Allocate ssl_config out of ssl_setup()
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 4f82283..cacfe0f 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c
@@ -92,6 +92,7 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt cacert; ((void) argc); @@ -105,6 +106,7 @@ * 0. Initialize the RNG and the session data */ mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -123,7 +125,7 @@ mbedtls_printf( " ok\n" ); /* - * 0. Initialize certificates + * 0. Load certificates */ mbedtls_printf( " . Loading the CA root certificate ..." ); fflush( stdout ); @@ -160,7 +162,13 @@ mbedtls_printf( " . Setting up the DTLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -322,6 +330,7 @@ mbedtls_x509_crt_free( &cacert ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy );
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index a4b86f7..869d919 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c
@@ -97,6 +97,7 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; #if defined(MBEDTLS_SSL_CACHE_C) @@ -104,6 +105,7 @@ #endif mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_ssl_cookie_init( &cookie_ctx ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init( &cache ); @@ -190,7 +192,13 @@ printf( " . Setting up the DTLS data..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -391,6 +399,7 @@ mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ssl_cookie_free( &cookie_ctx ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free( &cache );
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index cab6e8d..cd28845 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c
@@ -147,6 +147,7 @@ { exit_ok = 0, ctr_drbg_seed_failed, + ssl_config_default_failed, ssl_setup_failed, socket_failed, connect_failed, @@ -167,12 +168,14 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_ctr_drbg_init( &ctr_drbg ); /* * 0. Initialize and setup stuff */ mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init( &ca ); #endif @@ -185,7 +188,13 @@ goto exit; } - if( mbedtls_ssl_setup( &ssl ) != 0 ) + if( mbedtls_ssl_config_defaults( &conf ) != 0 ) + { + ret = ssl_config_defaults_failed; + goto exit; + } + + if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) { ret = ssl_setup_failed; goto exit; @@ -260,6 +269,7 @@ mbedtls_net_close( server_fd ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 37c24a2..d136cd6 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c
@@ -83,6 +83,7 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt cacert; #if defined(MBEDTLS_DEBUG_C) @@ -93,6 +94,7 @@ * 0. Initialize the RNG and the session data */ mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &cacert ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -148,7 +150,13 @@ mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -275,6 +283,7 @@ mbedtls_x509_crt_free( &cacert ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy );
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index de6ff65..309a68a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c
@@ -401,6 +401,7 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_ssl_session saved_session; #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt cacert; @@ -415,6 +416,7 @@ */ server_fd = 0; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) ); mbedtls_ctr_drbg_init( &ctr_drbg ); #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -1047,7 +1049,13 @@ mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); goto exit; @@ -1581,6 +1589,7 @@ #endif mbedtls_ssl_session_free( &saved_session ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index a0880e8..a26f85f 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c
@@ -103,11 +103,12 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; - memset( &ssl, 0, sizeof(mbedtls_ssl_context) ); - + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_entropy_init( &entropy ); mbedtls_pk_init( &pkey ); mbedtls_x509_crt_init( &srvcert ); @@ -248,7 +249,13 @@ goto exit; } - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -373,6 +380,7 @@ mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 8abe740..bf4bff9 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c
@@ -355,6 +355,7 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; mbedtls_pk_context pkey; @@ -368,6 +369,7 @@ */ server_fd = 0; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); memset( &buf, 0, sizeof( buf ) ); mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); @@ -582,7 +584,13 @@ mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -821,6 +829,7 @@ mbedtls_x509_crt_free( &cacert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy );
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 3432e5e..7303c5d 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c
@@ -130,10 +130,12 @@ unsigned char buf[1024]; char pers[50]; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_ctr_drbg_context ctr_drbg; /* Make sure memory references are valid */ mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id ); @@ -158,7 +160,14 @@ */ mbedtls_printf( " [ #%d ] Setting up the SSL data....\n", thread_id ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_config_defaults returned -0x%04x\n", + thread_id, -ret ); + goto thread_exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_setup returned -0x%04x\n", thread_id, -ret ); @@ -314,6 +323,7 @@ mbedtls_net_close( client_fd ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); thread_info->thread_complete = 1;
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index bd68d3d..a2b9a58 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c
@@ -97,6 +97,7 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; #if defined(MBEDTLS_SSL_CACHE_C) @@ -104,6 +105,7 @@ #endif mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init( &cache ); #endif @@ -189,7 +191,13 @@ mbedtls_printf( " . Setting up the SSL data...." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); goto exit; @@ -369,6 +377,7 @@ mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free( &cache ); #endif
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index be0d70c..013d339 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c
@@ -722,6 +722,7 @@ mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; #if defined(MBEDTLS_SSL_RENEGOTIATION) unsigned char renego_period[8] = { 0 }; #endif @@ -762,6 +763,7 @@ */ listen_fd = 0; mbedtls_ssl_init( &ssl ); + mbedtls_ssl_config_init( &conf ); mbedtls_ctr_drbg_init( &ctr_drbg ); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init( &cacert ); @@ -1518,7 +1520,13 @@ mbedtls_printf( " . Setting up the SSL/TLS structure..." ); fflush( stdout ); - if( ( ret = mbedtls_ssl_setup( &ssl ) ) != 0 ) + if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret ); + goto exit; + } + + if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret ); goto exit; @@ -2205,6 +2213,7 @@ #endif mbedtls_ssl_free( &ssl ); + mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy );