mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 17:25:37 +01:00
Move things to conf substructure
A simple series of sed invocations. This is the first step, purely internal changes. The conf substructure is not ready to be shared between contexts yet.
This commit is contained in:
parent
6df3196e7c
commit
7ca4e4dc79
@ -868,11 +868,13 @@ typedef struct
|
|||||||
* Numerical settings (int then char)
|
* Numerical settings (int then char)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
uint32_t hs_timeout_min; /*!< initial value of the handshake
|
uint32_t hs_timeout_min; /*!< initial value of the handshake
|
||||||
retransmission timeout */
|
retransmission timeout (ms) */
|
||||||
uint32_t hs_timeout_max; /*!< maximum value of the handshake
|
uint32_t hs_timeout_max; /*!< maximum value of the handshake
|
||||||
retransmission timeout */
|
retransmission timeout (ms) */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
@ -934,11 +936,12 @@ mbedtls_ssl_config;
|
|||||||
|
|
||||||
struct mbedtls_ssl_context
|
struct mbedtls_ssl_context
|
||||||
{
|
{
|
||||||
|
mbedtls_ssl_config *conf; /*!< configuration information */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Miscellaneous
|
* Miscellaneous
|
||||||
*/
|
*/
|
||||||
int state; /*!< SSL handshake: current state */
|
int state; /*!< SSL handshake: current state */
|
||||||
int transport; /*!< Transport: stream or datagram */
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
int renego_status; /*!< Initial, in progress, pending? */
|
int renego_status; /*!< Initial, in progress, pending? */
|
||||||
int renego_records_seen; /*!< Records since renego request, or with DTLS,
|
int renego_records_seen; /*!< Records since renego request, or with DTLS,
|
||||||
@ -949,60 +952,24 @@ struct mbedtls_ssl_context
|
|||||||
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
|
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
|
||||||
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
|
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
|
||||||
|
|
||||||
int max_major_ver; /*!< max. major version used */
|
|
||||||
int max_minor_ver; /*!< max. minor version used */
|
|
||||||
int min_major_ver; /*!< min. major version used */
|
|
||||||
int min_minor_ver; /*!< min. minor version used */
|
|
||||||
|
|
||||||
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read in milliseconds */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||||
unsigned badmac_limit; /*!< limit of records with a bad MAC */
|
|
||||||
unsigned badmac_seen; /*!< records with a bad MAC received */
|
unsigned badmac_seen; /*!< records with a bad MAC received */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
char fallback; /*!< flag for fallback connections */
|
char fallback; /*!< flag for fallback connections */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
|
||||||
char encrypt_then_mac; /*!< flag for encrypt-then-mac */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
|
||||||
char extended_ms; /*!< flag for extended master secret */
|
|
||||||
#endif
|
|
||||||
char arc4_disabled; /*!< flag for disabling RC4 */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Callbacks (RNG, debug, I/O, verification)
|
* Callbacks
|
||||||
*/
|
*/
|
||||||
int (*f_rng)(void *, unsigned char *, size_t);
|
int (*f_rng)(void *, unsigned char *, size_t);
|
||||||
void (*f_dbg)(void *, int, const char *);
|
void *p_rng; /*!< context for the RNG function */
|
||||||
|
|
||||||
int (*f_send)(void *, const unsigned char *, size_t);
|
int (*f_send)(void *, const unsigned char *, size_t);
|
||||||
int (*f_recv)(void *, unsigned char *, size_t);
|
int (*f_recv)(void *, unsigned char *, size_t);
|
||||||
int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
|
int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
|
||||||
int (*f_get_cache)(void *, mbedtls_ssl_session *);
|
|
||||||
int (*f_set_cache)(void *, const mbedtls_ssl_session *);
|
|
||||||
|
|
||||||
void *p_rng; /*!< context for the RNG function */
|
|
||||||
void *p_dbg; /*!< context for the debug function */
|
|
||||||
void *p_bio; /*!< context for I/O operations */
|
void *p_bio; /*!< context for I/O operations */
|
||||||
void *p_get_cache; /*!< context for cache retrieval */
|
|
||||||
void *p_set_cache; /*!< context for cache store */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
|
||||||
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
|
|
||||||
void *p_sni; /*!< context for SNI extension */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
|
||||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *);
|
|
||||||
void *p_vrfy; /*!< context for verification */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
|
||||||
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
|
|
||||||
void *p_psk; /*!< context for PSK retrieval */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Session layer
|
* Session layer
|
||||||
@ -1029,10 +996,6 @@ struct mbedtls_ssl_context
|
|||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
struct mbedtls_timing_hr_time time_info; /*!< timer context */
|
struct mbedtls_timing_hr_time time_info; /*!< timer context */
|
||||||
unsigned long time_limit; /*!< limit for the running timer */
|
unsigned long time_limit; /*!< limit for the running timer */
|
||||||
uint32_t hs_timeout_min; /*!< initial value of the handshake
|
|
||||||
retransmission timeout */
|
|
||||||
uint32_t hs_timeout_max; /*!< maximum value of the handshake
|
|
||||||
retransmission timeout */
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1059,7 +1022,6 @@ struct mbedtls_ssl_context
|
|||||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||||
uint64_t in_window_top; /*!< last validated record seq_num */
|
uint64_t in_window_top; /*!< last validated record seq_num */
|
||||||
uint64_t in_window; /*!< bitmask for replay detection */
|
uint64_t in_window; /*!< bitmask for replay detection */
|
||||||
char anti_replay; /*!< is anti-replay on? */
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
size_t in_hslen; /*!< current handshake message length,
|
size_t in_hslen; /*!< current handshake message length,
|
||||||
@ -1084,9 +1046,6 @@ struct mbedtls_ssl_context
|
|||||||
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
#if defined(MBEDTLS_ZLIB_SUPPORT)
|
||||||
unsigned char *compress_buf; /*!< zlib data buffer */
|
unsigned char *compress_buf; /*!< zlib data buffer */
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
|
||||||
unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
|
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
|
||||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||||
signed char split_done; /*!< flag for record splitting:
|
signed char split_done; /*!< flag for record splitting:
|
||||||
-1 disabled, 0 todo, 1 done */
|
-1 disabled, 0 todo, 1 done */
|
||||||
@ -1096,10 +1055,6 @@ struct mbedtls_ssl_context
|
|||||||
* PKI layer
|
* PKI layer
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
mbedtls_ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
|
|
||||||
|
|
||||||
mbedtls_x509_crt *ca_chain; /*!< own trusted CA chain */
|
|
||||||
mbedtls_x509_crl *ca_crl; /*!< trusted CA CRLs */
|
|
||||||
const char *peer_cn; /*!< expected peer CN */
|
const char *peer_cn; /*!< expected peer CN */
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
@ -1110,48 +1065,12 @@ struct mbedtls_ssl_context
|
|||||||
mbedtls_ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
|
mbedtls_ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||||
|
|
||||||
|
int client_auth; /*!< flag for client auth. */
|
||||||
|
int verify_result; /*!< verification result */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* User settings
|
* User settings
|
||||||
*/
|
*/
|
||||||
int endpoint; /*!< 0: client, 1: server */
|
|
||||||
int authmode; /*!< verification mode */
|
|
||||||
int client_auth; /*!< flag for client auth. */
|
|
||||||
int verify_result; /*!< verification result */
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
|
||||||
int disable_renegotiation; /*!< enable/disable renegotiation */
|
|
||||||
int renego_max_records; /*!< grace period for renegotiation */
|
|
||||||
unsigned char renego_period[8]; /*!< value of the record counters
|
|
||||||
that triggers renegotiation */
|
|
||||||
#endif
|
|
||||||
/* needed for option break handshake with insecure peers */
|
|
||||||
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
|
|
||||||
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
|
|
||||||
#if defined(MBEDTLS_SSL_SET_CURVES)
|
|
||||||
const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
|
||||||
int trunc_hmac; /*!< negotiate truncated hmac? */
|
|
||||||
#endif
|
|
||||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
|
||||||
int session_tickets; /*!< use session tickets? */
|
|
||||||
int ticket_lifetime; /*!< session ticket lifetime */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C)
|
|
||||||
mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
|
|
||||||
mbedtls_mpi dhm_G; /*!< generator for DHM */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
|
||||||
/*
|
|
||||||
* PSK values
|
|
||||||
*/
|
|
||||||
unsigned char *psk;
|
|
||||||
size_t psk_len;
|
|
||||||
unsigned char *psk_identity;
|
|
||||||
size_t psk_identity_len;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
/*
|
/*
|
||||||
* SNI extension
|
* SNI extension
|
||||||
@ -1161,10 +1080,6 @@ struct mbedtls_ssl_context
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
/*
|
|
||||||
* ALPN extension
|
|
||||||
*/
|
|
||||||
const char **alpn_list; /*!< ordered list of supported protocols */
|
|
||||||
const char *alpn_chosen; /*!< negotiated protocol */
|
const char *alpn_chosen; /*!< negotiated protocol */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1174,11 +1089,6 @@ struct mbedtls_ssl_context
|
|||||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||||
unsigned char *cli_id; /*!< transport-level ID of the client */
|
unsigned char *cli_id; /*!< transport-level ID of the client */
|
||||||
size_t cli_id_len; /*!< length of cli_id */
|
size_t cli_id_len; /*!< length of cli_id */
|
||||||
int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
|
|
||||||
const unsigned char *, size_t );
|
|
||||||
int (*f_cookie_check)( void *, const unsigned char *, size_t,
|
|
||||||
const unsigned char *, size_t );
|
|
||||||
void *p_cookie; /*!< context for the cookie callbacks */
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2446,7 +2356,7 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
|||||||
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
|
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
return( 13 );
|
return( 13 );
|
||||||
#else
|
#else
|
||||||
((void) ssl);
|
((void) ssl);
|
||||||
@ -2457,7 +2367,7 @@ static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
|
|||||||
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
return( 12 );
|
return( 12 );
|
||||||
#else
|
#else
|
||||||
((void) ssl);
|
((void) ssl);
|
||||||
|
@ -83,18 +83,18 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
|||||||
char str[512];
|
char str[512];
|
||||||
int maxlen = sizeof( str ) - 1;
|
int maxlen = sizeof( str ) - 1;
|
||||||
|
|
||||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if( debug_log_mode == MBEDTLS_DEBUG_LOG_RAW )
|
if( debug_log_mode == MBEDTLS_DEBUG_LOG_RAW )
|
||||||
{
|
{
|
||||||
ssl->f_dbg( ssl->p_dbg, level, text );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, text );
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text );
|
mbedtls_snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text );
|
||||||
str[maxlen] = '\0';
|
str[maxlen] = '\0';
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
||||||
@ -105,7 +105,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
|||||||
int maxlen = sizeof( str ) - 1;
|
int maxlen = sizeof( str ) - 1;
|
||||||
size_t idx = 0;
|
size_t idx = 0;
|
||||||
|
|
||||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
||||||
@ -115,7 +115,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
|
|||||||
text, ret, -ret );
|
text, ret, -ret );
|
||||||
|
|
||||||
str[maxlen] = '\0';
|
str[maxlen] = '\0';
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
||||||
@ -126,7 +126,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||||||
char txt[17];
|
char txt[17];
|
||||||
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
|
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
|
||||||
|
|
||||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
||||||
@ -136,7 +136,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||||||
text, (unsigned int) len );
|
text, (unsigned int) len );
|
||||||
|
|
||||||
str[maxlen] = '\0';
|
str[maxlen] = '\0';
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
|
|
||||||
idx = 0;
|
idx = 0;
|
||||||
memset( txt, 0, sizeof( txt ) );
|
memset( txt, 0, sizeof( txt ) );
|
||||||
@ -150,7 +150,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||||||
if( i > 0 )
|
if( i > 0 )
|
||||||
{
|
{
|
||||||
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
|
|
||||||
idx = 0;
|
idx = 0;
|
||||||
memset( txt, 0, sizeof( txt ) );
|
memset( txt, 0, sizeof( txt ) );
|
||||||
@ -175,7 +175,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
|
|||||||
idx += mbedtls_snprintf( str + idx, maxlen - idx, " " );
|
idx += mbedtls_snprintf( str + idx, maxlen - idx, " " );
|
||||||
|
|
||||||
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -187,7 +187,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
|
|||||||
char str[512];
|
char str[512];
|
||||||
int maxlen = sizeof( str ) - 1;
|
int maxlen = sizeof( str ) - 1;
|
||||||
|
|
||||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
mbedtls_snprintf( str, maxlen, "%s(X)", text );
|
mbedtls_snprintf( str, maxlen, "%s(X)", text );
|
||||||
@ -209,7 +209,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||||||
int j, k, maxlen = sizeof( str ) - 1, zeros = 1;
|
int j, k, maxlen = sizeof( str ) - 1, zeros = 1;
|
||||||
size_t i, n, idx = 0;
|
size_t i, n, idx = 0;
|
||||||
|
|
||||||
if( ssl->f_dbg == NULL || X == NULL || level > debug_threshold )
|
if( ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
for( n = X->n - 1; n > 0; n-- )
|
for( n = X->n - 1; n > 0; n-- )
|
||||||
@ -227,7 +227,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||||||
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
|
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
|
||||||
|
|
||||||
str[maxlen] = '\0';
|
str[maxlen] = '\0';
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
|
|
||||||
idx = 0;
|
idx = 0;
|
||||||
for( i = n + 1, j = 0; i > 0; i-- )
|
for( i = n + 1, j = 0; i > 0; i-- )
|
||||||
@ -247,7 +247,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||||||
if( j > 0 )
|
if( j > 0 )
|
||||||
{
|
{
|
||||||
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
|
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
idx = 0;
|
idx = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -274,7 +274,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
|
|||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
|
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_BIGNUM_C */
|
#endif /* MBEDTLS_BIGNUM_C */
|
||||||
|
|
||||||
@ -322,7 +322,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
|||||||
char str[1024], prefix[64];
|
char str[1024], prefix[64];
|
||||||
int i = 0, maxlen = sizeof( prefix ) - 1, idx = 0;
|
int i = 0, maxlen = sizeof( prefix ) - 1, idx = 0;
|
||||||
|
|
||||||
if( ssl->f_dbg == NULL || crt == NULL || level > debug_threshold )
|
if( ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
|
||||||
@ -347,7 +347,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
|
|||||||
text, ++i, buf );
|
text, ++i, buf );
|
||||||
|
|
||||||
str[maxlen] = '\0';
|
str[maxlen] = '\0';
|
||||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
|
||||||
|
|
||||||
debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
|
debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
|
||||||
|
|
||||||
|
@ -158,7 +158,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
if( ssl->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
|
||||||
@ -262,7 +262,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SET_CURVES)
|
#if defined(MBEDTLS_SSL_SET_CURVES)
|
||||||
for( grp_id = ssl->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
|
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
|
||||||
{
|
{
|
||||||
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
|
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
|
||||||
#else
|
#else
|
||||||
@ -320,7 +320,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
|
|
||||||
if( ssl->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
|
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -333,7 +333,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||||||
*p++ = 0x00;
|
*p++ = 0x00;
|
||||||
*p++ = 1;
|
*p++ = 1;
|
||||||
|
|
||||||
*p++ = ssl->mfl_code;
|
*p++ = ssl->conf->mfl_code;
|
||||||
|
|
||||||
*olen = 5;
|
*olen = 5;
|
||||||
}
|
}
|
||||||
@ -345,7 +345,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
|
|
||||||
if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
|
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
|
||||||
{
|
{
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
return;
|
return;
|
||||||
@ -369,8 +369,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
|
|
||||||
if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||||
ssl->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||||
{
|
{
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
return;
|
return;
|
||||||
@ -395,8 +395,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
|
|
||||||
if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||||
ssl->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||||
{
|
{
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
return;
|
return;
|
||||||
@ -422,7 +422,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
size_t tlen = ssl->session_negotiate->ticket_len;
|
size_t tlen = ssl->session_negotiate->ticket_len;
|
||||||
|
|
||||||
if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
||||||
{
|
{
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
return;
|
return;
|
||||||
@ -459,7 +459,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
|||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
const char **cur;
|
const char **cur;
|
||||||
|
|
||||||
if( ssl->alpn_list == NULL )
|
if( ssl->conf->alpn_list == NULL )
|
||||||
{
|
{
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
return;
|
return;
|
||||||
@ -481,7 +481,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
|||||||
/* Skip writing extension and list length for now */
|
/* Skip writing extension and list length for now */
|
||||||
p += 4;
|
p += 4;
|
||||||
|
|
||||||
for( cur = ssl->alpn_list; *cur != NULL; cur++ )
|
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
|
||||||
{
|
{
|
||||||
*p = (unsigned char)( strlen( *cur ) & 0xFF );
|
*p = (unsigned char)( strlen( *cur ) & 0xFF );
|
||||||
memcpy( p + 1, *cur, *p );
|
memcpy( p + 1, *cur, *p );
|
||||||
@ -515,7 +515,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
|||||||
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
|
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake->verify_cookie != NULL )
|
ssl->handshake->verify_cookie != NULL )
|
||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -565,14 +565,14 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
ssl->major_ver = ssl->min_major_ver;
|
ssl->major_ver = ssl->conf->min_major_ver;
|
||||||
ssl->minor_ver = ssl->min_minor_ver;
|
ssl->minor_ver = ssl->conf->min_minor_ver;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
|
if( ssl->conf->max_major_ver == 0 && ssl->conf->max_minor_ver == 0 )
|
||||||
{
|
{
|
||||||
ssl->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
|
ssl->conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
|
||||||
ssl->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
ssl->conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -585,8 +585,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
buf = ssl->out_msg;
|
buf = ssl->out_msg;
|
||||||
p = buf + 4;
|
p = buf + 4;
|
||||||
|
|
||||||
mbedtls_ssl_write_version( ssl->max_major_ver, ssl->max_minor_ver,
|
mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
|
||||||
ssl->transport, p );
|
ssl->conf->transport, p );
|
||||||
p += 2;
|
p += 2;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
|
||||||
@ -659,7 +659,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
* DTLS cookie
|
* DTLS cookie
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
if( ssl->handshake->verify_cookie == NULL )
|
if( ssl->handshake->verify_cookie == NULL )
|
||||||
{
|
{
|
||||||
@ -683,7 +683,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
/*
|
/*
|
||||||
* Ciphersuite list
|
* Ciphersuite list
|
||||||
*/
|
*/
|
||||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
||||||
|
|
||||||
/* Skip writing ciphersuite length for now */
|
/* Skip writing ciphersuite length for now */
|
||||||
n = 0;
|
n = 0;
|
||||||
@ -697,17 +697,17 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
if( ciphersuite_info == NULL )
|
if( ciphersuite_info == NULL )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if( ciphersuite_info->min_minor_ver > ssl->max_minor_ver ||
|
if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
|
||||||
ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
|
ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
||||||
continue;
|
continue;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ssl->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
||||||
ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
@ -760,7 +760,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
* an actual need for it.
|
* an actual need for it.
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
offer_compress = 0;
|
offer_compress = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -860,7 +860,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
mbedtls_ssl_send_flight_completed( ssl );
|
mbedtls_ssl_send_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -928,9 +928,9 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
|||||||
* server should use the extension only if we did,
|
* server should use the extension only if we did,
|
||||||
* and if so the server's value should match ours (and len is always 1)
|
* and if so the server's value should match ours (and len is always 1)
|
||||||
*/
|
*/
|
||||||
if( ssl->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
|
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
|
||||||
len != 1 ||
|
len != 1 ||
|
||||||
buf[0] != ssl->mfl_code )
|
buf[0] != ssl->conf->mfl_code )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
}
|
}
|
||||||
@ -944,7 +944,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
|
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
|
||||||
len != 0 )
|
len != 0 )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
@ -963,7 +963,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
||||||
len != 0 )
|
len != 0 )
|
||||||
{
|
{
|
||||||
@ -983,7 +983,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
|
||||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
|
||||||
len != 0 )
|
len != 0 )
|
||||||
{
|
{
|
||||||
@ -1003,7 +1003,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
|
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
|
||||||
len != 0 )
|
len != 0 )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
@ -1060,7 +1060,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||||||
const char **p;
|
const char **p;
|
||||||
|
|
||||||
/* If we didn't send it, the server shouldn't send it */
|
/* If we didn't send it, the server shouldn't send it */
|
||||||
if( ssl->alpn_list == NULL )
|
if( ssl->conf->alpn_list == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1086,7 +1086,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
|
|
||||||
/* Check that the server chosen protocol was in our list and save it */
|
/* Check that the server chosen protocol was in our list and save it */
|
||||||
for( p = ssl->alpn_list; *p != NULL; p++ )
|
for( p = ssl->conf->alpn_list; *p != NULL; p++ )
|
||||||
{
|
{
|
||||||
if( name_len == strlen( *p ) &&
|
if( name_len == strlen( *p ) &&
|
||||||
memcmp( buf + 3, *p, name_len ) == 0 )
|
memcmp( buf + 3, *p, name_len ) == 0 )
|
||||||
@ -1119,7 +1119,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||||||
* } HelloVerifyRequest;
|
* } HelloVerifyRequest;
|
||||||
*/
|
*/
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
||||||
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->transport, p );
|
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
|
||||||
p += 2;
|
p += 2;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1128,8 +1128,8 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||||||
*/
|
*/
|
||||||
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
|
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
|
||||||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
|
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
|
||||||
major_ver > ssl->max_major_ver ||
|
major_ver > ssl->conf->max_major_ver ||
|
||||||
minor_ver > ssl->max_minor_ver )
|
minor_ver > ssl->conf->max_minor_ver )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
|
||||||
|
|
||||||
@ -1199,8 +1199,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
ssl->renego_records_seen++;
|
ssl->renego_records_seen++;
|
||||||
|
|
||||||
if( ssl->renego_max_records >= 0 &&
|
if( ssl->conf->renego_max_records >= 0 &&
|
||||||
ssl->renego_records_seen > ssl->renego_max_records )
|
ssl->renego_records_seen > ssl->conf->renego_max_records )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
|
||||||
"but not honored by server" ) );
|
"but not honored by server" ) );
|
||||||
@ -1217,7 +1217,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
||||||
{
|
{
|
||||||
@ -1257,18 +1257,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
|
||||||
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
|
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
|
||||||
ssl->transport, buf + 0 );
|
ssl->conf->transport, buf + 0 );
|
||||||
|
|
||||||
if( ssl->major_ver < ssl->min_major_ver ||
|
if( ssl->major_ver < ssl->conf->min_major_ver ||
|
||||||
ssl->minor_ver < ssl->min_minor_ver ||
|
ssl->minor_ver < ssl->conf->min_minor_ver ||
|
||||||
ssl->major_ver > ssl->max_major_ver ||
|
ssl->major_ver > ssl->conf->max_major_ver ||
|
||||||
ssl->minor_ver > ssl->max_minor_ver )
|
ssl->minor_ver > ssl->conf->max_minor_ver )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
|
||||||
" min: [%d:%d], server: [%d:%d], max: [%d:%d]",
|
" min: [%d:%d], server: [%d:%d], max: [%d:%d]",
|
||||||
ssl->min_major_ver, ssl->min_minor_ver,
|
ssl->conf->min_major_ver, ssl->conf->min_minor_ver,
|
||||||
ssl->major_ver, ssl->minor_ver,
|
ssl->major_ver, ssl->minor_ver,
|
||||||
ssl->max_major_ver, ssl->max_minor_ver ) );
|
ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
|
||||||
|
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
||||||
@ -1334,7 +1334,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
/* See comments in ssl_write_client_hello() */
|
/* See comments in ssl_write_client_hello() */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
accept_comp = 0;
|
accept_comp = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1402,7 +1402,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
|
|
||||||
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
|
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
|
||||||
if( suite_info == NULL ||
|
if( suite_info == NULL ||
|
||||||
( ssl->arc4_disabled &&
|
( ssl->conf->arc4_disabled &&
|
||||||
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) )
|
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||||
@ -1413,13 +1413,13 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
i = 0;
|
i = 0;
|
||||||
while( 1 )
|
while( 1 )
|
||||||
{
|
{
|
||||||
if( ssl->ciphersuite_list[ssl->minor_ver][i] == 0 )
|
if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->ciphersuite_list[ssl->minor_ver][i++] ==
|
if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
|
||||||
ssl->session_negotiate->ciphersuite )
|
ssl->session_negotiate->ciphersuite )
|
||||||
{
|
{
|
||||||
break;
|
break;
|
||||||
@ -1575,7 +1575,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
* Renegotiation security checks
|
* Renegotiation security checks
|
||||||
*/
|
*/
|
||||||
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
||||||
handshake_failure = 1;
|
handshake_failure = 1;
|
||||||
@ -1590,7 +1590,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
||||||
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
|
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
|
||||||
handshake_failure = 1;
|
handshake_failure = 1;
|
||||||
@ -1779,8 +1779,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||||||
* opaque random[46];
|
* opaque random[46];
|
||||||
* } PreMasterSecret;
|
* } PreMasterSecret;
|
||||||
*/
|
*/
|
||||||
mbedtls_ssl_write_version( ssl->max_major_ver, ssl->max_minor_ver,
|
mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
|
||||||
ssl->transport, p );
|
ssl->conf->transport, p );
|
||||||
|
|
||||||
if( ( ret = ssl->f_rng( ssl->p_rng, p + 2, 46 ) ) != 0 )
|
if( ( ret = ssl->f_rng( ssl->p_rng, p + 2, 46 ) ) != 0 )
|
||||||
{
|
{
|
||||||
@ -2426,7 +2426,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
|||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
mbedtls_ssl_recv_flight_completed( ssl );
|
mbedtls_ssl_recv_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -2535,16 +2535,16 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
/*
|
/*
|
||||||
* opaque psk_identity<0..2^16-1>;
|
* opaque psk_identity<0..2^16-1>;
|
||||||
*/
|
*/
|
||||||
if( ssl->psk == NULL || ssl->psk_identity == NULL )
|
if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
||||||
|
|
||||||
i = 4;
|
i = 4;
|
||||||
n = ssl->psk_identity_len;
|
n = ssl->conf->psk_identity_len;
|
||||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||||
ssl->out_msg[i++] = (unsigned char)( n );
|
ssl->out_msg[i++] = (unsigned char)( n );
|
||||||
|
|
||||||
memcpy( ssl->out_msg + i, ssl->psk_identity, ssl->psk_identity_len );
|
memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
|
||||||
i += ssl->psk_identity_len;
|
i += ssl->conf->psk_identity_len;
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
|
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
|
||||||
@ -2944,7 +2944,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
|
|||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake != NULL &&
|
ssl->handshake != NULL &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
|
@ -333,7 +333,7 @@ static int ssl_parse_ticket( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
/* Check if still valid */
|
/* Check if still valid */
|
||||||
if( (int) ( time( NULL) - session.start ) > ssl->ticket_lifetime )
|
if( (int) ( time( NULL) - session.start ) > ssl->conf->ticket_lifetime )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "session ticket expired" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "session ticket expired" ) );
|
||||||
mbedtls_ssl_session_free( &session );
|
mbedtls_ssl_session_free( &session );
|
||||||
@ -363,7 +363,7 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
|||||||
const unsigned char *info,
|
const unsigned char *info,
|
||||||
size_t ilen )
|
size_t ilen )
|
||||||
{
|
{
|
||||||
if( ssl->endpoint != MBEDTLS_SSL_IS_SERVER )
|
if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
mbedtls_free( ssl->cli_id );
|
mbedtls_free( ssl->cli_id );
|
||||||
@ -382,9 +382,9 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
|
|||||||
mbedtls_ssl_cookie_check_t *f_cookie_check,
|
mbedtls_ssl_cookie_check_t *f_cookie_check,
|
||||||
void *p_cookie )
|
void *p_cookie )
|
||||||
{
|
{
|
||||||
ssl->f_cookie_write = f_cookie_write;
|
ssl->conf->f_cookie_write = f_cookie_write;
|
||||||
ssl->f_cookie_check = f_cookie_check;
|
ssl->conf->f_cookie_check = f_cookie_check;
|
||||||
ssl->p_cookie = p_cookie;
|
ssl->conf->p_cookie = p_cookie;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||||
|
|
||||||
@ -397,13 +397,13 @@ static int ssl_sni_wrapper( mbedtls_ssl_context *ssl,
|
|||||||
const unsigned char* name, size_t len )
|
const unsigned char* name, size_t len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_ssl_key_cert *key_cert_ori = ssl->key_cert;
|
mbedtls_ssl_key_cert *key_cert_ori = ssl->conf->key_cert;
|
||||||
|
|
||||||
ssl->key_cert = NULL;
|
ssl->conf->key_cert = NULL;
|
||||||
ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
|
ret = ssl->conf->f_sni( ssl->conf->p_sni, ssl, name, len );
|
||||||
ssl->handshake->sni_key_cert = ssl->key_cert;
|
ssl->handshake->sni_key_cert = ssl->conf->key_cert;
|
||||||
|
|
||||||
ssl->key_cert = key_cert_ori;
|
ssl->conf->key_cert = key_cert_ori;
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
@ -670,7 +670,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
((void) buf);
|
((void) buf);
|
||||||
|
|
||||||
if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
|
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
|
||||||
ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
|
ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -690,7 +690,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
((void) buf);
|
((void) buf);
|
||||||
|
|
||||||
if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
|
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
|
||||||
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||||
{
|
{
|
||||||
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
|
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
|
||||||
@ -713,7 +713,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
((void) buf);
|
((void) buf);
|
||||||
|
|
||||||
if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
|
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
|
||||||
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
|
||||||
{
|
{
|
||||||
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
|
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
|
||||||
@ -730,7 +730,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
/* Remember the client asked us to send a new ticket */
|
/* Remember the client asked us to send a new ticket */
|
||||||
@ -778,7 +778,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||||||
const char **ours;
|
const char **ours;
|
||||||
|
|
||||||
/* If ALPN not configured, just ignore the extension */
|
/* If ALPN not configured, just ignore the extension */
|
||||||
if( ssl->alpn_list == NULL )
|
if( ssl->conf->alpn_list == NULL )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -802,7 +802,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
|||||||
*/
|
*/
|
||||||
start = buf + 2;
|
start = buf + 2;
|
||||||
end = buf + len;
|
end = buf + len;
|
||||||
for( ours = ssl->alpn_list; *ours != NULL; ours++ )
|
for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ )
|
||||||
{
|
{
|
||||||
ours_len = strlen( *ours );
|
ours_len = strlen( *ours );
|
||||||
for( theirs = start; theirs != end; theirs += cur_len )
|
for( theirs = start; theirs != end; theirs += cur_len )
|
||||||
@ -982,12 +982,12 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if( ssl->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
|
||||||
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
|
||||||
@ -1009,9 +1009,9 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||||||
/* If the ciphersuite requires a pre-shared key and we don't
|
/* If the ciphersuite requires a pre-shared key and we don't
|
||||||
* have one, skip it now rather than failing later */
|
* have one, skip it now rather than failing later */
|
||||||
if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
|
if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
|
||||||
ssl->f_psk == NULL &&
|
ssl->conf->f_psk == NULL &&
|
||||||
( ssl->psk == NULL || ssl->psk_identity == NULL ||
|
( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
|
||||||
ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
|
ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -1100,15 +1100,15 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
|
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
|
||||||
ssl->minor_ver = ( buf[4] <= ssl->max_minor_ver )
|
ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
|
||||||
? buf[4] : ssl->max_minor_ver;
|
? buf[4] : ssl->conf->max_minor_ver;
|
||||||
|
|
||||||
if( ssl->minor_ver < ssl->min_minor_ver )
|
if( ssl->minor_ver < ssl->conf->min_minor_ver )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
||||||
" [%d:%d] < [%d:%d]",
|
" [%d:%d] < [%d:%d]",
|
||||||
ssl->major_ver, ssl->minor_ver,
|
ssl->major_ver, ssl->minor_ver,
|
||||||
ssl->min_major_ver, ssl->min_minor_ver ) );
|
ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
|
||||||
|
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
||||||
@ -1224,7 +1224,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
|
||||||
|
|
||||||
if( ssl->minor_ver < ssl->max_minor_ver )
|
if( ssl->minor_ver < ssl->conf->max_minor_ver )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
|
||||||
|
|
||||||
@ -1240,7 +1240,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
|||||||
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
|
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
|
||||||
|
|
||||||
got_common_suite = 0;
|
got_common_suite = 0;
|
||||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
||||||
ciphersuite_info = NULL;
|
ciphersuite_info = NULL;
|
||||||
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||||
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
|
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
|
||||||
@ -1291,7 +1291,7 @@ have_ciphersuite_v2:
|
|||||||
* SSLv2 Client Hello relevant renegotiation security checks
|
* SSLv2 Client Hello relevant renegotiation security checks
|
||||||
*/
|
*/
|
||||||
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
||||||
|
|
||||||
@ -1353,7 +1353,7 @@ read_record_header:
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
|
||||||
#endif
|
#endif
|
||||||
if( ( buf[0] & 0x80 ) != 0 )
|
if( ( buf[0] & 0x80 ) != 0 )
|
||||||
return ssl_parse_client_hello_v2( ssl );
|
return ssl_parse_client_hello_v2( ssl );
|
||||||
@ -1385,7 +1385,7 @@ read_record_header:
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
|
||||||
buf[1], buf[2] ) );
|
buf[1], buf[2] ) );
|
||||||
|
|
||||||
mbedtls_ssl_read_version( &major, &minor, ssl->transport, buf + 1 );
|
mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
|
||||||
|
|
||||||
/* According to RFC 5246 Appendix E.1, the version here is typically
|
/* According to RFC 5246 Appendix E.1, the version here is typically
|
||||||
* "{03,00}, the lowest version number supported by the client, [or] the
|
* "{03,00}, the lowest version number supported by the client, [or] the
|
||||||
@ -1400,7 +1400,7 @@ read_record_header:
|
|||||||
/* For DTLS if this is the initial handshake, remember the client sequence
|
/* For DTLS if this is the initial handshake, remember the client sequence
|
||||||
* number to use it in our next message (RFC 6347 4.2.1) */
|
* number to use it in our next message (RFC 6347 4.2.1) */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
|
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
|
||||||
#endif
|
#endif
|
||||||
@ -1455,7 +1455,7 @@ read_record_header:
|
|||||||
|
|
||||||
/* Done reading this record, get ready for the next one */
|
/* Done reading this record, get ready for the next one */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
|
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
@ -1502,7 +1502,7 @@ read_record_header:
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Copy the client's handshake message_seq on initial handshakes,
|
* Copy the client's handshake message_seq on initial handshakes,
|
||||||
@ -1583,18 +1583,18 @@ read_record_header:
|
|||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
|
||||||
|
|
||||||
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
|
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
|
||||||
ssl->transport, buf );
|
ssl->conf->transport, buf );
|
||||||
|
|
||||||
ssl->handshake->max_major_ver = ssl->major_ver;
|
ssl->handshake->max_major_ver = ssl->major_ver;
|
||||||
ssl->handshake->max_minor_ver = ssl->minor_ver;
|
ssl->handshake->max_minor_ver = ssl->minor_ver;
|
||||||
|
|
||||||
if( ssl->major_ver < ssl->min_major_ver ||
|
if( ssl->major_ver < ssl->conf->min_major_ver ||
|
||||||
ssl->minor_ver < ssl->min_minor_ver )
|
ssl->minor_ver < ssl->conf->min_minor_ver )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
|
||||||
" [%d:%d] < [%d:%d]",
|
" [%d:%d] < [%d:%d]",
|
||||||
ssl->major_ver, ssl->minor_ver,
|
ssl->major_ver, ssl->minor_ver,
|
||||||
ssl->min_major_ver, ssl->min_minor_ver ) );
|
ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
|
||||||
|
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
|
||||||
@ -1602,13 +1602,13 @@ read_record_header:
|
|||||||
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->major_ver > ssl->max_major_ver )
|
if( ssl->major_ver > ssl->conf->max_major_ver )
|
||||||
{
|
{
|
||||||
ssl->major_ver = ssl->max_major_ver;
|
ssl->major_ver = ssl->conf->max_major_ver;
|
||||||
ssl->minor_ver = ssl->max_minor_ver;
|
ssl->minor_ver = ssl->conf->max_minor_ver;
|
||||||
}
|
}
|
||||||
else if( ssl->minor_ver > ssl->max_minor_ver )
|
else if( ssl->minor_ver > ssl->conf->max_minor_ver )
|
||||||
ssl->minor_ver = ssl->max_minor_ver;
|
ssl->minor_ver = ssl->conf->max_minor_ver;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Save client random (inc. Unix time)
|
* Save client random (inc. Unix time)
|
||||||
@ -1641,7 +1641,7 @@ read_record_header:
|
|||||||
* Check the cookie length and content
|
* Check the cookie length and content
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
cookie_offset = 35 + sess_len;
|
cookie_offset = 35 + sess_len;
|
||||||
cookie_len = buf[cookie_offset];
|
cookie_len = buf[cookie_offset];
|
||||||
@ -1656,13 +1656,13 @@ read_record_header:
|
|||||||
buf + cookie_offset + 1, cookie_len );
|
buf + cookie_offset + 1, cookie_len );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||||
if( ssl->f_cookie_check != NULL
|
if( ssl->conf->f_cookie_check != NULL
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
|
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
|
||||||
#endif
|
#endif
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
if( ssl->f_cookie_check( ssl->p_cookie,
|
if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
|
||||||
buf + cookie_offset + 1, cookie_len,
|
buf + cookie_offset + 1, cookie_len,
|
||||||
ssl->cli_id, ssl->cli_id_len ) != 0 )
|
ssl->cli_id, ssl->cli_id_len ) != 0 )
|
||||||
{
|
{
|
||||||
@ -1743,7 +1743,7 @@ read_record_header:
|
|||||||
|
|
||||||
/* See comments in ssl_write_client_hello() */
|
/* See comments in ssl_write_client_hello() */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1793,7 +1793,7 @@ read_record_header:
|
|||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
case MBEDTLS_TLS_EXT_SERVERNAME:
|
case MBEDTLS_TLS_EXT_SERVERNAME:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
|
||||||
if( ssl->f_sni == NULL )
|
if( ssl->conf->f_sni == NULL )
|
||||||
break;
|
break;
|
||||||
|
|
||||||
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
|
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
|
||||||
@ -1931,7 +1931,7 @@ read_record_header:
|
|||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 0, ( "received FALLBACK_SCSV" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 0, ( "received FALLBACK_SCSV" ) );
|
||||||
|
|
||||||
if( ssl->minor_ver < ssl->max_minor_ver )
|
if( ssl->minor_ver < ssl->conf->max_minor_ver )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 0, ( "inapropriate fallback" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 0, ( "inapropriate fallback" ) );
|
||||||
|
|
||||||
@ -1974,7 +1974,7 @@ read_record_header:
|
|||||||
* Renegotiation security checks
|
* Renegotiation security checks
|
||||||
*/
|
*/
|
||||||
if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
|
if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
|
||||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
|
||||||
handshake_failure = 1;
|
handshake_failure = 1;
|
||||||
@ -1989,7 +1989,7 @@ read_record_header:
|
|||||||
}
|
}
|
||||||
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
|
||||||
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||||
ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
|
ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
|
||||||
handshake_failure = 1;
|
handshake_failure = 1;
|
||||||
@ -2017,7 +2017,7 @@ read_record_header:
|
|||||||
* and certificate from the SNI callback triggered by the SNI extension.)
|
* and certificate from the SNI callback triggered by the SNI extension.)
|
||||||
*/
|
*/
|
||||||
got_common_suite = 0;
|
got_common_suite = 0;
|
||||||
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
|
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
|
||||||
ciphersuite_info = NULL;
|
ciphersuite_info = NULL;
|
||||||
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
|
||||||
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
|
||||||
@ -2068,7 +2068,7 @@ have_ciphersuite:
|
|||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
mbedtls_ssl_recv_flight_completed( ssl );
|
mbedtls_ssl_recv_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -2351,12 +2351,12 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||||||
/* The RFC is not clear on this point, but sending the actual negotiated
|
/* The RFC is not clear on this point, but sending the actual negotiated
|
||||||
* version looks like the most interoperable thing to do. */
|
* version looks like the most interoperable thing to do. */
|
||||||
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
|
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
|
||||||
ssl->transport, p );
|
ssl->conf->transport, p );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
|
||||||
p += 2;
|
p += 2;
|
||||||
|
|
||||||
/* If we get here, f_cookie_check is not null */
|
/* If we get here, f_cookie_check is not null */
|
||||||
if( ssl->f_cookie_write == NULL )
|
if( ssl->conf->f_cookie_write == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
@ -2365,7 +2365,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
|
|||||||
/* Skip length byte until we know the length */
|
/* Skip length byte until we know the length */
|
||||||
cookie_len_byte = p++;
|
cookie_len_byte = p++;
|
||||||
|
|
||||||
if( ( ret = ssl->f_cookie_write( ssl->p_cookie,
|
if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
|
||||||
&p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN,
|
&p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN,
|
||||||
ssl->cli_id, ssl->cli_id_len ) ) != 0 )
|
ssl->cli_id, ssl->cli_id_len ) ) != 0 )
|
||||||
{
|
{
|
||||||
@ -2407,7 +2407,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake->verify_cookie_len != 0 )
|
ssl->handshake->verify_cookie_len != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
|
||||||
@ -2434,7 +2434,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
p = buf + 4;
|
p = buf + 4;
|
||||||
|
|
||||||
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
|
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
|
||||||
ssl->transport, p );
|
ssl->conf->transport, p );
|
||||||
p += 2;
|
p += 2;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
|
||||||
@ -2474,8 +2474,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
|
ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
|
||||||
#endif
|
#endif
|
||||||
ssl->session_negotiate->length != 0 &&
|
ssl->session_negotiate->length != 0 &&
|
||||||
ssl->f_get_cache != NULL &&
|
ssl->conf->f_get_cache != NULL &&
|
||||||
ssl->f_get_cache( ssl->p_get_cache, ssl->session_negotiate ) == 0 )
|
ssl->conf->f_get_cache( ssl->conf->p_get_cache, ssl->session_negotiate ) == 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
|
||||||
ssl->handshake->resume = 1;
|
ssl->handshake->resume = 1;
|
||||||
@ -2651,7 +2651,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
|
||||||
ssl->authmode == MBEDTLS_SSL_VERIFY_NONE )
|
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
@ -2743,7 +2743,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
|||||||
* opaque DistinguishedName<1..2^16-1>;
|
* opaque DistinguishedName<1..2^16-1>;
|
||||||
*/
|
*/
|
||||||
p += 2;
|
p += 2;
|
||||||
crt = ssl->ca_chain;
|
crt = ssl->conf->ca_chain;
|
||||||
|
|
||||||
total_dn_size = 0;
|
total_dn_size = 0;
|
||||||
while( crt != NULL && crt->version != 0 )
|
while( crt != NULL && crt->version != 0 )
|
||||||
@ -2880,8 +2880,8 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
* opaque dh_Ys<1..2^16-1>;
|
* opaque dh_Ys<1..2^16-1>;
|
||||||
* } ServerDHParams;
|
* } ServerDHParams;
|
||||||
*/
|
*/
|
||||||
if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->dhm_P ) ) != 0 ||
|
if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 ||
|
||||||
( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->dhm_G ) ) != 0 )
|
( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -2927,7 +2927,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
const mbedtls_ecp_group_id *gid;
|
const mbedtls_ecp_group_id *gid;
|
||||||
|
|
||||||
/* Match our preference list against the offered curves */
|
/* Match our preference list against the offered curves */
|
||||||
for( gid = ssl->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
|
for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
|
||||||
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
|
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
|
||||||
if( (*curve)->grp_id == *gid )
|
if( (*curve)->grp_id == *gid )
|
||||||
goto curve_matching_done;
|
goto curve_matching_done;
|
||||||
@ -3167,7 +3167,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
|
|||||||
ssl->state++;
|
ssl->state++;
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
mbedtls_ssl_send_flight_completed( ssl );
|
mbedtls_ssl_send_flight_completed( ssl );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -3268,7 +3268,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
|
mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
|
||||||
ssl->handshake->max_minor_ver,
|
ssl->handshake->max_minor_ver,
|
||||||
ssl->transport, ver );
|
ssl->conf->transport, ver );
|
||||||
/*
|
/*
|
||||||
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
|
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
|
||||||
* must not cause the connection to end immediately; instead, send a
|
* must not cause the connection to end immediately; instead, send a
|
||||||
@ -3320,9 +3320,9 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
size_t n;
|
size_t n;
|
||||||
|
|
||||||
if( ssl->f_psk == NULL &&
|
if( ssl->conf->f_psk == NULL &&
|
||||||
( ssl->psk == NULL || ssl->psk_identity == NULL ||
|
( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
|
||||||
ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
|
ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
|
||||||
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
||||||
@ -3346,17 +3346,17 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
|||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl->f_psk != NULL )
|
if( ssl->conf->f_psk != NULL )
|
||||||
{
|
{
|
||||||
if( ssl->f_psk( ssl->p_psk, ssl, *p, n ) != 0 )
|
if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
|
||||||
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Identity is not a big secret since clients send it in the clear,
|
/* Identity is not a big secret since clients send it in the clear,
|
||||||
* but treat it carefully anyway, just in case */
|
* but treat it carefully anyway, just in case */
|
||||||
if( n != ssl->psk_identity_len ||
|
if( n != ssl->conf->psk_identity_len ||
|
||||||
mbedtls_ssl_safer_memcmp( ssl->psk_identity, *p, n ) != 0 )
|
mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
||||||
}
|
}
|
||||||
@ -3796,7 +3796,7 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t tlen;
|
size_t tlen;
|
||||||
uint32_t lifetime = (uint32_t) ssl->ticket_lifetime;
|
uint32_t lifetime = (uint32_t) ssl->conf->ticket_lifetime;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
|
||||||
|
|
||||||
@ -3864,7 +3864,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
|
|||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
ssl->handshake != NULL &&
|
ssl->handshake != NULL &&
|
||||||
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
|
||||||
{
|
{
|
||||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user