From def0bbe3ab22e687416046122c5fb8ca7eff0e36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 4 May 2015 14:56:36 +0200 Subject: [PATCH] Allocate ssl_config out of ssl_setup() --- include/mbedtls/ssl.h | 4 +++- library/ssl_tls.c | 17 +++------------ programs/ssl/dtls_client.c | 13 ++++++++++-- programs/ssl/dtls_server.c | 11 +++++++++- programs/ssl/mini_client.c | 12 ++++++++++- programs/ssl/ssl_client1.c | 11 +++++++++- programs/ssl/ssl_client2.c | 11 +++++++++- programs/ssl/ssl_fork_server.c | 14 ++++++++++--- programs/ssl/ssl_mail_client.c | 11 +++++++++- programs/ssl/ssl_pthread_server.c | 12 ++++++++++- programs/ssl/ssl_server.c | 11 +++++++++- programs/ssl/ssl_server2.c | 11 +++++++++- programs/x509/cert_app.c | 29 +++++++++++++++++--------- tests/suites/test_suite_debug.function | 25 +++++++++++++++++----- tests/suites/test_suite_ssl.function | 6 +++++- 15 files changed, 154 insertions(+), 44 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cb5998dea..3b11309e1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1164,11 +1164,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); * \brief Set up an SSL context for use * * \param ssl SSL context + * \param conf SSL configuration to use * * \return 0 if successful, or MBEDTLS_ERR_SSL_MALLOC_FAILED if * memory allocation failed */ -int mbedtls_ssl_setup( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, + mbedtls_ssl_config *conf ); /** * \brief Reset an already initialized SSL context for re-use diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 48787e64e..1b3691302 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4953,20 +4953,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) /* * Setup an SSL context */ -int mbedtls_ssl_setup( mbedtls_ssl_context *ssl ) +int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, + mbedtls_ssl_config *conf ) { int ret; const size_t len = MBEDTLS_SSL_BUFFER_LEN; - /* - * Temporary, WIP - */ - ssl->conf = mbedtls_malloc( sizeof( mbedtls_ssl_config ) ); - if( ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_MALLOC_FAILED ); - - mbedtls_ssl_config_init( ssl->conf ); - mbedtls_ssl_config_defaults( ssl->conf ); + ssl->conf = conf; /* * Prepare base structures @@ -6631,10 +6624,6 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) mbedtls_free( ssl->cli_id ); #endif - /* Temporary, WIP */ - mbedtls_ssl_config_free( ssl->conf ); - mbedtls_free( ssl->conf ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); /* Actually clear after last debug message */ diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 4f8228357..cacfe0f21 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -92,6 +92,7 @@ int main( int argc, char *argv[] ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt cacert; ((void) argc); @@ -105,6 +106,7 @@ int main( int argc, char *argv[] ) * 0. Initialize the RNG and the session data */ mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -123,7 +125,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * 0. Initialize certificates + * 0. Load certificates */ mbedtls_printf( " . Loading the CA root certificate ..." ); fflush( stdout ); @@ -160,7 +162,13 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up the DTLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -322,6 +330,7 @@ exit: mbedtls_x509_crt_free( &cacert ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index a4b86f76e..869d919ad 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -97,6 +97,7 @@ int main( void ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; #if defined(MBEDTLS_SSL_CACHE_C) @@ -104,6 +105,7 @@ int main( void ) #endif mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_ssl_cookie_init( &cookie_ctx ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init( &cache ); @@ -190,7 +192,13 @@ int main( void ) printf( " . Setting up the DTLS data..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -391,6 +399,7 @@ exit: mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ssl_cookie_free( &cookie_ctx ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free( &cache ); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index cab6e8d4c..cd2884545 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -147,6 +147,7 @@ enum exit_codes { exit_ok = 0, ctr_drbg_seed_failed, + ssl_config_default_failed, ssl_setup_failed, socket_failed, connect_failed, @@ -167,12 +168,14 @@ int main( void ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_ctr_drbg_init( &ctr_drbg ); /* * 0. Initialize and setup stuff */ mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init( &ca ); #endif @@ -185,7 +188,13 @@ int main( void ) goto exit; } - if( mbedtls_ssl_setup( &ssl ) != 0 ) + if( mbedtls_ssl_config_defaults( &conf ) != 0 ) + { + ret = ssl_config_defaults_failed; + goto exit; + } + + if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) { ret = ssl_setup_failed; goto exit; @@ -260,6 +269,7 @@ exit: mbedtls_net_close( server_fd ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 37c24a22c..d136cd633 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -83,6 +83,7 @@ int main( void ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt cacert; #if defined(MBEDTLS_DEBUG_C) @@ -93,6 +94,7 @@ int main( void ) * 0. Initialize the RNG and the session data */ mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -148,7 +150,13 @@ int main( void ) mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -275,6 +283,7 @@ exit: mbedtls_x509_crt_free( &cacert ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index de6ff655b..309a68af1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -401,6 +401,7 @@ int main( int argc, char *argv[] ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_ssl_session saved_session; #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt cacert; @@ -415,6 +416,7 @@ int main( int argc, char *argv[] ) */ server_fd = 0; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); mbedtls_ctr_drbg_init( &ctr_drbg ); #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -1047,7 +1049,13 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); goto exit; @@ -1581,6 +1589,7 @@ exit: #endif mbedtls_ssl_session_free( &saved_session ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index a0880e863..a26f85f60 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -103,11 +103,12 @@ int main( void ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; - memset( &ssl, 0, sizeof(mbedtls_ssl_context) ); - + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_entropy_init( &entropy ); mbedtls_pk_init( &pkey ); mbedtls_x509_crt_init( &srvcert ); @@ -248,7 +249,13 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -373,6 +380,7 @@ exit: mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 8abe7406c..bf4bff919 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -355,6 +355,7 @@ int main( int argc, char *argv[] ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; mbedtls_pk_context pkey; @@ -368,6 +369,7 @@ int main( int argc, char *argv[] ) */ server_fd = 0; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); memset( &buf, 0, sizeof( buf ) ); mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); @@ -582,7 +584,13 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -821,6 +829,7 @@ exit: mbedtls_x509_crt_free( &cacert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 3432e5e79..7303c5dcb 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -130,10 +130,12 @@ static void *handle_ssl_connection( void *data ) unsigned char buf[1024]; char pers[50]; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_ctr_drbg_context ctr_drbg; /* Make sure memory references are valid */ mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id ); @@ -158,7 +160,14 @@ static void *handle_ssl_connection( void *data ) */ mbedtls_printf( " [ #%d ] Setting up the SSL data....\n", thread_id ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_config_defaults returned -0x%04x\n", + thread_id, -ret ); + goto thread_exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_setup returned -0x%04x\n", thread_id, -ret ); @@ -314,6 +323,7 @@ thread_exit: mbedtls_net_close( client_fd ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); thread_info->thread_complete = 1; diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index bd68d3dda..a2b9a5811 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -97,6 +97,7 @@ int main( void ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; #if defined(MBEDTLS_SSL_CACHE_C) @@ -104,6 +105,7 @@ int main( void ) #endif mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init( &cache ); #endif @@ -189,7 +191,13 @@ int main( void ) mbedtls_printf( " . Setting up the SSL data...." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -369,6 +377,7 @@ exit: mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free( &cache ); #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index be0d70ccb..013d3393d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -722,6 +722,7 @@ int main( int argc, char *argv[] ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; #if defined(MBEDTLS_SSL_RENEGOTIATION) unsigned char renego_period[8] = { 0 }; #endif @@ -762,6 +763,7 @@ int main( int argc, char *argv[] ) */ listen_fd = 0; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_ctr_drbg_init( &ctr_drbg ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init( &cacert ); @@ -1518,7 +1520,13 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); goto exit; @@ -2205,6 +2213,7 @@ exit: #endif mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index a13f9bc5f..971dae1b9 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -146,6 +146,7 @@ int main( int argc, char *argv[] ) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; mbedtls_x509_crl cacrl; @@ -161,6 +162,7 @@ int main( int argc, char *argv[] ) server_fd = 0; mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); #if defined(MBEDTLS_X509_CRL_PARSE_C) @@ -372,7 +374,7 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); - goto exit; + goto ssl_exit; } mbedtls_printf( " ok\n" ); @@ -388,16 +390,22 @@ int main( int argc, char *argv[] ) opt.server_port, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret ); - goto exit; + goto ssl_exit; } /* * 3. Setup stuff */ - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); - goto exit; + goto ssl_exit; } mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT ); @@ -417,14 +425,14 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret ); - goto exit; + goto ssl_exit; } #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); - goto exit; + goto ssl_exit; } #endif @@ -436,8 +444,7 @@ int main( int argc, char *argv[] ) if( ret != MBEDTLS_ERR_NET_WANT_READ && ret != MBEDTLS_ERR_NET_WANT_WRITE ) { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret ); - mbedtls_ssl_free( &ssl ); - goto exit; + goto ssl_exit; } } @@ -452,14 +459,16 @@ int main( int argc, char *argv[] ) if( ret == -1 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret ); - mbedtls_ssl_free( &ssl ); - goto exit; + goto ssl_exit; } mbedtls_printf( "%s\n", buf ); mbedtls_ssl_close_notify( &ssl ); + +ssl_exit: mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); } else goto usage; diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index c423545f1..f170332c4 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -34,13 +34,15 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line, char *result_str ) { mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; struct buffer_data buffer; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); memset( buffer.buf, 0, 2000 ); buffer.ptr = buffer.buf; - TEST_ASSERT( mbedtls_ssl_setup( &ssl ) == 0 ); + TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL ); mbedtls_debug_set_threshold( threshold ); @@ -53,6 +55,7 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line, exit: mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); } /* END_CASE */ @@ -61,13 +64,15 @@ void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int va char *result_str ) { mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; struct buffer_data buffer; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); memset( buffer.buf, 0, 2000 ); buffer.ptr = buffer.buf; - TEST_ASSERT( mbedtls_ssl_setup( &ssl ) == 0 ); + TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_debug_set_log_mode( mode ); mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); @@ -78,6 +83,7 @@ void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int va exit: mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); } /* END_CASE */ @@ -87,17 +93,19 @@ void mbedtls_debug_print_buf( int mode, char *file, int line, char *text, { unsigned char data[10000]; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; struct buffer_data buffer; size_t data_len; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); memset( &data, 0, sizeof( data ) ); memset( buffer.buf, 0, 2000 ); buffer.ptr = buffer.buf; data_len = unhexify( data, data_string ); - TEST_ASSERT( mbedtls_ssl_setup( &ssl ) == 0 ); + TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_debug_set_log_mode( mode ); mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); @@ -108,6 +116,7 @@ void mbedtls_debug_print_buf( int mode, char *file, int line, char *text, exit: mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); } /* END_CASE */ @@ -117,14 +126,16 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line, { mbedtls_x509_crt crt; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; struct buffer_data buffer; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &crt ); memset( buffer.buf, 0, 2000 ); buffer.ptr = buffer.buf; - TEST_ASSERT( mbedtls_ssl_setup( &ssl ) == 0 ); + TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); mbedtls_debug_set_log_mode( mode ); mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); @@ -137,6 +148,7 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line, exit: mbedtls_x509_crt_free( &crt ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); } /* END_CASE */ @@ -145,15 +157,17 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int char *prefix, char *result_str ) { mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; struct buffer_data buffer; mbedtls_mpi val; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_mpi_init( &val ); memset( buffer.buf, 0, 2000 ); buffer.ptr = buffer.buf; - TEST_ASSERT( mbedtls_ssl_setup( &ssl ) == 0 ); + TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 ); @@ -167,5 +181,6 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int exit: mbedtls_mpi_free( &val ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6d9a4c081..ce1cd913e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -11,11 +11,14 @@ void ssl_dtls_replay( char *prevs, char *new, int ret ) { mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; char *end_prevs = prevs + strlen( prevs ) + 1; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); - TEST_ASSERT( mbedtls_ssl_setup( &ssl ) == 0 ); + TEST_ASSERT( mbedtls_ssl_config_defaults( &conf ) == 0 ); + TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); TEST_ASSERT( mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM ) == 0 ); /* Read previous record numbers */ @@ -31,5 +34,6 @@ void ssl_dtls_replay( char *prevs, char *new, int ret ) TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); } /* END_CASE */