diff --git a/ChangeLog b/ChangeLog index cf834d3fa..861693454 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,7 +41,8 @@ API Changes (support for renegotiation now needs explicit enabling in config.h). * net_connect() and net_bind() have a new 'proto' argument to choose between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP. - * ssl_set_bio() now requires that p_send == p_recv. + * ssl_set_bio() changed signature (contexts merged, order switched, one + additional callback for read-with-timeout). * Some constness fixes Removals @@ -62,7 +63,6 @@ Removals New deprecations * md_init_ctx() is deprecated in favour of md_setup(), that adds a third argument (allowing memory savings if HMAC is not used) - * ssl_set_bio() is deprecated in favour of ssl_set_bio_timeout(). Semi-API changes (technically public, morally private) * Changed md_info_t into an opaque structure (use md_get_xxx() accessors). @@ -88,6 +88,10 @@ Reauirement changes * The NET layer now unconditionnaly relies on getaddrinfo(). * Compiler is required to support C99 types such as long long and uint32_t. +Changes from the 1.4 preview branch + * ssl_set_bio_timeout() was removed, split into mbedtls_ssl_set_bio() with + new prototype, and mbedtls_ssl_set_read_timeout(). + = mbed TLS 1.3 branch Security diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index 10953dbe5..21c507ef3 100644 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -2475,7 +2475,7 @@ #define ssl_set_arc4_support mbedtls_ssl_set_arc4_support #define ssl_set_authmode mbedtls_ssl_set_authmode #define ssl_set_bio mbedtls_ssl_set_bio -#define ssl_set_bio_timeout mbedtls_ssl_set_bio_timeout +#define ssl_set_bio mbedtls_ssl_set_bio_timeout #define ssl_set_ca_chain mbedtls_ssl_set_ca_chain #define ssl_set_cbc_record_splitting mbedtls_ssl_set_cbc_record_splitting #define ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aa8f1e39b..0a517de0b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1191,7 +1191,7 @@ void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint ); * * \note For DTLS, you must either provide a recv callback that * doesn't block, or one that handles timeouts, see - * mbedtls_ssl_set_bio_timeout() + * mbedtls_ssl_set_bio() */ int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport ); @@ -1261,33 +1261,6 @@ void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *), void *p_dbg ); -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief Set the underlying BIO read and write callbacks - * - * \param ssl SSL context - * \param f_recv read callback - * \param p_recv read parameter (must be equal to write parameter) - * \param f_send write callback - * \param p_send write parameter (must be equal to read parameter) - * - * \warning It is required that p_recv == p_send. Otherwise, the first - * attempt at sending or receiving will result in a - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. - * - * \deprecated Superseded by mbedtls_ssl_set_bio_timeout() in 2.0.0 - */ -void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - int (*f_recv)(void *, unsigned char *, size_t), void *p_recv, - int (*f_send)(void *, const unsigned char *, size_t), void *p_send ) MBEDTLS_DEPRECATED; -#undef MBEDTLS_DEPRECATED -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Set the underlying BIO callbacks for write, read and * read-with-timeout. @@ -1304,7 +1277,7 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, * * \note TODO: timeout not supported with TLS yet */ -void mbedtls_ssl_set_bio_timeout( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, void *p_bio, int (*f_send)(void *, const unsigned char *, size_t), int (*f_recv)(void *, unsigned char *, size_t), @@ -1319,7 +1292,7 @@ void mbedtls_ssl_set_bio_timeout( mbedtls_ssl_context *ssl, * Use 0 for no timeout (default). * * \note With blocking I/O, this will only work if a non-NULL - * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio_timeout(). + * \c f_recv_timeout was set with \c mbedtls_ssl_set_bio(). */ void mbedtls_ssl_set_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f7ee5f232..1e176b449 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2186,7 +2186,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " - "or mbedtls_ssl_set_bio_timeout()" ) ); + "or mbedtls_ssl_set_bio()" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -2372,7 +2372,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ssl->f_send == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " - "or mbedtls_ssl_set_bio_timeout()" ) ); + "or mbedtls_ssl_set_bio()" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -5226,26 +5226,7 @@ void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf, conf->p_dbg = p_dbg; } -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - int (*f_recv)(void *, unsigned char *, size_t), void *p_recv, - int (*f_send)(void *, const unsigned char *, size_t), void *p_send ) -{ - if( p_recv != p_send ) - { - ssl->f_recv = NULL; - ssl->f_send = NULL; - ssl->p_bio = NULL; - return; - } - - ssl->f_recv = f_recv; - ssl->f_send = f_send; - ssl->p_bio = p_send; -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - -void mbedtls_ssl_set_bio_timeout( mbedtls_ssl_context *ssl, void *p_bio, int (*f_send)(void *, const unsigned char *, size_t), int (*f_recv)(void *, unsigned char *, size_t), diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index f8ecf077d..35b746828 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -190,7 +190,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); - mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, + mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout ); mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 2b53fbead..f41233516 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -279,7 +279,7 @@ reset: goto exit; } - mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, + mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout ); printf( " ok\n" ); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index dc41b398b..f7b11578b 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -250,7 +250,7 @@ int main( void ) goto exit; } - mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); if( mbedtls_ssl_handshake( &ssl ) != 0 ) { diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 14f089e2d..788127270 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -178,7 +178,7 @@ int main( void ) mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); - mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); /* * 4. Handshake diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5d21450d5..6503d8b73 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1119,9 +1119,9 @@ int main( int argc, char *argv[] ) mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); if( opt.nbio == 2 ) - mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL ); else - mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, + mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, #if defined(MBEDTLS_HAVE_TIME) opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL #else diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 91f0060c5..e743e3efc 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -267,7 +267,7 @@ int main( void ) mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); - mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); mbedtls_ssl_set_ca_chain( &conf, srvcert.next, NULL ); if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 ) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 84ae22e62..db513992f 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -606,7 +606,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); - mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite ); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 7e576d4e1..cbe6b4ddf 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -197,7 +197,7 @@ static void *handle_ssl_connection( void *data ) mbedtls_printf( " [ #%d ] ok\n", thread_id ); - mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); mbedtls_printf( " [ #%d ] ok\n", thread_id ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index eb5a039b3..583cfdd71 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -252,7 +252,7 @@ reset: goto exit; } - mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 87b4a2e36..7b85ce857 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1819,9 +1819,9 @@ reset: } if( opt.nbio == 2 ) - mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, my_send, my_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL ); else - mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, + mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, #if defined(MBEDTLS_HAVE_TIME) opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL #else diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 9459b2d60..6c0659a7b 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -421,7 +421,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); - mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); + mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) {