mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 03:15:43 +01:00
Merge pull request #3849 from kjbracey-arm/m_tlsopt
[baremetal] micro-optimisations for Thumb and small configs
This commit is contained in:
commit
356121903f
@ -89,6 +89,7 @@
|
||||
#define MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS
|
||||
|
||||
/* Compile-time fixed parts of the SSL configuration */
|
||||
#define MBEDTLS_SSL_CONF_TRANSPORT MBEDTLS_SSL_TRANSPORT_DATAGRAM
|
||||
#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
|
||||
#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0
|
||||
#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN 1000
|
||||
|
@ -3860,6 +3860,9 @@
|
||||
/* Endpoint (Client/Server) */
|
||||
//#define MBEDTLS_SSL_CONF_ENDPOINT MBEDTLS_SSL_IS_CLIENT
|
||||
|
||||
/* Transport (Stream/Datagram) */
|
||||
//#define MBEDTLS_SSL_CONF_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
|
||||
|
||||
//#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
|
||||
|
||||
/* DTLS-specific settings */
|
||||
|
@ -971,8 +971,6 @@ struct mbedtls_ssl_session
|
||||
int compression; /*!< chosen compression */
|
||||
#endif /* MBEDTLS_ZLIB_SUPPORT */
|
||||
size_t id_len; /*!< session id length */
|
||||
unsigned char id[32]; /*!< session identifier */
|
||||
unsigned char master[48]; /*!< the master secret */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
@ -1004,6 +1002,9 @@ struct mbedtls_ssl_session
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
int encrypt_then_mac; /*!< flag for EtM activation */
|
||||
#endif
|
||||
|
||||
unsigned char id[32]; /*!< session identifier */
|
||||
unsigned char master[48]; /*!< the master secret */
|
||||
};
|
||||
|
||||
/**
|
||||
@ -1011,7 +1012,124 @@ struct mbedtls_ssl_session
|
||||
*/
|
||||
struct mbedtls_ssl_config
|
||||
{
|
||||
/* Group items by size (largest first) to minimize padding overhead */
|
||||
/* Group items by size (smallest first) to minimize padding overhead */
|
||||
|
||||
/*
|
||||
* Flags (bytes)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||
uint8_t endpoint; /*!< 0: client, 1: server */
|
||||
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
|
||||
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
||||
uint8_t transport; /*!< stream (TLS) or datagram (DTLS) */
|
||||
#endif /* !MBEDTLS_SSL_CONF_TRANSPORT */
|
||||
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
|
||||
uint8_t authmode; /*!< MBEDTLS_SSL_VERIFY_XXX */
|
||||
#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
|
||||
#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION)
|
||||
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
|
||||
uint8_t allow_legacy_renegotiation; /*!< MBEDTLS_LEGACY_XXX */
|
||||
#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
uint8_t arc4_disabled; /*!< blacklist RC4 ciphersuites? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
uint8_t mfl_code; /*!< desired fragment length */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
uint8_t encrypt_then_mac; /*!< negotiate encrypt-then-mac? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
#if !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
|
||||
uint8_t extended_ms; /*!< negotiate extended master secret? */
|
||||
#endif /* !MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
#if !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
|
||||
uint8_t enforce_extended_master_secret; /*!< enforce the usage of
|
||||
* extended master secret */
|
||||
#endif /* !MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
#if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY)
|
||||
uint8_t anti_replay; /*!< detect and prevent replay? */
|
||||
#endif /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */
|
||||
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
uint8_t cbc_record_splitting; /*!< do cbc record splitting */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
uint8_t disable_renegotiation; /*!< disable renegotiation? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
uint8_t trunc_hmac; /*!< negotiate truncated hmac? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
uint8_t session_tickets; /*!< use session tickets? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||
uint8_t fallback; /*!< is this a fallback? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
|
||||
uint8_t cert_req_ca_list; /*!< enable sending CA list in
|
||||
Certificate Request messages? */
|
||||
#endif /* !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
#if !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID)
|
||||
uint8_t ignore_unexpected_cid; /*!< Determines whether DTLS record
|
||||
* with unexpected CID should
|
||||
* lead to failure. */
|
||||
#endif /* !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
/*
|
||||
* Numerical settings
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER)
|
||||
unsigned char min_major_ver; /*!< min. major version used */
|
||||
#endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */
|
||||
#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
|
||||
unsigned char max_major_ver; /*!< max. major version used */
|
||||
#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */
|
||||
#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER)
|
||||
uint16_t min_minor_ver; /*!< min. minor version used */
|
||||
#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */
|
||||
#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER)
|
||||
uint16_t max_minor_ver; /*!< max. minor version used */
|
||||
#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
|
||||
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
|
||||
#endif /* !MBEDTLS_SSL_CONF_READ_TIMEOUT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN)
|
||||
uint32_t hs_timeout_min; /*!< initial value of the handshake
|
||||
retransmission timeout (ms) */
|
||||
#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */
|
||||
#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX)
|
||||
uint32_t hs_timeout_max; /*!< maximum value of the handshake
|
||||
retransmission timeout (ms) */
|
||||
#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
int renego_max_records; /*!< grace period for renegotiation */
|
||||
unsigned char renego_period[8]; /*!< value of the record counters
|
||||
that triggers renegotiation */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
#if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT)
|
||||
unsigned int badmac_limit; /*!< limit of records with a bad MAC */
|
||||
#endif /* !MBEDTLS_SSL_CONF_BADMAC_LIMIT */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
||||
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Pointers
|
||||
@ -1145,121 +1263,6 @@ struct mbedtls_ssl_config
|
||||
const char **alpn_list; /*!< ordered list of protocols */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Numerical settings (int then char)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
|
||||
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
|
||||
#endif /* !MBEDTLS_SSL_CONF_READ_TIMEOUT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN)
|
||||
uint32_t hs_timeout_min; /*!< initial value of the handshake
|
||||
retransmission timeout (ms) */
|
||||
#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN */
|
||||
#if !defined(MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX)
|
||||
uint32_t hs_timeout_max; /*!< maximum value of the handshake
|
||||
retransmission timeout (ms) */
|
||||
#endif /* !MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX */
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
int renego_max_records; /*!< grace period for renegotiation */
|
||||
unsigned char renego_period[8]; /*!< value of the record counters
|
||||
that triggers renegotiation */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
#if !defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT)
|
||||
unsigned int badmac_limit; /*!< limit of records with a bad MAC */
|
||||
#endif /* !MBEDTLS_SSL_CONF_BADMAC_LIMIT */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
|
||||
unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER)
|
||||
unsigned char min_major_ver; /*!< min. major version used */
|
||||
#endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */
|
||||
#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
|
||||
unsigned char max_major_ver; /*!< max. major version used */
|
||||
#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */
|
||||
#if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER)
|
||||
uint16_t min_minor_ver; /*!< min. minor version used */
|
||||
#endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */
|
||||
#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER)
|
||||
uint16_t max_minor_ver; /*!< max. minor version used */
|
||||
#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */
|
||||
|
||||
/*
|
||||
* Flags (bitfields)
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||
unsigned int endpoint : 1; /*!< 0: client, 1: server */
|
||||
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
|
||||
unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
|
||||
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
|
||||
unsigned int authmode : 6; /*!< MBEDTLS_SSL_VERIFY_XXX */
|
||||
#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
|
||||
#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION)
|
||||
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
|
||||
unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
|
||||
#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
unsigned int mfl_code : 3; /*!< desired fragment length */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
#if !defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)
|
||||
unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
|
||||
#endif /* !MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
#if !defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
|
||||
unsigned int enforce_extended_master_secret : 1; /*!< enforce the usage
|
||||
* of extended master
|
||||
* secret */
|
||||
#endif /* !MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
#if !defined(MBEDTLS_SSL_CONF_ANTI_REPLAY)
|
||||
unsigned int anti_replay : 1; /*!< detect and prevent replay? */
|
||||
#endif /* !MBEDTLS_SSL_CONF_ANTI_REPLAY */
|
||||
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
unsigned int session_tickets : 1; /*!< use session tickets? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||
unsigned int fallback : 1; /*!< is this a fallback? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
|
||||
unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
|
||||
Certificate Request messages? */
|
||||
#endif /* !MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
#if !defined(MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID)
|
||||
unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
|
||||
* record with unexpected CID
|
||||
* should lead to failure. */
|
||||
#endif /* !MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
};
|
||||
|
||||
struct mbedtls_ssl_context
|
||||
@ -1307,19 +1310,6 @@ struct mbedtls_ssl_context
|
||||
unsigned badmac_seen; /*!< records with a bad MAC received */
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_SEND)
|
||||
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
|
||||
#endif /* !MBEDTLS_SSL_CONF_SEND */
|
||||
#if !defined(MBEDTLS_SSL_CONF_RECV)
|
||||
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
|
||||
#endif /* !MBEDTLS_SSL_CONF_RECV */
|
||||
#if !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
|
||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
|
||||
#endif /* !MBEDTLS_SSL_CONF_RECV_TIMEOUT */
|
||||
/*!< Callback for network receive with timeout */
|
||||
|
||||
void *p_bio; /*!< context for I/O operations */
|
||||
|
||||
/*
|
||||
* Session layer
|
||||
*/
|
||||
@ -1331,26 +1321,6 @@ struct mbedtls_ssl_context
|
||||
mbedtls_ssl_handshake_params *handshake; /*!< params required only during
|
||||
the handshake process */
|
||||
|
||||
/*
|
||||
* Record layer transformations
|
||||
*/
|
||||
mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
|
||||
mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
|
||||
mbedtls_ssl_transform *transform; /*!< negotiated transform params */
|
||||
mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
|
||||
|
||||
/*
|
||||
* Timers
|
||||
*/
|
||||
void *p_timer; /*!< context for the timer callbacks */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER)
|
||||
mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
|
||||
#endif /* !MBEDTLS_SSL_CONF_SET_TIMER */
|
||||
#if !defined(MBEDTLS_SSL_CONF_GET_TIMER)
|
||||
mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
|
||||
#endif /* !MBEDTLS_SSL_CONF_GET_TIMER */
|
||||
|
||||
/*
|
||||
* Record layer (incoming data)
|
||||
*/
|
||||
@ -1414,6 +1384,39 @@ struct mbedtls_ssl_context
|
||||
signed char split_done; /*!< current record already splitted? */
|
||||
#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
|
||||
|
||||
/*
|
||||
* Record layer transformations
|
||||
*/
|
||||
mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
|
||||
mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
|
||||
mbedtls_ssl_transform *transform; /*!< negotiated transform params */
|
||||
mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_SEND)
|
||||
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
|
||||
#endif /* !MBEDTLS_SSL_CONF_SEND */
|
||||
#if !defined(MBEDTLS_SSL_CONF_RECV)
|
||||
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
|
||||
#endif /* !MBEDTLS_SSL_CONF_RECV */
|
||||
#if !defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
|
||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
|
||||
#endif /* !MBEDTLS_SSL_CONF_RECV_TIMEOUT */
|
||||
/*!< Callback for network receive with timeout */
|
||||
|
||||
void *p_bio; /*!< context for I/O operations */
|
||||
|
||||
/*
|
||||
* Timers
|
||||
*/
|
||||
void *p_timer; /*!< context for the timer callbacks */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER)
|
||||
mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
|
||||
#endif /* !MBEDTLS_SSL_CONF_SET_TIMER */
|
||||
#if !defined(MBEDTLS_SSL_CONF_GET_TIMER)
|
||||
mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
|
||||
#endif /* !MBEDTLS_SSL_CONF_GET_TIMER */
|
||||
|
||||
/*
|
||||
* PKI layer
|
||||
*/
|
||||
@ -1569,6 +1572,7 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
|
||||
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
||||
/**
|
||||
* \brief Set the transport type (TLS or DTLS).
|
||||
* Default: TLS unless #MBEDTLS_SSL_PROTO_NO_TLS is defined,
|
||||
@ -1579,12 +1583,16 @@ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
|
||||
* \c mbedtls_ssl_set_bio(). You also need to provide timer
|
||||
* callbacks with \c mbedtls_ssl_set_timer_cb().
|
||||
*
|
||||
* \note On constrained systems, this can also be configured
|
||||
* at compile-time via MBEDTLS_SSL_CONF_TRANSPORT.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param transport transport type:
|
||||
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
|
||||
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
|
||||
*/
|
||||
void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
|
||||
#endif /* !MBEDTLS_SSL_CONF_TRANSPORT */
|
||||
|
||||
/**
|
||||
* \brief Set the certificate verification mode
|
||||
|
@ -461,19 +461,6 @@ struct mbedtls_ssl_handshake_params
|
||||
unsigned char *psk; /*!< PSK from the callback */
|
||||
size_t psk_len; /*!< Length of PSK from callback */
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
|
||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
int sni_authmode; /*!< authmode from SNI callback */
|
||||
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
||||
mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
||||
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
int ecrs_enabled; /*!< Handshake supports EC restart? */
|
||||
mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
|
||||
@ -518,9 +505,9 @@ struct mbedtls_ssl_handshake_params
|
||||
|
||||
struct mbedtls_ssl_hs_buffer
|
||||
{
|
||||
unsigned is_valid : 1;
|
||||
unsigned is_fragmented : 1;
|
||||
unsigned is_complete : 1;
|
||||
uint8_t is_valid;
|
||||
uint8_t is_fragmented;
|
||||
uint8_t is_complete;
|
||||
unsigned char *data;
|
||||
size_t data_len;
|
||||
} hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
|
||||
@ -530,6 +517,19 @@ struct mbedtls_ssl_handshake_params
|
||||
unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
mbedtls_pk_context peer_pubkey; /*!< The public key from the peer. */
|
||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
int sni_authmode; /*!< authmode from SNI callback */
|
||||
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
|
||||
mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
|
||||
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
unsigned char randbytes[64]; /*!< random bytes */
|
||||
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
|
||||
/*!< premaster secret */
|
||||
@ -559,7 +559,7 @@ struct mbedtls_ssl_handshake_params
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
unsigned int async_in_progress : 1; /*!< an asynchronous operation is in progress */
|
||||
uint8_t async_in_progress; /*!< an asynchronous operation is in progress */
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
@ -1454,6 +1454,21 @@ static inline unsigned int mbedtls_ssl_conf_get_endpoint(
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
||||
static inline unsigned int mbedtls_ssl_conf_get_transport(
|
||||
mbedtls_ssl_config const *conf )
|
||||
{
|
||||
return( conf->transport );
|
||||
}
|
||||
#else /* !MBEDTLS_SSL_CONF_TRANSPORT */
|
||||
static inline unsigned int mbedtls_ssl_conf_get_transport(
|
||||
mbedtls_ssl_config const *conf )
|
||||
{
|
||||
((void) conf);
|
||||
return( MBEDTLS_SSL_CONF_TRANSPORT );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_TRANSPORT */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
|
||||
static inline uint32_t mbedtls_ssl_conf_get_read_timeout(
|
||||
mbedtls_ssl_config const *conf )
|
||||
|
@ -838,7 +838,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||
|
||||
mbedtls_ssl_write_version( mbedtls_ssl_conf_get_max_major_ver( ssl->conf ),
|
||||
mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ),
|
||||
ssl->conf->transport, p );
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ), p );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
|
||||
@ -1541,7 +1541,8 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||
* } HelloVerifyRequest;
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver,
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ), p );
|
||||
p += 2;
|
||||
|
||||
/*
|
||||
@ -1704,7 +1705,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver,
|
||||
ssl->conf->transport,
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ),
|
||||
buf + 0 );
|
||||
|
||||
if( mbedtls_ssl_ver_lt( major_ver,
|
||||
@ -2379,7 +2380,7 @@ static int ssl_rsa_generate_partial_pms( mbedtls_ssl_context *ssl,
|
||||
|
||||
mbedtls_ssl_write_version( mbedtls_ssl_conf_get_max_major_ver( ssl->conf ),
|
||||
mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ),
|
||||
ssl->conf->transport, out );
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ), out );
|
||||
|
||||
ret = mbedtls_ssl_conf_get_frng( ssl->conf )
|
||||
( mbedtls_ssl_conf_get_prng( ssl->conf ), out + 2, 46 );
|
||||
|
@ -1468,7 +1468,8 @@ read_record_header:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
|
||||
buf[1], buf[2] ) );
|
||||
|
||||
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
|
||||
mbedtls_ssl_read_version( &major, &minor,
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ), buf + 1 );
|
||||
|
||||
/* According to RFC 5246 Appendix E.1, the version here is typically
|
||||
* "{03,00}, the lowest version number supported by the client, [or] the
|
||||
@ -1674,7 +1675,7 @@ read_record_header:
|
||||
{
|
||||
int minor_ver, major_ver;
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver,
|
||||
ssl->conf->transport,
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ),
|
||||
buf );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
@ -2703,7 +2704,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||
* version looks like the most interoperable thing to do. */
|
||||
mbedtls_ssl_write_version( mbedtls_ssl_get_major_ver( ssl ),
|
||||
mbedtls_ssl_get_minor_ver( ssl ),
|
||||
ssl->conf->transport, p );
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ), p );
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
||||
p += 2;
|
||||
|
||||
@ -2797,7 +2798,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||
|
||||
mbedtls_ssl_write_version( mbedtls_ssl_get_major_ver( ssl ),
|
||||
mbedtls_ssl_get_minor_ver( ssl ),
|
||||
ssl->conf->transport, p );
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ), p );
|
||||
p += 2;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
|
||||
@ -4001,7 +4002,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||
|
||||
mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
|
||||
ssl->handshake->max_minor_ver,
|
||||
ssl->conf->transport, ver );
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ), ver );
|
||||
|
||||
/* Avoid data-dependent branches while checking for invalid
|
||||
* padding, to protect against timing-based Bleichenbacher-type
|
||||
|
@ -4946,7 +4946,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||
|
||||
mbedtls_ssl_write_version( mbedtls_ssl_get_major_ver( ssl ),
|
||||
mbedtls_ssl_get_minor_ver( ssl ),
|
||||
ssl->conf->transport, ssl->out_hdr + 1 );
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ),
|
||||
ssl->out_hdr + 1 );
|
||||
|
||||
mbedtls_platform_memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
|
||||
(void)mbedtls_platform_put_uint16_be( ssl->out_len, len );
|
||||
@ -4963,7 +4964,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||
mbedtls_platform_memcpy( &rec.ctr[0], ssl->out_ctr, 8 );
|
||||
mbedtls_ssl_write_version( mbedtls_ssl_get_major_ver( ssl ),
|
||||
mbedtls_ssl_get_minor_ver( ssl ),
|
||||
ssl->conf->transport, rec.ver );
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ),
|
||||
rec.ver );
|
||||
rec.type = ssl->out_msgtype;
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
@ -5815,7 +5817,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
|
||||
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
|
||||
mbedtls_ssl_read_version( &major_ver, &minor_ver,
|
||||
ssl->conf->transport,
|
||||
mbedtls_ssl_conf_get_transport( ssl->conf ),
|
||||
&rec->ver[0] );
|
||||
|
||||
if( major_ver != mbedtls_ssl_get_major_ver( ssl ) )
|
||||
@ -9318,10 +9320,12 @@ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
|
||||
|
||||
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
||||
void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
|
||||
{
|
||||
conf->transport = transport;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_TRANSPORT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
|
||||
!defined(MBEDTLS_SSL_CONF_ANTI_REPLAY)
|
||||
@ -10322,7 +10326,7 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
|
||||
size_t read_mfl;
|
||||
|
||||
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
|
||||
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
||||
if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT &&
|
||||
ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE )
|
||||
{
|
||||
return ssl_mfl_code_to_length( ssl->conf->mfl_code );
|
||||
@ -12781,8 +12785,10 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
|
||||
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
|
||||
|
||||
#if !defined(MBEDTLS_SSL_PROTO_TLS)
|
||||
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
||||
conf->transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
@ -12846,8 +12852,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
|
||||
/* Use the functions here so that they are covered in tests,
|
||||
* but otherwise access member directly for efficiency */
|
||||
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
|
||||
mbedtls_ssl_conf_endpoint( conf, endpoint );
|
||||
#endif
|
||||
#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
||||
mbedtls_ssl_conf_transport( conf, transport );
|
||||
#else
|
||||
((void) transport);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Things that are common to all presets
|
||||
|
@ -2778,6 +2778,14 @@ int query_config( const char *config )
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_TRANSPORT)
|
||||
if( strcmp( "MBEDTLS_SSL_CONF_TRANSPORT", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_TRANSPORT );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_TRANSPORT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
|
||||
if( strcmp( "MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST", config ) == 0 )
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user