From bef2d91478ff1103014f632e2c7d80ec9e17b2e2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 31 Jan 2020 13:56:39 +0000 Subject: [PATCH] Declare newly shared ssl functions in a header file This commit makes some SSL functions public-internal -- moving them to to the mbedtls_ namespace but declaring them within ssl_internal.h -- which a currently shared between the SSL logic layer implementation in ssl_tls.c and the SSL messaging layer implementation in ssl_msg.c --- include/mbedtls/ssl_internal.h | 29 ++++++++++- library/ssl_msg.c | 94 ++++++++++++++++------------------ library/ssl_tls.c | 49 +++++++++--------- 3 files changed, 98 insertions(+), 74 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e602212c0..1a7067777 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1064,7 +1064,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mbedtls_record *rec ); /* Length of the "epoch" field in the record header */ -static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) +static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) @@ -1075,4 +1075,31 @@ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) return( 0 ); } +int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ); + +void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ); +int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ); + +void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform ); +void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ); + +int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); + +#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) +void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); +#endif + +void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); + +int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ); + +size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl ); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) +void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ); +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + #endif /* ssl_internal.h */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 921c7ebe2..f4bd34997 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -67,16 +67,11 @@ static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ); -static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); -static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform ); -static void ssl_update_in_pointers( mbedtls_ssl_context *ssl ); - /* * Start a timer. * Passing millisecs = 0 cancels a running timer. */ -static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) +void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) { if( ssl->f_set_timer == NULL ) return; @@ -88,7 +83,7 @@ static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) /* * Return -1 is timer is expired, 0 if it isn't. */ -static int ssl_check_timer( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ) { if( ssl->f_get_timer == NULL ) return( 0 ); @@ -171,7 +166,6 @@ exit: #if defined(MBEDTLS_SSL_PROTO_DTLS) /* Forward declarations for functions related to message buffering. */ -static void ssl_buffering_free( mbedtls_ssl_context *ssl ); static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, uint8_t slot ); static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); @@ -181,11 +175,10 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ); static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, mbedtls_record const *rec ); static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ); -static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ); static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl ) { - size_t mtu = ssl_get_current_mtu( ssl ); + size_t mtu = mbedtls_ssl_get_current_mtu( ssl ); if( mtu != 0 && mtu < MBEDTLS_SSL_OUT_BUFFER_LEN ) return( mtu ); @@ -1732,7 +1725,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) * This avoids by-passing the timer when repeatedly receiving messages * that will end up being dropped. */ - if( ssl_check_timer( ssl ) != 0 ) + if( mbedtls_ssl_check_timer( ssl ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) ); ret = MBEDTLS_ERR_SSL_TIMEOUT; @@ -1763,7 +1756,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret == MBEDTLS_ERR_SSL_TIMEOUT ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); - ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer( ssl, 0 ); if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { @@ -1785,9 +1778,10 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { - if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request", + ret ); return( ret ); } @@ -1811,7 +1805,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { len = nb_want - ssl->in_left; - if( ssl_check_timer( ssl ) != 0 ) + if( mbedtls_ssl_check_timer( ssl ) != 0 ) ret = MBEDTLS_ERR_SSL_TIMEOUT; else { @@ -1913,7 +1907,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) { ssl->out_hdr = ssl->out_buf + 8; } - ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); @@ -1973,7 +1967,7 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl ) /* * Free the current flight of handshake messages */ -static void ssl_flight_free( mbedtls_ssl_flight_item *flight ) +void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ) { mbedtls_ssl_flight_item *cur = flight; mbedtls_ssl_flight_item *next; @@ -2016,7 +2010,7 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl ) memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); /* Adjust to the newly activated transform */ - ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) if( mbedtls_ssl_hw_record_activate != NULL ) @@ -2199,7 +2193,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) else { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); + mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); } MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) ); @@ -2213,7 +2207,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) { /* We won't need to resend that one any more */ - ssl_flight_free( ssl->handshake->flight ); + mbedtls_ssl_flight_free( ssl->handshake->flight ); ssl->handshake->flight = NULL; ssl->handshake->cur_msg = NULL; @@ -2224,10 +2218,10 @@ void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) ssl->handshake->buffering.seen_ccs = 0; /* Clear future message buffering structure. */ - ssl_buffering_free( ssl ); + mbedtls_ssl_buffering_free( ssl ); /* Cancel timer */ - ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer( ssl, 0 ); if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) @@ -2244,7 +2238,7 @@ void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) { ssl_reset_retransmit_timeout( ssl ); - ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); + mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) @@ -2570,14 +2564,14 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->out_left += protected_record_size; ssl->out_hdr += protected_record_size; - ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); - for( i = 8; i > ssl_ep_len( ssl ); i-- ) + for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) if( ++ssl->cur_out_ctr[i - 1] != 0 ) break; /* The loop goes to its end iff the counter is wrapping */ - if( i == ssl_ep_len( ssl ) ) + if( i == mbedtls_ssl_ep_len( ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); @@ -2897,7 +2891,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) * not seen yet). */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) { ssl->in_window_top = 0; ssl->in_window = 0; @@ -3171,7 +3165,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) if( ret == 0 ) { /* Got a valid cookie, partially reset context */ - if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 ) + if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); return( ret ); @@ -3588,12 +3582,12 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, #endif { unsigned i; - for( i = 8; i > ssl_ep_len( ssl ); i-- ) + for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) if( ++ssl->in_ctr[i - 1] != 0 ) break; /* The loop goes to its end iff the counter is wrapping */ - if( i == ssl_ep_len( ssl ) ) + if( i == mbedtls_ssl_ep_len( ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); @@ -4329,7 +4323,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) /* Reset in pointers to default state for TLS/DTLS records, * assuming no CID and no offset between record content and * record plaintext. */ - ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers( ssl ); /* Setup internal message pointers from record structure. */ ssl->in_msgtype = rec.type; @@ -4466,7 +4460,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) /* Reset in pointers to default state for TLS/DTLS records, * assuming no CID and no offset between record content and * record plaintext. */ - ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers( ssl ); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_len = ssl->in_cid + rec.cid_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -4634,7 +4628,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) if( ssl->handshake != NULL && ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) { - ssl_handshake_wrapup_free_hs_transform( ssl ); + mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -4734,7 +4728,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - ssl_dtls_replay_reset( ssl ); + mbedtls_ssl_dtls_replay_reset( ssl ); #endif /* Increment epoch */ @@ -4750,7 +4744,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_DTLS */ memset( ssl->in_ctr, 0, 8 ); - ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers( ssl ); #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) if( mbedtls_ssl_hw_record_activate != NULL ) @@ -4780,7 +4774,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) * and the caller has to make sure there's space for this. */ -static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) { /* Set the incoming and outgoing record pointers. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -4797,12 +4791,12 @@ static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) } /* Derive other internal pointers. */ - ssl_update_out_pointers( ssl, NULL /* no transform enabled */ ); - ssl_update_in_pointers ( ssl ); + mbedtls_ssl_update_out_pointers( ssl, NULL /* no transform enabled */ ); + mbedtls_ssl_update_in_pointers ( ssl ); } -static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform ) +void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform ) { #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) @@ -4847,7 +4841,7 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, * and the caller has to make sure there's space for this. */ -static void ssl_update_in_pointers( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) { /* This function sets the pointers to match the case * of unprotected TLS/DTLS records, with both ssl->in_iv @@ -5046,7 +5040,7 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) -static void ssl_buffering_free( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ) { unsigned offset; mbedtls_ssl_handshake_params * const hs = ssl->handshake; @@ -5139,7 +5133,7 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport, */ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) { - size_t ep_len = ssl_ep_len( ssl ); + size_t ep_len = mbedtls_ssl_ep_len( ssl ); int in_ctr_cmp; int out_ctr_cmp; @@ -5233,7 +5227,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) if( ssl->f_get_timer != NULL && ssl->f_get_timer( ssl->p_timer ) == -1 ) { - ssl_set_timer( ssl, ssl->conf->read_timeout ); + mbedtls_ssl_set_timer( ssl, ssl->conf->read_timeout ); } if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) @@ -5325,11 +5319,12 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; } #endif - ret = ssl_start_renegotiation( ssl ); + ret = mbedtls_ssl_start_renegotiation( ssl ); if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", + ret ); return( ret ); } } @@ -5426,7 +5421,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* We're going to return something now, cancel timer, * except if handshake (renegotiation) is in progress */ if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer( ssl, 0 ); #if defined(MBEDTLS_SSL_PROTO_DTLS) /* If we requested renego but received AppData, resend HelloRequest. @@ -5436,9 +5431,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { - if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", + ret ); return( ret ); } } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 44ebdf44d..ab9cb8986 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1992,7 +1992,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_PROTO_DTLS) -static int ssl_resend_hello_request( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ) { /* If renegotiation is not enforced, retransmit until we would reach max * timeout if we were using the usual handshake doubling scheme */ @@ -3285,7 +3285,7 @@ static void ssl_calc_finished_tls_sha384( #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); @@ -3357,7 +3357,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) ssl->handshake->flight != NULL ) { /* Cancel handshake timer */ - ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer( ssl, 0 ); /* Keep last flight around in case we need to resend it: * we need the handshake and transform structures for that */ @@ -3365,7 +3365,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) } else #endif - ssl_handshake_wrapup_free_hs_transform( ssl ); + mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); ssl->state++; @@ -3378,7 +3378,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); - ssl_update_out_pointers( ssl, ssl->transform_negotiate ); + mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate ); ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); @@ -3722,7 +3722,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) else ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer( ssl, 0 ); } #endif @@ -3801,7 +3801,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, goto error; } - ssl_reset_in_out_pointers( ssl ); + mbedtls_ssl_reset_in_out_pointers( ssl ); if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) goto error; @@ -3839,7 +3839,7 @@ error: * If partial is non-zero, keep data in the input buffer and client ID. * (Use when a DTLS client reconnects from the same port.) */ -static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) +int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -3851,7 +3851,7 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->state = MBEDTLS_SSL_HELLO_REQUEST; /* Cancel any possibly running timer */ - ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer( ssl, 0 ); #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; @@ -3864,7 +3864,7 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; ssl->in_offt = NULL; - ssl_reset_in_out_pointers( ssl ); + mbedtls_ssl_reset_in_out_pointers( ssl ); ssl->in_msgtype = 0; ssl->in_msglen = 0; @@ -3873,7 +3873,7 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->in_epoch = 0; #endif #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - ssl_dtls_replay_reset( ssl ); + mbedtls_ssl_dtls_replay_reset( ssl ); #endif ssl->in_hslen = 0; @@ -3960,7 +3960,7 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) */ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) { - return( ssl_session_reset_int( ssl, 0 ) ); + return( mbedtls_ssl_session_reset_int( ssl, 0 ) ); } /* @@ -4071,7 +4071,7 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, ssl->f_get_timer = f_get_timer; /* Make sure we start with no timer running */ - ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer( ssl, 0 ); } #if defined(MBEDTLS_SSL_SRV_C) @@ -4878,7 +4878,7 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_PROTO_DTLS) -static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) +size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) { /* Return unlimited mtu for client hello messages to avoid fragmentation. */ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && @@ -4914,9 +4914,9 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl_get_current_mtu( ssl ) != 0 ) + if( mbedtls_ssl_get_current_mtu( ssl ) != 0 ) { - const size_t mtu = ssl_get_current_mtu( ssl ); + const size_t mtu = mbedtls_ssl_get_current_mtu( ssl ); const int ret = mbedtls_ssl_get_record_expansion( ssl ); const size_t overhead = (size_t) ret; @@ -5622,7 +5622,7 @@ static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) * If the handshake doesn't complete due to waiting for I/O, it will continue * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. */ -static int ssl_start_renegotiation( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -5852,8 +5852,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) mbedtls_free( handshake->verify_cookie ); - ssl_flight_free( handshake->flight ); - ssl_buffering_free( ssl ); + mbedtls_ssl_flight_free( handshake->flight ); + mbedtls_ssl_buffering_free( ssl ); #endif #if defined(MBEDTLS_ECDH_C) && \ @@ -6199,7 +6199,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "saved context", buf, used ); - return( ssl_session_reset_int( ssl, 0 ) ); + return( mbedtls_ssl_session_reset_int( ssl, 0 ) ); } /* @@ -6296,7 +6296,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, p += 4; /* This has been allocated by ssl_handshake_init(), called by - * by either ssl_session_reset_int() or mbedtls_ssl_setup(). */ + * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */ ssl->session = ssl->session_negotiate; ssl->session_in = ssl->session; ssl->session_out = ssl->session; @@ -6319,7 +6319,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, */ /* This has been allocated by ssl_handshake_init(), called by - * by either ssl_session_reset_int() or mbedtls_ssl_setup(). */ + * by either mbedtls_ssl_session_reset_int() or mbedtls_ssl_setup(). */ ssl->transform = ssl->transform_negotiate; ssl->transform_in = ssl->transform; ssl->transform_out = ssl->transform; @@ -6480,7 +6480,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, /* Adjust pointers for header fields of outgoing records to * the given transform, accounting for explicit IV and CID. */ - ssl_update_out_pointers( ssl, ssl->transform ); + mbedtls_ssl_update_out_pointers( ssl, ssl->transform ); #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->in_epoch = 1; @@ -6488,7 +6488,8 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, /* mbedtls_ssl_reset() leaves the handshake sub-structure allocated, * which we don't want - otherwise we'd end up freeing the wrong transform - * by calling ssl_handshake_wrapup_free_hs_transform() inappropriately. */ + * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform() + * inappropriately. */ if( ssl->handshake != NULL ) { mbedtls_ssl_handshake_free( ssl );