Make endpoint+transport args of config_defaults()

This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-04 19:32:36 +02:00
parent def0bbe3ab
commit 419d5ae419
14 changed files with 98 additions and 103 deletions

View file

@ -2267,7 +2267,8 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
* \return 0 if successful, or
* MBEDTLS_ERR_XXX_ALLOC_FAILED on memorr allocation error.
*/
int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf );
int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
int endpoint, int transport );
/**
* \brief Free an SSL configuration context

View file

@ -4976,6 +4976,37 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
memset( ssl-> in_buf, 0, len );
memset( ssl->out_buf, 0, len );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ssl->out_hdr = ssl->out_buf;
ssl->out_ctr = ssl->out_buf + 3;
ssl->out_len = ssl->out_buf + 11;
ssl->out_iv = ssl->out_buf + 13;
ssl->out_msg = ssl->out_buf + 13;
ssl->in_hdr = ssl->in_buf;
ssl->in_ctr = ssl->in_buf + 3;
ssl->in_len = ssl->in_buf + 11;
ssl->in_iv = ssl->in_buf + 13;
ssl->in_msg = ssl->in_buf + 13;
}
else
#endif
{
ssl->out_ctr = ssl->out_buf;
ssl->out_hdr = ssl->out_buf + 8;
ssl->out_len = ssl->out_buf + 11;
ssl->out_iv = ssl->out_buf + 13;
ssl->out_msg = ssl->out_buf + 13;
ssl->in_ctr = ssl->in_buf;
ssl->in_hdr = ssl->in_buf + 8;
ssl->in_len = ssl->in_buf + 11;
ssl->in_iv = ssl->in_buf + 13;
ssl->in_msg = ssl->in_buf + 13;
}
if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
return( ret );
@ -5140,72 +5171,13 @@ static int ssl_ticket_keys_init( mbedtls_ssl_context *ssl )
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint )
{
ssl->conf->endpoint = endpoint;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_CLI_C)
if( endpoint == MBEDTLS_SSL_IS_CLIENT )
{
ssl->conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
ssl->conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
}
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( endpoint == MBEDTLS_SSL_IS_SERVER )
ssl->conf->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
#endif
}
int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ssl->conf->transport = transport;
ssl->out_hdr = ssl->out_buf;
ssl->out_ctr = ssl->out_buf + 3;
ssl->out_len = ssl->out_buf + 11;
ssl->out_iv = ssl->out_buf + 13;
ssl->out_msg = ssl->out_buf + 13;
ssl->in_hdr = ssl->in_buf;
ssl->in_ctr = ssl->in_buf + 3;
ssl->in_len = ssl->in_buf + 11;
ssl->in_iv = ssl->in_buf + 13;
ssl->in_msg = ssl->in_buf + 13;
/* DTLS starts with TLS1.1 */
if( ssl->conf->min_minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
ssl->conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
if( ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
ssl->conf->max_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
return( 0 );
}
#endif
if( transport == MBEDTLS_SSL_TRANSPORT_STREAM )
{
ssl->conf->transport = transport;
ssl->out_ctr = ssl->out_buf;
ssl->out_hdr = ssl->out_buf + 8;
ssl->out_len = ssl->out_buf + 11;
ssl->out_iv = ssl->out_buf + 13;
ssl->out_msg = ssl->out_buf + 13;
ssl->in_ctr = ssl->in_buf;
ssl->in_hdr = ssl->in_buf + 8;
ssl->in_len = ssl->in_buf + 11;
ssl->in_iv = ssl->in_buf + 13;
ssl->in_msg = ssl->in_buf + 13;
return( 0 );
}
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@ -6641,17 +6613,42 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
/*
* Load default in mbetls_ssl_config
*/
int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf )
int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
int endpoint, int transport )
{
int ret;
conf->transport = MBEDTLS_SSL_TRANSPORT_STREAM;
conf->endpoint = endpoint;
conf->transport = transport;
conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/* DTLS starts with TLS 1.1 */
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
}
#endif
#if defined(MBEDTLS_SSL_CLI_C)
if( endpoint == MBEDTLS_SSL_IS_CLIENT )
{
conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
#endif
}
#endif
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( endpoint == MBEDTLS_SSL_IS_SERVER )
conf->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
#endif
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =

View file

@ -162,7 +162,9 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up the DTLS structure..." );
fflush( stdout );
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@ -176,9 +178,6 @@ int main( int argc, char *argv[] )
mbedtls_printf( " ok\n" );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM );
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */

View file

@ -192,7 +192,9 @@ int main( void )
printf( " . Setting up the DTLS data..." );
fflush( stdout );
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@ -204,8 +206,6 @@ int main( void )
goto exit;
}
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );

View file

@ -188,7 +188,9 @@ int main( void )
goto exit;
}
if( mbedtls_ssl_config_defaults( &conf ) != 0 )
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM) != 0 )
{
ret = ssl_config_defaults_failed;
goto exit;
@ -200,8 +202,6 @@ int main( void )
goto exit;
}
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)

View file

@ -150,7 +150,9 @@ int main( void )
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@ -164,7 +166,6 @@ int main( void )
mbedtls_printf( " ok\n" );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );

View file

@ -1049,7 +1049,9 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
opt.transport ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
goto exit;
@ -1066,17 +1068,10 @@ int main( int argc, char *argv[] )
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
#endif
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ( ret = mbedtls_ssl_set_transport( &ssl, opt.transport ) ) != 0 )
{
mbedtls_printf( " failed\n ! selected transport is not available\n" );
goto exit;
}
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */

View file

@ -249,7 +249,9 @@ int main( void )
goto exit;
}
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@ -263,7 +265,6 @@ int main( void )
mbedtls_printf( " ok\n" );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );

View file

@ -584,7 +584,9 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@ -598,7 +600,6 @@ int main( int argc, char *argv[] )
mbedtls_printf( " ok\n" );
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );

View file

@ -160,7 +160,9 @@ static void *handle_ssl_connection( void *data )
*/
mbedtls_printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " [ #%d ] failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
thread_id, -ret );
@ -174,7 +176,6 @@ static void *handle_ssl_connection( void *data )
goto thread_exit;
}
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );

View file

@ -191,7 +191,9 @@ int main( void )
mbedtls_printf( " . Setting up the SSL data...." );
fflush( stdout );
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@ -203,7 +205,6 @@ int main( void )
goto exit;
}
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );

View file

@ -1520,7 +1520,9 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
opt.transport ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
goto exit;
@ -1537,12 +1539,6 @@ int main( int argc, char *argv[] )
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ( ret = mbedtls_ssl_set_transport( &ssl, opt.transport ) ) != 0 )
{
mbedtls_printf( " failed\n ! selected transport is not available\n" );
goto exit;
}
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */

View file

@ -396,7 +396,9 @@ int main( int argc, char *argv[] )
/*
* 3. Setup stuff
*/
if( ( ret = mbedtls_ssl_config_defaults( &conf ) ) != 0 )
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
goto exit;
@ -408,7 +410,6 @@ int main( int argc, char *argv[] )
goto ssl_exit;
}
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_CLIENT );
if( verify )
{
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );

View file

@ -17,9 +17,10 @@ void ssl_dtls_replay( char *prevs, char *new, int ret )
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
TEST_ASSERT( mbedtls_ssl_config_defaults( &conf ) == 0 );
TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM ) == 0 );
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( mbedtls_ssl_set_transport( &ssl, MBEDTLS_SSL_TRANSPORT_DATAGRAM ) == 0 );
/* Read previous record numbers */
for( ; end_prevs - prevs >= 13; prevs += 13 )