Move things to conf substructure
A simple series of sed invocations.
This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b0bd896..f94aae8 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -868,11 +868,13 @@
* Numerical settings (int then char)
*/
+ uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint32_t hs_timeout_min; /*!< initial value of the handshake
- retransmission timeout */
+ retransmission timeout (ms) */
uint32_t hs_timeout_max; /*!< maximum value of the handshake
- retransmission timeout */
+ retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -934,11 +936,12 @@
struct mbedtls_ssl_context
{
+ mbedtls_ssl_config *conf; /*!< configuration information */
+
/*
* Miscellaneous
*/
int state; /*!< SSL handshake: current state */
- int transport; /*!< Transport: stream or datagram */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_status; /*!< Initial, in progress, pending? */
int renego_records_seen; /*!< Records since renego request, or with DTLS,
@@ -949,60 +952,24 @@
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
- int max_major_ver; /*!< max. major version used */
- int max_minor_ver; /*!< max. minor version used */
- int min_major_ver; /*!< min. major version used */
- int min_minor_ver; /*!< min. minor version used */
-
- uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read in milliseconds */
-
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- unsigned badmac_limit; /*!< limit of records with a bad MAC */
unsigned badmac_seen; /*!< records with a bad MAC received */
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
char fallback; /*!< flag for fallback connections */
#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- char encrypt_then_mac; /*!< flag for encrypt-then-mac */
-#endif
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- char extended_ms; /*!< flag for extended master secret */
-#endif
- char arc4_disabled; /*!< flag for disabling RC4 */
/*
- * Callbacks (RNG, debug, I/O, verification)
+ * Callbacks
*/
int (*f_rng)(void *, unsigned char *, size_t);
- void (*f_dbg)(void *, int, const char *);
+ void *p_rng; /*!< context for the RNG function */
+
int (*f_send)(void *, const unsigned char *, size_t);
int (*f_recv)(void *, unsigned char *, size_t);
int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
- int (*f_get_cache)(void *, mbedtls_ssl_session *);
- int (*f_set_cache)(void *, const mbedtls_ssl_session *);
-
- void *p_rng; /*!< context for the RNG function */
- void *p_dbg; /*!< context for the debug function */
void *p_bio; /*!< context for I/O operations */
- void *p_get_cache; /*!< context for cache retrieval */
- void *p_set_cache; /*!< context for cache store */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_sni; /*!< context for SNI extension */
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *);
- void *p_vrfy; /*!< context for verification */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_psk; /*!< context for PSK retrieval */
-#endif
/*
* Session layer
@@ -1029,10 +996,6 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
struct mbedtls_timing_hr_time time_info; /*!< timer context */
unsigned long time_limit; /*!< limit for the running timer */
- uint32_t hs_timeout_min; /*!< initial value of the handshake
- retransmission timeout */
- uint32_t hs_timeout_max; /*!< maximum value of the handshake
- retransmission timeout */
#endif
/*
@@ -1059,7 +1022,6 @@
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
uint64_t in_window_top; /*!< last validated record seq_num */
uint64_t in_window; /*!< bitmask for replay detection */
- char anti_replay; /*!< is anti-replay on? */
#endif
size_t in_hslen; /*!< current handshake message length,
@@ -1084,9 +1046,6 @@
#if defined(MBEDTLS_ZLIB_SUPPORT)
unsigned char *compress_buf; /*!< zlib data buffer */
#endif
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
signed char split_done; /*!< flag for record splitting:
-1 disabled, 0 todo, 1 done */
@@ -1096,10 +1055,6 @@
* PKI layer
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
-
- mbedtls_x509_crt *ca_chain; /*!< own trusted CA chain */
- mbedtls_x509_crl *ca_crl; /*!< trusted CA CRLs */
const char *peer_cn; /*!< expected peer CN */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -1110,48 +1065,12 @@
mbedtls_ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+ int client_auth; /*!< flag for client auth. */
+ int verify_result; /*!< verification result */
+
/*
* User settings
*/
- int endpoint; /*!< 0: client, 1: server */
- int authmode; /*!< verification mode */
- int client_auth; /*!< flag for client auth. */
- int verify_result; /*!< verification result */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int disable_renegotiation; /*!< enable/disable renegotiation */
- int renego_max_records; /*!< grace period for renegotiation */
- unsigned char renego_period[8]; /*!< value of the record counters
- that triggers renegotiation */
-#endif
- /* needed for option break handshake with insecure peers */
- int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
- const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
-#if defined(MBEDTLS_SSL_SET_CURVES)
- const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
-#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- int trunc_hmac; /*!< negotiate truncated hmac? */
-#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- int session_tickets; /*!< use session tickets? */
- int ticket_lifetime; /*!< session ticket lifetime */
-#endif
-
-#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
- mbedtls_mpi dhm_G; /*!< generator for DHM */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- /*
- * PSK values
- */
- unsigned char *psk;
- size_t psk_len;
- unsigned char *psk_identity;
- size_t psk_identity_len;
-#endif
-
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/*
* SNI extension
@@ -1161,10 +1080,6 @@
#endif
#if defined(MBEDTLS_SSL_ALPN)
- /*
- * ALPN extension
- */
- const char **alpn_list; /*!< ordered list of supported protocols */
const char *alpn_chosen; /*!< negotiated protocol */
#endif
@@ -1174,11 +1089,6 @@
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
unsigned char *cli_id; /*!< transport-level ID of the client */
size_t cli_id_len; /*!< length of cli_id */
- int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
- const unsigned char *, size_t );
- int (*f_cookie_check)( void *, const unsigned char *, size_t,
- const unsigned char *, size_t );
- void *p_cookie; /*!< context for the cookie callbacks */
#endif
/*
@@ -2446,7 +2356,7 @@
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 13 );
#else
((void) ssl);
@@ -2457,7 +2367,7 @@
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 12 );
#else
((void) ssl);
diff --git a/library/debug.c b/library/debug.c
index 8dae2ed..3164ad7 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -83,18 +83,18 @@
char str[512];
int maxlen = sizeof( str ) - 1;
- if( ssl->f_dbg == NULL || level > debug_threshold )
+ if( ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_RAW )
{
- ssl->f_dbg( ssl->p_dbg, level, text );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, text );
return;
}
mbedtls_snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text );
str[maxlen] = '\0';
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
}
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
@@ -105,7 +105,7 @@
int maxlen = sizeof( str ) - 1;
size_t idx = 0;
- if( ssl->f_dbg == NULL || level > debug_threshold )
+ if( ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
@@ -115,7 +115,7 @@
text, ret, -ret );
str[maxlen] = '\0';
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
}
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
@@ -126,7 +126,7 @@
char txt[17];
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
- if( ssl->f_dbg == NULL || level > debug_threshold )
+ if( ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
@@ -136,7 +136,7 @@
text, (unsigned int) len );
str[maxlen] = '\0';
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
@@ -150,7 +150,7 @@
if( i > 0 )
{
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
@@ -175,7 +175,7 @@
idx += mbedtls_snprintf( str + idx, maxlen - idx, " " );
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
}
}
@@ -187,7 +187,7 @@
char str[512];
int maxlen = sizeof( str ) - 1;
- if( ssl->f_dbg == NULL || level > debug_threshold )
+ if( ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
mbedtls_snprintf( str, maxlen, "%s(X)", text );
@@ -209,7 +209,7 @@
int j, k, maxlen = sizeof( str ) - 1, zeros = 1;
size_t i, n, idx = 0;
- if( ssl->f_dbg == NULL || X == NULL || level > debug_threshold )
+ if( ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold )
return;
for( n = X->n - 1; n > 0; n-- )
@@ -227,7 +227,7 @@
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
str[maxlen] = '\0';
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
idx = 0;
for( i = n + 1, j = 0; i > 0; i-- )
@@ -247,7 +247,7 @@
if( j > 0 )
{
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
idx = 0;
}
@@ -274,7 +274,7 @@
}
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
}
#endif /* MBEDTLS_BIGNUM_C */
@@ -322,7 +322,7 @@
char str[1024], prefix[64];
int i = 0, maxlen = sizeof( prefix ) - 1, idx = 0;
- if( ssl->f_dbg == NULL || crt == NULL || level > debug_threshold )
+ if( ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
@@ -347,7 +347,7 @@
text, ++i, buf );
str[maxlen] = '\0';
- ssl->f_dbg( ssl->p_dbg, level, str );
+ ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9f04b2b..354cc5a 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -158,7 +158,7 @@
*olen = 0;
- if( ssl->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
return;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
@@ -262,7 +262,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
#if defined(MBEDTLS_SSL_SET_CURVES)
- for( grp_id = ssl->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
+ for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
#else
@@ -320,7 +320,7 @@
{
unsigned char *p = buf;
- if( ssl->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
+ if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
*olen = 0;
return;
}
@@ -333,7 +333,7 @@
*p++ = 0x00;
*p++ = 1;
- *p++ = ssl->mfl_code;
+ *p++ = ssl->conf->mfl_code;
*olen = 5;
}
@@ -345,7 +345,7 @@
{
unsigned char *p = buf;
- if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
+ if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
{
*olen = 0;
return;
@@ -369,8 +369,8 @@
{
unsigned char *p = buf;
- if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
- ssl->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
+ ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
*olen = 0;
return;
@@ -395,8 +395,8 @@
{
unsigned char *p = buf;
- if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
- ssl->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
+ if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+ ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
*olen = 0;
return;
@@ -422,7 +422,7 @@
unsigned char *p = buf;
size_t tlen = ssl->session_negotiate->ticket_len;
- if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
+ if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
{
*olen = 0;
return;
@@ -459,7 +459,7 @@
unsigned char *p = buf;
const char **cur;
- if( ssl->alpn_list == NULL )
+ if( ssl->conf->alpn_list == NULL )
{
*olen = 0;
return;
@@ -481,7 +481,7 @@
/* Skip writing extension and list length for now */
p += 4;
- for( cur = ssl->alpn_list; *cur != NULL; cur++ )
+ for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
{
*p = (unsigned char)( strlen( *cur ) & 0xFF );
memcpy( p + 1, *cur, *p );
@@ -515,7 +515,7 @@
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->verify_cookie != NULL )
{
return( 0 );
@@ -565,14 +565,14 @@
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{
- ssl->major_ver = ssl->min_major_ver;
- ssl->minor_ver = ssl->min_minor_ver;
+ ssl->major_ver = ssl->conf->min_major_ver;
+ ssl->minor_ver = ssl->conf->min_minor_ver;
}
- if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
+ if( ssl->conf->max_major_ver == 0 && ssl->conf->max_minor_ver == 0 )
{
- ssl->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
- ssl->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
+ ssl->conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
+ ssl->conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
/*
@@ -585,8 +585,8 @@
buf = ssl->out_msg;
p = buf + 4;
- mbedtls_ssl_write_version( ssl->max_major_ver, ssl->max_minor_ver,
- ssl->transport, p );
+ mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
+ ssl->conf->transport, p );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
@@ -659,7 +659,7 @@
* DTLS cookie
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( ssl->handshake->verify_cookie == NULL )
{
@@ -683,7 +683,7 @@
/*
* Ciphersuite list
*/
- ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+ ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
/* Skip writing ciphersuite length for now */
n = 0;
@@ -697,17 +697,17 @@
if( ciphersuite_info == NULL )
continue;
- if( ciphersuite_info->min_minor_ver > ssl->max_minor_ver ||
- ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
+ if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
+ ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
continue;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
continue;
#endif
- if( ssl->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
+ if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
continue;
@@ -760,7 +760,7 @@
* an actual need for it.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
offer_compress = 0;
#endif
@@ -860,7 +860,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_send_flight_completed( ssl );
#endif
@@ -928,9 +928,9 @@
* server should use the extension only if we did,
* and if so the server's value should match ours (and len is always 1)
*/
- if( ssl->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
+ if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
len != 1 ||
- buf[0] != ssl->mfl_code )
+ buf[0] != ssl->conf->mfl_code )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -944,7 +944,7 @@
const unsigned char *buf,
size_t len )
{
- if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
+ if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
len != 0 )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
@@ -963,7 +963,7 @@
const unsigned char *buf,
size_t len )
{
- if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
+ if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
len != 0 )
{
@@ -983,7 +983,7 @@
const unsigned char *buf,
size_t len )
{
- if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
+ if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
len != 0 )
{
@@ -1003,7 +1003,7 @@
const unsigned char *buf,
size_t len )
{
- if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
+ if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
len != 0 )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
@@ -1060,7 +1060,7 @@
const char **p;
/* If we didn't send it, the server shouldn't send it */
- if( ssl->alpn_list == NULL )
+ if( ssl->conf->alpn_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
/*
@@ -1086,7 +1086,7 @@
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
/* Check that the server chosen protocol was in our list and save it */
- for( p = ssl->alpn_list; *p != NULL; p++ )
+ for( p = ssl->conf->alpn_list; *p != NULL; p++ )
{
if( name_len == strlen( *p ) &&
memcmp( buf + 3, *p, name_len ) == 0 )
@@ -1119,7 +1119,7 @@
* } HelloVerifyRequest;
*/
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
- mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->transport, p );
+ mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
p += 2;
/*
@@ -1128,8 +1128,8 @@
*/
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
- major_ver > ssl->max_major_ver ||
- minor_ver > ssl->max_minor_ver )
+ major_ver > ssl->conf->max_major_ver ||
+ minor_ver > ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
@@ -1199,8 +1199,8 @@
{
ssl->renego_records_seen++;
- if( ssl->renego_max_records >= 0 &&
- ssl->renego_records_seen > ssl->renego_max_records )
+ if( ssl->conf->renego_max_records >= 0 &&
+ ssl->renego_records_seen > ssl->conf->renego_max_records )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
"but not honored by server" ) );
@@ -1217,7 +1217,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
{
@@ -1257,18 +1257,18 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
- ssl->transport, buf + 0 );
+ ssl->conf->transport, buf + 0 );
- if( ssl->major_ver < ssl->min_major_ver ||
- ssl->minor_ver < ssl->min_minor_ver ||
- ssl->major_ver > ssl->max_major_ver ||
- ssl->minor_ver > ssl->max_minor_ver )
+ if( ssl->major_ver < ssl->conf->min_major_ver ||
+ ssl->minor_ver < ssl->conf->min_minor_ver ||
+ ssl->major_ver > ssl->conf->max_major_ver ||
+ ssl->minor_ver > ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
" min: [%d:%d], server: [%d:%d], max: [%d:%d]",
- ssl->min_major_ver, ssl->min_minor_ver,
+ ssl->conf->min_major_ver, ssl->conf->min_minor_ver,
ssl->major_ver, ssl->minor_ver,
- ssl->max_major_ver, ssl->max_minor_ver ) );
+ ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@@ -1334,7 +1334,7 @@
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
accept_comp = 0;
#endif
@@ -1402,7 +1402,7 @@
suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
if( suite_info == NULL ||
- ( ssl->arc4_disabled &&
+ ( ssl->conf->arc4_disabled &&
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
@@ -1413,13 +1413,13 @@
i = 0;
while( 1 )
{
- if( ssl->ciphersuite_list[ssl->minor_ver][i] == 0 )
+ if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- if( ssl->ciphersuite_list[ssl->minor_ver][i++] ==
+ if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
ssl->session_negotiate->ciphersuite )
{
break;
@@ -1575,7 +1575,7 @@
* Renegotiation security checks
*/
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
@@ -1590,7 +1590,7 @@
}
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
@@ -1779,8 +1779,8 @@
* opaque random[46];
* } PreMasterSecret;
*/
- mbedtls_ssl_write_version( ssl->max_major_ver, ssl->max_minor_ver,
- ssl->transport, p );
+ mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
+ ssl->conf->transport, p );
if( ( ret = ssl->f_rng( ssl->p_rng, p + 2, 46 ) ) != 0 )
{
@@ -2426,7 +2426,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_recv_flight_completed( ssl );
#endif
@@ -2535,16 +2535,16 @@
/*
* opaque psk_identity<0..2^16-1>;
*/
- if( ssl->psk == NULL || ssl->psk_identity == NULL )
+ if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
i = 4;
- n = ssl->psk_identity_len;
+ n = ssl->conf->psk_identity_len;
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
ssl->out_msg[i++] = (unsigned char)( n );
- memcpy( ssl->out_msg + i, ssl->psk_identity, ssl->psk_identity_len );
- i += ssl->psk_identity_len;
+ memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
+ i += ssl->conf->psk_identity_len;
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
@@ -2944,7 +2944,7 @@
return( ret );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3a6a3fe..bb5e7e0 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -333,7 +333,7 @@
#if defined(MBEDTLS_HAVE_TIME)
/* Check if still valid */
- if( (int) ( time( NULL) - session.start ) > ssl->ticket_lifetime )
+ if( (int) ( time( NULL) - session.start ) > ssl->conf->ticket_lifetime )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "session ticket expired" ) );
mbedtls_ssl_session_free( &session );
@@ -363,7 +363,7 @@
const unsigned char *info,
size_t ilen )
{
- if( ssl->endpoint != MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
mbedtls_free( ssl->cli_id );
@@ -382,9 +382,9 @@
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie )
{
- ssl->f_cookie_write = f_cookie_write;
- ssl->f_cookie_check = f_cookie_check;
- ssl->p_cookie = p_cookie;
+ ssl->conf->f_cookie_write = f_cookie_write;
+ ssl->conf->f_cookie_check = f_cookie_check;
+ ssl->conf->p_cookie = p_cookie;
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
@@ -397,13 +397,13 @@
const unsigned char* name, size_t len )
{
int ret;
- mbedtls_ssl_key_cert *key_cert_ori = ssl->key_cert;
+ mbedtls_ssl_key_cert *key_cert_ori = ssl->conf->key_cert;
- ssl->key_cert = NULL;
- ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
- ssl->handshake->sni_key_cert = ssl->key_cert;
+ ssl->conf->key_cert = NULL;
+ ret = ssl->conf->f_sni( ssl->conf->p_sni, ssl, name, len );
+ ssl->handshake->sni_key_cert = ssl->conf->key_cert;
- ssl->key_cert = key_cert_ori;
+ ssl->conf->key_cert = key_cert_ori;
return( ret );
}
@@ -670,7 +670,7 @@
((void) buf);
- if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
+ if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
return( 0 );
@@ -690,7 +690,7 @@
((void) buf);
- if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
+ if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
@@ -713,7 +713,7 @@
((void) buf);
- if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
+ if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
@@ -730,7 +730,7 @@
{
int ret;
- if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
+ if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
return( 0 );
/* Remember the client asked us to send a new ticket */
@@ -778,7 +778,7 @@
const char **ours;
/* If ALPN not configured, just ignore the extension */
- if( ssl->alpn_list == NULL )
+ if( ssl->conf->alpn_list == NULL )
return( 0 );
/*
@@ -802,7 +802,7 @@
*/
start = buf + 2;
end = buf + len;
- for( ours = ssl->alpn_list; *ours != NULL; ours++ )
+ for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ )
{
ours_len = strlen( *ours );
for( theirs = start; theirs != end; theirs += cur_len )
@@ -982,12 +982,12 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
return( 0 );
#endif
- if( ssl->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
+ if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
@@ -1009,9 +1009,9 @@
/* If the ciphersuite requires a pre-shared key and we don't
* have one, skip it now rather than failing later */
if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
- ssl->f_psk == NULL &&
- ( ssl->psk == NULL || ssl->psk_identity == NULL ||
- ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+ ssl->conf->f_psk == NULL &&
+ ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
+ ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
return( 0 );
@@ -1100,15 +1100,15 @@
}
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
- ssl->minor_ver = ( buf[4] <= ssl->max_minor_ver )
- ? buf[4] : ssl->max_minor_ver;
+ ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
+ ? buf[4] : ssl->conf->max_minor_ver;
- if( ssl->minor_ver < ssl->min_minor_ver )
+ if( ssl->minor_ver < ssl->conf->min_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
" [%d:%d] < [%d:%d]",
ssl->major_ver, ssl->minor_ver,
- ssl->min_major_ver, ssl->min_minor_ver ) );
+ ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@@ -1224,7 +1224,7 @@
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
- if( ssl->minor_ver < ssl->max_minor_ver )
+ if( ssl->minor_ver < ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
@@ -1240,7 +1240,7 @@
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
got_common_suite = 0;
- ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+ ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
@@ -1291,7 +1291,7 @@
* SSLv2 Client Hello relevant renegotiation security checks
*/
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
@@ -1353,7 +1353,7 @@
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
#endif
if( ( buf[0] & 0x80 ) != 0 )
return ssl_parse_client_hello_v2( ssl );
@@ -1385,7 +1385,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
buf[1], buf[2] ) );
- mbedtls_ssl_read_version( &major, &minor, ssl->transport, buf + 1 );
+ mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
/* According to RFC 5246 Appendix E.1, the version here is typically
* "{03,00}, the lowest version number supported by the client, [or] the
@@ -1400,7 +1400,7 @@
/* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
@@ -1455,7 +1455,7 @@
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
else
#endif
@@ -1502,7 +1502,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/*
* Copy the client's handshake message_seq on initial handshakes,
@@ -1583,18 +1583,18 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
- ssl->transport, buf );
+ ssl->conf->transport, buf );
ssl->handshake->max_major_ver = ssl->major_ver;
ssl->handshake->max_minor_ver = ssl->minor_ver;
- if( ssl->major_ver < ssl->min_major_ver ||
- ssl->minor_ver < ssl->min_minor_ver )
+ if( ssl->major_ver < ssl->conf->min_major_ver ||
+ ssl->minor_ver < ssl->conf->min_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
" [%d:%d] < [%d:%d]",
ssl->major_ver, ssl->minor_ver,
- ssl->min_major_ver, ssl->min_minor_ver ) );
+ ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@@ -1602,13 +1602,13 @@
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
}
- if( ssl->major_ver > ssl->max_major_ver )
+ if( ssl->major_ver > ssl->conf->max_major_ver )
{
- ssl->major_ver = ssl->max_major_ver;
- ssl->minor_ver = ssl->max_minor_ver;
+ ssl->major_ver = ssl->conf->max_major_ver;
+ ssl->minor_ver = ssl->conf->max_minor_ver;
}
- else if( ssl->minor_ver > ssl->max_minor_ver )
- ssl->minor_ver = ssl->max_minor_ver;
+ else if( ssl->minor_ver > ssl->conf->max_minor_ver )
+ ssl->minor_ver = ssl->conf->max_minor_ver;
/*
* Save client random (inc. Unix time)
@@ -1641,7 +1641,7 @@
* Check the cookie length and content
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
cookie_offset = 35 + sess_len;
cookie_len = buf[cookie_offset];
@@ -1656,13 +1656,13 @@
buf + cookie_offset + 1, cookie_len );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( ssl->f_cookie_check != NULL
+ if( ssl->conf->f_cookie_check != NULL
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
)
{
- if( ssl->f_cookie_check( ssl->p_cookie,
+ if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
buf + cookie_offset + 1, cookie_len,
ssl->cli_id, ssl->cli_id_len ) != 0 )
{
@@ -1743,7 +1743,7 @@
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
#endif
@@ -1793,7 +1793,7 @@
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
case MBEDTLS_TLS_EXT_SERVERNAME:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
- if( ssl->f_sni == NULL )
+ if( ssl->conf->f_sni == NULL )
break;
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
@@ -1931,7 +1931,7 @@
{
MBEDTLS_SSL_DEBUG_MSG( 0, ( "received FALLBACK_SCSV" ) );
- if( ssl->minor_ver < ssl->max_minor_ver )
+ if( ssl->minor_ver < ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 0, ( "inapropriate fallback" ) );
@@ -1974,7 +1974,7 @@
* Renegotiation security checks
*/
if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
@@ -1989,7 +1989,7 @@
}
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
@@ -2017,7 +2017,7 @@
* and certificate from the SNI callback triggered by the SNI extension.)
*/
got_common_suite = 0;
- ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+ ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
@@ -2068,7 +2068,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_recv_flight_completed( ssl );
#endif
@@ -2351,12 +2351,12 @@
/* The RFC is not clear on this point, but sending the actual negotiated
* version looks like the most interoperable thing to do. */
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->transport, p );
+ ssl->conf->transport, p );
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
p += 2;
/* If we get here, f_cookie_check is not null */
- if( ssl->f_cookie_write == NULL )
+ if( ssl->conf->f_cookie_write == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -2365,7 +2365,7 @@
/* Skip length byte until we know the length */
cookie_len_byte = p++;
- if( ( ret = ssl->f_cookie_write( ssl->p_cookie,
+ if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
&p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN,
ssl->cli_id, ssl->cli_id_len ) ) != 0 )
{
@@ -2407,7 +2407,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->verify_cookie_len != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
@@ -2434,7 +2434,7 @@
p = buf + 4;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->transport, p );
+ ssl->conf->transport, p );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
@@ -2474,8 +2474,8 @@
ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
#endif
ssl->session_negotiate->length != 0 &&
- ssl->f_get_cache != NULL &&
- ssl->f_get_cache( ssl->p_get_cache, ssl->session_negotiate ) == 0 )
+ ssl->conf->f_get_cache != NULL &&
+ ssl->conf->f_get_cache( ssl->conf->p_get_cache, ssl->session_negotiate ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
ssl->handshake->resume = 1;
@@ -2651,7 +2651,7 @@
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ssl->authmode == MBEDTLS_SSL_VERIFY_NONE )
+ ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
return( 0 );
@@ -2743,7 +2743,7 @@
* opaque DistinguishedName<1..2^16-1>;
*/
p += 2;
- crt = ssl->ca_chain;
+ crt = ssl->conf->ca_chain;
total_dn_size = 0;
while( crt != NULL && crt->version != 0 )
@@ -2880,8 +2880,8 @@
* opaque dh_Ys<1..2^16-1>;
* } ServerDHParams;
*/
- if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->dhm_P ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->dhm_G ) ) != 0 )
+ if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 ||
+ ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
return( ret );
@@ -2927,7 +2927,7 @@
const mbedtls_ecp_group_id *gid;
/* Match our preference list against the offered curves */
- for( gid = ssl->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
+ for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
if( (*curve)->grp_id == *gid )
goto curve_matching_done;
@@ -3167,7 +3167,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_send_flight_completed( ssl );
#endif
@@ -3268,7 +3268,7 @@
mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
ssl->handshake->max_minor_ver,
- ssl->transport, ver );
+ ssl->conf->transport, ver );
/*
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
* must not cause the connection to end immediately; instead, send a
@@ -3320,9 +3320,9 @@
int ret = 0;
size_t n;
- if( ssl->f_psk == NULL &&
- ( ssl->psk == NULL || ssl->psk_identity == NULL ||
- ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+ if( ssl->conf->f_psk == NULL &&
+ ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
+ ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
@@ -3346,17 +3346,17 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
- if( ssl->f_psk != NULL )
+ if( ssl->conf->f_psk != NULL )
{
- if( ssl->f_psk( ssl->p_psk, ssl, *p, n ) != 0 )
+ if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
else
{
/* Identity is not a big secret since clients send it in the clear,
* but treat it carefully anyway, just in case */
- if( n != ssl->psk_identity_len ||
- mbedtls_ssl_safer_memcmp( ssl->psk_identity, *p, n ) != 0 )
+ if( n != ssl->conf->psk_identity_len ||
+ mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
{
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
@@ -3796,7 +3796,7 @@
{
int ret;
size_t tlen;
- uint32_t lifetime = (uint32_t) ssl->ticket_lifetime;
+ uint32_t lifetime = (uint32_t) ssl->conf->ticket_lifetime;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
@@ -3864,7 +3864,7 @@
return( ret );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9fb2c97..17c6495 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -68,7 +68,7 @@
static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 2 );
#else
((void) ssl);
@@ -111,16 +111,16 @@
{
uint32_t new_timeout;
- if( ssl->handshake->retransmit_timeout >= ssl->hs_timeout_max )
+ if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
return( -1 );
new_timeout = 2 * ssl->handshake->retransmit_timeout;
/* Avoid arithmetic overflow and range overflow */
if( new_timeout < ssl->handshake->retransmit_timeout ||
- new_timeout > ssl->hs_timeout_max )
+ new_timeout > ssl->conf->hs_timeout_max )
{
- new_timeout = ssl->hs_timeout_max;
+ new_timeout = ssl->conf->hs_timeout_max;
}
ssl->handshake->retransmit_timeout = new_timeout;
@@ -132,7 +132,7 @@
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
{
- ssl->handshake->retransmit_timeout = ssl->hs_timeout_min;
+ ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
ssl->handshake->retransmit_timeout ) );
}
@@ -772,7 +772,7 @@
* Finally setup the cipher contexts, IVs and MAC secrets.
*/
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
key1 = keyblk + transform->maclen * 2;
key2 = keyblk + transform->maclen * 2 + transform->keylen;
@@ -792,7 +792,7 @@
else
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{
key1 = keyblk + transform->maclen * 2 + transform->keylen;
key2 = keyblk + transform->maclen * 2;
@@ -1077,12 +1077,12 @@
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
{
- if( end - p < 2 + (int) ssl->psk_len )
+ if( end - p < 2 + (int) ssl->conf->psk_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- *(p++) = (unsigned char)( ssl->psk_len >> 8 );
- *(p++) = (unsigned char)( ssl->psk_len );
- p += ssl->psk_len;
+ *(p++) = (unsigned char)( ssl->conf->psk_len >> 8 );
+ *(p++) = (unsigned char)( ssl->conf->psk_len );
+ p += ssl->conf->psk_len;
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
@@ -1149,13 +1149,13 @@
}
/* opaque psk<0..2^16-1>; */
- if( end - p < 2 + (int) ssl->psk_len )
+ if( end - p < 2 + (int) ssl->conf->psk_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- *(p++) = (unsigned char)( ssl->psk_len >> 8 );
- *(p++) = (unsigned char)( ssl->psk_len );
- memcpy( p, ssl->psk, ssl->psk_len );
- p += ssl->psk_len;
+ *(p++) = (unsigned char)( ssl->conf->psk_len >> 8 );
+ *(p++) = (unsigned char)( ssl->conf->psk_len );
+ memcpy( p, ssl->conf->psk, ssl->conf->psk_len );
+ p += ssl->conf->psk_len;
ssl->handshake->pmslen = p - ssl->handshake->premaster;
@@ -1327,7 +1327,7 @@
memcpy( add_data, ssl->out_ctr, 8 );
add_data[8] = ssl->out_msgtype;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->transport, add_data + 9 );
+ ssl->conf->transport, add_data + 9 );
add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
add_data[12] = ssl->out_msglen & 0xFF;
@@ -1622,7 +1622,7 @@
memcpy( add_data, ssl->in_ctr, 8 );
add_data[8] = ssl->in_msgtype;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->transport, add_data + 9 );
+ ssl->conf->transport, add_data + 9 );
add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
add_data[12] = ssl->in_msglen & 0xFF;
@@ -2005,7 +2005,7 @@
ssl->nb_zero = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
; /* in_ctr read from peer, not maintained internally */
}
@@ -2138,9 +2138,9 @@
{
/* If renegotiation is not enforced, retransmit until we would reach max
* timeout if we were using the usual handshake doubling scheme */
- if( ssl->renego_max_records < 0 )
+ if( ssl->conf->renego_max_records < 0 )
{
- uint32_t ratio = ssl->hs_timeout_max / ssl->hs_timeout_min + 1;
+ uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
unsigned char doublings = 1;
while( ratio != 0 )
@@ -2197,7 +2197,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
uint32_t timeout;
@@ -2272,7 +2272,7 @@
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
timeout = ssl->handshake->retransmit_timeout;
else
- timeout = ssl->read_timeout;
+ timeout = ssl->conf->read_timeout;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
@@ -2310,7 +2310,7 @@
return( MBEDTLS_ERR_NET_WANT_READ );
}
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
- else if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
{
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
@@ -2655,7 +2655,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{
@@ -2677,7 +2677,7 @@
* uint24 fragment_length;
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Make room for the additional DTLS fields */
memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
@@ -2709,7 +2709,7 @@
/* Save handshake and CCS messages for resending */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING &&
( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ||
@@ -2757,7 +2757,7 @@
{
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->transport, ssl->out_hdr + 1 );
+ ssl->conf->transport, ssl->out_hdr + 1 );
ssl->out_len[0] = (unsigned char)( len >> 8 );
ssl->out_len[1] = (unsigned char)( len );
@@ -3036,7 +3036,7 @@
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
int ret;
unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
@@ -3104,7 +3104,7 @@
/* Handshake message is complete, increment counter */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL )
{
ssl->handshake->in_msg_seq++;
@@ -3149,7 +3149,7 @@
uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
uint64_t bit;
- if( ssl->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
+ if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
return( 0 );
if( rec_seqnum > ssl->in_window_top )
@@ -3173,7 +3173,7 @@
{
uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
- if( ssl->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
+ if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
return;
if( rec_seqnum > ssl->in_window_top )
@@ -3218,7 +3218,7 @@
ssl->in_msgtype = ssl->in_hdr[0];
ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
- mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->transport, ssl->in_hdr + 1 );
+ mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
"version = [%d:%d], msglen = %d",
@@ -3244,7 +3244,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Drop unexpected ChangeCipherSpec messages */
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
@@ -3278,7 +3278,7 @@
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
}
- if( minor_ver > ssl->max_minor_ver )
+ if( minor_ver > ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
@@ -3286,7 +3286,7 @@
/* Check epoch (and sequence number) with DTLS */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
@@ -3421,7 +3421,7 @@
#endif /* MBEDTLS_ZLIB_SUPPORT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
mbedtls_ssl_dtls_replay_update( ssl );
}
@@ -3480,7 +3480,7 @@
if( ( ret = ssl_parse_record_header( ssl ) ) != 0 )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Ignore bad record and get next one; drop the whole datagram
* since current header cannot be trusted to find the next record
@@ -3507,7 +3507,7 @@
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
else
#endif
@@ -3516,15 +3516,15 @@
if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* Silently discard invalid records */
if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD ||
ret == MBEDTLS_ERR_SSL_INVALID_MAC )
{
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- if( ssl->badmac_limit != 0 &&
- ++ssl->badmac_seen >= ssl->badmac_limit )
+ if( ssl->conf->badmac_limit != 0 &&
+ ++ssl->badmac_seen >= ssl->conf->badmac_limit )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
@@ -3569,7 +3569,7 @@
* being mistaken for an ancient message in the current handshake.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
{
@@ -3735,7 +3735,7 @@
}
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
if( ssl->client_auth == 0 )
{
@@ -3764,7 +3764,7 @@
}
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{
if( mbedtls_ssl_own_cert( ssl ) == NULL )
{
@@ -3849,8 +3849,8 @@
}
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER &&
- ( ssl->authmode == MBEDTLS_SSL_VERIFY_NONE ||
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ ( ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) )
{
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
@@ -3873,7 +3873,7 @@
/*
* Check if the client sent an empty certificate
*/
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
if( ssl->in_msglen == 2 &&
@@ -3884,7 +3884,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
- if( ssl->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
+ if( ssl->conf->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
return( 0 );
else
return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
@@ -3894,7 +3894,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
@@ -3905,7 +3905,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
- if( ssl->authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
+ if( ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
else
return( 0 );
@@ -3997,7 +3997,7 @@
* avoid "triple handshake" attack: https://secure-resumption.com/
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
{
if( ssl->session->peer_cert == NULL )
@@ -4018,9 +4018,9 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
- if( ssl->authmode != MBEDTLS_SSL_VERIFY_NONE )
+ if( ssl->conf->authmode != MBEDTLS_SSL_VERIFY_NONE )
{
- if( ssl->ca_chain == NULL )
+ if( ssl->conf->ca_chain == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
return( MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED );
@@ -4030,9 +4030,9 @@
* Main check: verify certificate
*/
ret = mbedtls_x509_crt_verify( ssl->session_negotiate->peer_cert,
- ssl->ca_chain, ssl->ca_crl, ssl->peer_cn,
+ ssl->conf->ca_chain, ssl->conf->ca_crl, ssl->peer_cn,
&ssl->session_negotiate->verify_result,
- ssl->f_vrfy, ssl->p_vrfy );
+ ssl->conf->f_vrfy, ssl->conf->p_vrfy );
if( ret != 0 )
{
@@ -4060,7 +4060,7 @@
if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
ciphersuite_info,
- ! ssl->endpoint,
+ ! ssl->conf->endpoint,
&ssl->session_negotiate->verify_result ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
@@ -4068,7 +4068,7 @@
ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
}
- if( ssl->authmode != MBEDTLS_SSL_VERIFY_REQUIRED )
+ if( ssl->conf->authmode != MBEDTLS_SSL_VERIFY_REQUIRED )
ret = 0;
}
@@ -4140,7 +4140,7 @@
ssl->session_in = ssl->session_negotiate;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
ssl_dtls_replay_reset( ssl );
@@ -4571,16 +4571,16 @@
/*
* Add cache entry
*/
- if( ssl->f_set_cache != NULL &&
+ if( ssl->conf->f_set_cache != NULL &&
ssl->session->length != 0 &&
resume == 0 )
{
- if( ssl->f_set_cache( ssl->p_set_cache, ssl->session ) != 0 )
+ if( ssl->conf->f_set_cache( ssl->conf->p_set_cache, ssl->session ) != 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->flight != NULL )
{
/* Cancel handshake timer */
@@ -4616,7 +4616,7 @@
else
ssl->out_msg = ssl->out_iv;
- ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->endpoint );
+ ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
// TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
@@ -4637,11 +4637,11 @@
if( ssl->handshake->resume != 0 )
{
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
#endif
}
@@ -4655,7 +4655,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
unsigned char i;
@@ -4697,7 +4697,7 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_send_flight_completed( ssl );
#endif
@@ -4726,7 +4726,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
- ssl->handshake->calc_finished( ssl, buf, ssl->endpoint ^ 1 );
+ ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
{
@@ -4770,11 +4770,11 @@
if( ssl->handshake->resume != 0 )
{
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
#endif
}
@@ -4782,7 +4782,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_recv_flight_completed( ssl );
#endif
@@ -4893,7 +4893,7 @@
ssl_handshake_params_init( ssl->handshake );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- ssl->handshake->key_cert = ssl->key_cert;
+ ssl->handshake->key_cert = ssl->conf->key_cert;
#endif
/*
@@ -4904,7 +4904,7 @@
ssl->handshake->alt_transform_out = ssl->transform_out;
// TODO: not the right place, we may not know endpoint yet
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
else
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
@@ -4958,28 +4958,34 @@
int ret;
int len = MBEDTLS_SSL_BUFFER_LEN;
+ ssl->conf = mbedtls_malloc( sizeof( mbedtls_ssl_config ) );
+ if( ssl->conf == NULL )
+ return( MBEDTLS_ERR_SSL_MALLOC_FAILED );
+
+ memset( ssl->conf, 0, sizeof( mbedtls_ssl_config ) );
+
/*
* Sane defaults
*/
- ssl->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
- ssl->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
- ssl->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
- ssl->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
+ ssl->conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
+ ssl->conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
+ ssl->conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
+ ssl->conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
mbedtls_ssl_set_ciphersuites( ssl, mbedtls_ssl_list_ciphersuites() );
mbedtls_ssl_set_arc4_support( ssl, MBEDTLS_SSL_ARC4_DISABLED );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
- memset( ssl->renego_period, 0xFF, 7 );
- ssl->renego_period[7] = 0x00;
+ ssl->conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
+ memset( ssl->conf->renego_period, 0xFF, 7 );
+ ssl->conf->renego_period[7] = 0x00;
#endif
#if defined(MBEDTLS_DHM_C)
- if( ( ret = mbedtls_mpi_read_string( &ssl->dhm_P, 16,
+ if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_P, 16,
MBEDTLS_DHM_RFC5114_MODP_1024_P) ) != 0 ||
- ( ret = mbedtls_mpi_read_string( &ssl->dhm_G, 16,
+ ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_G, 16,
MBEDTLS_DHM_RFC5114_MODP_1024_G) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
@@ -5006,33 +5012,33 @@
(void) mbedtls_ssl_set_transport( ssl, MBEDTLS_SSL_TRANSPORT_STREAM );
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
+ ssl->conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- ssl->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+ ssl->conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- ssl->ticket_lifetime = MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME;
+ ssl->conf->ticket_lifetime = MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME;
#endif
#if defined(MBEDTLS_SSL_SET_CURVES)
- ssl->curve_list = mbedtls_ecp_grp_id_list( );
+ ssl->conf->curve_list = mbedtls_ecp_grp_id_list( );
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- ssl->f_cookie_write = ssl_cookie_write_dummy;
- ssl->f_cookie_check = ssl_cookie_check_dummy;
+ ssl->conf->f_cookie_write = ssl_cookie_write_dummy;
+ ssl->conf->f_cookie_check = ssl_cookie_check_dummy;
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- ssl->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
+ ssl->conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- ssl->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
- ssl->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
+ ssl->conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
+ ssl->conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
#endif
if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
@@ -5198,20 +5204,20 @@
*/
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint )
{
- ssl->endpoint = endpoint;
+ ssl->conf->endpoint = endpoint;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_CLI_C)
if( endpoint == MBEDTLS_SSL_IS_CLIENT )
{
- ssl->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
- ssl->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
+ ssl->conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
+ ssl->conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
}
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( endpoint == MBEDTLS_SSL_IS_SERVER )
- ssl->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
+ ssl->conf->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
#endif
}
@@ -5220,7 +5226,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- ssl->transport = transport;
+ ssl->conf->transport = transport;
ssl->out_hdr = ssl->out_buf;
ssl->out_ctr = ssl->out_buf + 3;
@@ -5235,11 +5241,11 @@
ssl->in_msg = ssl->in_buf + 13;
/* DTLS starts with TLS1.1 */
- if( ssl->min_minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- ssl->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
+ if( ssl->conf->min_minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+ ssl->conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
- if( ssl->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
- ssl->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
+ if( ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+ ssl->conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
return( 0 );
}
@@ -5247,7 +5253,7 @@
if( transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
- ssl->transport = transport;
+ ssl->conf->transport = transport;
ssl->out_ctr = ssl->out_buf;
ssl->out_hdr = ssl->out_buf + 8;
@@ -5270,28 +5276,28 @@
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode )
{
- ssl->anti_replay = mode;
+ ssl->conf->anti_replay = mode;
}
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit )
{
- ssl->badmac_limit = limit;
+ ssl->conf->badmac_limit = limit;
}
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max )
{
- ssl->hs_timeout_min = min;
- ssl->hs_timeout_max = max;
+ ssl->conf->hs_timeout_min = min;
+ ssl->conf->hs_timeout_max = max;
}
#endif
void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode )
{
- ssl->authmode = authmode;
+ ssl->conf->authmode = authmode;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -5299,8 +5305,8 @@
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
void *p_vrfy )
{
- ssl->f_vrfy = f_vrfy;
- ssl->p_vrfy = p_vrfy;
+ ssl->conf->f_vrfy = f_vrfy;
+ ssl->conf->p_vrfy = p_vrfy;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -5316,8 +5322,8 @@
void (*f_dbg)(void *, int, const char *),
void *p_dbg )
{
- ssl->f_dbg = f_dbg;
- ssl->p_dbg = p_dbg;
+ ssl->conf->f_dbg = f_dbg;
+ ssl->conf->p_dbg = p_dbg;
}
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -5350,7 +5356,7 @@
ssl->f_send = f_send;
ssl->f_recv = f_recv;
ssl->f_recv_timeout = f_recv_timeout;
- ssl->read_timeout = timeout;
+ ssl->conf->read_timeout = timeout;
}
#if defined(MBEDTLS_SSL_SRV_C)
@@ -5358,10 +5364,10 @@
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache )
{
- ssl->f_get_cache = f_get_cache;
- ssl->p_get_cache = p_get_cache;
- ssl->f_set_cache = f_set_cache;
- ssl->p_set_cache = p_set_cache;
+ ssl->conf->f_get_cache = f_get_cache;
+ ssl->conf->p_get_cache = p_get_cache;
+ ssl->conf->f_set_cache = f_set_cache;
+ ssl->conf->p_set_cache = p_set_cache;
}
#endif /* MBEDTLS_SSL_SRV_C */
@@ -5373,7 +5379,7 @@
if( ssl == NULL ||
session == NULL ||
ssl->session_negotiate == NULL ||
- ssl->endpoint != MBEDTLS_SSL_IS_CLIENT )
+ ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -5389,10 +5395,10 @@
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites )
{
- ssl->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
- ssl->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
- ssl->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
- ssl->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
+ ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
+ ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
+ ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
+ ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
}
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
@@ -5405,7 +5411,7 @@
if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
return;
- ssl->ciphersuite_list[minor] = ciphersuites;
+ ssl->conf->ciphersuite_list[minor] = ciphersuites;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -5421,15 +5427,15 @@
memset( key_cert, 0, sizeof( mbedtls_ssl_key_cert ) );
/* Append the new key_cert to the (possibly empty) current list */
- if( ssl->key_cert == NULL )
+ if( ssl->conf->key_cert == NULL )
{
- ssl->key_cert = key_cert;
+ ssl->conf->key_cert = key_cert;
if( ssl->handshake != NULL )
ssl->handshake->key_cert = key_cert;
}
else
{
- last = ssl->key_cert;
+ last = ssl->conf->key_cert;
while( last->next != NULL )
last = last->next;
last->next = key_cert;
@@ -5441,8 +5447,8 @@
void mbedtls_ssl_set_ca_chain( mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain,
mbedtls_x509_crl *ca_crl, const char *peer_cn )
{
- ssl->ca_chain = ca_chain;
- ssl->ca_crl = ca_crl;
+ ssl->conf->ca_chain = ca_chain;
+ ssl->conf->ca_crl = ca_crl;
ssl->peer_cn = peer_cn;
}
@@ -5471,25 +5477,25 @@
if( psk_len > MBEDTLS_PSK_MAX_LEN )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( ssl->psk != NULL || ssl->psk_identity != NULL )
+ if( ssl->conf->psk != NULL || ssl->conf->psk_identity != NULL )
{
- mbedtls_free( ssl->psk );
- mbedtls_free( ssl->psk_identity );
+ mbedtls_free( ssl->conf->psk );
+ mbedtls_free( ssl->conf->psk_identity );
}
- if( ( ssl->psk = mbedtls_malloc( psk_len ) ) == NULL ||
- ( ssl->psk_identity = mbedtls_malloc( psk_identity_len ) ) == NULL )
+ if( ( ssl->conf->psk = mbedtls_malloc( psk_len ) ) == NULL ||
+ ( ssl->conf->psk_identity = mbedtls_malloc( psk_identity_len ) ) == NULL )
{
- mbedtls_free( ssl->psk );
- ssl->psk = NULL;
+ mbedtls_free( ssl->conf->psk );
+ ssl->conf->psk = NULL;
return( MBEDTLS_ERR_SSL_MALLOC_FAILED );
}
- ssl->psk_len = psk_len;
- ssl->psk_identity_len = psk_identity_len;
+ ssl->conf->psk_len = psk_len;
+ ssl->conf->psk_identity_len = psk_identity_len;
- memcpy( ssl->psk, psk, ssl->psk_len );
- memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len );
+ memcpy( ssl->conf->psk, psk, ssl->conf->psk_len );
+ memcpy( ssl->conf->psk_identity, psk_identity, ssl->conf->psk_identity_len );
return( 0 );
}
@@ -5499,8 +5505,8 @@
size_t),
void *p_psk )
{
- ssl->f_psk = f_psk;
- ssl->p_psk = p_psk;
+ ssl->conf->f_psk = f_psk;
+ ssl->conf->p_psk = p_psk;
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
@@ -5509,13 +5515,13 @@
{
int ret;
- if( ( ret = mbedtls_mpi_read_string( &ssl->dhm_P, 16, dhm_P ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_P, 16, dhm_P ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
return( ret );
}
- if( ( ret = mbedtls_mpi_read_string( &ssl->dhm_G, 16, dhm_G ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_G, 16, dhm_G ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
return( ret );
@@ -5528,13 +5534,13 @@
{
int ret;
- if( ( ret = mbedtls_mpi_copy( &ssl->dhm_P, &dhm_ctx->P ) ) != 0 )
+ if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_P, &dhm_ctx->P ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
return( ret );
}
- if( ( ret = mbedtls_mpi_copy( &ssl->dhm_G, &dhm_ctx->G ) ) != 0 )
+ if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_G, &dhm_ctx->G ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
return( ret );
@@ -5550,7 +5556,7 @@
*/
void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curve_list )
{
- ssl->curve_list = curve_list;
+ ssl->conf->curve_list = curve_list;
}
#endif
@@ -5583,8 +5589,8 @@
const unsigned char *, size_t),
void *p_sni )
{
- ssl->f_sni = f_sni;
- ssl->p_sni = p_sni;
+ ssl->conf->f_sni = f_sni;
+ ssl->conf->p_sni = p_sni;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
@@ -5608,7 +5614,7 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- ssl->alpn_list = protos;
+ ssl->conf->alpn_list = protos;
return( 0 );
}
@@ -5628,7 +5634,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
minor < MBEDTLS_SSL_MINOR_VERSION_2 )
{
return( -1 );
@@ -5645,8 +5651,8 @@
if( ssl_check_version( ssl, major, minor ) != 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- ssl->max_major_ver = major;
- ssl->max_minor_ver = minor;
+ ssl->conf->max_major_ver = major;
+ ssl->conf->max_minor_ver = minor;
return( 0 );
}
@@ -5656,8 +5662,8 @@
if( ssl_check_version( ssl, major, minor ) != 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- ssl->min_major_ver = major;
- ssl->min_minor_ver = minor;
+ ssl->conf->min_major_ver = major;
+ ssl->conf->min_minor_ver = minor;
return( 0 );
}
@@ -5672,20 +5678,20 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm )
{
- ssl->encrypt_then_mac = etm;
+ ssl->conf->encrypt_then_mac = etm;
}
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems )
{
- ssl->extended_ms = ems;
+ ssl->conf->extended_ms = ems;
}
#endif
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 )
{
- ssl->arc4_disabled = arc4;
+ ssl->conf->arc4_disabled = arc4;
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -5697,7 +5703,7 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- ssl->mfl_code = mfl_code;
+ ssl->conf->mfl_code = mfl_code;
return( 0 );
}
@@ -5706,7 +5712,7 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate )
{
- ssl->trunc_hmac = truncate;
+ ssl->conf->trunc_hmac = truncate;
return( 0 );
}
@@ -5721,34 +5727,34 @@
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy )
{
- ssl->allow_legacy_renegotiation = allow_legacy;
+ ssl->conf->allow_legacy_renegotiation = allow_legacy;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation )
{
- ssl->disable_renegotiation = renegotiation;
+ ssl->conf->disable_renegotiation = renegotiation;
}
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records )
{
- ssl->renego_max_records = max_records;
+ ssl->conf->renego_max_records = max_records;
}
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl,
const unsigned char period[8] )
{
- memcpy( ssl->renego_period, period, 8 );
+ memcpy( ssl->conf->renego_period, period, 8 );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets )
{
- ssl->session_tickets = use_tickets;
+ ssl->conf->session_tickets = use_tickets;
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
return( 0 );
#endif
@@ -5763,7 +5769,7 @@
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime )
{
- ssl->ticket_lifetime = lifetime;
+ ssl->conf->ticket_lifetime = lifetime;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
@@ -5797,7 +5803,7 @@
const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
switch( ssl->minor_ver )
{
@@ -5882,7 +5888,7 @@
if( ssl == NULL ||
dst == NULL ||
ssl->session == NULL ||
- ssl->endpoint != MBEDTLS_SSL_IS_CLIENT )
+ ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -5899,11 +5905,11 @@
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ret = mbedtls_ssl_handshake_client_step( ssl );
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
ret = mbedtls_ssl_handshake_server_step( ssl );
#endif
@@ -5980,10 +5986,10 @@
/* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
* the ServerHello will have message_seq = 1" */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
{
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
ssl->handshake->out_msg_seq = 1;
else
ssl->handshake->in_msg_seq = 1;
@@ -6014,7 +6020,7 @@
#if defined(MBEDTLS_SSL_SRV_C)
/* On server, just send the request */
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
{
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -6065,14 +6071,14 @@
{
if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
- ssl->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
+ ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
{
return( 0 );
}
// TODO: adapt for DTLS
- if( memcmp( ssl->in_ctr, ssl->renego_period, 8 ) <= 0 &&
- memcmp( ssl->out_ctr, ssl->renego_period, 8 ) <= 0 )
+ if( memcmp( ssl->in_ctr, ssl->conf->renego_period, 8 ) <= 0 &&
+ memcmp( ssl->out_ctr, ssl->conf->renego_period, 8 ) <= 0 )
{
return( 0 );
}
@@ -6093,7 +6099,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
@@ -6134,7 +6140,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
/* Start timer if not already running */
if( ssl->time_limit == 0 )
- ssl_set_timer( ssl, ssl->read_timeout );
+ ssl_set_timer( ssl, ssl->conf->read_timeout );
#endif
if( ! record_read )
@@ -6171,7 +6177,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
#if defined(MBEDTLS_SSL_CLI_C)
- if( ssl->endpoint == MBEDTLS_SSL_IS_CLIENT &&
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) )
{
@@ -6179,29 +6185,29 @@
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( MBEDTLS_ERR_NET_WANT_READ );
#endif
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
/* With DTLS, drop the packet (probably from last handshake) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( MBEDTLS_ERR_NET_WANT_READ );
#endif
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
#endif
- if( ssl->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
+ if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation ==
+ ssl->conf->allow_legacy_renegotiation ==
MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
@@ -6240,8 +6246,8 @@
{
/* DTLS clients need to know renego is server-initiated */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- ssl->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
}
@@ -6266,9 +6272,9 @@
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
{
- if( ssl->renego_max_records >= 0 )
+ if( ssl->conf->renego_max_records >= 0 )
{
- if( ++ssl->renego_records_seen > ssl->renego_max_records )
+ if( ++ssl->renego_records_seen > ssl->conf->renego_max_records )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
"but not honored by client" ) );
@@ -6303,7 +6309,7 @@
* Do it now, after setting in_offt, to avoid taking this branch
* again if ssl_write_hello_request() returns WANT_WRITE */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
- if( ssl->endpoint == MBEDTLS_SSL_IS_SERVER &&
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
{
if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
@@ -6350,7 +6356,7 @@
/*
* Assume mfl_code is correct since it was checked when set
*/
- max_len = mfl_code_to_length[ssl->mfl_code];
+ max_len = mfl_code_to_length[ssl->conf->mfl_code];
/*
* Check if a smaller max length was negotiated
@@ -6364,7 +6370,7 @@
if( len > max_len )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
"maximum fragment length: %d > %d",
@@ -6632,8 +6638,8 @@
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi_free( &ssl->dhm_P );
- mbedtls_mpi_free( &ssl->dhm_G );
+ mbedtls_mpi_free( &ssl->conf->dhm_P );
+ mbedtls_mpi_free( &ssl->conf->dhm_G );
#endif
if( ssl->transform )
@@ -6677,19 +6683,19 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- if( ssl->psk != NULL )
+ if( ssl->conf->psk != NULL )
{
- mbedtls_zeroize( ssl->psk, ssl->psk_len );
- mbedtls_zeroize( ssl->psk_identity, ssl->psk_identity_len );
- mbedtls_free( ssl->psk );
- mbedtls_free( ssl->psk_identity );
- ssl->psk_len = 0;
- ssl->psk_identity_len = 0;
+ mbedtls_zeroize( ssl->conf->psk, ssl->conf->psk_len );
+ mbedtls_zeroize( ssl->conf->psk_identity, ssl->conf->psk_identity_len );
+ mbedtls_free( ssl->conf->psk );
+ mbedtls_free( ssl->conf->psk_identity );
+ ssl->conf->psk_len = 0;
+ ssl->conf->psk_identity_len = 0;
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- ssl_key_cert_free( ssl->key_cert );
+ ssl_key_cert_free( ssl->conf->key_cert );
#endif
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
@@ -6786,7 +6792,7 @@
{
const mbedtls_ecp_group_id *gid;
- for( gid = ssl->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
+ for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
if( *gid == grp_id )
return( 1 );
