diff --git a/ChangeLog b/ChangeLog index c0afc058b..036619d4f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,7 @@ API Changes * Headers are now found in the 'mbedtls' directory (previously 'polarssl'). * The following _init() functions that could return errors have been split into an _init() that returns void and another function: + mbedtls_ssl_init() -> mbedtls_ssl_setup() mbedtls_ccm_init() -> mbedtls_ccm_setkey() mbedtls_gcm_init() -> mbedtls_gcm_setkey() mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_init(_buf)() diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0cdc53750..5f4e46e5e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1098,14 +1098,22 @@ int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ); /** * \brief Initialize an SSL context - * (An individual SSL context is not thread-safe) + * Just makes the context ready for mbetls_ssl_setup() or + * mbedtls_ssl_free() + * + * \param ssl SSL context + */ +void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); + +/** + * \brief Set up an SSL context for use * * \param ssl SSL context * * \return 0 if successful, or MBEDTLS_ERR_SSL_MALLOC_FAILED if * memory allocation failed */ -int mbedtls_ssl_init( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_setup( mbedtls_ssl_context *ssl ); /** * \brief Reset an already initialized SSL context for re-use diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 55c04b5d7..bb5ab3b0a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4944,13 +4944,19 @@ static int ssl_cookie_check_dummy( void *ctx, /* * Initialize an SSL context */ -int mbedtls_ssl_init( mbedtls_ssl_context *ssl ) +void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) +{ + memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); +} + +/* + * Setup an SSL context + */ +int mbedtls_ssl_setup( mbedtls_ssl_context *ssl ) { int ret; int len = MBEDTLS_SSL_BUFFER_LEN; - memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); - /* * Sane defaults */ diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 4a8642d5e..4f8228357 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -104,7 +104,7 @@ int main( int argc, char *argv[] ) /* * 0. Initialize the RNG and the session data */ - memset( &ssl, 0, sizeof( mbedtls_ssl_context ) ); + mbedtls_ssl_init( &ssl ); mbedtls_x509_crt_init( &cacert ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -160,9 +160,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up the DTLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; } diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 92170ebb3..a4b86f76e 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -103,7 +103,7 @@ int main( void ) mbedtls_ssl_cache_context cache; #endif - memset( &ssl, 0, sizeof(mbedtls_ssl_context) ); + mbedtls_ssl_init( &ssl ); mbedtls_ssl_cookie_init( &cookie_ctx ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init( &cache ); @@ -190,9 +190,9 @@ int main( void ) printf( " . Setting up the DTLS data..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret ); + printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; } diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index ad9e85191..cab6e8d4c 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -147,7 +147,7 @@ enum exit_codes { exit_ok = 0, ctr_drbg_seed_failed, - ssl_init_failed, + ssl_setup_failed, socket_failed, connect_failed, x509_crt_parse_failed, @@ -172,7 +172,7 @@ int main( void ) /* * 0. Initialize and setup stuff */ - memset( &ssl, 0, sizeof( mbedtls_ssl_context ) ); + mbedtls_ssl_init( &ssl ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init( &ca ); #endif @@ -181,13 +181,13 @@ int main( void ) if( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) != 0 ) { - ret = ssl_init_failed; + ret = ctr_drbg_seed_failed; goto exit; } - if( mbedtls_ssl_init( &ssl ) != 0 ) + if( mbedtls_ssl_setup( &ssl ) != 0 ) { - ret = ssl_init_failed; + ret = ssl_setup_failed; goto exit; } diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 77a68e64c..37c24a22c 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -92,7 +92,7 @@ int main( void ) /* * 0. Initialize the RNG and the session data */ - memset( &ssl, 0, sizeof( mbedtls_ssl_context ) ); + mbedtls_ssl_init( &ssl ); mbedtls_x509_crt_init( &cacert ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -148,9 +148,9 @@ int main( void ) mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; } @@ -278,8 +278,6 @@ exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - memset( &ssl, 0, sizeof( ssl ) ); - #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 280b50d84..de6ff655b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -414,7 +414,7 @@ int main( int argc, char *argv[] ) * Make sure memory references are valid. */ server_fd = 0; - memset( &ssl, 0, sizeof( mbedtls_ssl_context ) ); + mbedtls_ssl_init( &ssl ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); mbedtls_ctr_drbg_init( &ctr_drbg ); #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -1047,9 +1047,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_init returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); goto exit; } diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 9f00310d7..a0880e863 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -248,9 +248,9 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; } diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 78abc2864..6043b07d9 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -367,7 +367,7 @@ int main( int argc, char *argv[] ) * Make sure memory references are valid in case we exit early. */ server_fd = 0; - memset( &ssl, 0, sizeof( mbedtls_ssl_context ) ); + mbedtls_ssl_init( &ssl ); memset( &buf, 0, sizeof( buf ) ); mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); @@ -582,9 +582,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; } diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index b32ceda01..3432e5e79 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -133,7 +133,7 @@ static void *handle_ssl_connection( void *data ) mbedtls_ctr_drbg_context ctr_drbg; /* Make sure memory references are valid */ - memset( &ssl, 0, sizeof( mbedtls_ssl_context ) ); + mbedtls_ssl_init( &ssl ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id ); @@ -158,9 +158,9 @@ static void *handle_ssl_connection( void *data ) */ mbedtls_printf( " [ #%d ] Setting up the SSL data....\n", thread_id ); - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_init returned -0x%04x\n", + mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_setup returned -0x%04x\n", thread_id, -ret ); goto thread_exit; } diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index e8f765e5f..bd68d3dda 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -103,7 +103,7 @@ int main( void ) mbedtls_ssl_cache_context cache; #endif - memset( &ssl, 0, sizeof(mbedtls_ssl_context) ); + mbedtls_ssl_init( &ssl ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init( &cache ); #endif @@ -189,9 +189,9 @@ int main( void ) mbedtls_printf( " . Setting up the SSL data...." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f1dff6017..a7a37e835 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -761,7 +761,7 @@ int main( int argc, char *argv[] ) * Make sure memory references are valid in case we exit early. */ listen_fd = 0; - memset( &ssl, 0, sizeof( mbedtls_ssl_context ) ); + mbedtls_ssl_init( &ssl ); mbedtls_ctr_drbg_init( &ctr_drbg ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init( &cacert ); @@ -1518,9 +1518,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_init returned -0x%x\n\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); goto exit; } diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index ce58ab2c2..a13f9bc5f 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -160,6 +160,7 @@ int main( int argc, char *argv[] ) */ server_fd = 0; mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_ssl_init( &ssl ); mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); #if defined(MBEDTLS_X509_CRL_PARSE_C) @@ -393,9 +394,9 @@ int main( int argc, char *argv[] ) /* * 3. Setup stuff */ - if( ( ret = mbedtls_ssl_init( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_init returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a25826a85..6d9a4c081 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -13,7 +13,9 @@ void ssl_dtls_replay( char *prevs, char *new, int ret ) mbedtls_ssl_context ssl; char *end_prevs = prevs + strlen( prevs ) + 1; - TEST_ASSERT( mbedtls_ssl_init( &ssl ) == 0 ); + mbedtls_ssl_init( &ssl ); + + TEST_ASSERT( mbedtls_ssl_setup( &ssl ) == 0 ); TEST_ASSERT( mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM ) == 0 ); /* Read previous record numbers */