Add MBEDTLS_SSL_CONF_TRANSPORT
Follow the model of `MBEDTLS_SSL_CONF_ENDPOINT`. This saves a small
amount - most of the saving was already acheived via`
MBEDTLS_SSL_TRANSPORT_IS_TLS` but we can scrape out a little more by
totally eliminating `ssl->conf->transport` references.
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
diff --git a/configs/baremetal.h b/configs/baremetal.h
index 9541542..7a2bd0f 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -89,6 +89,7 @@
#define MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS
/* Compile-time fixed parts of the SSL configuration */
+#define MBEDTLS_SSL_CONF_TRANSPORT MBEDTLS_SSL_TRANSPORT_DATAGRAM
#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
#define MBEDTLS_SSL_CONF_READ_TIMEOUT 0
#define MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN 1000
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index cf7f403..0e539be 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3860,6 +3860,9 @@
/* Endpoint (Client/Server) */
//#define MBEDTLS_SSL_CONF_ENDPOINT MBEDTLS_SSL_IS_CLIENT
+/* Transport (Stream/Datagram) */
+//#define MBEDTLS_SSL_CONF_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
+
//#define MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
/* DTLS-specific settings */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f447cf3..a7b9478 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1200,7 +1200,9 @@
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
unsigned int endpoint : 1; /*!< 0: client, 1: server */
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
+#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
+#endif /* !MBEDTLS_SSL_CONF_TRANSPORT */
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
unsigned int authmode : 6; /*!< MBEDTLS_SSL_VERIFY_XXX */
#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
@@ -1569,6 +1571,7 @@
void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
#endif /* !MBEDTLS_SSL_CONF_ENDPOINT */
+#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
/**
* \brief Set the transport type (TLS or DTLS).
* Default: TLS unless #MBEDTLS_SSL_PROTO_NO_TLS is defined,
@@ -1579,12 +1582,16 @@
* \c mbedtls_ssl_set_bio(). You also need to provide timer
* callbacks with \c mbedtls_ssl_set_timer_cb().
*
+ * \note On constrained systems, this can also be configured
+ * at compile-time via MBEDTLS_SSL_CONF_TRANSPORT.
+ *
* \param conf SSL configuration
* \param transport transport type:
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
*/
void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
+#endif /* !MBEDTLS_SSL_CONF_TRANSPORT */
/**
* \brief Set the certificate verification mode
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 17c5763..ea60ef3 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1454,6 +1454,21 @@
}
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
+#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
+static inline unsigned int mbedtls_ssl_conf_get_transport(
+ mbedtls_ssl_config const *conf )
+{
+ return( conf->transport );
+}
+#else /* !MBEDTLS_SSL_CONF_TRANSPORT */
+static inline unsigned int mbedtls_ssl_conf_get_transport(
+ mbedtls_ssl_config const *conf )
+{
+ ((void) conf);
+ return( MBEDTLS_SSL_CONF_TRANSPORT );
+}
+#endif /* MBEDTLS_SSL_CONF_TRANSPORT */
+
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
static inline uint32_t mbedtls_ssl_conf_get_read_timeout(
mbedtls_ssl_config const *conf )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 523e62c..cec2f09 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -838,7 +838,7 @@
mbedtls_ssl_write_version( mbedtls_ssl_conf_get_max_major_ver( ssl->conf ),
mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ),
- ssl->conf->transport, p );
+ mbedtls_ssl_conf_get_transport( ssl->conf ), p );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
@@ -1541,7 +1541,8 @@
* } HelloVerifyRequest;
*/
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
- mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
+ mbedtls_ssl_read_version( &major_ver, &minor_ver,
+ mbedtls_ssl_conf_get_transport( ssl->conf ), p );
p += 2;
/*
@@ -1704,7 +1705,7 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
mbedtls_ssl_read_version( &major_ver, &minor_ver,
- ssl->conf->transport,
+ mbedtls_ssl_conf_get_transport( ssl->conf ),
buf + 0 );
if( mbedtls_ssl_ver_lt( major_ver,
@@ -2379,7 +2380,7 @@
mbedtls_ssl_write_version( mbedtls_ssl_conf_get_max_major_ver( ssl->conf ),
mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ),
- ssl->conf->transport, out );
+ mbedtls_ssl_conf_get_transport( ssl->conf ), out );
ret = mbedtls_ssl_conf_get_frng( ssl->conf )
( mbedtls_ssl_conf_get_prng( ssl->conf ), out + 2, 46 );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 96f7446..389a24e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1468,7 +1468,8 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
buf[1], buf[2] ) );
- mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
+ mbedtls_ssl_read_version( &major, &minor,
+ mbedtls_ssl_conf_get_transport( ssl->conf ), buf + 1 );
/* According to RFC 5246 Appendix E.1, the version here is typically
* "{03,00}, the lowest version number supported by the client, [or] the
@@ -1674,7 +1675,7 @@
{
int minor_ver, major_ver;
mbedtls_ssl_read_version( &major_ver, &minor_ver,
- ssl->conf->transport,
+ mbedtls_ssl_conf_get_transport( ssl->conf ),
buf );
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
@@ -2703,7 +2704,7 @@
* version looks like the most interoperable thing to do. */
mbedtls_ssl_write_version( mbedtls_ssl_get_major_ver( ssl ),
mbedtls_ssl_get_minor_ver( ssl ),
- ssl->conf->transport, p );
+ mbedtls_ssl_conf_get_transport( ssl->conf ), p );
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
p += 2;
@@ -2797,7 +2798,7 @@
mbedtls_ssl_write_version( mbedtls_ssl_get_major_ver( ssl ),
mbedtls_ssl_get_minor_ver( ssl ),
- ssl->conf->transport, p );
+ mbedtls_ssl_conf_get_transport( ssl->conf ), p );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
@@ -4001,7 +4002,7 @@
mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
ssl->handshake->max_minor_ver,
- ssl->conf->transport, ver );
+ mbedtls_ssl_conf_get_transport( ssl->conf ), ver );
/* Avoid data-dependent branches while checking for invalid
* padding, to protect against timing-based Bleichenbacher-type
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9be79cf..aaa6146 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4946,7 +4946,8 @@
mbedtls_ssl_write_version( mbedtls_ssl_get_major_ver( ssl ),
mbedtls_ssl_get_minor_ver( ssl ),
- ssl->conf->transport, ssl->out_hdr + 1 );
+ mbedtls_ssl_conf_get_transport( ssl->conf ),
+ ssl->out_hdr + 1 );
mbedtls_platform_memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
(void)mbedtls_platform_put_uint16_be( ssl->out_len, len );
@@ -4963,7 +4964,8 @@
mbedtls_platform_memcpy( &rec.ctr[0], ssl->out_ctr, 8 );
mbedtls_ssl_write_version( mbedtls_ssl_get_major_ver( ssl ),
mbedtls_ssl_get_minor_ver( ssl ),
- ssl->conf->transport, rec.ver );
+ mbedtls_ssl_conf_get_transport( ssl->conf ),
+ rec.ver );
rec.type = ssl->out_msgtype;
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -5815,7 +5817,7 @@
rec->ver[0] = buf[ rec_hdr_version_offset + 0 ];
rec->ver[1] = buf[ rec_hdr_version_offset + 1 ];
mbedtls_ssl_read_version( &major_ver, &minor_ver,
- ssl->conf->transport,
+ mbedtls_ssl_conf_get_transport( ssl->conf ),
&rec->ver[0] );
if( major_ver != mbedtls_ssl_get_major_ver( ssl ) )
@@ -9318,10 +9320,12 @@
}
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
+#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
{
conf->transport = transport;
}
+#endif /* MBEDTLS_SSL_CONF_TRANSPORT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
!defined(MBEDTLS_SSL_CONF_ANTI_REPLAY)
@@ -12781,8 +12785,10 @@
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
#if !defined(MBEDTLS_SSL_PROTO_TLS)
+#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
conf->transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
#endif
+#endif
}
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
@@ -12849,7 +12855,11 @@
#if !defined(MBEDTLS_SSL_CONF_ENDPOINT)
mbedtls_ssl_conf_endpoint( conf, endpoint );
#endif
+#if !defined(MBEDTLS_SSL_CONF_TRANSPORT)
mbedtls_ssl_conf_transport( conf, transport );
+#else
+ ((void) transport);
+#endif
/*
* Things that are common to all presets
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index 21800bb..bc6499d 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -2778,6 +2778,14 @@
}
#endif /* MBEDTLS_SSL_CONF_ENDPOINT */
+#if defined(MBEDTLS_SSL_CONF_TRANSPORT)
+ if( strcmp( "MBEDTLS_SSL_CONF_TRANSPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_TRANSPORT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CONF_TRANSPORT */
+
#if defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
if( strcmp( "MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST", config ) == 0 )
{