mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 23:05:38 +00:00
Merge branch 'ssl_config' into development
* ssl_config: (45 commits) Fix warning in ssl_pthread_server Fix dependency issues Fix typos in mini_client.c Optimize config usage in concurrent server examples Fix bug introduced when splitting init functions Fix order of ssl_conf vs ssl_setup in programs Update Changelog with forgotten change Change a few ssl_conf return types to void Update Changelog for recent config split Fix typos in the Changelog Rename ssl_set_xxx() to ssl_conf_xxx() Add ssl_set_hs_ca_chain() Make conf const inside ssl_context (finally) Change ssl_own_cert to work on ssl_config Add ssl_set_hs_own_cert() Rework ssl_set_own_cert() internals Change ssl_set_psk() to act on ssl_config Use a specific function in the PSK callback Make xxx_drbg_random() thread-safe Move ssl_set_rng() to act on config ...
This commit is contained in:
commit
d8d0d72dde
50
ChangeLog
50
ChangeLog
|
@ -10,20 +10,36 @@ Features
|
|||
|
||||
API Changes
|
||||
* All public identifiers moved to the mbedtls_* or MBEDTLS_* namespace.
|
||||
Some names have been further changed to make them more consistent.
|
||||
Migration helpers scripts/rename.pl and include/mbedlts/compat-1.3.h are
|
||||
provided.
|
||||
provided. Full list of renamings in scripts/data_files/rename-1.3-2.0.txt
|
||||
* Headers are now found in the 'mbedtls' directory (previously 'polarssl').
|
||||
* The following _init() functions that could return errors have
|
||||
been split into an _init() that returns void and another function:
|
||||
been split into an _init() that returns void and another function that
|
||||
should generally be the first function called on this context after init:
|
||||
mbedtls_ssl_init() -> mbedtls_ssl_setup()
|
||||
mbedtls_ccm_init() -> mbedtls_ccm_setkey()
|
||||
mbedtls_gcm_init() -> mbedtls_gcm_setkey()
|
||||
mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_init(_buf)()
|
||||
mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_init(_buf)()
|
||||
* Renamed mbedtls_pkcs11_priv_key_init() to ..._bind() and
|
||||
mbedtls_pkcs11_x509_cert_init() as well (handled by rename.pl and
|
||||
compat-1.3.h)
|
||||
* mbedtls_memory_bufer_alloc_init() now returns void
|
||||
mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_seed(_buf)()
|
||||
mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_seed()
|
||||
Note that for mbetls_ssl_setup(), you need to be done setting up the
|
||||
ssl_config structure before calling it.
|
||||
* Most ssl_set_xxx() functions (all except ssl_set_hostname(),
|
||||
ssl_set_session() and ssl_set_client_transport_id(), plus
|
||||
ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx()
|
||||
(see rename.pl and compat-1.3.h above) and their first argument's type
|
||||
changed from ssl_context to ssl_config.
|
||||
* The following functions have been introduced and must be used in callback
|
||||
implementations (SNI, PSK) instead of their *conf counterparts:
|
||||
mbedtls_ssl_set_hs_own_cert()
|
||||
mbedtls_ssl_set_hs_ca_chain()
|
||||
mbedtls_ssl_set_hs_psk()
|
||||
* mbedtls_ssl_conf_ca_chain() lost its last argument (peer_cn), now set
|
||||
using mbedtls_ssl_set_hostname().
|
||||
* mbedtls_ssl_conf_session_cache() changed prototype (only one context
|
||||
pointer, parameters reordered).
|
||||
* mbedtls_ssl_conf_truncated_hmac() now returns void.
|
||||
* mbedtls_memory_bufer_alloc_init() now returns void.
|
||||
* In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now
|
||||
return void.
|
||||
* ecdsa_write_signature() gained an addtional md_alg argument and
|
||||
|
@ -39,7 +55,8 @@ API Changes
|
|||
(support for renegotiation now needs explicit enabling in config.h).
|
||||
* net_connect() and net_bind() have a new 'proto' argument to choose
|
||||
between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP.
|
||||
* ssl_set_bio() now requires that p_send == p_recv.
|
||||
* ssl_set_bio() changed signature (contexts merged, order switched, one
|
||||
additional callback for read-with-timeout).
|
||||
* Some constness fixes
|
||||
|
||||
Removals
|
||||
|
@ -60,7 +77,6 @@ Removals
|
|||
New deprecations
|
||||
* md_init_ctx() is deprecated in favour of md_setup(), that adds a third
|
||||
argument (allowing memory savings if HMAC is not used)
|
||||
* ssl_set_bio() is deprecated in favour of ssl_set_bio_timeout().
|
||||
|
||||
Semi-API changes (technically public, morally private)
|
||||
* Changed md_info_t into an opaque structure (use md_get_xxx() accessors).
|
||||
|
@ -80,12 +96,26 @@ Default behavior changes
|
|||
* Support for RSA_ALT contexts in the PK layer is now optional. Since is is
|
||||
enabled in the default configuration, this is only noticeable if using a
|
||||
custom config.h
|
||||
* Default DHM parameters server-side upgraded from 1024 to 2048 bits.
|
||||
* Negotiation of truncated HMAC is now disabled by default on server too.
|
||||
|
||||
Reauirement changes
|
||||
* The minimum MSVC version required is now 2010 (better C99 support).
|
||||
* The NET layer now unconditionnaly relies on getaddrinfo().
|
||||
* Compiler is required to support C99 types such as long long and uint32_t.
|
||||
|
||||
API changes from the 1.4 preview branch
|
||||
* ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with
|
||||
new prototype, and mbedtls_ssl_set_read_timeout().
|
||||
* The following functions now return void:
|
||||
mbedtls_ssl_conf_transport()
|
||||
mbedtls_ssl_conf_max_version()
|
||||
mbedtls_ssl_conf_min_version()
|
||||
|
||||
Changes
|
||||
* mbedtls_ctr_drbg_random() and mbedtls_hmac_drbg_random() are now
|
||||
thread-safe if MBEDTLS_THREADING_C is enabled.
|
||||
|
||||
= mbed TLS 1.3 branch
|
||||
|
||||
Security
|
||||
|
|
|
@ -1161,10 +1161,10 @@
|
|||
#define POLARSSL_ERR_NET_RECV_FAILED MBEDTLS_ERR_NET_RECV_FAILED
|
||||
#define POLARSSL_ERR_NET_SEND_FAILED MBEDTLS_ERR_NET_SEND_FAILED
|
||||
#define POLARSSL_ERR_NET_SOCKET_FAILED MBEDTLS_ERR_NET_SOCKET_FAILED
|
||||
#define POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_NET_TIMEOUT
|
||||
#define POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
|
||||
#define POLARSSL_ERR_NET_UNKNOWN_HOST MBEDTLS_ERR_NET_UNKNOWN_HOST
|
||||
#define POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_NET_WANT_READ
|
||||
#define POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_NET_WANT_WRITE
|
||||
#define POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
|
||||
#define POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
|
||||
#define POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
|
||||
#define POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
|
||||
#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
|
||||
|
@ -2443,7 +2443,7 @@
|
|||
#define ssl_hw_record_write mbedtls_ssl_hw_record_write
|
||||
#define ssl_init mbedtls_ssl_init
|
||||
#define ssl_key_cert mbedtls_ssl_key_cert
|
||||
#define ssl_legacy_renegotiation mbedtls_ssl_legacy_renegotiation
|
||||
#define ssl_legacy_renegotiation mbedtls_ssl_conf_legacy_renegotiation
|
||||
#define ssl_list_ciphersuites mbedtls_ssl_list_ciphersuites
|
||||
#define ssl_md_alg_from_hash mbedtls_ssl_md_alg_from_hash
|
||||
#define ssl_optimize_checksum mbedtls_ssl_optimize_checksum
|
||||
|
@ -2471,49 +2471,49 @@
|
|||
#define ssl_session_free mbedtls_ssl_session_free
|
||||
#define ssl_session_init mbedtls_ssl_session_init
|
||||
#define ssl_session_reset mbedtls_ssl_session_reset
|
||||
#define ssl_set_alpn_protocols mbedtls_ssl_set_alpn_protocols
|
||||
#define ssl_set_arc4_support mbedtls_ssl_set_arc4_support
|
||||
#define ssl_set_authmode mbedtls_ssl_set_authmode
|
||||
#define ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols
|
||||
#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
|
||||
#define ssl_set_authmode mbedtls_ssl_conf_authmode
|
||||
#define ssl_set_bio mbedtls_ssl_set_bio
|
||||
#define ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout
|
||||
#define ssl_set_ca_chain mbedtls_ssl_set_ca_chain
|
||||
#define ssl_set_cbc_record_splitting mbedtls_ssl_set_cbc_record_splitting
|
||||
#define ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites
|
||||
#define ssl_set_ciphersuites_for_version mbedtls_ssl_set_ciphersuites_for_version
|
||||
#define ssl_set_bio mbedtls_ssl_set_bio_timeout
|
||||
#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
|
||||
#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
|
||||
#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
|
||||
#define ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version
|
||||
#define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
|
||||
#define ssl_set_curves mbedtls_ssl_set_curves
|
||||
#define ssl_set_dbg mbedtls_ssl_set_dbg
|
||||
#define ssl_set_dh_param mbedtls_ssl_set_dh_param
|
||||
#define ssl_set_dh_param_ctx mbedtls_ssl_set_dh_param_ctx
|
||||
#define ssl_set_dtls_anti_replay mbedtls_ssl_set_dtls_anti_replay
|
||||
#define ssl_set_dtls_badmac_limit mbedtls_ssl_set_dtls_badmac_limit
|
||||
#define ssl_set_dtls_cookies mbedtls_ssl_set_dtls_cookies
|
||||
#define ssl_set_encrypt_then_mac mbedtls_ssl_set_encrypt_then_mac
|
||||
#define ssl_set_endpoint mbedtls_ssl_set_endpoint
|
||||
#define ssl_set_extended_master_secret mbedtls_ssl_set_extended_master_secret
|
||||
#define ssl_set_fallback mbedtls_ssl_set_fallback
|
||||
#define ssl_set_handshake_timeout mbedtls_ssl_set_handshake_timeout
|
||||
#define ssl_set_curves mbedtls_ssl_conf_curves
|
||||
#define ssl_set_dbg mbedtls_ssl_conf_dbg
|
||||
#define ssl_set_dh_param mbedtls_ssl_conf_dh_param
|
||||
#define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
|
||||
#define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
|
||||
#define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
|
||||
#define ssl_set_dtls_cookies mbedtls_ssl_conf_dtls_cookies
|
||||
#define ssl_set_encrypt_then_mac mbedtls_ssl_conf_encrypt_then_mac
|
||||
#define ssl_set_endpoint mbedtls_ssl_conf_endpoint
|
||||
#define ssl_set_extended_master_secret mbedtls_ssl_conf_extended_master_secret
|
||||
#define ssl_set_fallback mbedtls_ssl_conf_fallback
|
||||
#define ssl_set_handshake_timeout mbedtls_ssl_conf_handshake_timeout
|
||||
#define ssl_set_hostname mbedtls_ssl_set_hostname
|
||||
#define ssl_set_max_frag_len mbedtls_ssl_set_max_frag_len
|
||||
#define ssl_set_max_version mbedtls_ssl_set_max_version
|
||||
#define ssl_set_min_version mbedtls_ssl_set_min_version
|
||||
#define ssl_set_own_cert mbedtls_ssl_set_own_cert
|
||||
#define ssl_set_max_frag_len mbedtls_ssl_conf_max_frag_len
|
||||
#define ssl_set_max_version mbedtls_ssl_conf_max_version
|
||||
#define ssl_set_min_version mbedtls_ssl_conf_min_version
|
||||
#define ssl_set_own_cert mbedtls_ssl_conf_own_cert
|
||||
#define ssl_set_own_cert_alt mbedtls_ssl_set_own_cert_alt
|
||||
#define ssl_set_own_cert_rsa mbedtls_ssl_set_own_cert_rsa
|
||||
#define ssl_set_psk mbedtls_ssl_set_psk
|
||||
#define ssl_set_psk_cb mbedtls_ssl_set_psk_cb
|
||||
#define ssl_set_renegotiation mbedtls_ssl_set_renegotiation
|
||||
#define ssl_set_renegotiation_enforced mbedtls_ssl_set_renegotiation_enforced
|
||||
#define ssl_set_renegotiation_period mbedtls_ssl_set_renegotiation_period
|
||||
#define ssl_set_rng mbedtls_ssl_set_rng
|
||||
#define ssl_set_psk mbedtls_ssl_conf_psk
|
||||
#define ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
|
||||
#define ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
|
||||
#define ssl_set_renegotiation_enforced mbedtls_ssl_conf_renegotiation_enforced
|
||||
#define ssl_set_renegotiation_period mbedtls_ssl_conf_renegotiation_period
|
||||
#define ssl_set_rng mbedtls_ssl_conf_rng
|
||||
#define ssl_set_session mbedtls_ssl_set_session
|
||||
#define ssl_set_session_cache mbedtls_ssl_set_session_cache
|
||||
#define ssl_set_session_ticket_lifetime mbedtls_ssl_set_session_ticket_lifetime
|
||||
#define ssl_set_session_tickets mbedtls_ssl_set_session_tickets
|
||||
#define ssl_set_sni mbedtls_ssl_set_sni
|
||||
#define ssl_set_transport mbedtls_ssl_set_transport
|
||||
#define ssl_set_truncated_hmac mbedtls_ssl_set_truncated_hmac
|
||||
#define ssl_set_verify mbedtls_ssl_set_verify
|
||||
#define ssl_set_session_cache mbedtls_ssl_conf_session_cache
|
||||
#define ssl_set_session_ticket_lifetime mbedtls_ssl_conf_session_ticket_lifetime
|
||||
#define ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
|
||||
#define ssl_set_sni mbedtls_ssl_conf_sni
|
||||
#define ssl_set_transport mbedtls_ssl_conf_transport
|
||||
#define ssl_set_truncated_hmac mbedtls_ssl_conf_truncated_hmac
|
||||
#define ssl_set_verify mbedtls_ssl_conf_verify
|
||||
#define ssl_sig_from_pk mbedtls_ssl_sig_from_pk
|
||||
#define ssl_states mbedtls_ssl_states
|
||||
#define ssl_ticket_keys mbedtls_ssl_ticket_keys
|
||||
|
|
|
@ -361,7 +361,7 @@
|
|||
* Remove RC4 ciphersuites by default in SSL / TLS.
|
||||
* This flag removes the ciphersuites based on RC4 from the default list as
|
||||
* returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
|
||||
* enable (some of) them with mbedtls_ssl_set_ciphersuites() by including them
|
||||
* enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
|
||||
* explicitly.
|
||||
*
|
||||
* Uncomment this macro to remove RC4 ciphersuites by default.
|
||||
|
@ -1064,7 +1064,7 @@
|
|||
* MBEDTLS_SSL_PROTO_DTLS
|
||||
*
|
||||
* \warning Disabling this is often a security risk!
|
||||
* See mbedtls_ssl_set_dtls_anti_replay() for details.
|
||||
* See mbedtls_ssl_conf_dtls_anti_replay() for details.
|
||||
*
|
||||
* Comment this to disable anti-replay in DTLS.
|
||||
*/
|
||||
|
@ -1094,7 +1094,7 @@
|
|||
*
|
||||
* Enable support for a limit of records with bad MAC.
|
||||
*
|
||||
* See mbedtls_ssl_set_dtls_badmac_limit().
|
||||
* See mbedtls_ssl_conf_dtls_badmac_limit().
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_PROTO_DTLS
|
||||
*/
|
||||
|
@ -1136,14 +1136,14 @@
|
|||
/**
|
||||
* \def MBEDTLS_SSL_SET_CURVES
|
||||
*
|
||||
* Enable mbedtls_ssl_set_curves().
|
||||
* Enable mbedtls_ssl_conf_curves().
|
||||
*
|
||||
* This is disabled by default since it breaks binary compatibility with the
|
||||
* 1.3.x line. If you choose to enable it, you will need to rebuild your
|
||||
* application against the new header files, relinking will not be enough.
|
||||
* It will be enabled by default, or no longer an option, in the 1.4 branch.
|
||||
*
|
||||
* Uncomment to make mbedtls_ssl_set_curves() available.
|
||||
* Uncomment to make mbedtls_ssl_conf_curves() available.
|
||||
*/
|
||||
//#define MBEDTLS_SSL_SET_CURVES
|
||||
|
||||
|
|
|
@ -26,6 +26,10 @@
|
|||
|
||||
#include "aes.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< Too many random requested in single call. */
|
||||
#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< Input too large (Entropy + additional). */
|
||||
|
@ -99,6 +103,10 @@ typedef struct
|
|||
int (*f_entropy)(void *, unsigned char *, size_t);
|
||||
|
||||
void *p_entropy; /*!< context for the entropy function */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex;
|
||||
#endif
|
||||
}
|
||||
mbedtls_ctr_drbg_context;
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@
|
|||
* DES 1 0x0032-0x0032
|
||||
* CTR_DBRG 4 0x0034-0x003A
|
||||
* ENTROPY 3 0x003C-0x0040
|
||||
* NET 12 0x0042-0x0056 0x0011-0x0011
|
||||
* NET 9 0x0042-0x0052
|
||||
* ENTROPY 1 0x0058-0x0058
|
||||
* ASN1 7 0x0060-0x006C
|
||||
* MD2 1 0x0070-0x0070
|
||||
|
@ -88,7 +88,7 @@
|
|||
* ECP 4 8 (Started from top)
|
||||
* MD 5 4
|
||||
* CIPHER 6 6
|
||||
* SSL 6 13 (Started from top)
|
||||
* SSL 6 16 (Started from top)
|
||||
* SSL 7 31
|
||||
*
|
||||
* Module dependent error code (5 bits 0x.00.-0x.F8.)
|
||||
|
|
|
@ -26,6 +26,10 @@
|
|||
|
||||
#include "md.h"
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Error codes
|
||||
*/
|
||||
|
@ -87,6 +91,10 @@ typedef struct
|
|||
/* Callbacks */
|
||||
int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
|
||||
void *p_entropy; /*!< context for the entropy function */
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_threading_mutex_t mutex;
|
||||
#endif
|
||||
} mbedtls_hmac_drbg_context;
|
||||
|
||||
/**
|
||||
|
|
|
@ -30,6 +30,8 @@
|
|||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#include "ssl.h"
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
|
@ -41,10 +43,7 @@
|
|||
#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */
|
||||
#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */
|
||||
#define MBEDTLS_ERR_NET_WANT_READ -0x0052 /**< Connection requires a read call. */
|
||||
#define MBEDTLS_ERR_NET_WANT_WRITE -0x0054 /**< Connection requires a write call. */
|
||||
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0056 /**< Failed to get an IP address for the given hostname. */
|
||||
#define MBEDTLS_ERR_NET_TIMEOUT -0x0011 /**< The operation timed out. */
|
||||
#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */
|
||||
|
||||
#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */
|
||||
|
||||
|
@ -100,7 +99,7 @@ int mbedtls_net_bind( int *fd, const char *bind_ip, int port, int proto );
|
|||
* Must be at least 4 bytes, or 16 if IPv6 is supported
|
||||
*
|
||||
* \return 0 if successful, MBEDTLS_ERR_NET_ACCEPT_FAILED, or
|
||||
* MBEDTLS_ERR_NET_WANT_READ is bind_fd was set to
|
||||
* MBEDTLS_ERR_SSL_WANT_READ is bind_fd was set to
|
||||
* non-blocking and accept() is blocking.
|
||||
*
|
||||
* \note With UDP, connects the bind_fd to the client and just copy
|
||||
|
@ -148,8 +147,9 @@ void mbedtls_net_usleep( unsigned long usec );
|
|||
* \param len Maximum length of the buffer
|
||||
*
|
||||
* \return This function returns the number of bytes received,
|
||||
* or a non-zero error code; MBEDTLS_ERR_NET_WANT_READ
|
||||
* indicates read() is blocking.
|
||||
* or a non-zero error code; with a non-blocking socket,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ indicates read() would be
|
||||
* blocking.
|
||||
*/
|
||||
int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
|
||||
|
||||
|
@ -162,8 +162,9 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
|
|||
* \param len The length of the buffer
|
||||
*
|
||||
* \return This function returns the number of bytes sent,
|
||||
* or a non-zero error code; MBEDTLS_ERR_NET_WANT_WRITE
|
||||
* indicates write() is blocking.
|
||||
* or a non-zero error code; with a non-blocking socket,
|
||||
* MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would be
|
||||
* blocking.
|
||||
*/
|
||||
int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
|
||||
|
||||
|
@ -180,8 +181,8 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
|
|||
*
|
||||
* \return This function returns the number of bytes received,
|
||||
* or a non-zero error code:
|
||||
* MBEDTLS_ERR_NET_TIMEOUT if the operation timed out,
|
||||
* MBEDTLS_ERR_NET_WANT_READ if interrupted by a signal.
|
||||
* MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
|
||||
* MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
|
||||
*
|
||||
* \note This function will block (until data becomes available or
|
||||
* timeout is reached) even if the socket is set to
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -74,10 +74,6 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||
int ret;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
|
||||
|
||||
mbedtls_cipher_init( &ctx->cipher_ctx );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_values( cipher, keysize, MBEDTLS_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_CCM_BAD_INPUT );
|
||||
|
|
|
@ -61,6 +61,10 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||
void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_init( &ctx->mutex );
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -78,7 +82,6 @@ int mbedtls_ctr_drbg_seed_entropy_len(
|
|||
int ret;
|
||||
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
|
||||
|
||||
memset( ctx, 0, sizeof(mbedtls_ctr_drbg_context) );
|
||||
memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
|
||||
|
||||
mbedtls_aes_init( &ctx->aes_ctx );
|
||||
|
@ -115,6 +118,9 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_free( &ctx->mutex );
|
||||
#endif
|
||||
mbedtls_aes_free( &ctx->aes_ctx );
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
|
||||
}
|
||||
|
@ -392,7 +398,22 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
|
|||
|
||||
int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
|
||||
{
|
||||
return mbedtls_ctr_drbg_random_with_add( p_rng, output, output_len, NULL, 0 );
|
||||
int ret;
|
||||
mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
#endif
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
|
@ -537,6 +558,8 @@ int mbedtls_ctr_drbg_self_test( int verbose )
|
|||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
|
||||
CHK( memcmp( buf, result_pr, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
|
||||
|
||||
mbedtls_ctr_drbg_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
|
@ -546,6 +569,8 @@ int mbedtls_ctr_drbg_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( " CTR_DRBG (PR = FALSE): " );
|
||||
|
||||
mbedtls_ctr_drbg_init( &ctx );
|
||||
|
||||
test_offset = 0;
|
||||
CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
|
||||
(void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
|
||||
|
@ -554,6 +579,8 @@ int mbedtls_ctr_drbg_self_test( int verbose )
|
|||
CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
|
||||
CHK( memcmp( buf, result_nopr, 16 ) );
|
||||
|
||||
mbedtls_ctr_drbg_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
|
|
|
@ -83,18 +83,18 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
|||
char str[512];
|
||||
int maxlen = sizeof( str ) - 1;
|
||||
|
||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
||||
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||
return;
|
||||
|
||||
if( debug_log_mode == MBEDTLS_DEBUG_LOG_RAW )
|
||||
{
|
||||
ssl->f_dbg( ssl->p_dbg, level, text );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, text );
|
||||
return;
|
||||
}
|
||||
|
||||
mbedtls_snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text );
|
||||
str[maxlen] = '\0';
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
}
|
||||
|
||||
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
||||
|
@ -105,7 +105,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
|||
int maxlen = sizeof( str ) - 1;
|
||||
size_t idx = 0;
|
||||
|
||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
||||
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||
return;
|
||||
|
||||
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
||||
|
@ -115,7 +115,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
|||
text, ret, -ret );
|
||||
|
||||
str[maxlen] = '\0';
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
}
|
||||
|
||||
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
||||
|
@ -126,7 +126,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||
char txt[17];
|
||||
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
|
||||
|
||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
||||
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||
return;
|
||||
|
||||
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
||||
|
@ -136,7 +136,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||
text, (unsigned int) len );
|
||||
|
||||
str[maxlen] = '\0';
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
|
||||
idx = 0;
|
||||
memset( txt, 0, sizeof( txt ) );
|
||||
|
@ -150,7 +150,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||
if( i > 0 )
|
||||
{
|
||||
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
|
||||
idx = 0;
|
||||
memset( txt, 0, sizeof( txt ) );
|
||||
|
@ -175,7 +175,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||
idx += mbedtls_snprintf( str + idx, maxlen - idx, " " );
|
||||
|
||||
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -187,7 +187,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
|
|||
char str[512];
|
||||
int maxlen = sizeof( str ) - 1;
|
||||
|
||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
||||
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||
return;
|
||||
|
||||
mbedtls_snprintf( str, maxlen, "%s(X)", text );
|
||||
|
@ -209,7 +209,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||
int j, k, maxlen = sizeof( str ) - 1, zeros = 1;
|
||||
size_t i, n, idx = 0;
|
||||
|
||||
if( ssl->f_dbg == NULL || X == NULL || level > debug_threshold )
|
||||
if( ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold )
|
||||
return;
|
||||
|
||||
for( n = X->n - 1; n > 0; n-- )
|
||||
|
@ -227,7 +227,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
|
||||
|
||||
str[maxlen] = '\0';
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
|
||||
idx = 0;
|
||||
for( i = n + 1, j = 0; i > 0; i-- )
|
||||
|
@ -247,7 +247,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||
if( j > 0 )
|
||||
{
|
||||
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
idx = 0;
|
||||
}
|
||||
|
||||
|
@ -274,7 +274,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||
}
|
||||
|
||||
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
|
@ -322,7 +322,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
|||
char str[1024], prefix[64];
|
||||
int i = 0, maxlen = sizeof( prefix ) - 1, idx = 0;
|
||||
|
||||
if( ssl->f_dbg == NULL || crt == NULL || level > debug_threshold )
|
||||
if( ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
|
||||
return;
|
||||
|
||||
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
||||
|
@ -347,7 +347,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
|||
text, ++i, buf );
|
||||
|
||||
str[maxlen] = '\0';
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||
|
||||
debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
|
||||
|
||||
|
|
|
@ -457,6 +457,12 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "SSL - A buffer is too small to receive or write a message" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Connection requires a read call" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" );
|
||||
if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) )
|
||||
mbedtls_snprintf( buf, buflen, "SSL - The operation timed out" );
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
|
@ -675,14 +681,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
mbedtls_snprintf( buf, buflen, "NET - Sending information through the socket failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_CONN_RESET) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - Connection was reset by peer" );
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_WANT_READ) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - Connection requires a read call" );
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_WANT_WRITE) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - Connection requires a write call" );
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_UNKNOWN_HOST) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
|
||||
if( use_ret == -(MBEDTLS_ERR_NET_TIMEOUT) )
|
||||
mbedtls_snprintf( buf, buflen, "NET - The operation timed out" );
|
||||
#endif /* MBEDTLS_NET_C */
|
||||
|
||||
#if defined(MBEDTLS_OID_C)
|
||||
|
|
|
@ -167,10 +167,6 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||
int ret;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
|
||||
memset( ctx, 0, sizeof(mbedtls_gcm_context) );
|
||||
|
||||
mbedtls_cipher_init( &ctx->cipher_ctx );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_values( cipher, keysize, MBEDTLS_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
|
|
|
@ -62,6 +62,10 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||
void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_init( &ctx->mutex );
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -101,10 +105,6 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
|
||||
|
||||
mbedtls_md_init( &ctx->md_ctx );
|
||||
|
||||
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -175,10 +175,6 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
|
|||
int ret;
|
||||
size_t entropy_len, md_size;
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
|
||||
|
||||
mbedtls_md_init( &ctx->md_ctx );
|
||||
|
||||
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -313,7 +309,22 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
|
|||
*/
|
||||
int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
|
||||
{
|
||||
return( mbedtls_hmac_drbg_random_with_add( p_rng, output, out_len, NULL, 0 ) );
|
||||
int ret;
|
||||
mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||
return( ret );
|
||||
#endif
|
||||
|
||||
ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 );
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||
#endif
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -324,8 +335,10 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_free( &ctx->mutex );
|
||||
#endif
|
||||
mbedtls_md_free( &ctx->md_ctx );
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
|
||||
}
|
||||
|
||||
|
@ -481,6 +494,8 @@ int mbedtls_hmac_drbg_self_test( int verbose )
|
|||
CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
|
||||
mbedtls_hmac_drbg_free( &ctx );
|
||||
|
||||
mbedtls_hmac_drbg_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
|
@ -490,6 +505,8 @@ int mbedtls_hmac_drbg_self_test( int verbose )
|
|||
if( verbose != 0 )
|
||||
mbedtls_printf( " HMAC_DRBG (PR = False) : " );
|
||||
|
||||
mbedtls_hmac_drbg_init( &ctx );
|
||||
|
||||
test_offset = 0;
|
||||
CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
|
||||
hmac_drbg_self_test_entropy, (void *) entropy_nopr,
|
||||
|
@ -500,6 +517,8 @@ int mbedtls_hmac_drbg_self_test( int verbose )
|
|||
CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
|
||||
mbedtls_hmac_drbg_free( &ctx );
|
||||
|
||||
mbedtls_hmac_drbg_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
mbedtls_printf( "passed\n" );
|
||||
|
||||
|
|
|
@ -338,7 +338,7 @@ int mbedtls_net_accept( int bind_fd, int *client_fd, void *client_ip )
|
|||
if( ret < 0 )
|
||||
{
|
||||
if( net_would_block( bind_fd ) != 0 )
|
||||
return( MBEDTLS_ERR_NET_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
|
||||
return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
|
||||
}
|
||||
|
@ -425,7 +425,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
|
|||
if( ret < 0 )
|
||||
{
|
||||
if( net_would_block( fd ) != 0 )
|
||||
return( MBEDTLS_ERR_NET_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
|
||||
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
|
||||
!defined(EFI32)
|
||||
|
@ -436,7 +436,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
|
|||
return( MBEDTLS_ERR_NET_CONN_RESET );
|
||||
|
||||
if( errno == EINTR )
|
||||
return( MBEDTLS_ERR_NET_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
#endif
|
||||
|
||||
return( MBEDTLS_ERR_NET_RECV_FAILED );
|
||||
|
@ -467,17 +467,17 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
|
|||
|
||||
/* Zero fds ready means we timed out */
|
||||
if( ret == 0 )
|
||||
return( MBEDTLS_ERR_NET_TIMEOUT );
|
||||
return( MBEDTLS_ERR_SSL_TIMEOUT );
|
||||
|
||||
if( ret < 0 )
|
||||
{
|
||||
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
|
||||
!defined(EFI32)
|
||||
if( WSAGetLastError() == WSAEINTR )
|
||||
return( MBEDTLS_ERR_NET_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
#else
|
||||
if( errno == EINTR )
|
||||
return( MBEDTLS_ERR_NET_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
#endif
|
||||
|
||||
return( MBEDTLS_ERR_NET_RECV_FAILED );
|
||||
|
@ -499,7 +499,7 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
|
|||
if( ret < 0 )
|
||||
{
|
||||
if( net_would_block( fd ) != 0 )
|
||||
return( MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
return( MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
|
||||
!defined(EFI32)
|
||||
|
@ -510,7 +510,7 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
|
|||
return( MBEDTLS_ERR_NET_CONN_RESET );
|
||||
|
||||
if( errno == EINTR )
|
||||
return( MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
return( MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
#endif
|
||||
|
||||
return( MBEDTLS_ERR_NET_SEND_FAILED );
|
||||
|
|
|
@ -65,6 +65,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
|||
size_t *olen )
|
||||
{
|
||||
unsigned char *p = buf;
|
||||
size_t hostname_len;
|
||||
|
||||
*olen = 0;
|
||||
|
||||
|
@ -74,6 +75,8 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
|
||||
ssl->hostname ) );
|
||||
|
||||
hostname_len = strlen( ssl->hostname );
|
||||
|
||||
/*
|
||||
* struct {
|
||||
* NameType name_type;
|
||||
|
@ -95,19 +98,19 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
|||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF );
|
||||
|
||||
*p++ = (unsigned char)( ( (ssl->hostname_len + 5) >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( (ssl->hostname_len + 5) ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF );
|
||||
|
||||
*p++ = (unsigned char)( ( (ssl->hostname_len + 3) >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( (ssl->hostname_len + 3) ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF );
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ssl->hostname_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( ssl->hostname_len ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( hostname_len ) & 0xFF );
|
||||
|
||||
memcpy( p, ssl->hostname, ssl->hostname_len );
|
||||
memcpy( p, ssl->hostname, hostname_len );
|
||||
|
||||
*olen = ssl->hostname_len + 9;
|
||||
*olen = hostname_len + 9;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
|
@ -158,7 +161,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
*olen = 0;
|
||||
|
||||
if( ssl->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
return;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
|
||||
|
@ -262,7 +265,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_SET_CURVES)
|
||||
for( grp_id = ssl->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
|
||||
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
|
||||
{
|
||||
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
|
||||
#else
|
||||
|
@ -320,7 +323,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
unsigned char *p = buf;
|
||||
|
||||
if( ssl->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
|
||||
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
|
||||
*olen = 0;
|
||||
return;
|
||||
}
|
||||
|
@ -333,7 +336,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||
*p++ = 0x00;
|
||||
*p++ = 1;
|
||||
|
||||
*p++ = ssl->mfl_code;
|
||||
*p++ = ssl->conf->mfl_code;
|
||||
|
||||
*olen = 5;
|
||||
}
|
||||
|
@ -345,7 +348,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
unsigned char *p = buf;
|
||||
|
||||
if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
|
||||
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
|
@ -369,8 +372,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
unsigned char *p = buf;
|
||||
|
||||
if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||
ssl->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
|
@ -395,8 +398,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
unsigned char *p = buf;
|
||||
|
||||
if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||
ssl->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
|
@ -422,7 +425,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
unsigned char *p = buf;
|
||||
size_t tlen = ssl->session_negotiate->ticket_len;
|
||||
|
||||
if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
||||
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
|
@ -459,7 +462,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
unsigned char *p = buf;
|
||||
const char **cur;
|
||||
|
||||
if( ssl->alpn_list == NULL )
|
||||
if( ssl->conf->alpn_list == NULL )
|
||||
{
|
||||
*olen = 0;
|
||||
return;
|
||||
|
@ -481,7 +484,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
/* Skip writing extension and list length for now */
|
||||
p += 4;
|
||||
|
||||
for( cur = ssl->alpn_list; *cur != NULL; cur++ )
|
||||
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
|
||||
{
|
||||
*p = (unsigned char)( strlen( *cur ) & 0xFF );
|
||||
memcpy( p + 1, *cur, *p );
|
||||
|
@ -515,7 +518,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->handshake->verify_cookie != NULL )
|
||||
{
|
||||
return( 0 );
|
||||
|
@ -531,13 +534,13 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
|
||||
#else
|
||||
if( ( ret = ssl->f_rng( ssl->p_rng, p, 4 ) ) != 0 )
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
p += 4;
|
||||
#endif /* MBEDTLS_HAVE_TIME */
|
||||
|
||||
if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
|
@ -555,7 +558,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
|
||||
|
||||
if( ssl->f_rng == NULL )
|
||||
if( ssl->conf->f_rng == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
|
||||
return( MBEDTLS_ERR_SSL_NO_RNG );
|
||||
|
@ -565,14 +568,15 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
||||
#endif
|
||||
{
|
||||
ssl->major_ver = ssl->min_major_ver;
|
||||
ssl->minor_ver = ssl->min_minor_ver;
|
||||
ssl->major_ver = ssl->conf->min_major_ver;
|
||||
ssl->minor_ver = ssl->conf->min_minor_ver;
|
||||
}
|
||||
|
||||
if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
|
||||
if( ssl->conf->max_major_ver == 0 )
|
||||
{
|
||||
ssl->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
|
||||
ssl->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, "
|
||||
"consider using mbedtls_ssl_config_defaults()" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -585,8 +589,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
buf = ssl->out_msg;
|
||||
p = buf + 4;
|
||||
|
||||
mbedtls_ssl_write_version( ssl->max_major_ver, ssl->max_minor_ver,
|
||||
ssl->transport, p );
|
||||
mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
|
||||
ssl->conf->transport, p );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
|
||||
|
@ -637,7 +641,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
if( ssl->session_negotiate->ticket != NULL &&
|
||||
ssl->session_negotiate->ticket_len != 0 )
|
||||
{
|
||||
ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id, 32 );
|
||||
ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
|
||||
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
@ -659,7 +663,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
* DTLS cookie
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
if( ssl->handshake->verify_cookie == NULL )
|
||||
{
|
||||
|
@ -683,7 +687,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Ciphersuite list
|
||||
*/
|
||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
||||
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
||||
|
||||
/* Skip writing ciphersuite length for now */
|
||||
n = 0;
|
||||
|
@ -697,17 +701,17 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info == NULL )
|
||||
continue;
|
||||
|
||||
if( ciphersuite_info->min_minor_ver > ssl->max_minor_ver ||
|
||||
ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
|
||||
if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
|
||||
ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
|
||||
continue;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
||||
continue;
|
||||
#endif
|
||||
|
||||
if( ssl->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
||||
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
||||
ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||
continue;
|
||||
|
||||
|
@ -733,7 +737,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
/* Some versions of OpenSSL don't handle it correctly if not at end */
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
if( ssl->fallback == MBEDTLS_SSL_IS_FALLBACK )
|
||||
if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
|
||||
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
|
||||
|
@ -760,7 +764,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
* an actual need for it.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
offer_compress = 0;
|
||||
#endif
|
||||
|
||||
|
@ -860,7 +864,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
ssl->state++;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
mbedtls_ssl_send_flight_completed( ssl );
|
||||
#endif
|
||||
|
||||
|
@ -928,9 +932,9 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||
* server should use the extension only if we did,
|
||||
* and if so the server's value should match ours (and len is always 1)
|
||||
*/
|
||||
if( ssl->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
|
||||
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
|
||||
len != 1 ||
|
||||
buf[0] != ssl->mfl_code )
|
||||
buf[0] != ssl->conf->mfl_code )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
@ -944,7 +948,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
|
||||
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
|
||||
len != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
|
@ -963,7 +967,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
||||
len != 0 )
|
||||
{
|
||||
|
@ -983,7 +987,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
||||
len != 0 )
|
||||
{
|
||||
|
@ -1003,7 +1007,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
const unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
|
||||
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
|
||||
len != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
|
@ -1060,7 +1064,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
const char **p;
|
||||
|
||||
/* If we didn't send it, the server shouldn't send it */
|
||||
if( ssl->alpn_list == NULL )
|
||||
if( ssl->conf->alpn_list == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
|
||||
/*
|
||||
|
@ -1086,7 +1090,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
|
||||
/* Check that the server chosen protocol was in our list and save it */
|
||||
for( p = ssl->alpn_list; *p != NULL; p++ )
|
||||
for( p = ssl->conf->alpn_list; *p != NULL; p++ )
|
||||
{
|
||||
if( name_len == strlen( *p ) &&
|
||||
memcmp( buf + 3, *p, name_len ) == 0 )
|
||||
|
@ -1119,7 +1123,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
* } HelloVerifyRequest;
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->transport, p );
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
|
||||
p += 2;
|
||||
|
||||
/*
|
||||
|
@ -1128,8 +1132,8 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
*/
|
||||
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
|
||||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
|
||||
major_ver > ssl->max_major_ver ||
|
||||
minor_ver > ssl->max_minor_ver )
|
||||
major_ver > ssl->conf->max_major_ver ||
|
||||
minor_ver > ssl->conf->max_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
|
||||
|
||||
|
@ -1199,8 +1203,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
ssl->renego_records_seen++;
|
||||
|
||||
if( ssl->renego_max_records >= 0 &&
|
||||
ssl->renego_records_seen > ssl->renego_max_records )
|
||||
if( ssl->conf->renego_max_records >= 0 &&
|
||||
ssl->renego_records_seen > ssl->conf->renego_max_records )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
|
||||
"but not honored by server" ) );
|
||||
|
@ -1217,7 +1221,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
||||
{
|
||||
|
@ -1257,18 +1261,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
|
||||
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
|
||||
ssl->transport, buf + 0 );
|
||||
ssl->conf->transport, buf + 0 );
|
||||
|
||||
if( ssl->major_ver < ssl->min_major_ver ||
|
||||
ssl->minor_ver < ssl->min_minor_ver ||
|
||||
ssl->major_ver > ssl->max_major_ver ||
|
||||
ssl->minor_ver > ssl->max_minor_ver )
|
||||
if( ssl->major_ver < ssl->conf->min_major_ver ||
|
||||
ssl->minor_ver < ssl->conf->min_minor_ver ||
|
||||
ssl->major_ver > ssl->conf->max_major_ver ||
|
||||
ssl->minor_ver > ssl->conf->max_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
|
||||
" min: [%d:%d], server: [%d:%d], max: [%d:%d]",
|
||||
ssl->min_major_ver, ssl->min_minor_ver,
|
||||
ssl->conf->min_major_ver, ssl->conf->min_minor_ver,
|
||||
ssl->major_ver, ssl->minor_ver,
|
||||
ssl->max_major_ver, ssl->max_minor_ver ) );
|
||||
ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
|
||||
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
||||
|
@ -1334,7 +1338,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
/* See comments in ssl_write_client_hello() */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
accept_comp = 0;
|
||||
#endif
|
||||
|
||||
|
@ -1402,7 +1406,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
|
||||
if( suite_info == NULL ||
|
||||
( ssl->arc4_disabled &&
|
||||
( ssl->conf->arc4_disabled &&
|
||||
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||
|
@ -1413,13 +1417,13 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
i = 0;
|
||||
while( 1 )
|
||||
{
|
||||
if( ssl->ciphersuite_list[ssl->minor_ver][i] == 0 )
|
||||
if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||
}
|
||||
|
||||
if( ssl->ciphersuite_list[ssl->minor_ver][i++] ==
|
||||
if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
|
||||
ssl->session_negotiate->ciphersuite )
|
||||
{
|
||||
break;
|
||||
|
@ -1575,7 +1579,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
* Renegotiation security checks
|
||||
*/
|
||||
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
||||
handshake_failure = 1;
|
||||
|
@ -1590,7 +1594,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
||||
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
|
||||
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
|
||||
handshake_failure = 1;
|
||||
|
@ -1779,10 +1783,10 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
* opaque random[46];
|
||||
* } PreMasterSecret;
|
||||
*/
|
||||
mbedtls_ssl_write_version( ssl->max_major_ver, ssl->max_minor_ver,
|
||||
ssl->transport, p );
|
||||
mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
|
||||
ssl->conf->transport, p );
|
||||
|
||||
if( ( ret = ssl->f_rng( ssl->p_rng, p + 2, 46 ) ) != 0 )
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
|
||||
return( ret );
|
||||
|
@ -1804,7 +1808,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
p, ssl->handshake->pmslen,
|
||||
ssl->out_msg + offset + len_bytes, olen,
|
||||
MBEDTLS_SSL_MAX_CONTENT_LEN - offset - len_bytes,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
|
||||
return( ret );
|
||||
|
@ -2426,7 +2430,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
|||
ssl->state++;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
mbedtls_ssl_recv_flight_completed( ssl );
|
||||
#endif
|
||||
|
||||
|
@ -2458,7 +2462,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
&ssl->out_msg[i], n,
|
||||
ssl->f_rng, ssl->p_rng );
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
|
||||
|
@ -2473,7 +2477,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||
ssl->handshake->premaster,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
||||
return( ret );
|
||||
|
@ -2500,7 +2504,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
||||
&n,
|
||||
&ssl->out_msg[i], 1000,
|
||||
ssl->f_rng, ssl->p_rng );
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
|
||||
|
@ -2513,7 +2517,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
&ssl->handshake->pmslen,
|
||||
ssl->handshake->premaster,
|
||||
MBEDTLS_MPI_MAX_SIZE,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
||||
return( ret );
|
||||
|
@ -2535,16 +2539,16 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* opaque psk_identity<0..2^16-1>;
|
||||
*/
|
||||
if( ssl->psk == NULL || ssl->psk_identity == NULL )
|
||||
if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
|
||||
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
||||
|
||||
i = 4;
|
||||
n = ssl->psk_identity_len;
|
||||
n = ssl->conf->psk_identity_len;
|
||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[i++] = (unsigned char)( n );
|
||||
|
||||
memcpy( ssl->out_msg + i, ssl->psk_identity, ssl->psk_identity_len );
|
||||
i += ssl->psk_identity_len;
|
||||
memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
|
||||
i += ssl->conf->psk_identity_len;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
|
||||
|
@ -2574,7 +2578,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
&ssl->out_msg[i], n,
|
||||
ssl->f_rng, ssl->p_rng );
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
|
||||
|
@ -2591,7 +2595,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
*/
|
||||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
|
||||
&ssl->out_msg[i], MBEDTLS_SSL_MAX_CONTENT_LEN - i,
|
||||
ssl->f_rng, ssl->p_rng );
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
|
||||
|
@ -2801,7 +2805,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash_start, hashlen,
|
||||
ssl->out_msg + 6 + offset, &n,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
|
||||
return( ret );
|
||||
|
@ -2944,7 +2948,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->handshake != NULL &&
|
||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||
{
|
||||
|
|
|
@ -189,15 +189,15 @@ static int ssl_write_ticket( mbedtls_ssl_context *ssl, size_t *tlen )
|
|||
|
||||
*tlen = 0;
|
||||
|
||||
if( ssl->ticket_keys == NULL )
|
||||
if( ssl->conf->ticket_keys == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
/* Write key name */
|
||||
memcpy( p, ssl->ticket_keys->key_name, 16 );
|
||||
memcpy( p, ssl->conf->ticket_keys->key_name, 16 );
|
||||
p += 16;
|
||||
|
||||
/* Generate and write IV (with a copy for aes_crypt) */
|
||||
if( ( ret = ssl->f_rng( ssl->p_rng, p, 16 ) ) != 0 )
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 16 ) ) != 0 )
|
||||
return( ret );
|
||||
memcpy( iv, p, 16 );
|
||||
p += 16;
|
||||
|
@ -224,7 +224,7 @@ static int ssl_write_ticket( mbedtls_ssl_context *ssl, size_t *tlen )
|
|||
state[i] = (unsigned char) pad_len;
|
||||
|
||||
/* Encrypt */
|
||||
if( ( ret = mbedtls_aes_crypt_cbc( &ssl->ticket_keys->enc, MBEDTLS_AES_ENCRYPT,
|
||||
if( ( ret = mbedtls_aes_crypt_cbc( &ssl->conf->ticket_keys->enc, MBEDTLS_AES_ENCRYPT,
|
||||
enc_len, iv, state, state ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
|
@ -237,7 +237,7 @@ static int ssl_write_ticket( mbedtls_ssl_context *ssl, size_t *tlen )
|
|||
|
||||
/* Compute and write MAC( key_name + iv + enc_state_len + enc_state ) */
|
||||
if( ( ret = mbedtls_md_hmac( mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
|
||||
ssl->ticket_keys->mac_key, 16,
|
||||
ssl->conf->ticket_keys->mac_key, 16,
|
||||
start, p - start, p ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
|
@ -271,7 +271,7 @@ static int ssl_parse_ticket( mbedtls_ssl_context *ssl,
|
|||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "session ticket structure", buf, len );
|
||||
|
||||
if( len < 34 || ssl->ticket_keys == NULL )
|
||||
if( len < 34 || ssl->conf->ticket_keys == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
|
||||
|
@ -283,12 +283,12 @@ static int ssl_parse_ticket( mbedtls_ssl_context *ssl,
|
|||
/* Check name, in constant time though it's not a big secret */
|
||||
diff = 0;
|
||||
for( i = 0; i < 16; i++ )
|
||||
diff |= key_name[i] ^ ssl->ticket_keys->key_name[i];
|
||||
diff |= key_name[i] ^ ssl->conf->ticket_keys->key_name[i];
|
||||
/* don't return yet, check the MAC anyway */
|
||||
|
||||
/* Check mac, with constant-time buffer comparison */
|
||||
if( ( ret = mbedtls_md_hmac( mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
|
||||
ssl->ticket_keys->mac_key, 16,
|
||||
ssl->conf->ticket_keys->mac_key, 16,
|
||||
buf, len - 32, computed_mac ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
|
@ -303,7 +303,7 @@ static int ssl_parse_ticket( mbedtls_ssl_context *ssl,
|
|||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
|
||||
/* Decrypt */
|
||||
if( ( ret = mbedtls_aes_crypt_cbc( &ssl->ticket_keys->dec, MBEDTLS_AES_DECRYPT,
|
||||
if( ( ret = mbedtls_aes_crypt_cbc( &ssl->conf->ticket_keys->dec, MBEDTLS_AES_DECRYPT,
|
||||
enc_len, iv, ticket, ticket ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
|
@ -333,7 +333,7 @@ static int ssl_parse_ticket( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
/* Check if still valid */
|
||||
if( (int) ( time( NULL) - session.start ) > ssl->ticket_lifetime )
|
||||
if( (int) ( time( NULL) - session.start ) > ssl->conf->ticket_lifetime )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "session ticket expired" ) );
|
||||
mbedtls_ssl_session_free( &session );
|
||||
|
@ -363,7 +363,7 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
|||
const unsigned char *info,
|
||||
size_t ilen )
|
||||
{
|
||||
if( ssl->endpoint != MBEDTLS_SSL_IS_SERVER )
|
||||
if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_free( ssl->cli_id );
|
||||
|
@ -377,37 +377,18 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_cookie_write_t *f_cookie_write,
|
||||
mbedtls_ssl_cookie_check_t *f_cookie_check,
|
||||
void *p_cookie )
|
||||
{
|
||||
ssl->f_cookie_write = f_cookie_write;
|
||||
ssl->f_cookie_check = f_cookie_check;
|
||||
ssl->p_cookie = p_cookie;
|
||||
conf->f_cookie_write = f_cookie_write;
|
||||
conf->f_cookie_check = f_cookie_check;
|
||||
conf->p_cookie = p_cookie;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
/*
|
||||
* Wrapper around f_sni, allowing use of mbedtls_ssl_set_own_cert() but
|
||||
* making it act on ssl->handshake->sni_key_cert instead.
|
||||
*/
|
||||
static int ssl_sni_wrapper( mbedtls_ssl_context *ssl,
|
||||
const unsigned char* name, size_t len )
|
||||
{
|
||||
int ret;
|
||||
mbedtls_ssl_key_cert *key_cert_ori = ssl->key_cert;
|
||||
|
||||
ssl->key_cert = NULL;
|
||||
ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
|
||||
ssl->handshake->sni_key_cert = ssl->key_cert;
|
||||
|
||||
ssl->key_cert = key_cert_ori;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -437,7 +418,8 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
|
||||
{
|
||||
ret = ssl_sni_wrapper( ssl, p + 3, hostname_len );
|
||||
ret = ssl->conf->f_sni( ssl->conf->p_sni,
|
||||
ssl, p + 3, hostname_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
|
||||
|
@ -670,7 +652,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
((void) buf);
|
||||
|
||||
if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
|
||||
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
|
||||
ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
|
||||
|
||||
return( 0 );
|
||||
|
@ -690,7 +672,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
((void) buf);
|
||||
|
||||
if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
|
||||
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
|
||||
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
|
||||
|
@ -713,7 +695,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
((void) buf);
|
||||
|
||||
if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
|
||||
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
|
||||
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
|
||||
|
@ -730,7 +712,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||
{
|
||||
int ret;
|
||||
|
||||
if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
||||
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
||||
return( 0 );
|
||||
|
||||
/* Remember the client asked us to send a new ticket */
|
||||
|
@ -778,7 +760,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
const char **ours;
|
||||
|
||||
/* If ALPN not configured, just ignore the extension */
|
||||
if( ssl->alpn_list == NULL )
|
||||
if( ssl->conf->alpn_list == NULL )
|
||||
return( 0 );
|
||||
|
||||
/*
|
||||
|
@ -802,7 +784,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
start = buf + 2;
|
||||
end = buf + len;
|
||||
for( ours = ssl->alpn_list; *ours != NULL; ours++ )
|
||||
for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ )
|
||||
{
|
||||
ours_len = strlen( *ours );
|
||||
for( theirs = start; theirs != end; theirs += cur_len )
|
||||
|
@ -875,7 +857,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
|
|||
list = ssl->handshake->sni_key_cert;
|
||||
else
|
||||
#endif
|
||||
list = ssl->handshake->key_cert;
|
||||
list = ssl->conf->key_cert;
|
||||
|
||||
if( pk_alg == MBEDTLS_PK_NONE )
|
||||
return( 0 );
|
||||
|
@ -943,7 +925,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
|
|||
cur = fallback;
|
||||
|
||||
|
||||
/* Do not update ssl->handshake->key_cert unless the is a match */
|
||||
/* Do not update ssl->handshake->key_cert unless there is a match */
|
||||
if( cur != NULL )
|
||||
{
|
||||
ssl->handshake->key_cert = cur;
|
||||
|
@ -982,12 +964,12 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
||||
return( 0 );
|
||||
#endif
|
||||
|
||||
if( ssl->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
||||
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
||||
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
|
||||
|
@ -1009,9 +991,9 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||
/* If the ciphersuite requires a pre-shared key and we don't
|
||||
* have one, skip it now rather than failing later */
|
||||
if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
|
||||
ssl->f_psk == NULL &&
|
||||
( ssl->psk == NULL || ssl->psk_identity == NULL ||
|
||||
ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
|
||||
ssl->conf->f_psk == NULL &&
|
||||
( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
|
||||
ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
|
||||
return( 0 );
|
||||
|
@ -1100,15 +1082,15 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
|
||||
ssl->minor_ver = ( buf[4] <= ssl->max_minor_ver )
|
||||
? buf[4] : ssl->max_minor_ver;
|
||||
ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
|
||||
? buf[4] : ssl->conf->max_minor_ver;
|
||||
|
||||
if( ssl->minor_ver < ssl->min_minor_ver )
|
||||
if( ssl->minor_ver < ssl->conf->min_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
||||
" [%d:%d] < [%d:%d]",
|
||||
ssl->major_ver, ssl->minor_ver,
|
||||
ssl->min_major_ver, ssl->min_minor_ver ) );
|
||||
ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
|
||||
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
||||
|
@ -1224,7 +1206,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
|
||||
|
||||
if( ssl->minor_ver < ssl->max_minor_ver )
|
||||
if( ssl->minor_ver < ssl->conf->max_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
|
||||
|
||||
|
@ -1240,7 +1222,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
|||
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
|
||||
|
||||
got_common_suite = 0;
|
||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
||||
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
||||
ciphersuite_info = NULL;
|
||||
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
|
||||
|
@ -1291,7 +1273,7 @@ have_ciphersuite_v2:
|
|||
* SSLv2 Client Hello relevant renegotiation security checks
|
||||
*/
|
||||
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
||||
|
||||
|
@ -1353,7 +1335,7 @@ read_record_header:
|
|||
|
||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||
#endif
|
||||
if( ( buf[0] & 0x80 ) != 0 )
|
||||
return ssl_parse_client_hello_v2( ssl );
|
||||
|
@ -1385,7 +1367,7 @@ read_record_header:
|
|||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
|
||||
buf[1], buf[2] ) );
|
||||
|
||||
mbedtls_ssl_read_version( &major, &minor, ssl->transport, buf + 1 );
|
||||
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
|
||||
|
||||
/* According to RFC 5246 Appendix E.1, the version here is typically
|
||||
* "{03,00}, the lowest version number supported by the client, [or] the
|
||||
|
@ -1400,7 +1382,7 @@ read_record_header:
|
|||
/* For DTLS if this is the initial handshake, remember the client sequence
|
||||
* number to use it in our next message (RFC 6347 4.2.1) */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
|
||||
#endif
|
||||
|
@ -1455,7 +1437,7 @@ read_record_header:
|
|||
|
||||
/* Done reading this record, get ready for the next one */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
|
||||
else
|
||||
#endif
|
||||
|
@ -1502,7 +1484,7 @@ read_record_header:
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
/*
|
||||
* Copy the client's handshake message_seq on initial handshakes,
|
||||
|
@ -1583,18 +1565,18 @@ read_record_header:
|
|||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
|
||||
|
||||
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
|
||||
ssl->transport, buf );
|
||||
ssl->conf->transport, buf );
|
||||
|
||||
ssl->handshake->max_major_ver = ssl->major_ver;
|
||||
ssl->handshake->max_minor_ver = ssl->minor_ver;
|
||||
|
||||
if( ssl->major_ver < ssl->min_major_ver ||
|
||||
ssl->minor_ver < ssl->min_minor_ver )
|
||||
if( ssl->major_ver < ssl->conf->min_major_ver ||
|
||||
ssl->minor_ver < ssl->conf->min_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
||||
" [%d:%d] < [%d:%d]",
|
||||
ssl->major_ver, ssl->minor_ver,
|
||||
ssl->min_major_ver, ssl->min_minor_ver ) );
|
||||
ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
|
||||
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
||||
|
@ -1602,13 +1584,13 @@ read_record_header:
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
||||
}
|
||||
|
||||
if( ssl->major_ver > ssl->max_major_ver )
|
||||
if( ssl->major_ver > ssl->conf->max_major_ver )
|
||||
{
|
||||
ssl->major_ver = ssl->max_major_ver;
|
||||
ssl->minor_ver = ssl->max_minor_ver;
|
||||
ssl->major_ver = ssl->conf->max_major_ver;
|
||||
ssl->minor_ver = ssl->conf->max_minor_ver;
|
||||
}
|
||||
else if( ssl->minor_ver > ssl->max_minor_ver )
|
||||
ssl->minor_ver = ssl->max_minor_ver;
|
||||
else if( ssl->minor_ver > ssl->conf->max_minor_ver )
|
||||
ssl->minor_ver = ssl->conf->max_minor_ver;
|
||||
|
||||
/*
|
||||
* Save client random (inc. Unix time)
|
||||
|
@ -1641,7 +1623,7 @@ read_record_header:
|
|||
* Check the cookie length and content
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
cookie_offset = 35 + sess_len;
|
||||
cookie_len = buf[cookie_offset];
|
||||
|
@ -1656,13 +1638,13 @@ read_record_header:
|
|||
buf + cookie_offset + 1, cookie_len );
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
if( ssl->f_cookie_check != NULL
|
||||
if( ssl->conf->f_cookie_check != NULL
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
|
||||
#endif
|
||||
)
|
||||
{
|
||||
if( ssl->f_cookie_check( ssl->p_cookie,
|
||||
if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
|
||||
buf + cookie_offset + 1, cookie_len,
|
||||
ssl->cli_id, ssl->cli_id_len ) != 0 )
|
||||
{
|
||||
|
@ -1743,7 +1725,7 @@ read_record_header:
|
|||
|
||||
/* See comments in ssl_write_client_hello() */
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
||||
#endif
|
||||
|
||||
|
@ -1793,7 +1775,7 @@ read_record_header:
|
|||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
case MBEDTLS_TLS_EXT_SERVERNAME:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
||||
if( ssl->f_sni == NULL )
|
||||
if( ssl->conf->f_sni == NULL )
|
||||
break;
|
||||
|
||||
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
|
||||
|
@ -1931,7 +1913,7 @@ read_record_header:
|
|||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 0, ( "received FALLBACK_SCSV" ) );
|
||||
|
||||
if( ssl->minor_ver < ssl->max_minor_ver )
|
||||
if( ssl->minor_ver < ssl->conf->max_minor_ver )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 0, ( "inapropriate fallback" ) );
|
||||
|
||||
|
@ -1974,7 +1956,7 @@ read_record_header:
|
|||
* Renegotiation security checks
|
||||
*/
|
||||
if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
|
||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
||||
handshake_failure = 1;
|
||||
|
@ -1989,7 +1971,7 @@ read_record_header:
|
|||
}
|
||||
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
||||
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
|
||||
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
|
||||
handshake_failure = 1;
|
||||
|
@ -2017,7 +1999,7 @@ read_record_header:
|
|||
* and certificate from the SNI callback triggered by the SNI extension.)
|
||||
*/
|
||||
got_common_suite = 0;
|
||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
||||
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
||||
ciphersuite_info = NULL;
|
||||
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
||||
|
@ -2068,7 +2050,7 @@ have_ciphersuite:
|
|||
ssl->state++;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
mbedtls_ssl_recv_flight_completed( ssl );
|
||||
#endif
|
||||
|
||||
|
@ -2351,12 +2333,12 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
/* The RFC is not clear on this point, but sending the actual negotiated
|
||||
* version looks like the most interoperable thing to do. */
|
||||
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
|
||||
ssl->transport, p );
|
||||
ssl->conf->transport, p );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
||||
p += 2;
|
||||
|
||||
/* If we get here, f_cookie_check is not null */
|
||||
if( ssl->f_cookie_write == NULL )
|
||||
if( ssl->conf->f_cookie_write == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
|
@ -2365,7 +2347,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||
/* Skip length byte until we know the length */
|
||||
cookie_len_byte = p++;
|
||||
|
||||
if( ( ret = ssl->f_cookie_write( ssl->p_cookie,
|
||||
if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
|
||||
&p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN,
|
||||
ssl->cli_id, ssl->cli_id_len ) ) != 0 )
|
||||
{
|
||||
|
@ -2407,7 +2389,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->handshake->verify_cookie_len != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
|
||||
|
@ -2417,7 +2399,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
||||
if( ssl->f_rng == NULL )
|
||||
if( ssl->conf->f_rng == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
|
||||
return( MBEDTLS_ERR_SSL_NO_RNG );
|
||||
|
@ -2434,7 +2416,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
p = buf + 4;
|
||||
|
||||
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
|
||||
ssl->transport, p );
|
||||
ssl->conf->transport, p );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
|
||||
|
@ -2449,13 +2431,13 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
|
||||
#else
|
||||
if( ( ret = ssl->f_rng( ssl->p_rng, p, 4 ) ) != 0 )
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
p += 4;
|
||||
#endif /* MBEDTLS_HAVE_TIME */
|
||||
|
||||
if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
p += 28;
|
||||
|
@ -2474,8 +2456,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
|
||||
#endif
|
||||
ssl->session_negotiate->length != 0 &&
|
||||
ssl->f_get_cache != NULL &&
|
||||
ssl->f_get_cache( ssl->p_get_cache, ssl->session_negotiate ) == 0 )
|
||||
ssl->conf->f_get_cache != NULL &&
|
||||
ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
|
||||
ssl->handshake->resume = 1;
|
||||
|
@ -2503,7 +2485,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
{
|
||||
ssl->session_negotiate->length = n = 32;
|
||||
if( ( ret = ssl->f_rng( ssl->p_rng, ssl->session_negotiate->id,
|
||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id,
|
||||
n ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
@ -2651,7 +2633,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
ssl->authmode == MBEDTLS_SSL_VERIFY_NONE )
|
||||
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
||||
return( 0 );
|
||||
|
@ -2743,7 +2725,12 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||
* opaque DistinguishedName<1..2^16-1>;
|
||||
*/
|
||||
p += 2;
|
||||
crt = ssl->ca_chain;
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
if( ssl->handshake->sni_ca_chain != NULL )
|
||||
crt = ssl->handshake->sni_ca_chain;
|
||||
else
|
||||
#endif
|
||||
crt = ssl->conf->ca_chain;
|
||||
|
||||
total_dn_size = 0;
|
||||
while( crt != NULL && crt->version != 0 )
|
||||
|
@ -2871,6 +2858,12 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
|
||||
{
|
||||
if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no DH parameters set" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
/*
|
||||
* Ephemeral DH parameters:
|
||||
*
|
||||
|
@ -2880,8 +2873,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
* opaque dh_Ys<1..2^16-1>;
|
||||
* } ServerDHParams;
|
||||
*/
|
||||
if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->dhm_P ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->dhm_G ) ) != 0 )
|
||||
if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 ||
|
||||
( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
|
||||
return( ret );
|
||||
|
@ -2889,7 +2882,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
p, &len, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
p, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret );
|
||||
return( ret );
|
||||
|
@ -2927,7 +2920,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||
const mbedtls_ecp_group_id *gid;
|
||||
|
||||
/* Match our preference list against the offered curves */
|
||||
for( gid = ssl->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
|
||||
for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
|
||||
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
|
||||
if( (*curve)->grp_id == *gid )
|
||||
goto curve_matching_done;
|
||||
|
@ -2954,7 +2947,7 @@ curve_matching_done:
|
|||
|
||||
if( ( ret = mbedtls_ecdh_make_params( &ssl->handshake->ecdh_ctx, &len,
|
||||
p, MBEDTLS_SSL_MAX_CONTENT_LEN - n,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
|
||||
return( ret );
|
||||
|
@ -3118,7 +3111,7 @@ curve_matching_done:
|
|||
|
||||
if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash, hashlen,
|
||||
p + 2 , &signature_len,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
|
||||
return( ret );
|
||||
|
@ -3167,7 +3160,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
|
|||
ssl->state++;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
mbedtls_ssl_send_flight_completed( ssl );
|
||||
#endif
|
||||
|
||||
|
@ -3268,7 +3261,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
|
||||
mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
|
||||
ssl->handshake->max_minor_ver,
|
||||
ssl->transport, ver );
|
||||
ssl->conf->transport, ver );
|
||||
/*
|
||||
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
|
||||
* must not cause the connection to end immediately; instead, send a
|
||||
|
@ -3276,14 +3269,14 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
* Also, avoid data-dependant branches here to protect against
|
||||
* timing-based variants.
|
||||
*/
|
||||
ret = ssl->f_rng( ssl->p_rng, fake_pms, sizeof( fake_pms ) );
|
||||
ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len,
|
||||
peer_pms, &peer_pmslen,
|
||||
sizeof( peer_pms ),
|
||||
ssl->f_rng, ssl->p_rng );
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
|
||||
diff = (size_t) ret;
|
||||
diff |= peer_pmslen ^ 48;
|
||||
|
@ -3320,9 +3313,9 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||
int ret = 0;
|
||||
size_t n;
|
||||
|
||||
if( ssl->f_psk == NULL &&
|
||||
( ssl->psk == NULL || ssl->psk_identity == NULL ||
|
||||
ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
|
||||
if( ssl->conf->f_psk == NULL &&
|
||||
( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
|
||||
ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
|
||||
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
||||
|
@ -3346,17 +3339,17 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
if( ssl->f_psk != NULL )
|
||||
if( ssl->conf->f_psk != NULL )
|
||||
{
|
||||
if( ssl->f_psk( ssl->p_psk, ssl, *p, n ) != 0 )
|
||||
if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
|
||||
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Identity is not a big secret since clients send it in the clear,
|
||||
* but treat it carefully anyway, just in case */
|
||||
if( n != ssl->psk_identity_len ||
|
||||
mbedtls_ssl_safer_memcmp( ssl->psk_identity, *p, n ) != 0 )
|
||||
if( n != ssl->conf->psk_identity_len ||
|
||||
mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
||||
}
|
||||
|
@ -3432,7 +3425,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||
ssl->handshake->premaster,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
||||
|
@ -3464,7 +3457,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
&ssl->handshake->pmslen,
|
||||
ssl->handshake->premaster,
|
||||
MBEDTLS_MPI_MAX_SIZE,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
||||
|
@ -3796,7 +3789,7 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
|
|||
{
|
||||
int ret;
|
||||
size_t tlen;
|
||||
uint32_t lifetime = (uint32_t) ssl->ticket_lifetime;
|
||||
uint32_t lifetime = (uint32_t) ssl->conf->ticket_lifetime;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
|
||||
|
||||
|
@ -3864,7 +3857,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
|
|||
return( ret );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
ssl->handshake != NULL &&
|
||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||
{
|
||||
|
|
1048
library/ssl_tls.c
1048
library/ssl_tls.c
File diff suppressed because it is too large
Load diff
|
@ -92,6 +92,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_x509_crt cacert;
|
||||
|
||||
((void) argc);
|
||||
|
@ -105,6 +106,7 @@ int main( int argc, char *argv[] )
|
|||
* 0. Initialize the RNG and the session data
|
||||
*/
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
|
||||
|
@ -123,7 +125,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
* 0. Initialize certificates
|
||||
* 0. Load certificates
|
||||
*/
|
||||
mbedtls_printf( " . Loading the CA root certificate ..." );
|
||||
fflush( stdout );
|
||||
|
@ -160,30 +162,39 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_printf( " . Setting up the DTLS structure..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* OPTIONAL is usually a bad choice for security, but makes interop easier
|
||||
* in this simplified example, in which the ca chain is hardcoded.
|
||||
* Production code should set a proper ca chain and use REQUIRED. */
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
|
||||
mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM );
|
||||
|
||||
/* OPTIONAL is usually a bad choice for security, but makes interop easier
|
||||
* in this simplified example, in which the ca chain is hardcoded.
|
||||
* Production code should set a proper ca chain and use REQUIRED. */
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
|
||||
READ_TIMEOUT_MS );
|
||||
|
||||
/*
|
||||
* 4. Handshake
|
||||
*/
|
||||
|
@ -191,8 +202,8 @@ int main( int argc, char *argv[] )
|
|||
fflush( stdout );
|
||||
|
||||
do ret = mbedtls_ssl_handshake( &ssl );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -241,8 +252,8 @@ send_request:
|
|||
len = sizeof( MESSAGE ) - 1;
|
||||
|
||||
do ret = mbedtls_ssl_write( &ssl, (unsigned char *) MESSAGE, len );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret < 0 )
|
||||
{
|
||||
|
@ -263,14 +274,14 @@ send_request:
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
|
||||
do ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
switch( ret )
|
||||
{
|
||||
case MBEDTLS_ERR_NET_TIMEOUT:
|
||||
case MBEDTLS_ERR_SSL_TIMEOUT:
|
||||
mbedtls_printf( " timeout\n\n" );
|
||||
if( retry_left-- > 0 )
|
||||
goto send_request;
|
||||
|
@ -298,7 +309,7 @@ close_notify:
|
|||
|
||||
/* No error checking, the connection might be closed already */
|
||||
do ret = mbedtls_ssl_close_notify( &ssl );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
ret = 0;
|
||||
|
||||
mbedtls_printf( " done\n" );
|
||||
|
@ -322,6 +333,7 @@ exit:
|
|||
|
||||
mbedtls_x509_crt_free( &cacert );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
|
|
|
@ -97,6 +97,7 @@ int main( void )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_x509_crt srvcert;
|
||||
mbedtls_pk_context pkey;
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
|
@ -104,6 +105,7 @@ int main( void )
|
|||
#endif
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_ssl_cookie_init( &cookie_ctx );
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_init( &cache );
|
||||
|
@ -190,28 +192,27 @@ int main( void )
|
|||
printf( " . Setting up the DTLS data..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
|
||||
mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM );
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
mbedtls_ssl_conf_session_cache( &conf, &cache,
|
||||
mbedtls_ssl_cache_get,
|
||||
mbedtls_ssl_cache_set );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -222,9 +223,15 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
&cookie_ctx );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
printf( " ok\n" );
|
||||
|
||||
reset:
|
||||
|
@ -268,13 +275,12 @@ reset:
|
|||
sizeof( client_ip ) ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! "
|
||||
"ssl_set_client_tranport_id() returned -0x%x\n\n", -ret );
|
||||
"ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
|
||||
READ_TIMEOUT_MS );
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
|
||||
|
||||
printf( " ok\n" );
|
||||
|
||||
|
@ -285,8 +291,8 @@ reset:
|
|||
fflush( stdout );
|
||||
|
||||
do ret = mbedtls_ssl_handshake( &ssl );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
|
||||
{
|
||||
|
@ -312,14 +318,14 @@ reset:
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
|
||||
do ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
switch( ret )
|
||||
{
|
||||
case MBEDTLS_ERR_NET_TIMEOUT:
|
||||
case MBEDTLS_ERR_SSL_TIMEOUT:
|
||||
printf( " timeout\n\n" );
|
||||
goto reset;
|
||||
|
||||
|
@ -344,8 +350,8 @@ reset:
|
|||
fflush( stdout );
|
||||
|
||||
do ret = mbedtls_ssl_write( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret < 0 )
|
||||
{
|
||||
|
@ -364,7 +370,7 @@ close_notify:
|
|||
|
||||
/* No error checking, the connection might be closed already */
|
||||
do ret = mbedtls_ssl_close_notify( &ssl );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
ret = 0;
|
||||
|
||||
printf( " done\n" );
|
||||
|
@ -391,6 +397,7 @@ exit:
|
|||
mbedtls_x509_crt_free( &srvcert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ssl_cookie_free( &cookie_ctx );
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_free( &cache );
|
||||
|
|
|
@ -147,7 +147,9 @@ enum exit_codes
|
|||
{
|
||||
exit_ok = 0,
|
||||
ctr_drbg_seed_failed,
|
||||
ssl_config_defaults_failed,
|
||||
ssl_setup_failed,
|
||||
hostname_failed,
|
||||
socket_failed,
|
||||
connect_failed,
|
||||
x509_crt_parse_failed,
|
||||
|
@ -167,12 +169,14 @@ int main( void )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
|
||||
/*
|
||||
* 0. Initialize and setup stuff
|
||||
*/
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_x509_crt_init( &ca );
|
||||
#endif
|
||||
|
@ -185,18 +189,18 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if( mbedtls_ssl_setup( &ssl ) != 0 )
|
||||
if( mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM) != 0 )
|
||||
{
|
||||
ret = ssl_setup_failed;
|
||||
ret = ssl_config_defaults_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
mbedtls_ssl_set_psk( &ssl, psk, sizeof( psk ),
|
||||
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
|
||||
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
|
||||
#endif
|
||||
|
||||
|
@ -207,10 +211,22 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &ca, NULL );
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
#endif
|
||||
|
||||
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
|
||||
{
|
||||
ret = ssl_setup_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
|
||||
{
|
||||
ret = hostname_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* 1. Start the connection
|
||||
*/
|
||||
|
@ -235,7 +251,7 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
|
||||
if( mbedtls_ssl_handshake( &ssl ) != 0 )
|
||||
{
|
||||
|
@ -260,6 +276,7 @@ exit:
|
|||
mbedtls_net_close( server_fd );
|
||||
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
|
|
@ -83,6 +83,7 @@ int main( void )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_x509_crt cacert;
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
|
@ -93,6 +94,7 @@ int main( void )
|
|||
* 0. Initialize the RNG and the session data
|
||||
*/
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
|
||||
|
@ -148,23 +150,36 @@ int main( void )
|
|||
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
|
||||
/* OPTIONAL is not optimal for security,
|
||||
* but makes interop easier in this simplified example */
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
|
||||
/*
|
||||
* 4. Handshake
|
||||
|
@ -174,7 +189,7 @@ int main( void )
|
|||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
|
@ -212,7 +227,7 @@ int main( void )
|
|||
|
||||
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
goto exit;
|
||||
|
@ -234,7 +249,7 @@ int main( void )
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
|
||||
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
continue;
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
|
||||
|
@ -275,6 +290,7 @@ exit:
|
|||
|
||||
mbedtls_x509_crt_free( &cacert );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
|
|
|
@ -334,11 +334,11 @@ static int my_recv( void *ctx, unsigned char *buf, size_t len )
|
|||
if( first_try )
|
||||
{
|
||||
first_try = 0;
|
||||
return( MBEDTLS_ERR_NET_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
}
|
||||
|
||||
ret = mbedtls_net_recv( ctx, buf, len );
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ )
|
||||
first_try = 1; /* Next call will be a new operation */
|
||||
return( ret );
|
||||
}
|
||||
|
@ -351,11 +351,11 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
|
|||
if( first_try )
|
||||
{
|
||||
first_try = 0;
|
||||
return( MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
return( MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
}
|
||||
|
||||
ret = mbedtls_net_send( ctx, buf, len );
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
first_try = 1; /* Next call will be a new operation */
|
||||
return( ret );
|
||||
}
|
||||
|
@ -401,6 +401,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_ssl_session saved_session;
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_x509_crt cacert;
|
||||
|
@ -415,6 +416,7 @@ int main( int argc, char *argv[] )
|
|||
*/
|
||||
server_fd = 0;
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
|
@ -1047,134 +1049,106 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
opt.transport ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( opt.debug_level > 0 )
|
||||
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
||||
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
|
||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
|
||||
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ( ret = mbedtls_ssl_set_transport( &ssl, opt.transport ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected transport is not available\n" );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
||||
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
|
||||
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
if( ( ret = mbedtls_ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_max_frag_len returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
|
||||
mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
|
||||
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
if( opt.extended_ms != DFL_EXTENDED_MS )
|
||||
mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
|
||||
mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
if( opt.etm != DFL_ETM )
|
||||
mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
|
||||
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
if( opt.recsplit != DFL_RECSPLIT )
|
||||
mbedtls_ssl_set_cbc_record_splitting( &ssl, opt.recsplit
|
||||
mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
|
||||
? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
|
||||
: MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
if( opt.nbio == 2 )
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL,
|
||||
opt.read_timeout );
|
||||
else
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL,
|
||||
#else
|
||||
NULL,
|
||||
#endif
|
||||
opt.read_timeout );
|
||||
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
if( ( ret = mbedtls_ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_session_tickets( &conf, opt.tickets ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session_tickets returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session_tickets returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
if( opt.arc4 != DFL_ARC4 )
|
||||
mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
|
||||
mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
|
||||
|
||||
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
|
||||
mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
|
||||
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
|
||||
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||
strcmp( opt.ca_file, "none" ) != 0 )
|
||||
{
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
|
||||
}
|
||||
if( strcmp( opt.crt_file, "none" ) != 0 &&
|
||||
strcmp( opt.key_file, "none" ) != 0 )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
if( ( ret = mbedtls_ssl_set_psk( &ssl, psk, psk_len,
|
||||
(const unsigned char *) opt.psk_identity,
|
||||
strlen( opt.psk_identity ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_psk returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
|
@ -1182,31 +1156,52 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif
|
||||
|
||||
if( opt.min_version != DFL_MIN_VERSION )
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
|
||||
(const unsigned char *) opt.psk_identity,
|
||||
strlen( opt.psk_identity ) ) ) != 0 )
|
||||
{
|
||||
ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if( opt.min_version != DFL_MIN_VERSION )
|
||||
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||
|
||||
if( opt.max_version != DFL_MAX_VERSION )
|
||||
{
|
||||
ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected max_version is not available\n" );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
|
||||
if( opt.fallback != DFL_FALLBACK )
|
||||
mbedtls_ssl_set_fallback( &ssl, opt.fallback );
|
||||
mbedtls_ssl_conf_fallback( &conf, opt.fallback );
|
||||
#endif
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
if( opt.nbio == 2 )
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
|
||||
else
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL
|
||||
#else
|
||||
NULL
|
||||
#endif
|
||||
);
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
|
@ -1217,7 +1212,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret );
|
||||
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||
|
@ -1303,8 +1298,8 @@ int main( int argc, char *argv[] )
|
|||
fflush( stdout );
|
||||
while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
|
||||
goto exit;
|
||||
|
@ -1355,8 +1350,8 @@ send_request:
|
|||
while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
|
||||
<= 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
|
@ -1367,8 +1362,8 @@ send_request:
|
|||
else /* Not stream, so datagram */
|
||||
{
|
||||
do ret = mbedtls_ssl_write( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret < 0 )
|
||||
{
|
||||
|
@ -1400,8 +1395,8 @@ send_request:
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
|
||||
if( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
continue;
|
||||
|
||||
if( ret <= 0 )
|
||||
|
@ -1445,14 +1440,14 @@ send_request:
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
|
||||
do ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
switch( ret )
|
||||
{
|
||||
case MBEDTLS_ERR_NET_TIMEOUT:
|
||||
case MBEDTLS_ERR_SSL_TIMEOUT:
|
||||
mbedtls_printf( " timeout\n" );
|
||||
if( retry_left-- > 0 )
|
||||
goto send_request;
|
||||
|
@ -1489,7 +1484,7 @@ close_notify:
|
|||
|
||||
/* No error checking, the connection might be closed already */
|
||||
do ret = mbedtls_ssl_close_notify( &ssl );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
ret = 0;
|
||||
|
||||
mbedtls_printf( " done\n" );
|
||||
|
@ -1520,7 +1515,7 @@ reconnect:
|
|||
|
||||
if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -1545,8 +1540,8 @@ reconnect:
|
|||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
|
@ -1581,6 +1576,7 @@ exit:
|
|||
#endif
|
||||
mbedtls_ssl_session_free( &saved_session );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
|
|
|
@ -103,11 +103,12 @@ int main( void )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_x509_crt srvcert;
|
||||
mbedtls_pk_context pkey;
|
||||
|
||||
memset( &ssl, 0, sizeof(mbedtls_ssl_context) );
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_entropy_init( &entropy );
|
||||
mbedtls_pk_init( &pkey );
|
||||
mbedtls_x509_crt_init( &srvcert );
|
||||
|
@ -168,6 +169,32 @@ int main( void )
|
|||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
* 1b. Prepare SSL configuration
|
||||
*/
|
||||
mbedtls_printf( " . Configuring SSL..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
* 2. Setup the listening TCP socket
|
||||
*/
|
||||
|
@ -248,28 +275,16 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* 5. Handshake
|
||||
*/
|
||||
|
@ -278,7 +293,7 @@ int main( void )
|
|||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
|
||||
goto exit;
|
||||
|
@ -299,7 +314,7 @@ int main( void )
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
|
||||
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
continue;
|
||||
|
||||
if( ret <= 0 )
|
||||
|
@ -349,7 +364,7 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
goto exit;
|
||||
|
@ -373,6 +388,7 @@ exit:
|
|||
mbedtls_x509_crt_free( &srvcert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
|
|
|
@ -177,7 +177,7 @@ static int do_handshake( mbedtls_ssl_context *ssl )
|
|||
|
||||
while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
mbedtls_strerror( ret, (char *) buf, 1024 );
|
||||
|
@ -224,7 +224,7 @@ static int write_ssl_data( mbedtls_ssl_context *ssl, unsigned char *buf, size_t
|
|||
mbedtls_printf("\n%s", buf);
|
||||
while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
return -1;
|
||||
|
@ -244,7 +244,7 @@ static int write_ssl_and_get_response( mbedtls_ssl_context *ssl, unsigned char *
|
|||
mbedtls_printf("\n%s", buf);
|
||||
while( len && ( ret = mbedtls_ssl_write( ssl, buf, len ) ) <= 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
return -1;
|
||||
|
@ -257,7 +257,7 @@ static int write_ssl_and_get_response( mbedtls_ssl_context *ssl, unsigned char *
|
|||
memset( data, 0, sizeof( data ) );
|
||||
ret = mbedtls_ssl_read( ssl, data, len );
|
||||
|
||||
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
continue;
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
|
||||
|
@ -355,6 +355,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_x509_crt cacert;
|
||||
mbedtls_x509_crt clicert;
|
||||
mbedtls_pk_context pkey;
|
||||
|
@ -368,6 +369,7 @@ int main( int argc, char *argv[] )
|
|||
*/
|
||||
server_fd = 0;
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( &buf, 0, sizeof( buf ) );
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
mbedtls_x509_crt_init( &clicert );
|
||||
|
@ -582,34 +584,43 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* OPTIONAL is not optimal for security,
|
||||
* but makes interop easier in this simplified example */
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
|
||||
/* OPTIONAL is not optimal for security,
|
||||
* but makes interop easier in this simplified example */
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
#if defined(MBEDTLS_x509_CRT_PARSE_C)
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
|
@ -617,6 +628,10 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
if( opt.mode == MODE_SSL_TLS )
|
||||
{
|
||||
if( do_handshake( &ssl ) != 0 )
|
||||
|
@ -821,6 +836,7 @@ exit:
|
|||
mbedtls_x509_crt_free( &cacert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
|
|
|
@ -103,13 +103,7 @@ static void my_mutexed_debug( void *ctx, int level, const char *str )
|
|||
typedef struct {
|
||||
int client_fd;
|
||||
int thread_complete;
|
||||
mbedtls_entropy_context *entropy;
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_context *cache;
|
||||
#endif
|
||||
mbedtls_x509_crt *ca_chain;
|
||||
mbedtls_x509_crt *server_cert;
|
||||
mbedtls_pk_context *server_key;
|
||||
const mbedtls_ssl_config *config;
|
||||
} thread_info_t;
|
||||
|
||||
typedef struct {
|
||||
|
@ -126,93 +120,48 @@ static void *handle_ssl_connection( void *data )
|
|||
int ret, len;
|
||||
thread_info_t *thread_info = (thread_info_t *) data;
|
||||
int client_fd = thread_info->client_fd;
|
||||
int thread_id = (int) pthread_self();
|
||||
long int thread_id = (long int) pthread_self();
|
||||
unsigned char buf[1024];
|
||||
char pers[50];
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
|
||||
/* Make sure memory references are valid */
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
|
||||
mbedtls_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
|
||||
mbedtls_printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
|
||||
mbedtls_printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
|
||||
|
||||
/* mbedtls_entropy_func() is thread-safe if MBEDTLS_THREADING_C is set
|
||||
*/
|
||||
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, thread_info->entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " [ #%d ] failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
|
||||
thread_id, -ret );
|
||||
goto thread_exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " [ #%d ] ok\n", thread_id );
|
||||
mbedtls_printf( " [ #%ld ] Client FD %d\n", thread_id, client_fd );
|
||||
|
||||
/*
|
||||
* 4. Setup stuff
|
||||
* 4. Get the SSL context ready
|
||||
*/
|
||||
mbedtls_printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_setup returned -0x%04x\n",
|
||||
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
|
||||
thread_id, -ret );
|
||||
goto thread_exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
|
||||
|
||||
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
|
||||
* MBEDTLS_THREADING_C is set.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, thread_info->cache,
|
||||
mbedtls_ssl_cache_set, thread_info->cache );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
goto thread_exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " [ #%d ] ok\n", thread_id );
|
||||
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
|
||||
mbedtls_printf( " [ #%d ] ok\n", thread_id );
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
|
||||
/*
|
||||
* 5. Handshake
|
||||
*/
|
||||
mbedtls_printf( " [ #%d ] Performing the SSL/TLS handshake\n", thread_id );
|
||||
mbedtls_printf( " [ #%ld ] Performing the SSL/TLS handshake\n", thread_id );
|
||||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
|
||||
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
|
||||
thread_id, -ret );
|
||||
goto thread_exit;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf( " [ #%d ] ok\n", thread_id );
|
||||
mbedtls_printf( " [ #%ld ] ok\n", thread_id );
|
||||
|
||||
/*
|
||||
* 6. Read the HTTP Request
|
||||
*/
|
||||
mbedtls_printf( " [ #%d ] < Read from client\n", thread_id );
|
||||
mbedtls_printf( " [ #%ld ] < Read from client\n", thread_id );
|
||||
|
||||
do
|
||||
{
|
||||
|
@ -220,7 +169,7 @@ static void *handle_ssl_connection( void *data )
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
|
||||
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
continue;
|
||||
|
||||
if( ret <= 0 )
|
||||
|
@ -228,24 +177,24 @@ static void *handle_ssl_connection( void *data )
|
|||
switch( ret )
|
||||
{
|
||||
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
|
||||
mbedtls_printf( " [ #%d ] connection was closed gracefully\n",
|
||||
mbedtls_printf( " [ #%ld ] connection was closed gracefully\n",
|
||||
thread_id );
|
||||
goto thread_exit;
|
||||
|
||||
case MBEDTLS_ERR_NET_CONN_RESET:
|
||||
mbedtls_printf( " [ #%d ] connection was reset by peer\n",
|
||||
mbedtls_printf( " [ #%ld ] connection was reset by peer\n",
|
||||
thread_id );
|
||||
goto thread_exit;
|
||||
|
||||
default:
|
||||
mbedtls_printf( " [ #%d ] mbedtls_ssl_read returned -0x%04x\n",
|
||||
mbedtls_printf( " [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
|
||||
thread_id, -ret );
|
||||
goto thread_exit;
|
||||
}
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " [ #%d ] %d bytes read\n=====\n%s\n=====\n",
|
||||
mbedtls_printf( " [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
|
||||
thread_id, len, (char *) buf );
|
||||
|
||||
if( ret > 0 )
|
||||
|
@ -256,7 +205,7 @@ static void *handle_ssl_connection( void *data )
|
|||
/*
|
||||
* 7. Write the 200 Response
|
||||
*/
|
||||
mbedtls_printf( " [ #%d ] > Write to client:\n", thread_id );
|
||||
mbedtls_printf( " [ #%ld ] > Write to client:\n", thread_id );
|
||||
|
||||
len = sprintf( (char *) buf, HTTP_RESPONSE,
|
||||
mbedtls_ssl_get_ciphersuite( &ssl ) );
|
||||
|
@ -265,31 +214,31 @@ static void *handle_ssl_connection( void *data )
|
|||
{
|
||||
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
|
||||
{
|
||||
mbedtls_printf( " [ #%d ] failed: peer closed the connection\n",
|
||||
mbedtls_printf( " [ #%ld ] failed: peer closed the connection\n",
|
||||
thread_id );
|
||||
goto thread_exit;
|
||||
}
|
||||
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_write returned -0x%04x\n",
|
||||
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
|
||||
thread_id, ret );
|
||||
goto thread_exit;
|
||||
}
|
||||
}
|
||||
|
||||
len = ret;
|
||||
mbedtls_printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n",
|
||||
mbedtls_printf( " [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
|
||||
thread_id, len, (char *) buf );
|
||||
|
||||
mbedtls_printf( " [ #%d ] . Closing the connection...", thread_id );
|
||||
mbedtls_printf( " [ #%ld ] . Closing the connection...", thread_id );
|
||||
|
||||
while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
|
||||
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
|
||||
thread_id, ret );
|
||||
goto thread_exit;
|
||||
}
|
||||
|
@ -306,13 +255,12 @@ thread_exit:
|
|||
{
|
||||
char error_buf[100];
|
||||
mbedtls_strerror( ret, error_buf, 100 );
|
||||
mbedtls_printf(" [ #%d ] Last error was: -0x%04x - %s\n\n",
|
||||
mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n",
|
||||
thread_id, -ret, error_buf );
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_net_close( client_fd );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
|
||||
thread_info->thread_complete = 1;
|
||||
|
@ -364,9 +312,13 @@ int main( void )
|
|||
int ret;
|
||||
int listen_fd;
|
||||
int client_fd = -1;
|
||||
const char pers[] = "ssl_pthread_server";
|
||||
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_x509_crt srvcert;
|
||||
mbedtls_x509_crt cachain;
|
||||
mbedtls_pk_context pkey;
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
unsigned char alloc_buf[100000];
|
||||
|
@ -381,18 +333,23 @@ int main( void )
|
|||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_init( &cache );
|
||||
base_info.cache = &cache;
|
||||
#endif
|
||||
|
||||
mbedtls_x509_crt_init( &srvcert );
|
||||
mbedtls_x509_crt_init( &cachain );
|
||||
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
memset( threads, 0, sizeof(threads) );
|
||||
|
||||
mbedtls_mutex_init( &debug_mutex );
|
||||
|
||||
base_info.config = &conf;
|
||||
|
||||
/*
|
||||
* We use only a single entropy source that is used in all the threads.
|
||||
*/
|
||||
mbedtls_entropy_init( &entropy );
|
||||
base_info.entropy = &entropy;
|
||||
|
||||
/*
|
||||
* 1. Load the certificates and private RSA key
|
||||
|
@ -400,8 +357,6 @@ int main( void )
|
|||
mbedtls_printf( "\n . Loading the server cert. and key..." );
|
||||
fflush( stdout );
|
||||
|
||||
mbedtls_x509_crt_init( &srvcert );
|
||||
|
||||
/*
|
||||
* This demonstration program uses embedded test certificates.
|
||||
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
|
||||
|
@ -415,7 +370,7 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
ret = mbedtls_x509_crt_parse( &cachain, (const unsigned char *) mbedtls_test_cas_pem,
|
||||
mbedtls_test_cas_pem_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -432,12 +387,60 @@ int main( void )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
base_info.ca_chain = srvcert.next;
|
||||
base_info.server_cert = &srvcert;
|
||||
base_info.server_key = &pkey;
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
* 1b. Seed the random number generator
|
||||
*/
|
||||
mbedtls_printf( " . Seeding the random number generator..." );
|
||||
|
||||
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
|
||||
-ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
* 1c. Prepare SSL configuration
|
||||
*/
|
||||
mbedtls_printf( " . Setting up the SSL data...." );
|
||||
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
|
||||
-ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_mutexed_debug, stdout );
|
||||
|
||||
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
|
||||
* MBEDTLS_THREADING_C is set.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_conf_session_cache( &conf, &cache,
|
||||
mbedtls_ssl_cache_get,
|
||||
mbedtls_ssl_cache_set );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
|
||||
/*
|
||||
* 2. Setup the listening TCP socket
|
||||
*/
|
||||
|
@ -494,7 +497,9 @@ exit:
|
|||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_free( &cache );
|
||||
#endif
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
|
||||
mbedtls_mutex_free( &debug_mutex );
|
||||
|
||||
|
|
|
@ -97,6 +97,7 @@ int main( void )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_x509_crt srvcert;
|
||||
mbedtls_pk_context pkey;
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
|
@ -104,6 +105,7 @@ int main( void )
|
|||
#endif
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_init( &cache );
|
||||
#endif
|
||||
|
@ -189,27 +191,33 @@ int main( void )
|
|||
mbedtls_printf( " . Setting up the SSL data...." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
mbedtls_ssl_conf_session_cache( &conf, &cache,
|
||||
mbedtls_ssl_cache_get,
|
||||
mbedtls_ssl_cache_set );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -244,7 +252,7 @@ reset:
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
|
@ -256,7 +264,7 @@ reset:
|
|||
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
|
||||
goto reset;
|
||||
|
@ -277,7 +285,7 @@ reset:
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
|
||||
if( ret == MBEDTLS_ERR_NET_WANT_READ || ret == MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
continue;
|
||||
|
||||
if( ret <= 0 )
|
||||
|
@ -325,7 +333,7 @@ reset:
|
|||
goto reset;
|
||||
}
|
||||
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
goto exit;
|
||||
|
@ -339,8 +347,8 @@ reset:
|
|||
|
||||
while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
|
||||
goto reset;
|
||||
|
@ -369,6 +377,7 @@ exit:
|
|||
mbedtls_x509_crt_free( &srvcert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_free( &cache );
|
||||
#endif
|
||||
|
|
|
@ -409,11 +409,11 @@ static int my_recv( void *ctx, unsigned char *buf, size_t len )
|
|||
if( first_try )
|
||||
{
|
||||
first_try = 0;
|
||||
return( MBEDTLS_ERR_NET_WANT_READ );
|
||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||
}
|
||||
|
||||
ret = mbedtls_net_recv( ctx, buf, len );
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ )
|
||||
first_try = 1; /* Next call will be a new operation */
|
||||
return( ret );
|
||||
}
|
||||
|
@ -426,11 +426,11 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
|
|||
if( first_try )
|
||||
{
|
||||
first_try = 0;
|
||||
return( MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
return( MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
}
|
||||
|
||||
ret = mbedtls_net_send( ctx, buf, len );
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
first_try = 1; /* Next call will be a new operation */
|
||||
return( ret );
|
||||
}
|
||||
|
@ -547,7 +547,7 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
|
|||
if( name_len == strlen( cur->name ) &&
|
||||
memcmp( name, cur->name, name_len ) == 0 )
|
||||
{
|
||||
return( mbedtls_ssl_set_own_cert( ssl, cur->cert, cur->key ) );
|
||||
return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) );
|
||||
}
|
||||
|
||||
cur = cur->next;
|
||||
|
@ -678,8 +678,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
|
|||
if( name_len == strlen( cur->name ) &&
|
||||
memcmp( name, cur->name, name_len ) == 0 )
|
||||
{
|
||||
return( mbedtls_ssl_set_psk( ssl, cur->key, cur->key_len,
|
||||
name, name_len ) );
|
||||
return( mbedtls_ssl_set_hs_psk( ssl, cur->key, cur->key_len ) );
|
||||
}
|
||||
|
||||
cur = cur->next;
|
||||
|
@ -722,6 +721,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
unsigned char renego_period[8] = { 0 };
|
||||
#endif
|
||||
|
@ -762,6 +762,7 @@ int main( int argc, char *argv[] )
|
|||
*/
|
||||
listen_fd = 0;
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
|
@ -1518,61 +1519,56 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
opt.transport ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
|
||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
|
||||
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ( ret = mbedtls_ssl_set_transport( &ssl, opt.transport ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected transport is not available\n" );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
||||
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
|
||||
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
if( ( ret = mbedtls_ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_max_frag_len returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
|
||||
goto exit;
|
||||
};
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
|
||||
mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
|
||||
mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
if( opt.extended_ms != DFL_EXTENDED_MS )
|
||||
mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
|
||||
mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
if( opt.etm != DFL_ETM )
|
||||
mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
|
||||
mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
if( opt.cache_max != -1 )
|
||||
|
@ -1581,19 +1577,20 @@ int main( int argc, char *argv[] )
|
|||
if( opt.cache_timeout != -1 )
|
||||
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
|
||||
|
||||
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
mbedtls_ssl_conf_session_cache( &conf, &cache,
|
||||
mbedtls_ssl_cache_get,
|
||||
mbedtls_ssl_cache_set );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
if( ( ret = mbedtls_ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_session_tickets( &conf, opt.tickets ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session_tickets returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session_tickets returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( opt.ticket_timeout != -1 )
|
||||
mbedtls_ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
|
||||
mbedtls_ssl_conf_session_ticket_lifetime( &conf, opt.ticket_timeout );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
|
@ -1609,7 +1606,7 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
&cookie_ctx );
|
||||
}
|
||||
else
|
||||
|
@ -1617,7 +1614,7 @@ int main( int argc, char *argv[] )
|
|||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
if( opt.cookies == 0 )
|
||||
{
|
||||
mbedtls_ssl_set_dtls_cookies( &ssl, NULL, NULL, NULL );
|
||||
mbedtls_ssl_conf_dtls_cookies( &conf, NULL, NULL, NULL );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
@ -1627,50 +1624,50 @@ int main( int argc, char *argv[] )
|
|||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
if( opt.anti_replay != DFL_ANTI_REPLAY )
|
||||
mbedtls_ssl_set_dtls_anti_replay( &ssl, opt.anti_replay );
|
||||
mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
|
||||
mbedtls_ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit );
|
||||
mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
if( opt.arc4 != DFL_ARC4 )
|
||||
mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
|
||||
mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
|
||||
|
||||
if( opt.version_suites != NULL )
|
||||
{
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[0],
|
||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_0 );
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[1],
|
||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_1 );
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[2],
|
||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_2 );
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[3],
|
||||
mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[3],
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_3 );
|
||||
}
|
||||
|
||||
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
|
||||
mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
|
||||
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
|
||||
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
|
||||
|
||||
if( opt.renego_delay != DFL_RENEGO_DELAY )
|
||||
mbedtls_ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
|
||||
mbedtls_ssl_conf_renegotiation_enforced( &conf, opt.renego_delay );
|
||||
|
||||
if( opt.renego_period != DFL_RENEGO_PERIOD )
|
||||
{
|
||||
renego_period[7] = opt.renego_period;
|
||||
mbedtls_ssl_set_renegotiation_period( &ssl, renego_period );
|
||||
mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -1678,42 +1675,42 @@ int main( int argc, char *argv[] )
|
|||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||
strcmp( opt.ca_file, "none" ) != 0 )
|
||||
{
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
|
||||
}
|
||||
if( key_cert_init )
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
if( key_cert_init2 )
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, &pkey2 ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(SNI_OPTION)
|
||||
if( opt.sni != NULL )
|
||||
mbedtls_ssl_set_sni( &ssl, sni_callback, sni_info );
|
||||
mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
|
||||
{
|
||||
ret = mbedtls_ssl_set_psk( &ssl, psk, psk_len,
|
||||
ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
|
||||
(const unsigned char *) opt.psk_identity,
|
||||
strlen( opt.psk_identity ) );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n mbedtls_ssl_set_psk returned -0x%04X\n\n", - ret );
|
||||
mbedtls_printf( " failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n", - ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
if( opt.psk_list != NULL )
|
||||
mbedtls_ssl_set_psk_cb( &ssl, psk_callback, psk_info );
|
||||
mbedtls_ssl_conf_psk_cb( &conf, psk_callback, psk_info );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
|
@ -1722,38 +1719,37 @@ int main( int argc, char *argv[] )
|
|||
*/
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
if( opt.dhm_file != NULL )
|
||||
ret = mbedtls_ssl_set_dh_param_ctx( &ssl, &dhm );
|
||||
else
|
||||
ret = mbedtls_ssl_conf_dh_param_ctx( &conf, &dhm );
|
||||
#endif
|
||||
ret = mbedtls_ssl_set_dh_param( &ssl, MBEDTLS_DHM_RFC5114_MODP_2048_P,
|
||||
MBEDTLS_DHM_RFC5114_MODP_2048_G );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n mbedtls_ssl_set_dh_param returned -0x%04X\n\n", - ret );
|
||||
mbedtls_printf( " failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
if( opt.min_version != DFL_MIN_VERSION )
|
||||
{
|
||||
ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||
|
||||
if( opt.max_version != DFL_MIN_VERSION )
|
||||
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected max_version is not available\n" );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
if( opt.nbio == 2 )
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL );
|
||||
else
|
||||
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL
|
||||
#else
|
||||
NULL
|
||||
#endif
|
||||
);
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
|
@ -1814,16 +1810,7 @@ reset:
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if( opt.nbio == 2 )
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, my_send, my_recv, NULL, 0 );
|
||||
else
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL,
|
||||
#else
|
||||
NULL,
|
||||
#endif
|
||||
opt.read_timeout );
|
||||
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
|
@ -1832,7 +1819,7 @@ reset:
|
|||
sizeof( client_ip ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! "
|
||||
"ssl_set_client_tranport_id() returned -0x%x\n\n", -ret );
|
||||
"ssl_set_client_transport_id() returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
@ -1869,8 +1856,8 @@ reset:
|
|||
fflush( stdout );
|
||||
|
||||
do ret = mbedtls_ssl_handshake( &ssl );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
|
||||
{
|
||||
|
@ -1954,8 +1941,8 @@ data_exchange:
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
|
||||
if( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
continue;
|
||||
|
||||
if( ret <= 0 )
|
||||
|
@ -2045,8 +2032,8 @@ data_exchange:
|
|||
memset( buf, 0, sizeof( buf ) );
|
||||
|
||||
do ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret <= 0 )
|
||||
{
|
||||
|
@ -2081,8 +2068,8 @@ data_exchange:
|
|||
|
||||
while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
|
||||
goto reset;
|
||||
|
@ -2115,8 +2102,8 @@ data_exchange:
|
|||
goto reset;
|
||||
}
|
||||
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
|
||||
goto reset;
|
||||
|
@ -2127,8 +2114,8 @@ data_exchange:
|
|||
else /* Not stream, so datagram */
|
||||
{
|
||||
do ret = mbedtls_ssl_write( &ssl, buf, len );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
|
||||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
|
||||
if( ret < 0 )
|
||||
{
|
||||
|
@ -2158,7 +2145,7 @@ close_notify:
|
|||
|
||||
/* No error checking, the connection might be closed already */
|
||||
do ret = mbedtls_ssl_close_notify( &ssl );
|
||||
while( ret == MBEDTLS_ERR_NET_WANT_WRITE );
|
||||
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
|
||||
ret = 0;
|
||||
|
||||
mbedtls_printf( " done\n" );
|
||||
|
@ -2205,6 +2192,7 @@ exit:
|
|||
#endif
|
||||
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
mbedtls_ctr_drbg_free( &ctr_drbg );
|
||||
mbedtls_entropy_free( &entropy );
|
||||
|
||||
|
|
|
@ -146,6 +146,7 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_x509_crt cacert;
|
||||
mbedtls_x509_crt clicert;
|
||||
mbedtls_x509_crl cacrl;
|
||||
|
@ -161,6 +162,7 @@ int main( int argc, char *argv[] )
|
|||
server_fd = 0;
|
||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
mbedtls_x509_crt_init( &clicert );
|
||||
#if defined(MBEDTLS_X509_CRL_PARSE_C)
|
||||
|
@ -372,7 +374,7 @@ int main( int argc, char *argv[] )
|
|||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
|
||||
goto exit;
|
||||
goto ssl_exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
@ -388,56 +390,61 @@ int main( int argc, char *argv[] )
|
|||
opt.server_port, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
|
||||
goto exit;
|
||||
goto ssl_exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* 3. Setup stuff
|
||||
*/
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
|
||||
if( verify )
|
||||
{
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
|
||||
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
||||
}
|
||||
else
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||
goto exit;
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
goto ssl_exit;
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
|
||||
goto ssl_exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||
goto exit;
|
||||
goto ssl_exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
|
||||
|
||||
/*
|
||||
* 4. Handshake
|
||||
*/
|
||||
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
|
||||
{
|
||||
if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE )
|
||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
goto exit;
|
||||
goto ssl_exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -452,14 +459,16 @@ int main( int argc, char *argv[] )
|
|||
if( ret == -1 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
goto exit;
|
||||
goto ssl_exit;
|
||||
}
|
||||
|
||||
mbedtls_printf( "%s\n", buf );
|
||||
|
||||
mbedtls_ssl_close_notify( &ssl );
|
||||
|
||||
ssl_exit:
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
else
|
||||
goto usage;
|
||||
|
|
|
@ -546,10 +546,10 @@ POLARSSL_ERR_NET_LISTEN_FAILED MBEDTLS_ERR_NET_LISTEN_FAILED
|
|||
POLARSSL_ERR_NET_RECV_FAILED MBEDTLS_ERR_NET_RECV_FAILED
|
||||
POLARSSL_ERR_NET_SEND_FAILED MBEDTLS_ERR_NET_SEND_FAILED
|
||||
POLARSSL_ERR_NET_SOCKET_FAILED MBEDTLS_ERR_NET_SOCKET_FAILED
|
||||
POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_NET_TIMEOUT
|
||||
POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
|
||||
POLARSSL_ERR_NET_UNKNOWN_HOST MBEDTLS_ERR_NET_UNKNOWN_HOST
|
||||
POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_NET_WANT_READ
|
||||
POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_NET_WANT_WRITE
|
||||
POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
|
||||
POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
|
||||
POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
|
||||
POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
|
||||
POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
|
||||
|
@ -1969,7 +1969,7 @@ ssl_hw_record_reset mbedtls_ssl_hw_record_reset
|
|||
ssl_hw_record_write mbedtls_ssl_hw_record_write
|
||||
ssl_init mbedtls_ssl_init
|
||||
ssl_key_cert mbedtls_ssl_key_cert
|
||||
ssl_legacy_renegotiation mbedtls_ssl_legacy_renegotiation
|
||||
ssl_legacy_renegotiation mbedtls_ssl_conf_legacy_renegotiation
|
||||
ssl_list_ciphersuites mbedtls_ssl_list_ciphersuites
|
||||
ssl_md_alg_from_hash mbedtls_ssl_md_alg_from_hash
|
||||
ssl_optimize_checksum mbedtls_ssl_optimize_checksum
|
||||
|
@ -1997,49 +1997,49 @@ ssl_session mbedtls_ssl_session
|
|||
ssl_session_free mbedtls_ssl_session_free
|
||||
ssl_session_init mbedtls_ssl_session_init
|
||||
ssl_session_reset mbedtls_ssl_session_reset
|
||||
ssl_set_alpn_protocols mbedtls_ssl_set_alpn_protocols
|
||||
ssl_set_arc4_support mbedtls_ssl_set_arc4_support
|
||||
ssl_set_authmode mbedtls_ssl_set_authmode
|
||||
ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols
|
||||
ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
|
||||
ssl_set_authmode mbedtls_ssl_conf_authmode
|
||||
ssl_set_bio mbedtls_ssl_set_bio
|
||||
ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout
|
||||
ssl_set_ca_chain mbedtls_ssl_set_ca_chain
|
||||
ssl_set_cbc_record_splitting mbedtls_ssl_set_cbc_record_splitting
|
||||
ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites
|
||||
ssl_set_ciphersuites_for_version mbedtls_ssl_set_ciphersuites_for_version
|
||||
ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
|
||||
ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
|
||||
ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
|
||||
ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version
|
||||
ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
|
||||
ssl_set_curves mbedtls_ssl_set_curves
|
||||
ssl_set_dbg mbedtls_ssl_set_dbg
|
||||
ssl_set_dh_param mbedtls_ssl_set_dh_param
|
||||
ssl_set_dh_param_ctx mbedtls_ssl_set_dh_param_ctx
|
||||
ssl_set_dtls_anti_replay mbedtls_ssl_set_dtls_anti_replay
|
||||
ssl_set_dtls_badmac_limit mbedtls_ssl_set_dtls_badmac_limit
|
||||
ssl_set_dtls_cookies mbedtls_ssl_set_dtls_cookies
|
||||
ssl_set_encrypt_then_mac mbedtls_ssl_set_encrypt_then_mac
|
||||
ssl_set_endpoint mbedtls_ssl_set_endpoint
|
||||
ssl_set_extended_master_secret mbedtls_ssl_set_extended_master_secret
|
||||
ssl_set_fallback mbedtls_ssl_set_fallback
|
||||
ssl_set_handshake_timeout mbedtls_ssl_set_handshake_timeout
|
||||
ssl_set_curves mbedtls_ssl_conf_curves
|
||||
ssl_set_dbg mbedtls_ssl_conf_dbg
|
||||
ssl_set_dh_param mbedtls_ssl_conf_dh_param
|
||||
ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
|
||||
ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
|
||||
ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
|
||||
ssl_set_dtls_cookies mbedtls_ssl_conf_dtls_cookies
|
||||
ssl_set_encrypt_then_mac mbedtls_ssl_conf_encrypt_then_mac
|
||||
ssl_set_endpoint mbedtls_ssl_conf_endpoint
|
||||
ssl_set_extended_master_secret mbedtls_ssl_conf_extended_master_secret
|
||||
ssl_set_fallback mbedtls_ssl_conf_fallback
|
||||
ssl_set_handshake_timeout mbedtls_ssl_conf_handshake_timeout
|
||||
ssl_set_hostname mbedtls_ssl_set_hostname
|
||||
ssl_set_max_frag_len mbedtls_ssl_set_max_frag_len
|
||||
ssl_set_max_version mbedtls_ssl_set_max_version
|
||||
ssl_set_min_version mbedtls_ssl_set_min_version
|
||||
ssl_set_own_cert mbedtls_ssl_set_own_cert
|
||||
ssl_set_max_frag_len mbedtls_ssl_conf_max_frag_len
|
||||
ssl_set_max_version mbedtls_ssl_conf_max_version
|
||||
ssl_set_min_version mbedtls_ssl_conf_min_version
|
||||
ssl_set_own_cert mbedtls_ssl_conf_own_cert
|
||||
ssl_set_own_cert_alt mbedtls_ssl_set_own_cert_alt
|
||||
ssl_set_own_cert_rsa mbedtls_ssl_set_own_cert_rsa
|
||||
ssl_set_psk mbedtls_ssl_set_psk
|
||||
ssl_set_psk_cb mbedtls_ssl_set_psk_cb
|
||||
ssl_set_renegotiation mbedtls_ssl_set_renegotiation
|
||||
ssl_set_renegotiation_enforced mbedtls_ssl_set_renegotiation_enforced
|
||||
ssl_set_renegotiation_period mbedtls_ssl_set_renegotiation_period
|
||||
ssl_set_rng mbedtls_ssl_set_rng
|
||||
ssl_set_psk mbedtls_ssl_conf_psk
|
||||
ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
|
||||
ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
|
||||
ssl_set_renegotiation_enforced mbedtls_ssl_conf_renegotiation_enforced
|
||||
ssl_set_renegotiation_period mbedtls_ssl_conf_renegotiation_period
|
||||
ssl_set_rng mbedtls_ssl_conf_rng
|
||||
ssl_set_session mbedtls_ssl_set_session
|
||||
ssl_set_session_cache mbedtls_ssl_set_session_cache
|
||||
ssl_set_session_ticket_lifetime mbedtls_ssl_set_session_ticket_lifetime
|
||||
ssl_set_session_tickets mbedtls_ssl_set_session_tickets
|
||||
ssl_set_sni mbedtls_ssl_set_sni
|
||||
ssl_set_transport mbedtls_ssl_set_transport
|
||||
ssl_set_truncated_hmac mbedtls_ssl_set_truncated_hmac
|
||||
ssl_set_verify mbedtls_ssl_set_verify
|
||||
ssl_set_session_cache mbedtls_ssl_conf_session_cache
|
||||
ssl_set_session_ticket_lifetime mbedtls_ssl_conf_session_ticket_lifetime
|
||||
ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
|
||||
ssl_set_sni mbedtls_ssl_conf_sni
|
||||
ssl_set_transport mbedtls_ssl_conf_transport
|
||||
ssl_set_truncated_hmac mbedtls_ssl_conf_truncated_hmac
|
||||
ssl_set_verify mbedtls_ssl_conf_verify
|
||||
ssl_sig_from_pk mbedtls_ssl_sig_from_pk
|
||||
ssl_states mbedtls_ssl_states
|
||||
ssl_ticket_keys mbedtls_ssl_ticket_keys
|
||||
|
|
|
@ -626,8 +626,8 @@ run_test "Truncated HMAC: client enabled, server default" \
|
|||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
|
||||
trunc_hmac=1" \
|
||||
0 \
|
||||
-S "dumping 'computed mac' (20 bytes)" \
|
||||
-s "dumping 'computed mac' (10 bytes)"
|
||||
-s "dumping 'computed mac' (20 bytes)" \
|
||||
-S "dumping 'computed mac' (10 bytes)"
|
||||
|
||||
run_test "Truncated HMAC: client enabled, server disabled" \
|
||||
"$P_SRV debug_level=4 trunc_hmac=0" \
|
||||
|
@ -1044,7 +1044,7 @@ run_test "Session resume using cache: cache_max=1" \
|
|||
-s "a session has been resumed" \
|
||||
-c "a session has been resumed"
|
||||
|
||||
run_test "Session resume using cache: timemout > delay" \
|
||||
run_test "Session resume using cache: timeout > delay" \
|
||||
"$P_SRV debug_level=3 tickets=0" \
|
||||
"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
|
||||
0 \
|
||||
|
|
|
@ -34,20 +34,28 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line,
|
|||
char *result_str )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
|
||||
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL );
|
||||
mbedtls_debug_set_threshold( threshold );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_msg( &ssl, level, file, line,
|
||||
mbedtls_debug_fmt("Text message, 2 == %d", 2 ) );
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -56,18 +64,26 @@ void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int va
|
|||
char *result_str )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
|
||||
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( mode );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -77,22 +93,30 @@ void mbedtls_debug_print_buf( int mode, char *file, int line, char *text,
|
|||
{
|
||||
unsigned char data[10000];
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
size_t data_len;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( &data, 0, sizeof( data ) );
|
||||
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
data_len = unhexify( data, data_string );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( mode );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -102,15 +126,19 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line,
|
|||
{
|
||||
mbedtls_x509_crt crt;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_x509_crt_init( &crt );
|
||||
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( mode );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
|
||||
|
@ -119,6 +147,8 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line,
|
|||
|
||||
exit:
|
||||
mbedtls_x509_crt_free( &crt );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -127,19 +157,22 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int
|
|||
char *prefix, char *result_str )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
struct buffer_data buffer;
|
||||
mbedtls_mpi val;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
mbedtls_mpi_init( &val );
|
||||
|
||||
memset( &ssl, 0, sizeof( mbedtls_ssl_context ) );
|
||||
memset( buffer.buf, 0, 2000 );
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( mode );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
|
||||
|
||||
|
@ -147,5 +180,7 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int
|
|||
|
||||
exit:
|
||||
mbedtls_mpi_free( &val );
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
|
@ -11,12 +11,16 @@
|
|||
void ssl_dtls_replay( char *prevs, char *new, int ret )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
char *end_prevs = prevs + strlen( prevs ) + 1;
|
||||
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl ) == 0 );
|
||||
TEST_ASSERT( mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM ) == 0 );
|
||||
TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM ) == 0 );
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
/* Read previous record numbers */
|
||||
for( ; end_prevs - prevs >= 13; prevs += 13 )
|
||||
|
@ -31,5 +35,6 @@ void ssl_dtls_replay( char *prevs, char *new, int ret )
|
|||
TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
|
||||
|
||||
mbedtls_ssl_free( &ssl );
|
||||
mbedtls_ssl_config_free( &conf );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
Loading…
Reference in a new issue