diff --git a/configs/baremetal.h b/configs/baremetal.h index 3d3225e22..2fbc35971 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -80,7 +80,7 @@ #define MBEDTLS_SSL_DTLS_ANTI_REPLAY #define MBEDTLS_SSL_DTLS_HELLO_VERIFY #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT -#define MBEDTLS_SSL_CID +#define MBEDTLS_SSL_DTLS_CONNECTION_ID /* X.509 CRT parsing */ #define MBEDTLS_X509_USE_C diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 413713c49..689511893 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -595,18 +595,18 @@ #error "MBEDTLS_SSL_DTLS_ANTI_REPLAY defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_CID) && \ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) -#error "MBEDTLS_SSL_CID defined, but not all prerequisites" +#error "MBEDTLS_SSL_DTLS_CONNECTION_ID defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_CID) && \ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \ MBEDTLS_SSL_CID_IN_LEN_MAX > 255 #error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)" #endif -#if defined(MBEDTLS_SSL_CID) && \ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \ MBEDTLS_SSL_CID_OUT_LEN_MAX > 255 #error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a7a17aae5..b8ec64d10 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1270,7 +1270,7 @@ #define MBEDTLS_SSL_ALL_ALERT_MESSAGES /** - * \def MBEDTLS_SSL_CID + * \def MBEDTLS_SSL_DTLS_CONNECTION_ID * * Enable support for the DTLS Connection ID extension * (version draft-ietf-tls-dtls-connection-id-05, @@ -1295,7 +1295,7 @@ * * Uncomment to enable the Connection ID extension. */ -#define MBEDTLS_SSL_CID +#define MBEDTLS_SSL_DTLS_CONNECTION_ID /** * \def MBEDTLS_SSL_ASYNC_PRIVATE diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2896f1d5d..ad434aa3c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -917,9 +917,9 @@ struct mbedtls_ssl_config void *p_export_keys; /*!< context for key export callback */ #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */ -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_X509_CRT_PARSE_C) const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */ @@ -1045,11 +1045,11 @@ struct mbedtls_ssl_config unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in Certificate Request messages? */ #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS * record with unexpected CID * should lead to failure. */ -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ }; @@ -1117,10 +1117,10 @@ struct mbedtls_ssl_context TLS: maintained by us DTLS: read from peer */ unsigned char *in_hdr; /*!< start of record header */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned char *in_cid; /*!< The start of the CID; * (the end is marked by in_len). */ -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ unsigned char *in_len; /*!< two-bytes message length field */ unsigned char *in_iv; /*!< ivlen-byte IV */ unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */ @@ -1157,10 +1157,10 @@ struct mbedtls_ssl_context unsigned char *out_buf; /*!< output buffer */ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *out_hdr; /*!< start of record header */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned char *out_cid; /*!< The start of the CID; * (the end is marked by in_len). */ -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ unsigned char *out_len; /*!< two-bytes message length field */ unsigned char *out_iv; /*!< ivlen-byte IV */ unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ @@ -1219,7 +1219,7 @@ struct mbedtls_ssl_context char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ #endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* CID configuration to use in subsequent handshakes. */ /*! The next incoming CID, chosen by the user and applying to @@ -1232,7 +1232,7 @@ struct mbedtls_ssl_context * be negotiated in the next handshake or not. * Possible values are #MBEDTLS_SSL_CID_ENABLED * and #MBEDTLS_SSL_CID_DISABLED. */ -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ }; #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) @@ -1454,7 +1454,7 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /** @@ -1581,7 +1581,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], size_t *peer_cid_len ); -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /** * \brief Set the Maximum Tranport Unit (MTU). @@ -2157,7 +2157,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, const int *ciphersuites ); -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 #define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1 /** @@ -2193,7 +2193,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, */ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, int ignore_other_cids ); -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /** * \brief Set the list of allowed ciphersuites and the diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 15615829c..e9a80edfc 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -166,7 +166,7 @@ #define MBEDTLS_SSL_PADDING_ADD 0 #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_PADDING_GRANULARITY #else #define MBEDTLS_SSL_MAX_CID_EXPANSION 0 @@ -229,7 +229,7 @@ implicit sequence number. */ #define MBEDTLS_SSL_HEADER_LEN 13 -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_IN_BUFFER_LEN \ ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) ) #else @@ -238,7 +238,7 @@ + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) ) #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_OUT_BUFFER_LEN \ ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) ) #else @@ -362,7 +362,7 @@ struct mbedtls_ssl_handshake_params unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter for resending messages */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* The state of CID configuration in this handshake. */ uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension @@ -372,7 +372,7 @@ struct mbedtls_ssl_handshake_params unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ uint8_t peer_cid_len; /*!< The length of * \c peer_cid. */ -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ struct { @@ -593,12 +593,12 @@ struct mbedtls_ssl_transform mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ int minor_ver; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) uint8_t in_cid_len; uint8_t out_cid_len; unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* * Session specific compression layer @@ -646,11 +646,10 @@ typedef struct size_t data_offset; /* Offset of record content */ size_t data_len; /* Length of record content */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) uint8_t cid_len; /* Length of the CID (0 if not present) */ unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID */ -#endif /* MBEDTLS_SSL_CID */ - +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ } mbedtls_record; #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4eedce8f2..b5f52319c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -433,7 +433,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) @@ -479,7 +479,7 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, *olen = ssl->own_cid_len + 5; } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, @@ -1082,10 +1082,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); @@ -1244,7 +1244,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1298,7 +1298,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, @@ -1951,7 +1951,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) case MBEDTLS_TLS_EXT_CID: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); @@ -1963,7 +1963,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } break; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 08758f6cb..3b03cc158 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -433,7 +433,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -503,7 +503,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, @@ -1855,7 +1855,7 @@ read_record_header: break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) case MBEDTLS_TLS_EXT_CID: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); @@ -2142,7 +2142,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) @@ -2188,7 +2188,7 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, *olen = ssl->own_cid_len + 5; } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, @@ -2711,7 +2711,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f2953056b..1df40725e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -108,7 +108,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_PROTO_DTLS) -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Top-level Connection ID API */ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, @@ -193,7 +193,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* Forward declarations for functions related to message buffering. */ static void ssl_buffering_free( mbedtls_ssl_context *ssl ); @@ -737,7 +737,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Copy own and peer's CID if the use of the CID * extension has been negotiated. */ if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) @@ -755,7 +755,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, transform->out_cid_len ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions @@ -1562,7 +1562,7 @@ static void ssl_read_memory( unsigned char *p, size_t len ) * Encryption/decryption functions */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* This functions transforms a DTLS plaintext fragment and a record content * type into an instance of the DTLSInnerPlaintext structure: * @@ -1637,7 +1637,7 @@ static int ssl_cid_parse_inner_plaintext( unsigned char const *content, return( 0 ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* `add_data` must have size 13 Bytes if the CID extension is disabled, * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */ @@ -1665,7 +1665,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, add_data[8] = rec->type; memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) ); -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( rec->cid_len != 0 ) { memcpy( add_data + 11, rec->cid, rec->cid_len ); @@ -1675,7 +1675,7 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, *add_data_len = 13 + 1 + rec->cid_len; } else -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF; @@ -1723,7 +1723,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, || rec->buf == NULL || rec->buf_len < rec->data_offset || rec->buf_len - rec->data_offset < rec->data_len -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || rec->cid_len != 0 #endif ) @@ -1747,7 +1747,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* * Add CID information */ @@ -1774,7 +1774,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, rec->type = MBEDTLS_SSL_MSG_CID; } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); @@ -2148,7 +2148,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, data = rec->buf + rec->data_offset; mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec ); -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* * Match record's CID with incoming CID. */ @@ -2157,7 +2157,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, { return( MBEDTLS_ERR_SSL_UNEXPECTED_CID ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) if( mode == MBEDTLS_MODE_STREAM ) @@ -2695,7 +2695,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( rec->cid_len != 0 ) { ret = ssl_cid_parse_inner_plaintext( data, &rec->data_len, @@ -2703,7 +2703,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, if( ret != 0 ) return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); @@ -3734,10 +3734,10 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->conf->transport, rec.ver ); rec.type = ssl->out_msgtype; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* The CID is set by mbedtls_ssl_encrypt_buf(). */ rec.cid_len = 0; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) @@ -3754,9 +3754,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) /* Update the record content type and CID. */ ssl->out_msgtype = rec.type; -#if defined(MBEDTLS_SSL_CID ) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID ) memcpy( ssl->out_cid, rec.cid, rec.cid_len ); -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_msglen = len = rec.data_len; ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); ssl->out_len[1] = (unsigned char)( rec.data_len ); @@ -4431,7 +4431,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 ); /* Check record type */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ssl->in_msgtype == MBEDTLS_SSL_MSG_CID && ssl->conf->cid_len != 0 ) @@ -4454,7 +4454,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) ssl->in_iv = ssl->in_msg = ssl->in_len + 2; } else -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ if( ssl_check_record_type( ssl->in_msgtype ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); @@ -4661,10 +4661,10 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) - ( ssl->in_iv - ssl->in_buf ); rec.data_len = ssl->in_msglen; rec.data_offset = 0; -#if defined(MBEDTLS_SSL_CID ) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID ) rec.cid_len = (uint8_t)( ssl->in_len - ssl->in_cid ); memcpy( rec.cid, ssl->in_cid, rec.cid_len ); -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ memcpy( &rec.ctr[0], ssl->in_ctr, 8 ); mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, @@ -4675,14 +4675,14 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && ssl->conf->ignore_unexpected_cid == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ) { ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ return( ret ); } @@ -4709,7 +4709,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", ssl->in_msg, ssl->in_msglen ); -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* We have already checked the record content type * in ssl_parse_record_header(), failing or silently * dropping the record in the case of an unknown type. @@ -4722,7 +4722,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) { @@ -7318,14 +7318,14 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { ssl->out_ctr = ssl->out_hdr + 3; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->out_cid = ssl->out_ctr + 8; ssl->out_len = ssl->out_cid; if( transform != NULL ) ssl->out_len += transform->out_cid_len; -#else /* MBEDTLS_SSL_CID */ +#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_len = ssl->out_ctr + 8; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_iv = ssl->out_len + 2; } else @@ -7333,7 +7333,7 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, { ssl->out_ctr = ssl->out_hdr - 8; ssl->out_len = ssl->out_hdr + 3; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->out_cid = ssl->out_len; #endif ssl->out_iv = ssl->out_hdr + 5; @@ -7377,12 +7377,12 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl ) * a CID, the fields are shifted accordingly in * ssl_parse_record_header(). */ ssl->in_ctr = ssl->in_hdr + 3; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_cid = ssl->in_ctr + 8; ssl->in_len = ssl->in_cid; /* Default: no CID */ -#else /* MBEDTLS_SSL_CID */ +#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->in_len = ssl->in_ctr + 8; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->in_iv = ssl->in_len + 2; } else @@ -7390,7 +7390,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl ) { ssl->in_ctr = ssl->in_hdr - 8; ssl->in_len = ssl->in_hdr + 3; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_cid = ssl->in_len; #endif ssl->in_iv = ssl->in_hdr + 5; @@ -8498,10 +8498,10 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( transform->out_cid_len != 0 ) transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ return( (int)( out_hdr_len + transform_expansion ) ); } diff --git a/library/version_features.c b/library/version_features.c index 74a0a0e7b..9cdf6a9fb 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -435,9 +435,9 @@ static const char *features[] = { #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) "MBEDTLS_SSL_ALL_ALERT_MESSAGES", #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ -#if defined(MBEDTLS_SSL_CID) - "MBEDTLS_SSL_CID", -#endif /* MBEDTLS_SSL_CID */ +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + "MBEDTLS_SSL_DTLS_CONNECTION_ID", +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) "MBEDTLS_SSL_ASYNC_PRIVATE", #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 2423856a9..4f9e4663f 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1202,13 +1202,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ -#if defined(MBEDTLS_SSL_CID) - if( strcmp( "MBEDTLS_SSL_CID", config ) == 0 ) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID ); + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CONNECTION_ID ); return( 0 ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( strcmp( "MBEDTLS_SSL_ASYNC_PRIVATE", config ) == 0 ) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 4827578c3..99f468984 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -141,7 +141,7 @@ int main( void ) #define USAGE_IO "" #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define USAGE_CID \ " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \ " default: 0 (disabled)\n" \ @@ -151,9 +151,9 @@ int main( void ) " default: \"\"\n" \ " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \ " default: same as cid_val\n" -#else /* MBEDTLS_SSL_CID */ +#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #define USAGE_CID "" -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #define USAGE_PSK \ @@ -600,7 +600,7 @@ int unhexify( char const *hex, unsigned char *dst ) return( 0 ); } -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) int report_cid_usage( mbedtls_ssl_context *ssl, const char *additional_description ) { @@ -648,7 +648,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ int main( int argc, char *argv[] ) { @@ -662,7 +662,7 @@ int main( int argc, char *argv[] ) size_t psk_len = 0; #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; size_t cid_len = 0; @@ -855,7 +855,7 @@ int main( int argc, char *argv[] ) opt.crt_file = q; else if( strcmp( p, "key_file" ) == 0 ) opt.key_file = q; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) else if( strcmp( p, "cid" ) == 0 ) { opt.cid_enabled = atoi( q ); @@ -876,7 +876,7 @@ int main( int argc, char *argv[] ) { opt.cid_val_renego = q; } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ else if( strcmp( p, "psk" ) == 0 ) opt.psk = q; else if( strcmp( p, "psk_identity" ) == 0 ) @@ -1218,7 +1218,7 @@ int main( int argc, char *argv[] ) } } -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) cid_len = strlen( opt.cid_val ) / 2; if( cid_len > sizeof( cid ) ) { @@ -1251,7 +1251,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "CID not valid hex\n" ); goto exit; } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) /* @@ -1537,7 +1537,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 ) { if( opt.cid_enabled == 1 && @@ -1563,7 +1563,7 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ if( opt.auth_mode != DFL_AUTH_MODE ) mbedtls_ssl_conf_authmode( &conf, opt.auth_mode ); @@ -1733,7 +1733,7 @@ int main( int argc, char *argv[] ) mbedtls_net_send, mbedtls_net_recv, opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled, @@ -1744,7 +1744,7 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( opt.dtls_mtu != DFL_DTLS_MTU ) @@ -1874,7 +1874,7 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ret = report_cid_usage( &ssl, "initial handshake" ); if( ret != 0 ) goto exit; @@ -1890,7 +1890,7 @@ int main( int argc, char *argv[] ) return( ret ); } } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_RENEGOTIATION) if( opt.renegotiate ) @@ -1932,11 +1932,11 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ret = report_cid_usage( &ssl, "after renegotiation" ); if( ret != 0 ) goto exit; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* * 6. Write the GET request diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index dc321cdfc..ced8086af 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -226,7 +226,7 @@ int main( void ) #define USAGE_SSL_ASYNC "" #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define USAGE_CID \ " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \ " default: 0 (disabled)\n" \ @@ -236,9 +236,9 @@ int main( void ) " default: \"\"\n" \ " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \ " default: same as 'cid_val'\n" -#else /* MBEDTLS_SSL_CID */ +#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #define USAGE_CID "" -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #define USAGE_PSK \ @@ -770,7 +770,7 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl, #endif /* SNI_OPTION */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) || \ - defined(MBEDTLS_SSL_CID) + defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define HEX2NUM( c ) \ if( c >= '0' && c <= '9' ) \ @@ -1224,7 +1224,7 @@ int idle( mbedtls_net_context *fd, return( 0 ); } -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) int report_cid_usage( mbedtls_ssl_context *ssl, const char *additional_description ) { @@ -1272,7 +1272,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, return( 0 ); } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ int main( int argc, char *argv[] ) { @@ -1339,7 +1339,7 @@ int main( int argc, char *argv[] ) unsigned char alloc_buf[MEMORY_HEAP_SIZE]; #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; size_t cid_len = 0; @@ -1565,7 +1565,7 @@ int main( int argc, char *argv[] ) opt.async_private_error = n; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) else if( strcmp( p, "cid" ) == 0 ) { opt.cid_enabled = atoi( q ); @@ -1586,7 +1586,7 @@ int main( int argc, char *argv[] ) { opt.cid_val_renego = q; } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ else if( strcmp( p, "psk" ) == 0 ) opt.psk = q; else if( strcmp( p, "psk_identity" ) == 0 ) @@ -1995,7 +1995,7 @@ int main( int argc, char *argv[] ) } -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( unhexify( cid, opt.cid_val, &cid_len ) != 0 ) { mbedtls_printf( "CID not valid hex\n" ); @@ -2014,7 +2014,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "CID not valid hex\n" ); goto exit; } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) /* @@ -2387,7 +2387,7 @@ int main( int argc, char *argv[] ) }; #endif -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 ) { if( opt.cid_enabled == 1 && @@ -2412,7 +2412,7 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != DFL_TRUNC_HMAC ) @@ -2722,7 +2722,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled, @@ -2733,7 +2733,7 @@ int main( int argc, char *argv[] ) goto exit; } } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( opt.dtls_mtu != DFL_DTLS_MTU ) @@ -2960,7 +2960,7 @@ handshake: } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ret = report_cid_usage( &ssl, "initial handshake" ); if( ret != 0 ) goto exit; @@ -2975,7 +2975,7 @@ handshake: goto exit; } } -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ if( opt.exchanges == 0 ) goto close_notify; @@ -3187,11 +3187,11 @@ data_exchange: } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ret = report_cid_usage( &ssl, "after renegotiation" ); if( ret != 0 ) goto exit; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* * 7. Write the 200 Response diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index eba27edc9..e1c9f02c4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1118,7 +1118,7 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ # grep for output witnessing its use. This needs to be # changed once the CID extension is implemented. -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli enabled, Srv disabled" \ "$P_SRV debug_level=3 dtls=1 cid=0" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ @@ -1134,7 +1134,7 @@ run_test "Connection ID: Cli enabled, Srv disabled" \ -C "Copy CIDs into SSL transform" \ -c "Use of Connection ID was rejected by the server" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli disabled, Srv enabled" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=0" \ @@ -1149,7 +1149,7 @@ run_test "Connection ID: Cli disabled, Srv enabled" \ -C "Copy CIDs into SSL transform" \ -s "Use of Connection ID was not offered by client" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ @@ -1169,7 +1169,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \ @@ -1190,7 +1190,7 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ -p "$P_PXY mtu=800" \ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ @@ -1211,7 +1211,7 @@ run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5" \ "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ @@ -1232,7 +1232,7 @@ run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ @@ -1252,7 +1252,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ @@ -1272,7 +1272,7 @@ run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1" \ @@ -1290,7 +1290,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ -S "Use of Connection ID has been negotiated" \ -C "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -1310,7 +1310,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8 -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -1330,7 +1330,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -1350,7 +1350,7 @@ run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -1368,7 +1368,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ -S "Use of Connection ID has been negotiated" \ -C "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ @@ -1388,7 +1388,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ @@ -1408,7 +1408,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ @@ -1428,7 +1428,7 @@ run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ -s "Use of Connection ID has been negotiated" \ -c "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ "$P_SRV debug_level=3 dtls=1 cid=1" \ "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ @@ -1446,7 +1446,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ -S "Use of Connection ID has been negotiated" \ -C "Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ @@ -1461,7 +1461,7 @@ run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" -s "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ @@ -1476,7 +1476,7 @@ run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ -s "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \ @@ -1491,7 +1491,7 @@ run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with differ -s "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5" \ @@ -1507,7 +1507,7 @@ run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different -s "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ @@ -1522,7 +1522,7 @@ run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ -C "(after renegotiation) Use of Connection ID has been negotiated" \ -S "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \ "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ @@ -1537,7 +1537,7 @@ run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID -C "(after renegotiation) Use of Connection ID has been negotiated" \ -S "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ @@ -1553,7 +1553,7 @@ run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ -C "(after renegotiation) Use of Connection ID has been negotiated" \ -S "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ @@ -1566,7 +1566,7 @@ run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ -c "(after renegotiation) Use of Connection ID has been negotiated" \ -s "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ @@ -1579,7 +1579,7 @@ run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ -c "(after renegotiation) Use of Connection ID has been negotiated" \ -s "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5" \ @@ -1593,7 +1593,7 @@ run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ -c "(after renegotiation) Use of Connection ID has been negotiated" \ -s "(after renegotiation) Use of Connection ID has been negotiated" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ @@ -1609,7 +1609,7 @@ run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ -S "(after renegotiation) Use of Connection ID has been negotiated" \ -s "(after renegotiation) Use of Connection ID was not offered by client" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ @@ -1626,7 +1626,7 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" -S "(after renegotiation) Use of Connection ID has been negotiated" \ -s "(after renegotiation) Use of Connection ID was not offered by client" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ @@ -1642,7 +1642,7 @@ run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ -S "(after renegotiation) Use of Connection ID has been negotiated" \ -c "(after renegotiation) Use of Connection ID was rejected by the server" -requires_config_enabled MBEDTLS_SSL_CID +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a1a7a303a..d599b6d99 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -38,7 +38,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, unsigned char *key0 = NULL, *key1 = NULL; unsigned char iv_enc[16], iv_dec[16]; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned char cid0[ SSL_CID_LEN_MIN ]; unsigned char cid1[ SSL_CID_LEN_MIN ]; @@ -47,7 +47,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, #else ((void) cid0_len); ((void) cid1_len); -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ maclen = 0; @@ -246,7 +246,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) ); memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) ); -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Add CID */ memcpy( &t_in->in_cid, cid0, cid0_len ); memcpy( &t_in->out_cid, cid1, cid1_len ); @@ -256,7 +256,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memcpy( &t_out->out_cid, cid0, cid0_len ); t_out->in_cid_len = cid1_len; t_out->out_cid_len = cid0_len; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ cleanup: @@ -379,9 +379,9 @@ void ssl_crypt_record( int cipher_type, int hash_id, rec.type = 42; rec.ver[0] = num_records; rec.ver[1] = num_records; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) rec.cid_len = 0; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ rec.buf = buf; rec.buf_len = buflen; @@ -499,9 +499,9 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, rec.ver[1] = offset; rec.buf = buf; rec.buf_len = buflen; -#if defined(MBEDTLS_SSL_CID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) rec.cid_len = 0; -#endif /* MBEDTLS_SSL_CID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ switch( mode ) {