mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 08:15:39 +01:00
Allow configuration of endpoint (cli/srv) at compile-time
Introduces MBEDTLS_SSL_CONF_ENDPOINT to allow to choose between server- or client-builds at compile-time. Impact on code-size: | | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 | | --- | --- | --- | --- | | `libmbedtls.a` (client only) before | 18355 | 18815 | 21485 | | `libmbedtls.a` (client only) after | 18219 | 18683 | 21347 | | gain in Bytes (client only) | 136 | 132 | 138 | | `libmbedtls.a` (server only) before | 18715 | 18987 | 21883 | | `libmbedtls.a` (server only) after | 18595 | 18823 | 21717 | | gain in Bytes (server only) | 120 | 164 | 166 |
This commit is contained in:
parent
1f835fa22b
commit
2d9623f7d5
@ -3457,6 +3457,9 @@
|
|||||||
/* Timeout */
|
/* Timeout */
|
||||||
//#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0
|
//#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0
|
||||||
|
|
||||||
|
/* Endpoint (Client/Server) */
|
||||||
|
//#define MBEDTLS_SSL_CONF_ENDPOINT MBED
|
||||||
|
|
||||||
/* DTLS-specific settings */
|
/* DTLS-specific settings */
|
||||||
//#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
|
//#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
|
||||||
//#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
|
//#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
|
||||||
|
@ -1055,7 +1055,9 @@ struct mbedtls_ssl_config
|
|||||||
* Flags (bitfields)
|
* Flags (bitfields)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||||
unsigned int endpoint : 1; /*!< 0: client, 1: server */
|
unsigned int endpoint : 1; /*!< 0: client, 1: server */
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
|
||||||
unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
|
unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
|
||||||
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
|
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
|
||||||
unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
|
unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
|
||||||
@ -1381,13 +1383,18 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
|||||||
*/
|
*/
|
||||||
int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||||
/**
|
/**
|
||||||
* \brief Set the current endpoint type
|
* \brief Set the current endpoint type
|
||||||
*
|
*
|
||||||
|
* \note On constrained systems, this can also be configured
|
||||||
|
* at compile-time via MBEDTLS_SSL_CONF_ENDPOINT.
|
||||||
|
*
|
||||||
* \param conf SSL configuration
|
* \param conf SSL configuration
|
||||||
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
|
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
|
void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
|
||||||
|
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the transport type (TLS or DTLS).
|
* \brief Set the transport type (TLS or DTLS).
|
||||||
|
@ -1085,6 +1085,21 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
* be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX.
|
* be fixed at compile time via one of MBEDTLS_SSL_SSL_CONF_XXX.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||||
|
static inline unsigned int mbedtls_ssl_conf_get_endpoint(
|
||||||
|
mbedtls_ssl_config const *conf )
|
||||||
|
{
|
||||||
|
return( conf->endpoint );
|
||||||
|
}
|
||||||
|
#else /* !MBEDTLS_SSL_CONF_ENDPOINT */
|
||||||
|
static inline unsigned int mbedtls_ssl_conf_get_endpoint(
|
||||||
|
mbedtls_ssl_config const *conf )
|
||||||
|
{
|
||||||
|
((void) conf);
|
||||||
|
return( MBEDTLS_SSL_CONF_ENDPOINT );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
|
||||||
|
|
||||||
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
|
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
|
||||||
static inline uint32_t mbedtls_ssl_conf_get_read_timeout(
|
static inline uint32_t mbedtls_ssl_conf_get_read_timeout(
|
||||||
mbedtls_ssl_config const *conf )
|
mbedtls_ssl_config const *conf )
|
||||||
|
@ -55,7 +55,7 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
|||||||
const unsigned char *info,
|
const unsigned char *info,
|
||||||
size_t ilen )
|
size_t ilen )
|
||||||
{
|
{
|
||||||
if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) != MBEDTLS_SSL_IS_SERVER )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
mbedtls_free( ssl->cli_id );
|
mbedtls_free( ssl->cli_id );
|
||||||
|
@ -1388,7 +1388,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
|||||||
ssl->handshake->tls_prf,
|
ssl->handshake->tls_prf,
|
||||||
ssl->handshake->randbytes,
|
ssl->handshake->randbytes,
|
||||||
ssl->minor_ver,
|
ssl->minor_ver,
|
||||||
ssl->conf->endpoint,
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ),
|
||||||
ssl );
|
ssl );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
@ -3196,7 +3196,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||||
}
|
}
|
||||||
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
else if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_SERVER &&
|
||||||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
||||||
{
|
{
|
||||||
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
|
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
|
||||||
@ -3722,7 +3723,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
|||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
||||||
ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
|
ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT &&
|
||||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_CLIENT ) )
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
@ -4754,7 +4756,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||||||
* have an active transform (possibly iv_len != 0), so use the
|
* have an active transform (possibly iv_len != 0), so use the
|
||||||
* fact that the record header len is 13 instead.
|
* fact that the record header len is 13 instead.
|
||||||
*/
|
*/
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_SERVER &&
|
||||||
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
|
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
|
||||||
rec_epoch == 0 &&
|
rec_epoch == 0 &&
|
||||||
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
|
||||||
@ -5937,7 +5940,8 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
|
||||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
|
||||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_SERVER &&
|
||||||
ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
|
ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
|
||||||
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
|
ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
|
||||||
{
|
{
|
||||||
@ -6104,7 +6108,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_CLIENT )
|
||||||
{
|
{
|
||||||
if( ssl->client_auth == 0 )
|
if( ssl->client_auth == 0 )
|
||||||
{
|
{
|
||||||
@ -6133,7 +6138,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_CLI_C */
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER )
|
||||||
{
|
{
|
||||||
if( mbedtls_ssl_own_cert( ssl ) == NULL )
|
if( mbedtls_ssl_own_cert( ssl ) == NULL )
|
||||||
{
|
{
|
||||||
@ -6337,7 +6342,8 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
|
|||||||
/* Check if we're handling the first CRT in the chain. */
|
/* Check if we're handling the first CRT in the chain. */
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( crt_cnt++ == 0 &&
|
if( crt_cnt++ == 0 &&
|
||||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_CLIENT &&
|
||||||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
||||||
{
|
{
|
||||||
/* During client-side renegotiation, check that the server's
|
/* During client-side renegotiation, check that the server's
|
||||||
@ -6403,7 +6409,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl,
|
|||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT )
|
||||||
return( -1 );
|
return( -1 );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
@ -6461,7 +6467,7 @@ static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
|
|||||||
return( SSL_CERTIFICATE_SKIP );
|
return( SSL_CERTIFICATE_SKIP );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER )
|
||||||
{
|
{
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
|
||||||
return( SSL_CERTIFICATE_SKIP );
|
return( SSL_CERTIFICATE_SKIP );
|
||||||
@ -6551,7 +6557,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
if( mbedtls_ssl_check_cert_usage( chain,
|
if( mbedtls_ssl_check_cert_usage( chain,
|
||||||
ciphersuite_info,
|
ciphersuite_info,
|
||||||
! ssl->conf->endpoint,
|
( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_CLIENT ),
|
||||||
&ssl->session_negotiate->verify_result ) != 0 )
|
&ssl->session_negotiate->verify_result ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
|
||||||
@ -7371,7 +7378,8 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
ssl_update_out_pointers( ssl, ssl->transform_negotiate );
|
ssl_update_out_pointers( ssl, ssl->transform_negotiate );
|
||||||
|
|
||||||
ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
|
ssl->handshake->calc_finished( ssl, ssl->out_msg + 4,
|
||||||
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
|
* RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
|
||||||
@ -7397,12 +7405,18 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
|
|||||||
if( ssl->handshake->resume != 0 )
|
if( ssl->handshake->resume != 0 )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_CLIENT )
|
||||||
|
{
|
||||||
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
|
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_SERVER )
|
||||||
|
{
|
||||||
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -7499,7 +7513,8 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
|
||||||
|
|
||||||
ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
|
ssl->handshake->calc_finished( ssl, buf,
|
||||||
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ) ^ 1 );
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
|
||||||
{
|
{
|
||||||
@ -7549,11 +7564,11 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
|
|||||||
if( ssl->handshake->resume != 0 )
|
if( ssl->handshake->resume != 0 )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT )
|
||||||
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER )
|
||||||
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
|
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -7702,7 +7717,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
ssl->handshake->alt_transform_out = ssl->transform_out;
|
ssl->handshake->alt_transform_out = ssl->transform_out;
|
||||||
|
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT )
|
||||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
|
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
|
||||||
else
|
else
|
||||||
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
|
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
|
||||||
@ -8074,10 +8089,12 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
|
|||||||
/*
|
/*
|
||||||
* SSL set accessors
|
* SSL set accessors
|
||||||
*/
|
*/
|
||||||
|
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||||
void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
|
void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
|
||||||
{
|
{
|
||||||
conf->endpoint = endpoint;
|
conf->endpoint = endpoint;
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
|
||||||
|
|
||||||
void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
|
void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
|
||||||
{
|
{
|
||||||
@ -8226,7 +8243,7 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
|
|||||||
if( ssl == NULL ||
|
if( ssl == NULL ||
|
||||||
session == NULL ||
|
session == NULL ||
|
||||||
ssl->session_negotiate == NULL ||
|
ssl->session_negotiate == NULL ||
|
||||||
ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ) != MBEDTLS_SSL_IS_CLIENT )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
@ -8354,7 +8371,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
|||||||
if( ssl->handshake == NULL || ssl->conf == NULL )
|
if( ssl->handshake == NULL || ssl->conf == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER )
|
||||||
role = MBEDTLS_ECJPAKE_SERVER;
|
role = MBEDTLS_ECJPAKE_SERVER;
|
||||||
else
|
else
|
||||||
role = MBEDTLS_ECJPAKE_CLIENT;
|
role = MBEDTLS_ECJPAKE_CLIENT;
|
||||||
@ -9024,7 +9041,7 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
|
|||||||
static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl )
|
static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
/* Return unlimited mtu for client hello messages to avoid fragmentation. */
|
/* Return unlimited mtu for client hello messages to avoid fragmentation. */
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT &&
|
||||||
( ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
|
( ssl->state == MBEDTLS_SSL_CLIENT_HELLO ||
|
||||||
ssl->state == MBEDTLS_SSL_SERVER_HELLO ) )
|
ssl->state == MBEDTLS_SSL_SERVER_HELLO ) )
|
||||||
return ( 0 );
|
return ( 0 );
|
||||||
@ -9106,7 +9123,7 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
|
|||||||
if( ssl == NULL ||
|
if( ssl == NULL ||
|
||||||
dst == NULL ||
|
dst == NULL ||
|
||||||
ssl->session == NULL ||
|
ssl->session == NULL ||
|
||||||
ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ) != MBEDTLS_SSL_IS_CLIENT )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
@ -9690,11 +9707,11 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
|
|||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT )
|
||||||
ret = mbedtls_ssl_handshake_client_step( ssl );
|
ret = mbedtls_ssl_handshake_client_step( ssl );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER )
|
||||||
ret = mbedtls_ssl_handshake_server_step( ssl );
|
ret = mbedtls_ssl_handshake_server_step( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -9777,11 +9794,16 @@ static int ssl_start_renegotiation( mbedtls_ssl_context *ssl )
|
|||||||
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
||||||
{
|
{
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_SERVER )
|
||||||
|
{
|
||||||
ssl->handshake->out_msg_seq = 1;
|
ssl->handshake->out_msg_seq = 1;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
ssl->handshake->in_msg_seq = 1;
|
ssl->handshake->in_msg_seq = 1;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
|
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
|
||||||
@ -9811,7 +9833,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
/* On server, just send the request */
|
/* On server, just send the request */
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_SERVER )
|
||||||
{
|
{
|
||||||
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
|
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
@ -9994,7 +10016,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_CLIENT &&
|
||||||
( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
|
( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
|
||||||
ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) )
|
ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) )
|
||||||
{
|
{
|
||||||
@ -10017,7 +10040,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
#endif /* MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SRV_C)
|
#if defined(MBEDTLS_SSL_SRV_C)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_SERVER &&
|
||||||
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
|
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
|
||||||
@ -10052,7 +10076,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
/* DTLS clients need to know renego is server-initiated */
|
/* DTLS clients need to know renego is server-initiated */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) &&
|
||||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_CLIENT )
|
||||||
{
|
{
|
||||||
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
|
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
|
||||||
}
|
}
|
||||||
@ -10165,7 +10190,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
* Do it now, after setting in_offt, to avoid taking this branch
|
* Do it now, after setting in_offt, to avoid taking this branch
|
||||||
* again if ssl_write_hello_request() returns WANT_WRITE */
|
* again if ssl_write_hello_request() returns WANT_WRITE */
|
||||||
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
|
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) ==
|
||||||
|
MBEDTLS_SSL_IS_SERVER &&
|
||||||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
||||||
{
|
{
|
||||||
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
|
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
|
||||||
|
@ -2602,6 +2602,14 @@ int query_config( const char *config )
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */
|
#endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||||
|
if( strcmp( "MBEDTLS_SSL_CONF_ENDPOINT", config ) == 0 )
|
||||||
|
{
|
||||||
|
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_ENDPOINT );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN)
|
#if defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN)
|
||||||
if( strcmp( "MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN", config ) == 0 )
|
if( strcmp( "MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN", config ) == 0 )
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user