diff --git a/configs/baremetal.h b/configs/baremetal.h index ed5bdd951..2e92e76ac 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -60,7 +60,7 @@ /* Key exchanges */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 -#define MBEDTLS_SSL_SINGLE_CIPHERSUITE MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 +#define MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 /* Digests - just SHA-256 */ #define MBEDTLS_MD_C diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2b7e9da1a..8290c516d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3650,7 +3650,7 @@ * * If this option is set, the API mbedtls_ssl_conf_ciphersuites() is removed. */ -//#define MBEDTLS_SSL_SINGLE_CIPHERSUITE MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 +//#define MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 /* \} SECTION: Compile-time SSL configuration */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index daa9d746f..0a1d9d542 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -923,9 +923,9 @@ struct mbedtls_ssl_session #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t start; /*!< starting time */ #endif -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) int ciphersuite; /*!< chosen ciphersuite */ -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ int compression; /*!< chosen compression */ size_t id_len; /*!< session id length */ unsigned char id[32]; /*!< session identifier */ @@ -974,9 +974,9 @@ struct mbedtls_ssl_config * Pointers */ -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version */ -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ /** Callback for printing debug output */ void (*f_dbg)(void *, int, const char *, int, const char *); @@ -2470,7 +2470,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, */ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ); -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) /** * \brief Set the list of allowed ciphersuites and the preference * order. First in the list has the highest preference. @@ -2485,7 +2485,7 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co * * \note On constrained systems, support for a single ciphersuite * (in all versions) can be fixed at compile-time through - * the configuration option MBEDTLS_SSL_SINGLE_CIPHERSUITE. + * the configuration option MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE. * * \param conf SSL configuration * \param ciphersuites 0-terminated list of allowed ciphersuites @@ -2514,12 +2514,12 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, * * \note On constrained systems, support for a single ciphersuite * (in all versions) can be fixed at compile-time through - * the configuration option MBEDTLS_SSL_SINGLE_CIPHERSUITE. + * the configuration option MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE. */ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor ); -#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 #define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1 diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index c8cfacde2..281caa69b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -351,8 +351,8 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; /* Wrapper around MBEDTLS_SSL_SUITE_XXX_T() which makes sure that * the argument is macro-expanded before concatenated with the * field name. This allows to call these macros as - * MBEDTLS_SSL_SUITE_XXX( MBEDTLS_SSL_SINGLE_CIPHERSUITE ), - * where MBEDTLS_SSL_SINGLE_CIPHERSUITE expands to MBEDTLS_SSL_SUITE_XXX. */ + * MBEDTLS_SSL_SUITE_XXX( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ), + * where MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE expands to MBEDTLS_SSL_SUITE_XXX. */ #define MBEDTLS_SSL_SUITE_ID( SUITE ) MBEDTLS_SSL_SUITE_ID_T( SUITE ) #define MBEDTLS_SSL_SUITE_NAME( SUITE ) MBEDTLS_SSL_SUITE_NAME_T( SUITE ) #define MBEDTLS_SSL_SUITE_CIPHER( SUITE ) MBEDTLS_SSL_SUITE_CIPHER_T( SUITE ) @@ -364,7 +364,7 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; #define MBEDTLS_SSL_SUITE_MAX_MINOR_VER( SUITE ) MBEDTLS_SSL_SUITE_MAX_MINOR_VER_T( SUITE ) #define MBEDTLS_SSL_SUITE_FLAGS( SUITE ) MBEDTLS_SSL_SUITE_FLAGS_T( SUITE ) -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) /** * \brief This structure is used for storing ciphersuite information */ @@ -404,13 +404,13 @@ typedef mbedtls_ssl_ciphersuite_t const * mbedtls_ssl_ciphersuite_handle_t; MBEDTLS_SSL_SUITE_MAX_MINOR_VER( SUITE ), \ MBEDTLS_SSL_SUITE_FLAGS( SUITE ) } -#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#else /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ typedef unsigned char mbedtls_ssl_ciphersuite_handle_t; #define MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE ( (mbedtls_ssl_ciphersuite_handle_t) 0 ) #define MBEDTLS_SSL_CIPHERSUITE_UNIQUE_VALID_HANDLE ( (mbedtls_ssl_ciphersuite_handle_t) 1 ) -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ /* * Getter functions for the extraction of ciphersuite attributes @@ -421,7 +421,7 @@ typedef unsigned char mbedtls_ssl_ciphersuite_handle_t; * is passed. */ -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) /* * Implementation of getter functions when the ciphersuite handle * is a pointer to the ciphersuite information structure. @@ -479,7 +479,7 @@ static inline unsigned char mbedtls_ssl_suite_get_flags( { return( info->flags ); } -#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#else /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ /* * Implementations of getter functions in the case of only * a single possible ciphersuite. In this case, the handle @@ -493,63 +493,63 @@ static inline int mbedtls_ssl_suite_get_id( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline const char* mbedtls_ssl_suite_get_name( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline mbedtls_cipher_type_t mbedtls_ssl_suite_get_cipher( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_CIPHER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_CIPHER( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline mbedtls_md_type_t mbedtls_ssl_suite_get_mac( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_MAC( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_MAC( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline mbedtls_key_exchange_type_t mbedtls_ssl_suite_get_key_exchange( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_KEY_EXCHANGE( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_KEY_EXCHANGE( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline int mbedtls_ssl_suite_get_min_major_ver( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_MIN_MAJOR_VER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_MIN_MAJOR_VER( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline int mbedtls_ssl_suite_get_min_minor_ver( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_MIN_MINOR_VER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_MIN_MINOR_VER( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline int mbedtls_ssl_suite_get_max_major_ver( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_MAX_MAJOR_VER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_MAX_MAJOR_VER( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline int mbedtls_ssl_suite_get_max_minor_ver( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_MAX_MINOR_VER( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_MAX_MINOR_VER( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } static inline unsigned char mbedtls_ssl_suite_get_flags( mbedtls_ssl_ciphersuite_handle_t const info ) { ((void) info); - return( MBEDTLS_SSL_SUITE_FLAGS( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_FLAGS( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ static inline int mbedtls_ssl_ciphersuite_has_pfs( mbedtls_ssl_ciphersuite_handle_t info ) @@ -681,20 +681,20 @@ static inline int mbedtls_ssl_ciphersuite_uses_server_signature( } } -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) static inline int mbedtls_ssl_session_get_ciphersuite( mbedtls_ssl_session const * session ) { return( session->ciphersuite ); } -#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#else /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ static inline int mbedtls_ssl_session_get_ciphersuite( mbedtls_ssl_session const * session ) { ((void) session); - return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); } -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ const int *mbedtls_ssl_list_ciphersuites( void ); diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 0dbf60ec7..a4d4eea14 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -501,9 +501,9 @@ struct mbedtls_ssl_handshake_params const unsigned char *, size_t, unsigned char *, size_t); -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) mbedtls_ssl_ciphersuite_handle_t ciphersuite_info; -#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ size_t pmslen; /*!< premaster length */ @@ -558,20 +558,20 @@ static inline int mbedtls_ssl_hs_get_extended_ms( } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) static inline mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_handshake_get_ciphersuite( mbedtls_ssl_handshake_params const *handshake ) { return( handshake->ciphersuite_info ); } -#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#else /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ static inline mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_handshake_get_ciphersuite( mbedtls_ssl_handshake_params const *handshake ) { ((void) handshake); return( MBEDTLS_SSL_CIPHERSUITE_UNIQUE_VALID_HANDLE ); } -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; @@ -1454,7 +1454,7 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced( * instantiation in case a single ciphersuite is enabled at * compile-time. */ -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) #define MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, ver, info ) \ { \ @@ -1472,7 +1472,7 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced( } \ } -#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#else /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #define MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, ver, info ) \ { \ @@ -1482,6 +1482,6 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced( #define MBEDTLS_SSL_END_FOR_EACH_CIPHERSUITE \ } -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #endif /* ssl_internal.h */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index d37d7a2e7..58e91796c 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -54,7 +54,7 @@ */ static const int ciphersuite_preference[] = { -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) #if defined(MBEDTLS_SSL_CIPHERSUITES) MBEDTLS_SSL_CIPHERSUITES, #else @@ -312,13 +312,13 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_PSK_WITH_NULL_SHA, #endif /* MBEDTLS_SSL_CIPHERSUITES */ -#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ - MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ), -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#else /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ + MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ), +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ 0 }; -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = { #if defined(MBEDTLS_CHACHAPOLY_C) && \ @@ -2171,9 +2171,9 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, 0, 0, 0, 0, 0 } }; -#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ -#if defined(MBEDTLS_SSL_CIPHERSUITES) || defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if defined(MBEDTLS_SSL_CIPHERSUITES) || defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) const int *mbedtls_ssl_list_ciphersuites( void ) { return( ciphersuite_preference ); @@ -2232,9 +2232,9 @@ const int *mbedtls_ssl_list_ciphersuites( void ) return( supported_ciphersuites ); } -#endif /* !( MBEDTLS_SSL_CIPHERSUITES || MBEDTLS_SSL_SINGLE_CIPHERSUITE ) */ +#endif /* !( MBEDTLS_SSL_CIPHERSUITES || MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) */ -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name ) { @@ -2293,13 +2293,13 @@ int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ) return( cur->id ); } -#else /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#else /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name ) { static const char * const single_suite_name = - MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_SINGLE_CIPHERSUITE ); + MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ); if( strcmp( ciphersuite_name, single_suite_name ) == 0 ) return( MBEDTLS_SSL_CIPHERSUITE_UNIQUE_VALID_HANDLE ); @@ -2310,7 +2310,7 @@ mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_ciphersuite_from_string( mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_ciphersuite_from_id( int ciphersuite ) { static const int single_suite_id = - MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ); + MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ); if( ciphersuite == single_suite_id ) return( MBEDTLS_SSL_CIPHERSUITE_UNIQUE_VALID_HANDLE ); @@ -2321,10 +2321,10 @@ mbedtls_ssl_ciphersuite_handle_t mbedtls_ssl_ciphersuite_from_id( int ciphersuit const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ) { static const int single_suite_id = - MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ); + MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ); if( ciphersuite_id == single_suite_id ) - return( MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); return( NULL ); } @@ -2332,15 +2332,15 @@ const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ) int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ) { static const char * const single_suite_name = - MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_SINGLE_CIPHERSUITE ); + MBEDTLS_SSL_SUITE_NAME( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ); if( strcmp( ciphersuite_name, single_suite_name ) == 0 ) - return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ); + return( MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ); return( 0 ); } -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_PK_C) mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( mbedtls_ssl_ciphersuite_handle_t info ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index f4d51dc99..8774003be 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1816,7 +1816,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) * Initialize update checksum functions */ server_suite_info = mbedtls_ssl_ciphersuite_from_id( i ); -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) ssl->handshake->ciphersuite_info = server_suite_info; #endif if( server_suite_info == MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE ) @@ -1874,9 +1874,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) ssl->session_negotiate->start = mbedtls_time( NULL ); #endif -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) ssl->session_negotiate->ciphersuite = i; -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ ssl->session_negotiate->compression = comp; ssl->session_negotiate->id_len = n; memcpy( ssl->session_negotiate->id, buf + 35, n ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index a97bc3a3a..4ebd834cb 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1037,7 +1037,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) size_t n; unsigned int ciph_len, sess_len, chal_len; unsigned char *buf, *p; -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) mbedtls_ssl_ciphersuite_handle_t ciphersuite_info; #endif @@ -1258,7 +1258,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) if( ssl_ciphersuite_is_match( ssl, cur_info, NULL ) ) { -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) ciphersuite_info = cur_info; #endif goto have_ciphersuite_v2; @@ -1293,7 +1293,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) have_ciphersuite_v2: -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) ssl->session_negotiate->ciphersuite = mbedtls_ssl_suite_get_id( ciphersuite_info ); ssl->handshake->ciphersuite_info = ciphersuite_info; @@ -1346,7 +1346,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) #endif int handshake_failure = 0; -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) mbedtls_ssl_ciphersuite_handle_t ciphersuite_info; #endif int major, minor; @@ -2182,9 +2182,9 @@ read_record_header: if( ssl_ciphersuite_is_match( ssl, cur_info, acceptable_ec_grp_ids) ) { -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) ciphersuite_info = cur_info; -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ goto have_ciphersuite; } @@ -2221,11 +2221,11 @@ read_record_header: have_ciphersuite: -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) ssl->session_negotiate->ciphersuite = mbedtls_ssl_suite_get_id( ciphersuite_info ); ssl->handshake->ciphersuite_info = ciphersuite_info; -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", mbedtls_ssl_get_ciphersuite_name( diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ab48cc4db..e63c6880b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8323,7 +8323,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session } #endif /* MBEDTLS_SSL_CLI_C && !MBEDTLS_SSL_NO_SESSION_RESUMPTION */ -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, const int *ciphersuites ) { @@ -8345,7 +8345,7 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, conf->ciphersuite_list[minor] = ciphersuites; } -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, @@ -9591,11 +9591,11 @@ static int ssl_session_load( mbedtls_ssl_session *session, ciphersuite = ( p[0] << 8 ) | p[1]; p += 2; -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) session->ciphersuite = ciphersuite; #else if( ciphersuite != - MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_SINGLE_CIPHERSUITE ) ) + MBEDTLS_SSL_SUITE_ID( MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE ) ) { return( MBEDTLS_ERR_SSL_VERSION_MISMATCH ); } @@ -10822,13 +10822,13 @@ static int ssl_preset_default_hashes[] = { }; #endif -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) static int ssl_preset_suiteb_ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0 }; -#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) static int ssl_preset_suiteb_hashes[] = { @@ -10964,13 +10964,13 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ssl_preset_suiteb_ciphersuites; -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; @@ -11005,13 +11005,13 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; #endif -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = mbedtls_ssl_list_ciphersuites(); -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) conf->cert_profile = &mbedtls_x509_crt_profile_default; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ac7810a43..d9cfa257e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1788,10 +1788,10 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_session_tickets( &conf, opt.tickets ); #endif -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); -#endif /* MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_ARC4_C) if( opt.arc4 != DFL_ARC4 ) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 3ceae8c74..63a3a2d3a 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -621,10 +621,10 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); -#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 88c92b33a..deaee9afe 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2662,17 +2662,17 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); -#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_ARC4_C) if( opt.arc4 != DFL_ARC4 ) mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 ); #endif -#if !defined(MBEDTLS_SSL_SINGLE_CIPHERSUITE) +#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) if( opt.version_suites != NULL ) { mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0], @@ -2688,7 +2688,7 @@ int main( int argc, char *argv[] ) MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 ); } -#endif /* !MBEDTLS_SSL_SINGLE_CIPHERSUITE */ +#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION) if( opt.allow_legacy != DFL_ALLOW_LEGACY )