Make endpoint+transport args of config_defaults()
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3b11309..d515eb1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2267,7 +2267,8 @@
* \return 0 if successful, or
* MBEDTLS_ERR_XXX_ALLOC_FAILED on memorr allocation error.
*/
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf );
+int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
+ int endpoint, int transport );
/**
* \brief Free an SSL configuration context
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1b36913..dd477c7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4976,6 +4976,37 @@
memset( ssl-> in_buf, 0, len );
memset( ssl->out_buf, 0, len );
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ ssl->out_hdr = ssl->out_buf;
+ ssl->out_ctr = ssl->out_buf + 3;
+ ssl->out_len = ssl->out_buf + 11;
+ ssl->out_iv = ssl->out_buf + 13;
+ ssl->out_msg = ssl->out_buf + 13;
+
+ ssl->in_hdr = ssl->in_buf;
+ ssl->in_ctr = ssl->in_buf + 3;
+ ssl->in_len = ssl->in_buf + 11;
+ ssl->in_iv = ssl->in_buf + 13;
+ ssl->in_msg = ssl->in_buf + 13;
+ }
+ else
+#endif
+ {
+ ssl->out_ctr = ssl->out_buf;
+ ssl->out_hdr = ssl->out_buf + 8;
+ ssl->out_len = ssl->out_buf + 11;
+ ssl->out_iv = ssl->out_buf + 13;
+ ssl->out_msg = ssl->out_buf + 13;
+
+ ssl->in_ctr = ssl->in_buf;
+ ssl->in_hdr = ssl->in_buf + 8;
+ ssl->in_len = ssl->in_buf + 11;
+ ssl->in_iv = ssl->in_buf + 13;
+ ssl->in_msg = ssl->in_buf + 13;
+ }
+
if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
return( ret );
@@ -5140,72 +5171,13 @@
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint )
{
ssl->conf->endpoint = endpoint;
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
- defined(MBEDTLS_SSL_CLI_C)
- if( endpoint == MBEDTLS_SSL_IS_CLIENT )
- {
- ssl->conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
- ssl->conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
- }
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- if( endpoint == MBEDTLS_SSL_IS_SERVER )
- ssl->conf->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
-#endif
}
int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport )
{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- {
- ssl->conf->transport = transport;
+ ssl->conf->transport = transport;
- ssl->out_hdr = ssl->out_buf;
- ssl->out_ctr = ssl->out_buf + 3;
- ssl->out_len = ssl->out_buf + 11;
- ssl->out_iv = ssl->out_buf + 13;
- ssl->out_msg = ssl->out_buf + 13;
-
- ssl->in_hdr = ssl->in_buf;
- ssl->in_ctr = ssl->in_buf + 3;
- ssl->in_len = ssl->in_buf + 11;
- ssl->in_iv = ssl->in_buf + 13;
- ssl->in_msg = ssl->in_buf + 13;
-
- /* DTLS starts with TLS1.1 */
- if( ssl->conf->min_minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- ssl->conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
-
- if( ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- ssl->conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
-
- return( 0 );
- }
-#endif
-
- if( transport == MBEDTLS_SSL_TRANSPORT_STREAM )
- {
- ssl->conf->transport = transport;
-
- ssl->out_ctr = ssl->out_buf;
- ssl->out_hdr = ssl->out_buf + 8;
- ssl->out_len = ssl->out_buf + 11;
- ssl->out_iv = ssl->out_buf + 13;
- ssl->out_msg = ssl->out_buf + 13;
-
- ssl->in_ctr = ssl->in_buf;
- ssl->in_hdr = ssl->in_buf + 8;
- ssl->in_len = ssl->in_buf + 11;
- ssl->in_iv = ssl->in_buf + 13;
- ssl->in_msg = ssl->in_buf + 13;
-
- return( 0 );
- }
-
- return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+ return( 0 );
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -6641,17 +6613,42 @@
/*
* Load default in mbetls_ssl_config
*/
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf )
+int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
+ int endpoint, int transport )
{
int ret;
- conf->transport = MBEDTLS_SSL_TRANSPORT_STREAM;
+ conf->endpoint = endpoint;
+ conf->transport = transport;
conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ {
+ /* DTLS starts with TLS 1.1 */
+ conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
+#endif
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ if( endpoint == MBEDTLS_SSL_IS_SERVER )
+ conf->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
+#endif
+
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index cacfe0f..09cea3b 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -162,7 +162,9 @@
mbedtls_printf( " . Setting up the DTLS structure..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@@ -176,9 +178,6 @@
mbedtls_printf( " ok\n" );
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
- mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM );
-
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 869d919..4512943 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -192,7 +192,9 @@
printf( " . Setting up the DTLS data..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@@ -204,8 +206,6 @@
goto exit;
}
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
- mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index cd28845..694bf40 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -188,7 +188,9 @@
goto exit;
}
- if( mbedtls_ssl_config_defaults( &conf ) != 0 )
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM) != 0 )
{
ret = ssl_config_defaults_failed;
goto exit;
@@ -200,8 +202,6 @@
goto exit;
}
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index d136cd6..4804235 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -150,7 +150,9 @@
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@@ -164,7 +166,6 @@
mbedtls_printf( " ok\n" );
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 309a68a..1454067 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1049,7 +1049,9 @@
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ opt.transport ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
goto exit;
@@ -1066,17 +1068,10 @@
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
#endif
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ( ret = mbedtls_ssl_set_transport( &ssl, opt.transport ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! selected transport is not available\n" );
- goto exit;
- }
-
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index a26f85f..3837466 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -249,7 +249,9 @@
goto exit;
}
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@@ -263,7 +265,6 @@
mbedtls_printf( " ok\n" );
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index bf4bff9..26972f8 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -584,7 +584,9 @@
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@@ -598,7 +600,6 @@
mbedtls_printf( " ok\n" );
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 7303c5d..6896e97 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -160,7 +160,9 @@
*/
mbedtls_printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
thread_id, -ret );
@@ -174,7 +176,6 @@
goto thread_exit;
}
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index a2b9a58..5c2a7d2 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -191,7 +191,9 @@
mbedtls_printf( " . Setting up the SSL data...." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@@ -203,7 +205,6 @@
goto exit;
}
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 013d339..8955acf 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1520,7 +1520,9 @@
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ opt.transport ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
goto exit;
@@ -1537,12 +1539,6 @@
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ( ret = mbedtls_ssl_set_transport( &ssl, opt.transport ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! selected transport is not available\n" );
- goto exit;
- }
-
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 971dae1..a8bc64a 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -396,7 +396,9 @@
/*
* 3. Setup stuff
*/
- if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@@ -408,7 +410,6 @@
goto ssl_exit;
}
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
if( verify )
{
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index ce1cd91..c8acfea 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -17,9 +17,10 @@
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
- TEST_ASSERT( mbedtls_ssl_config_defaults( &conf ) == 0 );
+ TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM ) == 0 );
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
- TEST_ASSERT( mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM ) == 0 );
/* Read previous record numbers */
for( ; end_prevs - prevs >= 13; prevs += 13 )
