get ready for the next one */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
|
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
|
||||||
if( ssl->next_record_offset < ssl->in_left )
|
if( ssl->next_record_offset < ssl->in_left )
|
||||||
|
@ -5706,14 +5715,18 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
{
|
||||||
ssl->in_left = 0;
|
ssl->in_left = 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
|
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
/* Silently discard invalid records */
|
/* Silently discard invalid records */
|
||||||
if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
|
if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
|
||||||
|
@ -5756,8 +5769,9 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
{
|
||||||
/* Error out (and send alert) on invalid records */
|
/* Error out (and send alert) on invalid records */
|
||||||
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
|
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
|
||||||
|
@ -5770,6 +5784,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
}
|
}
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -5807,7 +5822,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
|
ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
|
||||||
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
|
ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
|
||||||
{
|
{
|
||||||
|
@ -5882,7 +5897,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
/* Drop unexpected ApplicationData records,
|
/* Drop unexpected ApplicationData records,
|
||||||
* except at the beginning of renegotiations */
|
* except at the beginning of renegotiations */
|
||||||
|
@ -6655,7 +6670,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
|
||||||
ssl->session_in = ssl->session_negotiate;
|
ssl->session_in = ssl->session_negotiate;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||||
ssl_dtls_replay_reset( ssl );
|
ssl_dtls_replay_reset( ssl );
|
||||||
|
@ -6670,9 +6685,13 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
|
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
memset( ssl->in_ctr, 0, 8 );
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
{
|
||||||
|
memset( ssl->in_ctr, 0, 8 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
ssl_update_in_pointers( ssl );
|
ssl_update_in_pointers( ssl );
|
||||||
|
|
||||||
|
@ -7100,7 +7119,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->handshake->flight != NULL )
|
ssl->handshake->flight != NULL )
|
||||||
{
|
{
|
||||||
/* Cancel handshake timer */
|
/* Cancel handshake timer */
|
||||||
|
@ -7171,7 +7190,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
unsigned char i;
|
unsigned char i;
|
||||||
|
|
||||||
|
@ -7194,9 +7213,13 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
|
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
memset( ssl->cur_out_ctr, 0, 8 );
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
{
|
||||||
|
memset( ssl->cur_out_ctr, 0, 8 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
ssl->transform_out = ssl->transform_negotiate;
|
ssl->transform_out = ssl->transform_negotiate;
|
||||||
ssl->session_out = ssl->session_negotiate;
|
ssl->session_out = ssl->session_negotiate;
|
||||||
|
@ -7213,7 +7236,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
mbedtls_ssl_send_flight_completed( ssl );
|
mbedtls_ssl_send_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -7224,7 +7247,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
|
||||||
|
@ -7313,7 +7336,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
mbedtls_ssl_recv_flight_completed( ssl );
|
mbedtls_ssl_recv_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -7445,7 +7468,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
||||||
ssl_handshake_params_init( ssl->handshake );
|
ssl_handshake_params_init( ssl->handshake );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
ssl->handshake->alt_transform_out = ssl->transform_out;
|
ssl->handshake->alt_transform_out = ssl->transform_out;
|
||||||
|
|
||||||
|
@ -7502,7 +7525,7 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
|
||||||
mbedtls_ssl_transform *transform )
|
mbedtls_ssl_transform *transform )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
ssl->out_ctr = ssl->out_hdr + 3;
|
ssl->out_ctr = ssl->out_hdr + 3;
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
|
@ -7515,8 +7538,9 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
ssl->out_iv = ssl->out_len + 2;
|
ssl->out_iv = ssl->out_len + 2;
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
{
|
||||||
ssl->out_ctr = ssl->out_hdr - 8;
|
ssl->out_ctr = ssl->out_hdr - 8;
|
||||||
ssl->out_len = ssl->out_hdr + 3;
|
ssl->out_len = ssl->out_hdr + 3;
|
||||||
|
@ -7525,6 +7549,7 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
|
||||||
#endif
|
#endif
|
||||||
ssl->out_iv = ssl->out_hdr + 5;
|
ssl->out_iv = ssl->out_hdr + 5;
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
/* Adjust out_msg to make space for explicit IV, if used. */
|
/* Adjust out_msg to make space for explicit IV, if used. */
|
||||||
if( transform != NULL &&
|
if( transform != NULL &&
|
||||||
|
@ -7557,7 +7582,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
/* This sets the header pointers to match records
|
/* This sets the header pointers to match records
|
||||||
* without CID. When we receive a record containing
|
* without CID. When we receive a record containing
|
||||||
|
@ -7572,8 +7597,9 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
|
||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
ssl->in_iv = ssl->in_len + 2;
|
ssl->in_iv = ssl->in_len + 2;
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
{
|
||||||
ssl->in_ctr = ssl->in_hdr - 8;
|
ssl->in_ctr = ssl->in_hdr - 8;
|
||||||
ssl->in_len = ssl->in_hdr + 3;
|
ssl->in_len = ssl->in_hdr + 3;
|
||||||
|
@ -7582,6 +7608,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
|
||||||
#endif
|
#endif
|
||||||
ssl->in_iv = ssl->in_hdr + 5;
|
ssl->in_iv = ssl->in_hdr + 5;
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
/* This will be adjusted at record decryption time. */
|
/* This will be adjusted at record decryption time. */
|
||||||
ssl->in_msg = ssl->in_iv;
|
ssl->in_msg = ssl->in_iv;
|
||||||
|
@ -7603,17 +7630,19 @@ static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
/* Set the incoming and outgoing record pointers. */
|
/* Set the incoming and outgoing record pointers. */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
ssl->out_hdr = ssl->out_buf;
|
ssl->out_hdr = ssl->out_buf;
|
||||||
ssl->in_hdr = ssl->in_buf;
|
ssl->in_hdr = ssl->in_buf;
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
{
|
||||||
ssl->out_hdr = ssl->out_buf + 8;
|
ssl->out_hdr = ssl->out_buf + 8;
|
||||||
ssl->in_hdr = ssl->in_buf + 8;
|
ssl->in_hdr = ssl->in_buf + 8;
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
/* Derive other internal pointers. */
|
/* Derive other internal pointers. */
|
||||||
ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
|
ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
|
||||||
|
@ -8539,7 +8568,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->in_left > ssl->next_record_offset )
|
ssl->in_left > ssl->next_record_offset )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) );
|
||||||
|
@ -8598,7 +8627,7 @@ const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
|
||||||
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
|
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
switch( ssl->minor_ver )
|
switch( ssl->minor_ver )
|
||||||
{
|
{
|
||||||
|
@ -9393,7 +9422,7 @@ static int ssl_start_renegotiation( mbedtls_ssl_context *ssl )
|
||||||
/* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
|
/* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
|
||||||
* the ServerHello will have message_seq = 1" */
|
* the ServerHello will have message_seq = 1" */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
||||||
{
|
{
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||||
|
@ -9519,7 +9548,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -9620,7 +9649,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
|
|
||||||
/* With DTLS, drop the packet (probably from last handshake) */
|
/* With DTLS, drop the packet (probably from last handshake) */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -9637,7 +9666,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
|
|
||||||
/* With DTLS, drop the packet (probably from last handshake) */
|
/* With DTLS, drop the packet (probably from last handshake) */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -9659,7 +9688,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
||||||
|
|
||||||
/* DTLS clients need to know renego is server-initiated */
|
/* DTLS clients need to know renego is server-initiated */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
{
|
{
|
||||||
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
|
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
|
||||||
|
@ -9836,16 +9865,20 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||||
if( len > max_len )
|
if( len > max_len )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
|
||||||
"maximum fragment length: %d > %d",
|
"maximum fragment length: %d > %d",
|
||||||
len, max_len ) );
|
len, max_len ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
{
|
||||||
len = max_len;
|
len = max_len;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->out_left != 0 )
|
if( ssl->out_left != 0 )
|
||||||
|
@ -10259,6 +10292,10 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||||
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
|
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
|
||||||
{
|
{
|
||||||
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
|
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
conf->transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
|
@ -10434,7 +10471,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
|
||||||
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
|
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -10807,8 +10844,12 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||||
void mbedtls_ssl_write_version( int major, int minor, int transport,
|
void mbedtls_ssl_write_version( int major, int minor, int transport,
|
||||||
unsigned char ver[2] )
|
unsigned char ver[2] )
|
||||||
{
|
{
|
||||||
|
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
|
||||||
|
((void) transport);
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
|
||||||
{
|
{
|
||||||
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
|
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||||
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
|
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
|
||||||
|
@ -10816,21 +10857,25 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
|
||||||
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
|
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
|
||||||
ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
|
ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#else
|
|
||||||
((void) transport);
|
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
{
|
||||||
ver[0] = (unsigned char) major;
|
ver[0] = (unsigned char) major;
|
||||||
ver[1] = (unsigned char) minor;
|
ver[1] = (unsigned char) minor;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
||||||
const unsigned char ver[2] )
|
const unsigned char ver[2] )
|
||||||
{
|
{
|
||||||
|
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
|
||||||
|
((void) transport);
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
|
||||||
{
|
{
|
||||||
*major = 255 - ver[0] + 2;
|
*major = 255 - ver[0] + 2;
|
||||||
*minor = 255 - ver[1] + 1;
|
*minor = 255 - ver[1] + 1;
|
||||||
|
@ -10838,14 +10883,14 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
||||||
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
|
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||||
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
|
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
|
||||||
}
|
}
|
||||||
else
|
MBEDTLS_SSL_TRANSPORT_ELSE
|
||||||
#else
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
((void) transport);
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
*major = ver[0];
|
*major = ver[0];
|
||||||
*minor = ver[1];
|
*minor = ver[1];
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||||
|
|
|
@ -486,6 +486,9 @@ static const char *features[] = {
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
"MBEDTLS_SSL_PROTO_DTLS",
|
"MBEDTLS_SSL_PROTO_DTLS",
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
"MBEDTLS_SSL_PROTO_TLS",
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
"MBEDTLS_SSL_ALPN",
|
"MBEDTLS_SSL_ALPN",
|
||||||
#endif /* MBEDTLS_SSL_ALPN */
|
#endif /* MBEDTLS_SSL_ALPN */
|
||||||
|
|
|
@ -1338,6 +1338,14 @@ int query_config( const char *config )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
|
if( strcmp( "MBEDTLS_SSL_PROTO_TLS", config ) == 0 )
|
||||||
|
{
|
||||||
|
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_TLS */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
if( strcmp( "MBEDTLS_SSL_ALPN", config ) == 0 )
|
if( strcmp( "MBEDTLS_SSL_ALPN", config ) == 0 )
|
||||||
{
|
{
|
||||||
|
|
|
@ -43,14 +43,15 @@
|
||||||
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
|
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
|
||||||
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
|
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
|
||||||
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
|
!defined(MBEDTLS_CERTS_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
|
||||||
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
|
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
|
||||||
|
!defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
int main( void )
|
int main( void )
|
||||||
{
|
{
|
||||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||||
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
|
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
|
||||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or"
|
||||||
"not defined.\n");
|
"MBEDTLS_SSL_PROTO_TLS not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -223,7 +223,7 @@ int main( void )
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
#define USAGE_DTLS \
|
#define USAGE_DTLS \
|
||||||
" dtls=%%d default: 0 (TLS)\n" \
|
" dtls=%%d default: 0 (TLS) (if both enabled)\n" \
|
||||||
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
|
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
|
||||||
" range of DTLS handshake timeouts in millisecs\n" \
|
" range of DTLS handshake timeouts in millisecs\n" \
|
||||||
" mtu=%%d default: (library default: unlimited)\n" \
|
" mtu=%%d default: (library default: unlimited)\n" \
|
||||||
|
|
|
@ -43,7 +43,8 @@
|
||||||
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
|
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
|
||||||
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
||||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
|
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_TIMING_C) || \
|
||||||
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C)
|
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_PEM_PARSE_C) || \
|
||||||
|
!defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
int main( int argc, char *argv[] )
|
int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
((void) argc);
|
((void) argc);
|
||||||
|
@ -53,7 +54,8 @@ int main( int argc, char *argv[] )
|
||||||
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||||
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C and/or "
|
||||||
|
"MBEDTLS_SSL_PROTO_TLS not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#elif defined(_WIN32)
|
#elif defined(_WIN32)
|
||||||
|
|
|
@ -48,14 +48,14 @@
|
||||||
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
|
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
|
||||||
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
|
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
|
||||||
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
|
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
|
||||||
!defined(MBEDTLS_FS_IO)
|
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
int main( void )
|
int main( void )
|
||||||
{
|
{
|
||||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||||
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
|
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
|
||||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||||
"not defined.\n");
|
"MBEDTLS_SSL_PROTO_TLS not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
||||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||||
!defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
|
!defined(MBEDTLS_THREADING_C) || !defined(MBEDTLS_THREADING_PTHREAD) || \
|
||||||
!defined(MBEDTLS_PEM_PARSE_C)
|
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
int main( void )
|
int main( void )
|
||||||
{
|
{
|
||||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
|
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
|
||||||
|
@ -53,7 +53,8 @@ int main( void )
|
||||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||||
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
|
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
|
||||||
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
"and/or MBEDTLS_PEM_PARSE_C and/or "
|
||||||
|
"MBEDTLS_SSL_PROTO_TLS not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -44,14 +44,15 @@
|
||||||
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
|
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
|
||||||
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
||||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||||
!defined(MBEDTLS_PEM_PARSE_C)
|
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
int main( void )
|
int main( void )
|
||||||
{
|
{
|
||||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
|
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_CERTS_C and/or MBEDTLS_ENTROPY_C "
|
||||||
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
|
||||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||||
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
|
||||||
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
|
"and/or MBEDTLS_PEM_PARSE_C and/or "
|
||||||
|
"MBEDTLS_SSL_PROTO_TLS not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -329,7 +329,7 @@ int main( void )
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
#define USAGE_DTLS \
|
#define USAGE_DTLS \
|
||||||
" dtls=%%d default: 0 (TLS)\n" \
|
" dtls=%%d default: 0 (TLS) (if both enabled)\n" \
|
||||||
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
|
" hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
|
||||||
" range of DTLS handshake timeouts in millisecs\n" \
|
" range of DTLS handshake timeouts in millisecs\n" \
|
||||||
" mtu=%%d default: (library default: unlimited)\n" \
|
" mtu=%%d default: (library default: unlimited)\n" \
|
||||||
|
|
Loading…
Reference in a new issue