diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d515eb194..4f826e403 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1187,19 +1187,19 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); /** * \brief Set the current endpoint type * - * \param ssl SSL context + * \param conf SSL configuration * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER * * \note This function should be called right after mbedtls_ssl_init() since * some other ssl_set_foo() functions depend on it. */ -void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint ); +void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint ); /** * \brief Set the transport type (TLS or DTLS). * Default: TLS * - * \param ssl SSL context + * \param conf SSL configuration * \param transport transport type: * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. @@ -1212,12 +1212,13 @@ void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint ); * doesn't block, or one that handles timeouts, see * mbedtls_ssl_set_bio_timeout() */ -int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport ); +int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport ); /** * \brief Set the certificate verification mode + * Default: NONE on server, REQUIRED on client * - * \param ssl SSL context + * \param conf SSL configuration * \param authmode can be: * * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked @@ -1238,7 +1239,7 @@ int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport ); * the verification as soon as possible. For example, REQUIRED was protecting * against the "triple handshake" attack even before it was found. */ -void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode ); +void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode ); #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -1248,11 +1249,11 @@ void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode ); * certificate in the chain. For implementation * information, please see \c x509parse_verify() * - * \param ssl SSL context + * \param conf SSL configuration * \param f_vrfy verification function * \param p_vrfy verification parameter */ -void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *), void *p_vrfy ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -1271,11 +1272,11 @@ void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl, /** * \brief Set the debug callback * - * \param ssl SSL context + * \param conf SSL configuration * \param f_dbg debug function * \param p_dbg debug parameter */ -void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *), void *p_dbg ); @@ -1404,12 +1405,12 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx, * Only disable if you known this can't happen in your * particular environment. * - * \param ssl SSL context + * \param conf SSL configuration * \param f_cookie_write Cookie write callback * \param f_cookie_check Cookie check callback * \param p_cookie Context for both callbacks */ -void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf, mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_cookie_check_t *f_cookie_check, void *p_cookie ); @@ -1421,7 +1422,7 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl, * (DTLS only, no effect on TLS.) * Default: enabled. * - * \param ssl SSL context + * \param conf SSL configuration * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED. * * \warning Disabling this is a security risk unless the application @@ -1431,7 +1432,7 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl, * packets and needs information about them to adjust its * transmission strategy, then you'll want to disable this. */ -void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode ); +void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) @@ -1441,7 +1442,7 @@ void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode ); * (DTLS only, no effect on TLS.) * Default: 0 (disabled). * - * \param ssl SSL context + * \param conf SSL configuration * \param limit Limit, or 0 to disable. * * \note If the limit is N, then the connection is terminated when @@ -1458,7 +1459,7 @@ void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode ); * might make us waste resources checking authentication on * many bogus packets. */ -void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit ); +void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ); #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -1466,7 +1467,7 @@ void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit * \brief Set retransmit timeout values for the DTLS handshale. * (DTLS only, no effect on TLS.) * - * \param ssl SSL context + * \param conf SSL configuration * \param min Initial timeout value in milliseconds. * Default: 1000 (1 second). * \param max Maximum timeout value in milliseconds. @@ -1478,7 +1479,7 @@ void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit * handshake latency. Lower values may increase the risk of * network congestion by causing more retransmissions. */ -void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max ); +void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ /** @@ -1513,13 +1514,13 @@ void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, * an entry is still valid in the future. Return 0 if * successfully cached, return 1 otherwise. * - * \param ssl SSL context + * \param conf SSL configuration * \param f_get_cache session get callback * \param p_get_cache session get parameter * \param f_set_cache session set callback * \param p_set_cache session set parameter */ -void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf, int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache, int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache ); #endif /* MBEDTLS_SSL_SRV_C */ @@ -1551,17 +1552,18 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session * over the preference of the client unless * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined! * - * \param ssl SSL context + * \param conf SSL configuration * \param ciphersuites 0-terminated list of allowed ciphersuites */ -void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites ); +void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf, + const int *ciphersuites ); /** * \brief Set the list of allowed ciphersuites and the * preference order for a specific version of the protocol. * (Only useful on the server side) * - * \param ssl SSL context + * \param conf SSL configuration * \param ciphersuites 0-terminated list of allowed ciphersuites * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 * supported) @@ -1572,7 +1574,7 @@ void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersu * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 * and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 */ -void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor ); @@ -1642,11 +1644,11 @@ int mbedtls_ssl_set_psk( mbedtls_ssl_context *ssl, const unsigned char *psk, siz * identity and return 0. * Any other return value will result in a denied PSK identity. * - * \param ssl SSL context + * \param conf SSL configuration * \param f_psk PSK identity function * \param p_psk PSK identity parameter */ -void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf, int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_psk ); @@ -1658,24 +1660,24 @@ void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl, * read as hexadecimal strings (server-side only) * (Default: MBEDTLS_DHM_RFC5114_MODP_1024_[PG]) * - * \param ssl SSL context + * \param conf SSL configuration * \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_G Diffie-Hellman-Merkle generator * * \return 0 if successful */ -int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G ); +int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ); /** * \brief Set the Diffie-Hellman public P and G values, * read from existing context (server-side only) * - * \param ssl SSL context + * \param conf SSL configuration * \param dhm_ctx Diffie-Hellman-Merkle context * * \return 0 if successful */ -int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx ); +int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ); #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_SSL_SET_CURVES) @@ -1693,11 +1695,11 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context * Both sides: limits the set of curves used by peer to the * listed curves for any use (ECDH(E), certificates). * - * \param ssl SSL context + * \param conf SSL configuration * \param curves Ordered list of allowed curves, * terminated by MBEDTLS_ECP_DP_NONE. */ -void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curves ); +void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves ); #endif /* MBEDTLS_SSL_SET_CURVES */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -1728,11 +1730,11 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); * callback should return -1 to abort the handshake at this * point. * - * \param ssl SSL context + * \param conf SSL configuration * \param f_sni verification function * \param p_sni verification parameter */ -void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf, int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_sni ); @@ -1742,13 +1744,13 @@ void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl, /** * \brief Set the supported Application Layer Protocols. * - * \param ssl SSL context + * \param conf SSL configuration * \param protos NULL-terminated list of supported protocols, * in decreasing preference order. * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos ); +int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ); /** * \brief Get the name of the negotiated Application Layer Protocol. @@ -1769,7 +1771,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); * * Note: This ignores ciphersuites from 'higher' versions. * - * \param ssl SSL context + * \param conf SSL configuration * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, @@ -1779,7 +1781,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 */ -int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor ); +int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor ); /** * \brief Set the minimum accepted SSL/TLS protocol version @@ -1790,7 +1792,7 @@ int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor * * \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided. * - * \param ssl SSL context + * \param conf SSL configuration * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, @@ -1800,7 +1802,7 @@ int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 */ -int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor ); +int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor ); #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) /** @@ -1834,10 +1836,10 @@ void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback ); * improvement, and should not cause any interoperability * issue (used only if the peer supports it too). * - * \param ssl SSL context + * \param conf SSL configuration * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED */ -void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm ); +void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) @@ -1849,10 +1851,10 @@ void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm ); * protocol, and should not cause any interoperability issue * (used only if the peer supports it too). * - * \param ssl SSL context + * \param conf SSL configuration * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED */ -void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems ); +void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems ); #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ /** @@ -1865,10 +1867,10 @@ void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems * \note This function will likely be removed in future versions as * RC4 will then be disabled by default at compile time. * - * \param ssl SSL context + * \param conf SSL configuration * \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED */ -void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 ); +void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 ); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** @@ -1895,13 +1897,13 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_context *ssl, unsigned char mfl_co * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED on client, * MBEDTLS_SSL_TRUNC_HMAC_ENABLED on server.) * - * \param ssl SSL context + * \param conf SSL configuration * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or * MBEDTLS_SSL_TRUNC_HMAC_DISABLED) * * \return Always 0. */ -int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate ); +int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) @@ -1942,10 +1944,10 @@ int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets ) * \brief Set session ticket lifetime (server only) * (Default: MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day)) * - * \param ssl SSL context + * \param conf SSL configuration * \param lifetime session ticket lifetime */ -void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime ); +void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime ); #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -1958,11 +1960,11 @@ void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int life * resource DoS by a malicious client. You should enable this on * a client to enable server-initiated renegotiation. * - * \param ssl SSL context + * \param conf SSL configuration * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or * MBEDTLS_SSL_RENEGOTIATION_DISABLED) */ -void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation ); +void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation ); #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** @@ -1987,12 +1989,12 @@ void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation * that do not support renegotiation altogether. * (Most secure option, interoperability issues) * - * \param ssl SSL context + * \param conf SSL configuration * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, * SSL_ALLOW_LEGACY_RENEGOTIATION or * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) */ -void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy ); +void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ); #if defined(MBEDTLS_SSL_RENEGOTIATION) /** @@ -2027,12 +2029,12 @@ void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legac * if we receive application data from the server, we need a * place to write it, which only happens during mbedtls_ssl_read(). * - * \param ssl SSL context + * \param conf SSL configuration * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to * enforce renegotiation, or a non-negative value to enforce * it but allow for a grace period of max_records records. */ -void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records ); +void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ); /** * \brief Set record counter threshold for periodic renegotiation. @@ -2047,11 +2049,11 @@ void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_r * Lower values can be used to enforce policies such as "keys * must be refreshed every N packets with cipher X". * - * \param ssl SSL context + * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. * Set to 2^64 - 1 to disable periodic renegotiation */ -void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf, const unsigned char period[8] ); #endif /* MBEDTLS_SSL_RENEGOTIATION */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index bb5e7e0c2..e91d13c39 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -377,14 +377,14 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, return( 0 ); } -void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf, mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_cookie_check_t *f_cookie_check, void *p_cookie ) { - ssl->conf->f_cookie_write = f_cookie_write; - ssl->conf->f_cookie_check = f_cookie_check; - ssl->conf->p_cookie = p_cookie; + conf->f_cookie_write = f_cookie_write; + conf->f_cookie_check = f_cookie_check; + conf->p_cookie = p_cookie; } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dd477c756..6702c8bb6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5168,52 +5168,52 @@ static int ssl_ticket_keys_init( mbedtls_ssl_context *ssl ) /* * SSL set accessors */ -void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint ) +void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint ) { - ssl->conf->endpoint = endpoint; + conf->endpoint = endpoint; } -int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport ) +int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport ) { - ssl->conf->transport = transport; + conf->transport = transport; return( 0 ); } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode ) +void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) { - ssl->conf->anti_replay = mode; + conf->anti_replay = mode; } #endif #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) -void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit ) +void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) { - ssl->conf->badmac_limit = limit; + conf->badmac_limit = limit; } #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max ) +void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ) { - ssl->conf->hs_timeout_min = min; - ssl->conf->hs_timeout_max = max; + conf->hs_timeout_min = min; + conf->hs_timeout_max = max; } #endif -void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode ) +void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode ) { - ssl->conf->authmode = authmode; + conf->authmode = authmode; } #if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *), void *p_vrfy ) { - ssl->conf->f_vrfy = f_vrfy; - ssl->conf->p_vrfy = p_vrfy; + conf->f_vrfy = f_vrfy; + conf->p_vrfy = p_vrfy; } #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -5225,12 +5225,12 @@ void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl, ssl->p_rng = p_rng; } -void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *), void *p_dbg ) { - ssl->conf->f_dbg = f_dbg; - ssl->conf->p_dbg = p_dbg; + conf->f_dbg = f_dbg; + conf->p_dbg = p_dbg; } #if ! defined(MBEDTLS_DEPRECATED_REMOVED) @@ -5267,14 +5267,14 @@ void mbedtls_ssl_set_bio_timeout( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf, int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache, int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache ) { - ssl->conf->f_get_cache = f_get_cache; - ssl->conf->p_get_cache = p_get_cache; - ssl->conf->f_set_cache = f_set_cache; - ssl->conf->p_set_cache = p_set_cache; + conf->f_get_cache = f_get_cache; + conf->p_get_cache = p_get_cache; + conf->f_set_cache = f_set_cache; + conf->p_set_cache = p_set_cache; } #endif /* MBEDTLS_SSL_SRV_C */ @@ -5300,15 +5300,16 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session } #endif /* MBEDTLS_SSL_CLI_C */ -void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites ) +void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf, + const int *ciphersuites ) { - ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; - ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; - ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; - ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; } -void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf, const int *ciphersuites, int major, int minor ) { @@ -5318,7 +5319,7 @@ void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl, if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) return; - ssl->conf->ciphersuite_list[minor] = ciphersuites; + conf->ciphersuite_list[minor] = ciphersuites; } #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -5407,51 +5408,39 @@ int mbedtls_ssl_set_psk( mbedtls_ssl_context *ssl, const unsigned char *psk, siz return( 0 ); } -void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf, int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_psk ) { - ssl->conf->f_psk = f_psk; - ssl->conf->p_psk = p_psk; + conf->f_psk = f_psk; + conf->p_psk = p_psk; } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) -int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G ) +int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) { int ret; - if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_P, 16, dhm_P ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret ); + if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 ) return( ret ); - } - if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_G, 16, dhm_G ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret ); + if( ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) return( ret ); - } return( 0 ); } -int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx ) +int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) { int ret; - if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_P, &dhm_ctx->P ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret ); + if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ) return( ret ); - } - if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_G, &dhm_ctx->G ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret ); + if( ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) return( ret ); - } return( 0 ); } @@ -5461,9 +5450,10 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context /* * Set the allowed elliptic curves */ -void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curve_list ) +void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, + const mbedtls_ecp_group_id *curve_list ) { - ssl->conf->curve_list = curve_list; + conf->curve_list = curve_list; } #endif @@ -5491,18 +5481,18 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) return( 0 ); } -void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf, int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t), void *p_sni ) { - ssl->conf->f_sni = f_sni; - ssl->conf->p_sni = p_sni; + conf->f_sni = f_sni; + conf->p_sni = p_sni; } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos ) +int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ) { size_t cur_len, tot_len; const char **p; @@ -5521,7 +5511,7 @@ int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **proto return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - ssl->conf->alpn_list = protos; + conf->alpn_list = protos; return( 0 ); } @@ -5532,16 +5522,19 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_ALPN */ -static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int minor ) +static int ssl_check_version( const mbedtls_ssl_config *conf, + int major, int minor ) { - if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION || major > MBEDTLS_SSL_MAX_MAJOR_VERSION || - minor < MBEDTLS_SSL_MIN_MINOR_VERSION || minor > MBEDTLS_SSL_MAX_MINOR_VERSION ) + if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION || + major > MBEDTLS_SSL_MAX_MAJOR_VERSION || + minor < MBEDTLS_SSL_MIN_MINOR_VERSION || + minor > MBEDTLS_SSL_MAX_MINOR_VERSION ) { return( -1 ); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && minor < MBEDTLS_SSL_MINOR_VERSION_2 ) { return( -1 ); @@ -5553,24 +5546,24 @@ static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int min return( 0 ); } -int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor ) +int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor ) { - if( ssl_check_version( ssl, major, minor ) != 0 ) + if( ssl_check_version( conf, major, minor ) != 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->conf->max_major_ver = major; - ssl->conf->max_minor_ver = minor; + conf->max_major_ver = major; + conf->max_minor_ver = minor; return( 0 ); } -int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor ) +int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor ) { - if( ssl_check_version( ssl, major, minor ) != 0 ) + if( ssl_check_version( conf, major, minor ) != 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->conf->min_major_ver = major; - ssl->conf->min_minor_ver = minor; + conf->min_major_ver = major; + conf->min_minor_ver = minor; return( 0 ); } @@ -5583,22 +5576,22 @@ void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback ) #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm ) +void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ) { - ssl->conf->encrypt_then_mac = etm; + conf->encrypt_then_mac = etm; } #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems ) +void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems ) { - ssl->conf->extended_ms = ems; + conf->extended_ms = ems; } #endif -void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 ) +void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 ) { - ssl->conf->arc4_disabled = arc4; + conf->arc4_disabled = arc4; } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) @@ -5617,9 +5610,9 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_context *ssl, unsigned char mfl_co #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate ) +int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) { - ssl->conf->trunc_hmac = truncate; + conf->trunc_hmac = truncate; return( 0 ); } @@ -5632,26 +5625,26 @@ void mbedtls_ssl_set_cbc_record_splitting( mbedtls_ssl_context *ssl, char split } #endif -void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy ) +void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) { - ssl->conf->allow_legacy_renegotiation = allow_legacy; + conf->allow_legacy_renegotiation = allow_legacy; } #if defined(MBEDTLS_SSL_RENEGOTIATION) -void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation ) +void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) { - ssl->conf->disable_renegotiation = renegotiation; + conf->disable_renegotiation = renegotiation; } -void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records ) +void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ) { - ssl->conf->renego_max_records = max_records; + conf->renego_max_records = max_records; } -void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl, +void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf, const unsigned char period[8] ) { - memcpy( ssl->conf->renego_period, period, 8 ); + memcpy( conf->renego_period, period, 8 ); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -5674,9 +5667,9 @@ int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets ) return( ssl_ticket_keys_init( ssl ) ); } -void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime ) +void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime ) { - ssl->conf->ticket_lifetime = lifetime; + conf->ticket_lifetime = lifetime; } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 09cea3b92..eb27f3cbe 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -181,11 +181,11 @@ int main( int argc, char *argv[] ) /* OPTIONAL is usually a bad choice for security, but makes interop easier * in this simplified example, in which the ca chain is hardcoded. * Production code should set a proper ca chain and use REQUIRED. */ - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL ); + mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout, diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 451294347..96cb1368d 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -206,14 +206,13 @@ int main( void ) goto exit; } - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE ); - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache, - mbedtls_ssl_cache_set, &cache ); + mbedtls_ssl_set_session_cache( &conf, + mbedtls_ssl_cache_get, &cache, + mbedtls_ssl_cache_set, &cache ); #endif mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); @@ -230,7 +229,7 @@ int main( void ) goto exit; } - mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, + mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx ); printf( " ok\n" ); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 694bf4031..5d140b911 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -217,7 +217,7 @@ int main( void ) } mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME ); - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED ); + mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED ); #endif /* diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 480423530..38a510c35 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -168,11 +168,11 @@ int main( void ) /* OPTIONAL is not optimal for security, * but makes interop easier in this simplified example */ - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL ); + mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 ); /* diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 1454067bc..0f2313c1e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1065,15 +1065,15 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_X509_CRT_PARSE_C) if( opt.debug_level > 0 ) - mbedtls_ssl_set_verify( &ssl, my_verify, NULL ); + mbedtls_ssl_set_verify( &conf, my_verify, NULL ); #endif if( opt.auth_mode != DFL_AUTH_MODE ) - mbedtls_ssl_set_authmode( &ssl, opt.auth_mode ); + mbedtls_ssl_set_authmode( &conf, opt.auth_mode ); #if defined(MBEDTLS_SSL_PROTO_DTLS) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) - mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max ); + mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) @@ -1086,17 +1086,17 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != DFL_TRUNC_HMAC ) - mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac ); + mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac ); #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( opt.extended_ms != DFL_EXTENDED_MS ) - mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms ); + mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms ); #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( opt.etm != DFL_ETM ) - mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm ); + mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm ); #endif #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) @@ -1108,7 +1108,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) - if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 ) + if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret ); goto exit; @@ -1116,7 +1116,7 @@ int main( int argc, char *argv[] ) #endif mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); if( opt.nbio == 2 ) mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL, @@ -1139,15 +1139,15 @@ int main( int argc, char *argv[] ) #endif if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) - mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); + mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite ); if( opt.arc4 != DFL_ARC4 ) - mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 ); + mbedtls_ssl_set_arc4_support( &conf, opt.arc4 ); if( opt.allow_legacy != DFL_ALLOW_LEGACY ) - mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); + mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy ); #if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation ); + mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation ); #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -1187,7 +1187,7 @@ int main( int argc, char *argv[] ) if( opt.min_version != DFL_MIN_VERSION ) { - ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); + ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); if( ret != 0 ) { mbedtls_printf( " failed\n ! selected min_version is not available\n" ); @@ -1197,7 +1197,7 @@ int main( int argc, char *argv[] ) if( opt.max_version != DFL_MAX_VERSION ) { - ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); + ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); if( ret != 0 ) { mbedtls_printf( " failed\n ! selected max_version is not available\n" ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 383746642..877f9581c 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -265,10 +265,8 @@ int main( void ) mbedtls_printf( " ok\n" ); - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE ); - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 ); mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 26972f8cc..000ed09f6 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -602,14 +602,14 @@ int main( int argc, char *argv[] ) /* OPTIONAL is not optimal for security, * but makes interop easier in this simplified example */ - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL ); + mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 ); if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) - mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); + mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite ); mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 6896e97f3..e951b3ad7 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -176,17 +176,16 @@ static void *handle_ssl_connection( void *data ) goto thread_exit; } - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE ); - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_mutexed_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_mutexed_debug, stdout ); /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if * MBEDTLS_THREADING_C is set. */ #if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, thread_info->cache, - mbedtls_ssl_cache_set, thread_info->cache ); + mbedtls_ssl_set_session_cache( &conf, + mbedtls_ssl_cache_get, thread_info->cache, + mbedtls_ssl_cache_set, thread_info->cache ); #endif mbedtls_ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 5c2a7d29a..2302f06f6 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -205,14 +205,13 @@ int main( void ) goto exit; } - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE ); - mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache, - mbedtls_ssl_cache_set, &cache ); + mbedtls_ssl_set_session_cache( &conf, + mbedtls_ssl_cache_get, &cache, + mbedtls_ssl_cache_set, &cache ); #endif mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 8955acfa6..e4f8163e6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1534,13 +1534,12 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER ); if( opt.auth_mode != DFL_AUTH_MODE ) - mbedtls_ssl_set_authmode( &ssl, opt.auth_mode ); + mbedtls_ssl_set_authmode( &conf, opt.auth_mode ); #if defined(MBEDTLS_SSL_PROTO_DTLS) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) - mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max ); + mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) @@ -1553,22 +1552,22 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != DFL_TRUNC_HMAC ) - mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac ); + mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac ); #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( opt.extended_ms != DFL_EXTENDED_MS ) - mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms ); + mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms ); #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( opt.etm != DFL_ETM ) - mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm ); + mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm ); #endif #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) - if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 ) + if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret ); goto exit; @@ -1576,7 +1575,7 @@ int main( int argc, char *argv[] ) #endif mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); #if defined(MBEDTLS_SSL_CACHE_C) if( opt.cache_max != -1 ) @@ -1585,8 +1584,9 @@ int main( int argc, char *argv[] ) if( opt.cache_timeout != -1 ) mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout ); - mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache, - mbedtls_ssl_cache_set, &cache ); + mbedtls_ssl_set_session_cache( &conf, + mbedtls_ssl_cache_get, &cache, + mbedtls_ssl_cache_set, &cache ); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) @@ -1597,7 +1597,7 @@ int main( int argc, char *argv[] ) } if( opt.ticket_timeout != -1 ) - mbedtls_ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout ); + mbedtls_ssl_set_session_ticket_lifetime( &conf, opt.ticket_timeout ); #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -1613,7 +1613,7 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, + mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx ); } else @@ -1621,7 +1621,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) if( opt.cookies == 0 ) { - mbedtls_ssl_set_dtls_cookies( &ssl, NULL, NULL, NULL ); + mbedtls_ssl_set_dtls_cookies( &conf, NULL, NULL, NULL ); } else #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ @@ -1631,50 +1631,50 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) if( opt.anti_replay != DFL_ANTI_REPLAY ) - mbedtls_ssl_set_dtls_anti_replay( &ssl, opt.anti_replay ); + mbedtls_ssl_set_dtls_anti_replay( &conf, opt.anti_replay ); #endif #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) if( opt.badmac_limit != DFL_BADMAC_LIMIT ) - mbedtls_ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit ); + mbedtls_ssl_set_dtls_badmac_limit( &conf, opt.badmac_limit ); #endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) - mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); + mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite ); if( opt.arc4 != DFL_ARC4 ) - mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 ); + mbedtls_ssl_set_arc4_support( &conf, opt.arc4 ); if( opt.version_suites != NULL ) { - mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[0], + mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[0], MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0 ); - mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[1], + mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[1], MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1 ); - mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[2], + mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[2], MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2 ); - mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[3], + mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[3], MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 ); } if( opt.allow_legacy != DFL_ALLOW_LEGACY ) - mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); + mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy ); #if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation ); + mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation ); if( opt.renego_delay != DFL_RENEGO_DELAY ) - mbedtls_ssl_set_renegotiation_enforced( &ssl, opt.renego_delay ); + mbedtls_ssl_set_renegotiation_enforced( &conf, opt.renego_delay ); if( opt.renego_period != DFL_RENEGO_PERIOD ) { renego_period[7] = opt.renego_period; - mbedtls_ssl_set_renegotiation_period( &ssl, renego_period ); + mbedtls_ssl_set_renegotiation_period( &conf, renego_period ); } #endif @@ -1700,7 +1700,7 @@ int main( int argc, char *argv[] ) #if defined(SNI_OPTION) if( opt.sni != NULL ) - mbedtls_ssl_set_sni( &ssl, sni_callback, sni_info ); + mbedtls_ssl_set_sni( &conf, sni_callback, sni_info ); #endif #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) @@ -1717,7 +1717,7 @@ int main( int argc, char *argv[] ) } if( opt.psk_list != NULL ) - mbedtls_ssl_set_psk_cb( &ssl, psk_callback, psk_info ); + mbedtls_ssl_set_psk_cb( &conf, psk_callback, psk_info ); #endif #if defined(MBEDTLS_DHM_C) @@ -1726,11 +1726,11 @@ int main( int argc, char *argv[] ) */ #if defined(MBEDTLS_FS_IO) if( opt.dhm_file != NULL ) - ret = mbedtls_ssl_set_dh_param_ctx( &ssl, &dhm ); + ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm ); else #endif - ret = mbedtls_ssl_set_dh_param( &ssl, MBEDTLS_DHM_RFC5114_MODP_2048_P, - MBEDTLS_DHM_RFC5114_MODP_2048_G ); + ret = mbedtls_ssl_set_dh_param( &conf, MBEDTLS_DHM_RFC5114_MODP_2048_P, + MBEDTLS_DHM_RFC5114_MODP_2048_G ); if( ret != 0 ) { @@ -1741,7 +1741,7 @@ int main( int argc, char *argv[] ) if( opt.min_version != DFL_MIN_VERSION ) { - ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); + ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); if( ret != 0 ) { mbedtls_printf( " failed\n ! selected min_version is not available\n" ); @@ -1751,7 +1751,7 @@ int main( int argc, char *argv[] ) if( opt.max_version != DFL_MIN_VERSION ) { - ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); + ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); if( ret != 0 ) { mbedtls_printf( " failed\n ! selected max_version is not available\n" ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index a8bc64a57..9f6356d34 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -412,15 +412,15 @@ int main( int argc, char *argv[] ) if( verify ) { - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED ); + mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED ); mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); - mbedtls_ssl_set_verify( &ssl, my_verify, NULL ); + mbedtls_ssl_set_verify( &conf, my_verify, NULL ); } else - mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE ); + mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); - mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); + mbedtls_ssl_set_dbg( &conf, my_debug, stdout ); mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 ); if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index f170332c4..5fd5d3486 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -46,7 +46,7 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line, mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL ); mbedtls_debug_set_threshold( threshold ); - mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); + mbedtls_ssl_set_dbg( &conf, string_debug, &buffer); mbedtls_debug_print_msg( &ssl, level, file, line, mbedtls_debug_fmt("Text message, 2 == %d", 2 ) ); @@ -75,7 +75,7 @@ void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int va TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_debug_set_log_mode( mode ); - mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); + mbedtls_ssl_set_dbg( &conf, string_debug, &buffer); mbedtls_debug_print_ret( &ssl, 0, file, line, text, value); @@ -108,7 +108,7 @@ void mbedtls_debug_print_buf( int mode, char *file, int line, char *text, TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_debug_set_log_mode( mode ); - mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); + mbedtls_ssl_set_dbg( &conf, string_debug, &buffer); mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len ); @@ -138,7 +138,7 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line, TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_debug_set_log_mode( mode ); - mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); + mbedtls_ssl_set_dbg( &conf, string_debug, &buffer); TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt); @@ -172,7 +172,7 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 ); mbedtls_debug_set_log_mode( mode ); - mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); + mbedtls_ssl_set_dbg( &conf, string_debug, &buffer); mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);