yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-23 22:45:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use new tools for all cases with TLS-specific code

Browse source 
This commit handles occurrences of case 2 and 3 in the following list:

1. Some DTLS-specific code with no TLS-specific code (most frequent)
2. Some specific code for each protocol
3. Some TLS-specific code with no DTLS-specific code (least frequent)

Case 3 previously had a weird structure in that the TLS-specific code was
always present, but the if structure was conditional on DTLS being enabled.
This is changed by this commit to a more logical structure where both the code
and the test are conditional on TLS being enabled.

Case 2 doesn't require any change in the code structure in general. However,
there is one occurrence where the if/else structure is simplified to assigning
the result of a boolean operation, and one occurrence where I also noticed a
useless use of `ssl_ep_len()` in a TLS-specific branch, that I turned to the
constant 0 as it makes more sense.

Case 1 will be handled in the next commit, as it can easily be handled in an
automated way - only cases 2 and 3 (sometimes) required manual intervention.

The list of occurrences for cases 2 and 3 was established manually by looking
for occurrences of '= MBEDTLS_SSL_TRANSPORT_' in the code and manually
checking if there was a TLS-specific branch.

New sizes (see previous commit for the measuring script):

```

both
   text    data     bss     dec     hex filename
   1820       0       4    1824     720 debug.o (ex library/libmbedtls.a)
      0       0       0       0       0 net_sockets.o (ex library/libmbedtls.a)
    548       0       0     548     224 ssl_cache.o (ex library/libmbedtls.a)
  11155       0     596   11751    2de7 ssl_ciphersuites.o (ex library/libmbedtls.a)
  17156       0       0   17156    4304 ssl_cli.o (ex library/libmbedtls.a)
    460       0       0     460     1cc ssl_cookie.o (ex library/libmbedtls.a)
  17649       0       0   17649    44f1 ssl_srv.o (ex library/libmbedtls.a)
    800       0       0     800     320 ssl_ticket.o (ex library/libmbedtls.a)
  39286      60       0   39346    99b2 ssl_tls.o (ex library/libmbedtls.a)
  88874      60     600   89534   15dbe (TOTALS)

DTLS-only
   text    data     bss     dec     hex filename
   1820       0       4    1824     720 debug.o (ex library/libmbedtls.a)
      0       0       0       0       0 net_sockets.o (ex library/libmbedtls.a)
    548       0       0     548     224 ssl_cache.o (ex library/libmbedtls.a)
  11155       0     596   11751    2de7 ssl_ciphersuites.o (ex library/libmbedtls.a)
  17068       0       0   17068    42ac ssl_cli.o (ex library/libmbedtls.a)
    460       0       0     460     1cc ssl_cookie.o (ex library/libmbedtls.a)
  17553       0       0   17553    4491 ssl_srv.o (ex library/libmbedtls.a)
    800       0       0     800     320 ssl_ticket.o (ex library/libmbedtls.a)
  38499      60       0   38559    969f ssl_tls.o (ex library/libmbedtls.a)
  87903      60     600   88563   159f3 (TOTALS)

TLS-only
   text    data     bss     dec     hex filename
   1820       0       4    1824     720 debug.o (ex library/libmbedtls.a)
      0       0       0       0       0 net_sockets.o (ex library/libmbedtls.a)
    548       0       0     548     224 ssl_cache.o (ex library/libmbedtls.a)
  11155       0     596   11751    2de7 ssl_ciphersuites.o (ex library/libmbedtls.a)
  14912       0       0   14912    3a40 ssl_cli.o (ex library/libmbedtls.a)
    460       0       0     460     1cc ssl_cookie.o (ex library/libmbedtls.a)
  15868       0       0   15868    3dfc ssl_srv.o (ex library/libmbedtls.a)
    800       0       0     800     320 ssl_ticket.o (ex library/libmbedtls.a)
  27619      60       0   27679    6c1f ssl_tls.o (ex library/libmbedtls.a)
  73182      60     600   73842   12072 (TOTALS)
```
This commit is contained in:
Manuel Pégourié-Gonnard 2019-06-06 10:34:48 +02:00
parent 25838b795f
commit ff4bd9f405
3 changed files with 116 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
library/ssl_cli.c
View file

@ -1762,12 +1762,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_ZLIB_SUPPORT) #if defined(MBEDTLS_ZLIB_SUPPORT)
/* See comments in ssl_write_client_hello() */ /* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS) accept_comp = MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport );
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
accept_comp = 0;
else
#endif
accept_comp = 1;
if( comp != MBEDTLS_SSL_COMPRESS_NULL && if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) ) ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )

33
library/ssl_srv.c
View file

@ -1304,12 +1304,13 @@ read_record_header:
buf = ssl->in_hdr; buf = ssl->in_hdr;
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) && \
#if defined(MBEDTLS_SSL_PROTO_DTLS) defined(MBEDTLS_SSL_PROTO_TLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM ) if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) &&
#endif ( buf[0] & 0x80 ) != 0 )
if( ( buf[0] & 0x80 ) != 0 ) {
return( ssl_parse_client_hello_v2( ssl ) ); return( ssl_parse_client_hello_v2( ssl ) );
}
#endif #endif
MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) );
@ -1407,13 +1408,19 @@ read_record_header:
return( ret ); return( ret );
} }
/* Done reading this record, get ready for the next one */ /* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{
ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl ); ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl );
else }
MBEDTLS_SSL_TRANSPORT_ELSE
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->in_left = 0; ssl->in_left = 0;
}
#endif
} }
buf = ssl->in_msg; buf = ssl->in_msg;
@ -1595,7 +1602,7 @@ read_record_header:
* Check the cookie length and content * Check the cookie length and content
*/ */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
cookie_offset = 35 + sess_len; cookie_offset = 35 + sess_len;
cookie_len = buf[cookie_offset]; cookie_len = buf[cookie_offset];
@ -1650,9 +1657,13 @@ read_record_header:
*/ */
ciph_offset = cookie_offset + 1 + cookie_len; ciph_offset = cookie_offset + 1 + cookie_len;
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ciph_offset = 35 + sess_len; ciph_offset = 35 + sess_len;
}
#endif
ciph_len = ( buf[ciph_offset + 0] << 8 ) ciph_len = ( buf[ciph_offset + 0] << 8 )
| ( buf[ciph_offset + 1] ); | ( buf[ciph_offset + 1] );

147
library/ssl_tls.c
View file

@ -61,12 +61,14 @@ static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
/* Length of the "epoch" field in the record header */ /* Length of the "epoch" field in the record header */
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl ) static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
{ {
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 2 );
#else
((void) ssl); ((void) ssl);
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
return( 2 );
#endif
return( 0 ); return( 0 );
} }
@ -3269,15 +3271,17 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
ssl->out_hdr = ssl->out_buf; ssl->out_hdr = ssl->out_buf;
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{ {
ssl->out_hdr = ssl->out_buf + 8; ssl->out_hdr = ssl->out_buf + 8;
} }
#endif
ssl_update_out_pointers( ssl, ssl->transform_out ); ssl_update_out_pointers( ssl, ssl->transform_out );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
@ -4137,7 +4141,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
int ret; int ret;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
@ -4201,14 +4205,18 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
} }
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
/* With TLS we don't handle fragmentation (for now) */ #if defined(MBEDTLS_SSL_PROTO_TLS)
if( ssl->in_msglen < ssl->in_hslen )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) ); /* With TLS we don't handle fragmentation (for now) */
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); if( ssl->in_msglen < ssl->in_hslen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
} }
#endif
return( 0 ); return( 0 );
} }
@ -4604,13 +4612,15 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_TLS)
/* Silently ignore invalid DTLS records as recommended by RFC 6347 /* Silently ignore invalid DTLS records as recommended by RFC 6347
* Section 4.1.2.7 */ * Section 4.1.2.7, that is, send alert only with TLS */
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
#endif /* MBEDTLS_SSL_PROTO_DTLS */ {
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
}
#endif /* MBEDTLS_SSL_PROTO_TLS */
return( MBEDTLS_ERR_SSL_INVALID_RECORD ); return( MBEDTLS_ERR_SSL_INVALID_RECORD );
} }
@ -4906,26 +4916,23 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
else else
ssl->nb_zero = 0; ssl->nb_zero = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS) /* Only needed for TLS, as with DTLS in_ctr is read from the header */
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) #if defined(MBEDTLS_SSL_PROTO_TLS)
{ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
; /* in_ctr read from peer, not maintained internally */
}
else
#endif
{ {
unsigned i; unsigned i;
for( i = 8; i > ssl_ep_len( ssl ); i-- ) for( i = 8; i > 0; i-- )
if( ++ssl->in_ctr[i - 1] != 0 ) if( ++ssl->in_ctr[i - 1] != 0 )
break; break;
/* The loop goes to its end iff the counter is wrapping */ /* The loop goes to its end iff the counter is wrapping */
if( i == ssl_ep_len( ssl ) ) if( i == 0 )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
} }
} }
#endif /* MBEDTLS_SSL_PROTO_TLS */
} }
@ -5700,7 +5707,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
/* Done reading this record, get ready for the next one */ /* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl ); ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_in_hdr_len( ssl );
if( ssl->next_record_offset < ssl->in_left ) if( ssl->next_record_offset < ssl->in_left )
@ -5708,14 +5715,18 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) );
} }
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
ssl->in_left = 0; ssl->in_left = 0;
}
#endif
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 ) if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
{ {
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
/* Silently discard invalid records */ /* Silently discard invalid records */
if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
@ -5758,8 +5769,9 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
return( ret ); return( ret );
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{ {
/* Error out (and send alert) on invalid records */ /* Error out (and send alert) on invalid records */
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
@ -5772,6 +5784,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
#endif #endif
return( ret ); return( ret );
} }
#endif /* MBEDTLS_SSL_PROTO_TLS */
} }
return( 0 ); return( 0 );
@ -6614,7 +6627,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
ssl->session_in = ssl->session_negotiate; ssl->session_in = ssl->session_negotiate;
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
ssl_dtls_replay_reset( ssl ); ssl_dtls_replay_reset( ssl );
@ -6629,9 +6642,13 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
} }
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
memset( ssl->in_ctr, 0, 8 ); #if defined(MBEDTLS_SSL_PROTO_TLS)
{
memset( ssl->in_ctr, 0, 8 );
}
#endif
ssl_update_in_pointers( ssl ); ssl_update_in_pointers( ssl );
@ -7130,7 +7147,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
unsigned char i; unsigned char i;
@ -7153,9 +7170,13 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
} }
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
memset( ssl->cur_out_ctr, 0, 8 ); #if defined(MBEDTLS_SSL_PROTO_TLS)
{
memset( ssl->cur_out_ctr, 0, 8 );
}
#endif
ssl->transform_out = ssl->transform_negotiate; ssl->transform_out = ssl->transform_negotiate;
ssl->session_out = ssl->session_negotiate; ssl->session_out = ssl->session_negotiate;
@ -7461,7 +7482,7 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
mbedtls_ssl_transform *transform ) mbedtls_ssl_transform *transform )
{ {
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
ssl->out_ctr = ssl->out_hdr + 3; ssl->out_ctr = ssl->out_hdr + 3;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -7474,8 +7495,9 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->out_iv = ssl->out_len + 2; ssl->out_iv = ssl->out_len + 2;
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{ {
ssl->out_ctr = ssl->out_hdr - 8; ssl->out_ctr = ssl->out_hdr - 8;
ssl->out_len = ssl->out_hdr + 3; ssl->out_len = ssl->out_hdr + 3;
@ -7484,6 +7506,7 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
#endif #endif
ssl->out_iv = ssl->out_hdr + 5; ssl->out_iv = ssl->out_hdr + 5;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS */
/* Adjust out_msg to make space for explicit IV, if used. */ /* Adjust out_msg to make space for explicit IV, if used. */
if( transform != NULL && if( transform != NULL &&
@ -7516,7 +7539,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
*/ */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
/* This sets the header pointers to match records /* This sets the header pointers to match records
* without CID. When we receive a record containing * without CID. When we receive a record containing
@ -7531,8 +7554,9 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
ssl->in_iv = ssl->in_len + 2; ssl->in_iv = ssl->in_len + 2;
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{ {
ssl->in_ctr = ssl->in_hdr - 8; ssl->in_ctr = ssl->in_hdr - 8;
ssl->in_len = ssl->in_hdr + 3; ssl->in_len = ssl->in_hdr + 3;
@ -7541,6 +7565,7 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl )
#endif #endif
ssl->in_iv = ssl->in_hdr + 5; ssl->in_iv = ssl->in_hdr + 5;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS */
/* This will be adjusted at record decryption time. */ /* This will be adjusted at record decryption time. */
ssl->in_msg = ssl->in_iv; ssl->in_msg = ssl->in_iv;
@ -7562,17 +7587,19 @@ static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
{ {
/* Set the incoming and outgoing record pointers. */ /* Set the incoming and outgoing record pointers. */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
ssl->out_hdr = ssl->out_buf; ssl->out_hdr = ssl->out_buf;
ssl->in_hdr = ssl->in_buf; ssl->in_hdr = ssl->in_buf;
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_PROTO_TLS)
{ {
ssl->out_hdr = ssl->out_buf + 8; ssl->out_hdr = ssl->out_buf + 8;
ssl->in_hdr = ssl->in_buf + 8; ssl->in_hdr = ssl->in_buf + 8;
} }
#endif /* MBEDTLS_SSL_PROTO_TLS */
/* Derive other internal pointers. */ /* Derive other internal pointers. */
ssl_update_out_pointers( ssl, NULL /* no transform enabled */ ); ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
@ -9795,16 +9822,20 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
if( len > max_len ) if( len > max_len )
{ {
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
"maximum fragment length: %d > %d", "maximum fragment length: %d > %d",
len, max_len ) ); len, max_len ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{
len = max_len; len = max_len;
}
#endif
} }
if( ssl->out_left != 0 ) if( ssl->out_left != 0 )
@ -10770,8 +10801,12 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
void mbedtls_ssl_write_version( int major, int minor, int transport, void mbedtls_ssl_write_version( int major, int minor, int transport,
unsigned char ver[2] ) unsigned char ver[2] )
{ {
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
((void) transport);
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
{ {
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */ --minor; /* DTLS 1.0 stored as TLS 1.1 internally */
@ -10779,21 +10814,25 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
ver[0] = (unsigned char)( 255 - ( major - 2 ) ); ver[0] = (unsigned char)( 255 - ( major - 2 ) );
ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#else
((void) transport);
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{ {
ver[0] = (unsigned char) major; ver[0] = (unsigned char) major;
ver[1] = (unsigned char) minor; ver[1] = (unsigned char) minor;
} }
#endif
} }
void mbedtls_ssl_read_version( int *major, int *minor, int transport, void mbedtls_ssl_read_version( int *major, int *minor, int transport,
const unsigned char ver[2] ) const unsigned char ver[2] )
{ {
#if !defined(MBEDTLS_SSL_TRANSPORT__BOTH)
((void) transport);
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) )
{ {
*major = 255 - ver[0] + 2; *major = 255 - ver[0] + 2;
*minor = 255 - ver[1] + 1; *minor = 255 - ver[1] + 1;
@ -10801,14 +10840,14 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
} }
else MBEDTLS_SSL_TRANSPORT_ELSE
#else
((void) transport);
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_TLS)
{ {
*major = ver[0]; *major = ver[0];
*minor = ver[1]; *minor = ver[1];
} }
#endif
} }
int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )