diff --git a/ChangeLog b/ChangeLog index 90654ab47..1fed051d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,9 +29,10 @@ API Changes changed from ssl_context to ssl_config. * mbedtls_ssl_conf_ca_chain() lost its last argument (peer_cn), now set using mbedtls_ssl_set_hostname(). - * mbedtls_ssl_set_session_cached() changed prototype (only one context + * mbedtls_ssl_conf_session_cache() changed prototype (only one context pointer, parameters reordered). - * mbedtls_memory_bufer_alloc_init() now returns void + * mbedtls_ssl_conf_truncated_hmac() now returns void. + * mbedtls_memory_bufer_alloc_init() now returns void. * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now return void. * ecdsa_write_signature() gained an addtional md_alg argument and @@ -96,9 +97,13 @@ Reauirement changes * The NET layer now unconditionnaly relies on getaddrinfo(). * Compiler is required to support C99 types such as long long and uint32_t. -Changes from the 1.4 preview branch +API changes from the 1.4 preview branch * ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with new prototype, and mbedtls_ssl_set_read_timeout(). + * The following functions now return void: + mbedtls_ssl_conf_transport() + mbedtls_ssl_conf_max_version() + mbedtls_ssl_conf_min_version() Changes * mbedtls_ctr_drbg_random() and mbedtls_hmac_drbg_random() are now diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 742e9e440..b5e6a8c8d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1185,17 +1185,16 @@ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); * \brief Set the transport type (TLS or DTLS). * Default: TLS * + * \note For DTLS, you must either provide a recv callback that + * doesn't block, or one that handles timeouts, see + * mbedtls_ssl_conf_bio() + * * \param conf SSL configuration * \param transport transport type: * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. - * \return 0 on success or MBEDTLS_ERR_SSL_BAD_INPUT_DATA - * - * \note For DTLS, you must either provide a recv callback that - * doesn't block, or one that handles timeouts, see - * mbedtls_ssl_conf_bio() */ -int mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); +void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); /** * \brief Set the certificate verification mode @@ -1799,19 +1798,18 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); * and/or accepted at the server side * (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION) * - * Note: This ignores ciphersuites from 'higher' versions. + * \note This ignores ciphersuites from higher versions. + * + * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and + * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 * * \param conf SSL configuration * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_3 supported) - * \return 0 on success or MBEDTLS_ERR_SSL_BAD_INPUT_DATA - * - * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and - * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 */ -int mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); +void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); /** * \brief Set the minimum accepted SSL/TLS protocol version @@ -1822,17 +1820,16 @@ int mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor * * \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided. * + * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and + * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 + * * \param conf SSL configuration * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_3 supported) - * \return 0 on success or MBEDTLS_ERR_SSL_BAD_INPUT_DATA - * - * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and - * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 */ -int mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); +void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) /** @@ -1929,10 +1926,8 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c * \param conf SSL configuration * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or * MBEDTLS_SSL_TRUNC_HMAC_DISABLED) - * - * \return Always 0. */ -int mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); +void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b098e0dd3..8263573b6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5185,11 +5185,9 @@ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) conf->endpoint = endpoint; } -int mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) +void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) { conf->transport = transport; - - return( 0 ); } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) @@ -5564,50 +5562,16 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_ALPN */ -static int ssl_check_version( const mbedtls_ssl_config *conf, - int major, int minor ) +void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) { - if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION || - major > MBEDTLS_SSL_MAX_MAJOR_VERSION || - minor < MBEDTLS_SSL_MIN_MINOR_VERSION || - minor > MBEDTLS_SSL_MAX_MINOR_VERSION ) - { - return( -1 ); - } - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - minor < MBEDTLS_SSL_MINOR_VERSION_2 ) - { - return( -1 ); - } -#else - ((void) ssl); -#endif - - return( 0 ); -} - -int mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) -{ - if( ssl_check_version( conf, major, minor ) != 0 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - conf->max_major_ver = major; conf->max_minor_ver = minor; - - return( 0 ); } -int mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) +void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) { - if( ssl_check_version( conf, major, minor ) != 0 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - conf->min_major_ver = major; conf->min_minor_ver = minor; - - return( 0 ); } #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) @@ -5652,11 +5616,9 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -int mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) +void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) { conf->trunc_hmac = truncate; - - return( 0 ); } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6620d4eab..8d04b9af3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1183,24 +1183,10 @@ int main( int argc, char *argv[] ) #endif if( opt.min_version != DFL_MIN_VERSION ) - { - ret = mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! selected min_version is not available\n" ); - goto exit; - } - } + mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); if( opt.max_version != DFL_MAX_VERSION ) - { - ret = mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! selected max_version is not available\n" ); - goto exit; - } - } + mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); #if defined(MBEDTLS_SSL_FALLBACK_SCSV) if( opt.fallback != DFL_FALLBACK ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 81b92a6d4..b9e2c09e7 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1735,24 +1735,10 @@ int main( int argc, char *argv[] ) #endif if( opt.min_version != DFL_MIN_VERSION ) - { - ret = mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! selected min_version is not available\n" ); - goto exit; - } - } + mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); if( opt.max_version != DFL_MIN_VERSION ) - { - ret = mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); - if( ret != 0 ) - { - mbedtls_printf( " failed\n ! selected max_version is not available\n" ); - goto exit; - } - } + mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); mbedtls_printf( " ok\n" );