ssl_client2/ssl_server2: Use heap for various structures
This commit modifies the example programs ssl_client2 and ssl_server2
to allocate various structures on the heap instead of the stack. This
allows more fine-grained memory usage tracking via valgrind massif.
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 1a07c9d..3f77b1a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -962,14 +962,14 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
- mbedtls_entropy_context entropy;
+ mbedtls_entropy_context *entropy = NULL;
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ctr_drbg_context *ctr_drbg = NULL;
#else
- mbedtls_hmac_drbg_context hmac_drbg;
+ mbedtls_hmac_drbg_context *hmac_drbg = NULL;
#endif
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
+ mbedtls_ssl_context *ssl;
+ mbedtls_ssl_config *conf;
mbedtls_ssl_session saved_session;
unsigned char *session_data = NULL;
size_t session_data_len = 0;
@@ -978,9 +978,9 @@
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint32_t flags;
- mbedtls_x509_crt cacert;
- mbedtls_x509_crt clicert;
- mbedtls_pk_context pkey;
+ mbedtls_x509_crt *cacert = NULL;
+ mbedtls_x509_crt *clicert = NULL;
+ mbedtls_pk_context *pkey = NULL;
#endif
char *p, *q;
const int *list;
@@ -989,22 +989,46 @@
size_t context_buf_len;
#endif
+ ssl = mbedtls_calloc( 1, sizeof( *ssl ) );
+ conf = mbedtls_calloc( 1, sizeof( *conf ) );
+ entropy = mbedtls_calloc( 1, sizeof( *entropy ) );
+#if defined(MBEDTLS_CTR_DRBG_C)
+ ctr_drbg = mbedtls_calloc( 1, sizeof( *ctr_drbg ) );
+#else
+ hmac_drbg = mbedtls_calloc( 1, sizeof( *hmac_drbg ) );
+#endif
+ cacert = mbedtls_calloc( 1, sizeof( *cacert ) );
+ clicert = mbedtls_calloc( 1, sizeof( *clicert ) );
+ pkey = mbedtls_calloc( 1, sizeof( *pkey ) );
+
+ if( ssl == NULL || conf == NULL ||
+ entropy == NULL || cacert == NULL ||
+#if defined(MBEDTLS_CTR_DRBG_C)
+ ctr_drbg == NULL ||
+#else
+ hmac_drbg == NULL ||
+#endif
+ clicert == NULL || pkey == NULL )
+ {
+ goto exit;
+ }
+
/*
* Make sure memory references are valid.
*/
mbedtls_net_init( &server_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
+ mbedtls_ssl_init( ssl );
+ mbedtls_ssl_config_init( conf );
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_ctr_drbg_init( ctr_drbg );
#else
- mbedtls_hmac_drbg_init( &hmac_drbg );
+ mbedtls_hmac_drbg_init( hmac_drbg );
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crt_init( &clicert );
- mbedtls_pk_init( &pkey );
+ mbedtls_x509_crt_init( cacert );
+ mbedtls_x509_crt_init( clicert );
+ mbedtls_pk_init( pkey );
#endif
#if defined(MBEDTLS_SSL_ALPN)
memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
@@ -1704,10 +1728,10 @@
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- mbedtls_entropy_init( &entropy );
+ mbedtls_entropy_init( entropy );
#if defined(MBEDTLS_CTR_DRBG_C)
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
+ if( ( ret = mbedtls_ctr_drbg_seed( ctr_drbg, mbedtls_entropy_func,
+ entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@@ -1715,11 +1739,11 @@
goto exit;
}
#else /* MBEDTLS_CTR_DRBG_C */
- if( ( ret = mbedtls_hmac_drbg_seed( &hmac_drbg,
+ if( ( ret = mbedtls_hmac_drbg_seed( hmac_drbg,
mbedtls_md_info_from_type(
available_hashes[0] ),
mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
+ entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@@ -1745,9 +1769,9 @@
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_path ) )
- ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ ret = mbedtls_x509_crt_parse_path( cacert, opt.ca_path );
else if( strlen( opt.ca_file ) )
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
+ ret = mbedtls_x509_crt_parse_file( cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
@@ -1755,7 +1779,7 @@
#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
{
- ret = mbedtls_x509_crt_parse( &cacert,
+ ret = mbedtls_x509_crt_parse( cacert,
(const unsigned char *) mbedtls_test_cas[i],
mbedtls_test_cas_len[i] );
if( ret != 0 )
@@ -1765,7 +1789,7 @@
#endif /* MBEDTLS_PEM_PARSE_C */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
- ret = mbedtls_x509_crt_parse_der( &cacert,
+ ret = mbedtls_x509_crt_parse_der( cacert,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i] );
if( ret != 0 )
@@ -1800,7 +1824,7 @@
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.crt_file ) )
- ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
+ ret = mbedtls_x509_crt_parse_file( clicert, opt.crt_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
@@ -1825,11 +1849,11 @@
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) )
- ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
+ ret = mbedtls_pk_parse_keyfile( pkey, opt.key_file, "" );
else
#endif
#if defined(MBEDTLS_CERTS_C)
- ret = mbedtls_pk_parse_key( &pkey,
+ ret = mbedtls_pk_parse_key( pkey,
(const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 );
#else
@@ -1888,7 +1912,7 @@
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ if( ( ret = mbedtls_ssl_config_defaults( conf,
MBEDTLS_SSL_IS_CLIENT,
opt.transport,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
@@ -1904,14 +1928,14 @@
if( opt.allow_sha1 > 0 )
{
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
- mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
+ mbedtls_ssl_conf_cert_profile( conf, &crt_profile_for_test );
#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
- mbedtls_ssl_conf_sig_hashes( &conf, available_hashes );
+ mbedtls_ssl_conf_sig_hashes( conf, available_hashes );
#endif
}
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
- mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+ mbedtls_ssl_conf_verify( conf, my_verify, NULL );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -1930,10 +1954,10 @@
}
if( opt.cid_enabled == 1 )
- ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+ ret = mbedtls_ssl_conf_cid( conf, cid_len,
MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
else
- ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+ ret = mbedtls_ssl_conf_cid( conf, cid_renego_len,
MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
if( ret != 0 )
@@ -1948,19 +1972,19 @@
!MBEDTLS_SSL_CONF_IGNORE_UNEXPECTED_CID */
if( opt.auth_mode != DFL_AUTH_MODE )
- mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
+ mbedtls_ssl_conf_authmode( conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
+ mbedtls_ssl_conf_handshake_timeout( conf, opt.hs_to_min,
opt.hs_to_max );
if( opt.dgram_packing != DFL_DGRAM_PACKING )
- mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
+ mbedtls_ssl_set_datagram_packing( ssl, opt.dgram_packing );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
+ if( ( ret = mbedtls_ssl_conf_max_frag_len( conf, opt.mfl_code ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
ret );
@@ -1970,39 +1994,39 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
+ mbedtls_ssl_conf_truncated_hmac( conf, opt.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
- mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
+ mbedtls_ssl_conf_extended_master_secret( conf, opt.extended_ms );
if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE )
- mbedtls_ssl_conf_extended_master_secret_enforce( &conf,
+ mbedtls_ssl_conf_extended_master_secret_enforce( conf,
opt.enforce_extended_master_secret );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM )
- mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
+ mbedtls_ssl_conf_encrypt_then_mac( conf, opt.etm );
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
if( opt.recsplit != DFL_RECSPLIT )
- mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
+ mbedtls_ssl_conf_cbc_record_splitting( conf, opt.recsplit
? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
: MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
#endif
#if defined(MBEDTLS_DHM_C)
if( opt.dhmlen != DFL_DHMLEN )
- mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
+ mbedtls_ssl_conf_dhm_min_bitlen( conf, opt.dhmlen );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
- if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
+ if( ( ret = mbedtls_ssl_conf_alpn_protocols( conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
ret );
@@ -2012,58 +2036,58 @@
#if defined(MBEDTLS_CTR_DRBG_C)
#if !defined(MBEDTLS_SSL_CONF_RNG)
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_rng( conf, mbedtls_ctr_drbg_random, ctr_drbg );
#else
- rng_ctx_global = &ctr_drbg;
+ rng_ctx_global = ctr_drbg;
#endif
#else /* MBEDTLS_CTR_DRBG_C */
#if !defined(MBEDTLS_SSL_CONF_RNG)
- mbedtls_ssl_conf_rng( &conf, mbedtls_hmac_drbg_random, &hmac_drbg );
+ mbedtls_ssl_conf_rng( conf, mbedtls_hmac_drbg_random, hmac_drbg );
#else
- rng_ctx_global = &hmac_drbg;
+ rng_ctx_global = hmac_drbg;
#endif
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_dbg( conf, my_debug, stdout );
#endif
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
- mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
+ mbedtls_ssl_conf_read_timeout( conf, opt.read_timeout );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- mbedtls_ssl_conf_session_tickets( &conf, opt.tickets );
+ mbedtls_ssl_conf_session_tickets( conf, opt.tickets );
#endif
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
+ mbedtls_ssl_conf_ciphersuites( conf, opt.force_ciphersuite );
#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
#if defined(MBEDTLS_ARC4_C)
if( opt.arc4 != DFL_ARC4 )
- mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
+ mbedtls_ssl_conf_arc4_support( conf, opt.arc4 );
#endif
#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION)
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
- mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
+ mbedtls_ssl_conf_legacy_renegotiation( conf, opt.allow_legacy );
#endif /* !MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
+ mbedtls_ssl_conf_renegotiation( conf, opt.renegotiation );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 )
{
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_ca_chain( conf, cacert, NULL );
}
if( strcmp( opt.crt_file, "none" ) != 0 &&
strcmp( opt.key_file, "none" ) != 0 )
{
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
+ if( ( ret = mbedtls_ssl_conf_own_cert( conf, clicert, pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
ret );
@@ -2077,13 +2101,13 @@
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
- mbedtls_ssl_conf_curves( &conf, curve_list );
+ mbedtls_ssl_conf_curves( conf, curve_list );
}
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
+ if( ( ret = mbedtls_ssl_conf_psk( conf, psk, psk_len,
(const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 )
{
@@ -2098,20 +2122,20 @@
!defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) || \
!defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ mbedtls_ssl_conf_min_version( conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.min_version );
if( opt.max_version != DFL_MAX_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ mbedtls_ssl_conf_max_version( conf, MBEDTLS_SSL_MAJOR_VERSION_3,
opt.max_version );
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
if( opt.fallback != DFL_FALLBACK )
- mbedtls_ssl_conf_fallback( &conf, opt.fallback );
+ mbedtls_ssl_conf_fallback( conf, opt.fallback );
#endif
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_setup( ssl, conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
-ret );
@@ -2119,7 +2143,7 @@
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
- if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
+ if( ( ret = mbedtls_ssl_set_hostname( ssl, opt.server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret );
@@ -2130,7 +2154,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
{
- if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
+ if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( ssl,
(const unsigned char *) opt.ecjpake_pw,
strlen( opt.ecjpake_pw ) ) ) != 0 )
{
@@ -2144,18 +2168,18 @@
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
- io_ctx.ssl = &ssl;
+ io_ctx.ssl = ssl;
io_ctx.net = &server_fd;
- mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
+ mbedtls_ssl_set_bio( ssl, &io_ctx, send_cb, recv_cb,
opt.nbio == 0 ? recv_timeout_cb : NULL );
#else
- mbedtls_ssl_set_bio_ctx( &ssl, &server_fd );
+ mbedtls_ssl_set_bio_ctx( ssl, &server_fd );
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
+ if( ( ret = mbedtls_ssl_set_cid( ssl, opt.cid_enabled,
cid, cid_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
@@ -2167,16 +2191,16 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU )
- mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
+ mbedtls_ssl_set_mtu( ssl, opt.dtls_mtu );
#endif
#if defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \
!defined(MBEDTLS_SSL_CONF_GET_TIMER)
- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_ssl_set_timer_cb( ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#else
- mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer );
+ mbedtls_ssl_set_timer_cb_ctx( ssl, &timer );
#endif
#endif
@@ -2193,7 +2217,7 @@
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@@ -2232,23 +2256,23 @@
}
mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
- mbedtls_ssl_get_version( &ssl ),
- mbedtls_ssl_get_ciphersuite( &ssl ) );
+ mbedtls_ssl_get_version( ssl ),
+ mbedtls_ssl_get_ciphersuite( ssl ) );
- if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
+ if( ( ret = mbedtls_ssl_get_record_expansion( ssl ) ) >= 0 )
mbedtls_printf( " [ Record expansion is %d ]\n", ret );
else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+ (unsigned int) mbedtls_ssl_get_max_frag_len( ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
{
- const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
+ const char *alp = mbedtls_ssl_get_alpn_protocol( ssl );
mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
alp ? alp : "(none)" );
}
@@ -2270,7 +2294,7 @@
}
/* get size of the buffer needed */
- mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
+ mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( ssl ),
NULL, 0, &session_data_len );
session_data = mbedtls_calloc( 1, session_data_len );
if( session_data == NULL )
@@ -2282,7 +2306,7 @@
}
/* actually save session data */
- if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
+ if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( ssl ),
session_data, session_data_len,
&session_data_len ) ) != 0 )
{
@@ -2293,7 +2317,7 @@
}
else
{
- if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
+ if( ( ret = mbedtls_ssl_get_session( ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
-ret );
@@ -2316,7 +2340,7 @@
*/
mbedtls_printf( " . Verifying peer X.509 certificate..." );
- if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
+ if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
{
#if !defined(MBEDTLS_X509_REMOVE_INFO)
char vrfy_buf[512];
@@ -2342,13 +2366,13 @@
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ret = report_cid_usage( &ssl, "initial handshake" );
+ ret = report_cid_usage( ssl, "initial handshake" );
if( ret != 0 )
goto exit;
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
+ if( ( ret = mbedtls_ssl_set_cid( ssl, opt.cid_enabled_renego,
cid_renego,
cid_renego_len ) ) != 0 )
{
@@ -2368,7 +2392,7 @@
*/
mbedtls_printf( " . Performing renegotiation..." );
fflush( stdout );
- while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
+ while( ( ret = mbedtls_ssl_renegotiate( ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@@ -2400,7 +2424,7 @@
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ret = report_cid_usage( &ssl, "after renegotiation" );
+ ret = report_cid_usage( ssl, "after renegotiation" );
if( ret != 0 )
goto exit;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -2446,7 +2470,7 @@
do
{
- while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
+ while( ( ret = mbedtls_ssl_write( ssl, buf + written,
len - written ) ) < 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
@@ -2478,7 +2502,7 @@
{
while( 1 )
{
- ret = mbedtls_ssl_write( &ssl, buf, len );
+ ret = mbedtls_ssl_write( ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
@@ -2543,7 +2567,7 @@
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ ret = mbedtls_ssl_read( ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
@@ -2608,7 +2632,7 @@
while( 1 )
{
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ ret = mbedtls_ssl_read( ssl, buf, len );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
@@ -2672,14 +2696,14 @@
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
- if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_session_reset( ssl ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
-ret );
goto exit;
}
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@@ -2716,7 +2740,7 @@
mbedtls_printf( " . Serializing live connection..." );
- ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len );
+ ret = mbedtls_ssl_context_save( ssl, NULL, 0, &buf_len );
if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
@@ -2734,7 +2758,7 @@
}
context_buf_len = buf_len;
- if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
+ if( ( ret = mbedtls_ssl_context_save( ssl, context_buf,
buf_len, &buf_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
@@ -2755,11 +2779,11 @@
{
mbedtls_printf( " . Freeing and reinitializing context..." );
- mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_free( ssl );
- mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_init( ssl );
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_setup( ssl, conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
"-0x%x\n\n", -ret );
@@ -2769,20 +2793,20 @@
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
- mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
+ mbedtls_ssl_set_bio( ssl, &io_ctx, send_cb, recv_cb,
opt.nbio == 0 ? recv_timeout_cb : NULL );
#else
- mbedtls_ssl_set_bio_ctx( &ssl, &server_fd );
+ mbedtls_ssl_set_bio_ctx( ssl, &server_fd );
#endif
#if defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \
!defined(MBEDTLS_SSL_CONF_GET_TIMER)
- mbedtls_ssl_set_timer_cb( &ssl, &timer,
+ mbedtls_ssl_set_timer_cb( ssl, &timer,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#else
- mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer );
+ mbedtls_ssl_set_timer_cb_ctx( ssl, &timer );
#endif
#endif /* MBEDTLS_TIMING_C */
@@ -2791,7 +2815,7 @@
mbedtls_printf( " . Deserializing connection..." );
- if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf,
+ if( ( ret = mbedtls_ssl_context_load( ssl, context_buf,
buf_len ) ) != 0 )
{
mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
@@ -2822,7 +2846,7 @@
fflush( stdout );
/* No error checking, the connection might be closed already */
- do ret = mbedtls_ssl_close_notify( &ssl );
+ do ret = mbedtls_ssl_close_notify( ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
ret = 0;
@@ -2850,7 +2874,7 @@
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
- if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
+ if( ( ret = mbedtls_ssl_session_reset( ssl ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
-ret );
@@ -2870,7 +2894,7 @@
}
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
- if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
+ if( ( ret = mbedtls_ssl_set_session( ssl, &saved_session ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
-ret );
@@ -2899,7 +2923,7 @@
goto exit;
}
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
@@ -2920,6 +2944,7 @@
* Cleanup and exit
*/
exit:
+
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
@@ -2932,19 +2957,19 @@
mbedtls_net_free( &server_fd );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_x509_crt_free( &clicert );
- mbedtls_x509_crt_free( &cacert );
- mbedtls_pk_free( &pkey );
+ mbedtls_x509_crt_free( clicert );
+ mbedtls_x509_crt_free( cacert );
+ mbedtls_pk_free( pkey );
#endif
mbedtls_ssl_session_free( &saved_session );
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( ssl );
+ mbedtls_ssl_config_free( conf );
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ctr_drbg_free( ctr_drbg );
#else
- mbedtls_hmac_drbg_free( &hmac_drbg );
+ mbedtls_hmac_drbg_free( hmac_drbg );
#endif
- mbedtls_entropy_free( &entropy );
+ mbedtls_entropy_free( entropy );
if( session_data != NULL )
mbedtls_platform_zeroize( session_data, session_data_len );
mbedtls_free( session_data );
@@ -2954,6 +2979,18 @@
mbedtls_free( context_buf );
#endif
+ mbedtls_free( ssl );
+ mbedtls_free( conf );
+ mbedtls_free( entropy );
+#if defined(MBEDTLS_CTR_DRBG_C)
+ mbedtls_free( ctr_drbg );
+#else
+ mbedtls_free( hmac_drbg );
+#endif
+ mbedtls_free( cacert );
+ mbedtls_free( clicert );
+ mbedtls_free( pkey );
+
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c0476dc..64d889d 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1561,27 +1561,27 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
- mbedtls_entropy_context entropy;
+ mbedtls_entropy_context *entropy;
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ctr_drbg_context *ctr_drbg;
#else
- mbedtls_hmac_drbg_context hmac_drbg;
+ mbedtls_hmac_drbg_context *hmac_drbg;
#endif
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
+ mbedtls_ssl_context *ssl = NULL;
+ mbedtls_ssl_config *conf = NULL;
#if defined(MBEDTLS_TIMING_C)
- mbedtls_timing_delay_context timer;
+ mbedtls_timing_delay_context *timer;
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
unsigned char renego_period[8] = { 0 };
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint32_t flags;
- mbedtls_x509_crt cacert;
- mbedtls_x509_crt srvcert;
- mbedtls_pk_context pkey;
- mbedtls_x509_crt srvcert2;
- mbedtls_pk_context pkey2;
+ mbedtls_x509_crt *cacert = NULL;
+ mbedtls_x509_crt *srvcert = NULL;
+ mbedtls_pk_context *pkey = NULL;
+ mbedtls_x509_crt *srvcert2 = NULL;
+ mbedtls_pk_context *pkey2 = NULL;
int key_cert_init = 0, key_cert_init2 = 0;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
ssl_async_key_context_t ssl_async_keys;
@@ -1591,10 +1591,10 @@
mbedtls_dhm_context dhm;
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_context cache;
+ mbedtls_ssl_cache_context *cache = NULL;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- mbedtls_ssl_ticket_context ticket_ctx;
+ mbedtls_ssl_ticket_context *ticket_ctx;
#endif
#if defined(SNI_OPTION)
sni_entry *sni_info = NULL;
@@ -1629,24 +1629,55 @@
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
#endif
+ ssl = mbedtls_calloc( 1, sizeof( *ssl ) );
+ conf = mbedtls_calloc( 1, sizeof( *conf ) );
+ cacert = mbedtls_calloc( 1, sizeof( *cacert ) );
+ srvcert = mbedtls_calloc( 1, sizeof( *srvcert ) );
+ pkey = mbedtls_calloc( 1, sizeof( *pkey ) );
+ srvcert2 = mbedtls_calloc( 1, sizeof( *srvcert2 ) );
+ pkey2 = mbedtls_calloc( 1, sizeof( *pkey2 ) );
+ cache = mbedtls_calloc( 1, sizeof( *cache ) );
+ timer = mbedtls_calloc( 1, sizeof( *timer ) );
+ ticket_ctx = mbedtls_calloc( 1, sizeof( *ticket_ctx ) );
+ entropy = mbedtls_calloc( 1, sizeof( *entropy ) );
+#if defined(MBEDTLS_CTR_DRBG_C)
+ ctr_drbg = mbedtls_calloc( 1, sizeof( *ctr_drbg ) );
+#else
+ hmac_drbg = mbedtls_calloc( 1, sizeof( *hmac_drbg ) );
+#endif
+
+ if( ssl == NULL || conf == NULL ||
+ cacert == NULL || srvcert == NULL ||
+ pkey == NULL || srvcert2 == NULL ||
+ pkey2 == NULL || cache == NULL ||
+#if defined(MBEDTLS_CTR_DRBG_C)
+ ctr_drbg == NULL ||
+#else
+ hmac_drbg == NULL ||
+#endif
+ entropy == NULL )
+ {
+ goto exit;
+ }
+
/*
* Make sure memory references are valid in case we exit early.
*/
mbedtls_net_init( &client_fd );
mbedtls_net_init( &listen_fd );
- mbedtls_ssl_init( &ssl );
- mbedtls_ssl_config_init( &conf );
+ mbedtls_ssl_init( ssl );
+ mbedtls_ssl_config_init( conf );
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_ctr_drbg_init( ctr_drbg );
#else
- mbedtls_hmac_drbg_init( &hmac_drbg );
+ mbedtls_hmac_drbg_init( hmac_drbg );
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_x509_crt_init( &cacert );
- mbedtls_x509_crt_init( &srvcert );
- mbedtls_pk_init( &pkey );
- mbedtls_x509_crt_init( &srvcert2 );
- mbedtls_pk_init( &pkey2 );
+ mbedtls_x509_crt_init( cacert );
+ mbedtls_x509_crt_init( srvcert );
+ mbedtls_pk_init( pkey );
+ mbedtls_x509_crt_init( srvcert2 );
+ mbedtls_pk_init( pkey2 );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
memset( &ssl_async_keys, 0, sizeof( ssl_async_keys ) );
#endif
@@ -1655,10 +1686,10 @@
mbedtls_dhm_init( &dhm );
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_init( &cache );
+ mbedtls_ssl_cache_init( cache );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- mbedtls_ssl_ticket_init( &ticket_ctx );
+ mbedtls_ssl_ticket_init( ticket_ctx );
#endif
#if defined(MBEDTLS_SSL_ALPN)
memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
@@ -2453,10 +2484,10 @@
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- mbedtls_entropy_init( &entropy );
+ mbedtls_entropy_init( entropy );
#if defined(MBEDTLS_CTR_DRBG_C)
- if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
+ if( ( ret = mbedtls_ctr_drbg_seed( ctr_drbg, mbedtls_entropy_func,
+ entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@@ -2464,11 +2495,11 @@
goto exit;
}
#else /* MBEDTLS_CTR_DRBG_C */
- if( ( ret = mbedtls_hmac_drbg_seed( &hmac_drbg,
+ if( ( ret = mbedtls_hmac_drbg_seed( hmac_drbg,
mbedtls_md_info_from_type(
available_hashes[0] ),
mbedtls_entropy_func,
- &entropy, (const unsigned char *) pers,
+ entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
@@ -2494,9 +2525,9 @@
else
#if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_path ) )
- ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+ ret = mbedtls_x509_crt_parse_path( cacert, opt.ca_path );
else if( strlen( opt.ca_file ) )
- ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
+ ret = mbedtls_x509_crt_parse_file( cacert, opt.ca_file );
else
#endif
#if defined(MBEDTLS_CERTS_C)
@@ -2504,7 +2535,7 @@
#if defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
{
- ret = mbedtls_x509_crt_parse( &cacert,
+ ret = mbedtls_x509_crt_parse( cacert,
(const unsigned char *) mbedtls_test_cas[i],
mbedtls_test_cas_len[i] );
if( ret != 0 )
@@ -2514,7 +2545,7 @@
#endif /* MBEDTLS_PEM_PARSE_C */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
- ret = mbedtls_x509_crt_parse_der( &cacert,
+ ret = mbedtls_x509_crt_parse_der( cacert,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i] );
if( ret != 0 )
@@ -2545,7 +2576,7 @@
if( strlen( opt.crt_file ) && strcmp( opt.crt_file, "none" ) != 0 )
{
key_cert_init++;
- if( ( ret = mbedtls_x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
+ if( ( ret = mbedtls_x509_crt_parse_file( srvcert, opt.crt_file ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
-ret );
@@ -2555,7 +2586,7 @@
if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
{
key_cert_init++;
- if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
+ if( ( ret = mbedtls_pk_parse_keyfile( pkey, opt.key_file, "" ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", -ret );
goto exit;
@@ -2570,7 +2601,7 @@
if( strlen( opt.crt_file2 ) && strcmp( opt.crt_file2, "none" ) != 0 )
{
key_cert_init2++;
- if( ( ret = mbedtls_x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
+ if( ( ret = mbedtls_x509_crt_parse_file( srvcert2, opt.crt_file2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
-ret );
@@ -2580,7 +2611,7 @@
if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
{
key_cert_init2++;
- if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
+ if( ( ret = mbedtls_pk_parse_keyfile( pkey2, opt.key_file2, "" ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
-ret );
@@ -2605,7 +2636,7 @@
goto exit;
#else
#if defined(MBEDTLS_RSA_C)
- if( ( ret = mbedtls_x509_crt_parse( &srvcert,
+ if( ( ret = mbedtls_x509_crt_parse( srvcert,
(const unsigned char *) mbedtls_test_srv_crt_rsa,
mbedtls_test_srv_crt_rsa_len ) ) != 0 )
{
@@ -2613,7 +2644,7 @@
-ret );
goto exit;
}
- if( ( ret = mbedtls_pk_parse_key( &pkey,
+ if( ( ret = mbedtls_pk_parse_key( pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa,
mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 )
{
@@ -2624,7 +2655,7 @@
key_cert_init = 2;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_TINYCRYPT)
- if( ( ret = mbedtls_x509_crt_parse( &srvcert2,
+ if( ( ret = mbedtls_x509_crt_parse( srvcert2,
(const unsigned char *) mbedtls_test_srv_crt_ec,
mbedtls_test_srv_crt_ec_len ) ) != 0 )
{
@@ -2632,7 +2663,7 @@
-ret );
goto exit;
}
- if( ( ret = mbedtls_pk_parse_key( &pkey2,
+ if( ( ret = mbedtls_pk_parse_key( pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec,
mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 )
{
@@ -2706,7 +2737,7 @@
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
- if( ( ret = mbedtls_ssl_config_defaults( &conf,
+ if( ( ret = mbedtls_ssl_config_defaults( conf,
MBEDTLS_SSL_IS_SERVER,
opt.transport,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
@@ -2722,33 +2753,33 @@
if( opt.allow_sha1 > 0 )
{
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
- mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
+ mbedtls_ssl_conf_cert_profile( conf, &crt_profile_for_test );
#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
- mbedtls_ssl_conf_sig_hashes( &conf, available_hashes );
+ mbedtls_ssl_conf_sig_hashes( conf, available_hashes );
#endif
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
if( opt.auth_mode != DFL_AUTH_MODE )
- mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
+ mbedtls_ssl_conf_authmode( conf, opt.auth_mode );
#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
#if !defined(MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST)
if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
- mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
+ mbedtls_ssl_conf_cert_req_ca_list( conf, opt.cert_req_ca_list );
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
+ mbedtls_ssl_conf_handshake_timeout( conf, opt.hs_to_min, opt.hs_to_max );
if( opt.dgram_packing != DFL_DGRAM_PACKING )
- mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
+ mbedtls_ssl_set_datagram_packing( ssl, opt.dgram_packing );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
+ if( ( ret = mbedtls_ssl_conf_max_frag_len( conf, opt.mfl_code ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
goto exit;
@@ -2769,10 +2800,10 @@
}
if( opt.cid_enabled == 1 )
- ret = mbedtls_ssl_conf_cid( &conf, cid_len,
+ ret = mbedtls_ssl_conf_cid( conf, cid_len,
MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
else
- ret = mbedtls_ssl_conf_cid( &conf, cid_renego_len,
+ ret = mbedtls_ssl_conf_cid( conf, cid_renego_len,
MBEDTLS_SSL_UNEXPECTED_CID_IGNORE );
if( ret != 0 )
@@ -2788,27 +2819,27 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
+ mbedtls_ssl_conf_truncated_hmac( conf, opt.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
- mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
+ mbedtls_ssl_conf_extended_master_secret( conf, opt.extended_ms );
if( opt.enforce_extended_master_secret != DFL_EXTENDED_MS_ENFORCE )
- mbedtls_ssl_conf_extended_master_secret_enforce( &conf,
+ mbedtls_ssl_conf_extended_master_secret_enforce( conf,
opt.enforce_extended_master_secret );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM )
- mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
+ mbedtls_ssl_conf_encrypt_then_mac( conf, opt.etm );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
- if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
+ if( ( ret = mbedtls_ssl_conf_alpn_protocols( conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
goto exit;
@@ -2817,31 +2848,31 @@
#if defined(MBEDTLS_CTR_DRBG_C)
#if !defined(MBEDTLS_SSL_CONF_RNG)
- mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+ mbedtls_ssl_conf_rng( conf, mbedtls_ctr_drbg_random, ctr_drbg );
#else
- rng_ctx_global = &ctr_drbg;
+ rng_ctx_global = ctr_drbg;
#endif
#else /* MBEDTLS_CTR_DRBG_C */
#if !defined(MBEDTLS_SSL_CONF_RNG)
- mbedtls_ssl_conf_rng( &conf, mbedtls_hmac_drbg_random, &hmac_drbg );
+ mbedtls_ssl_conf_rng( conf, mbedtls_hmac_drbg_random, hmac_drbg );
#else
- rng_ctx_global = &hmac_drbg;
+ rng_ctx_global = hmac_drbg;
#endif
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DEBUG_C)
- mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+ mbedtls_ssl_conf_dbg( conf, my_debug, stdout );
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
if( opt.cache_max != -1 )
- mbedtls_ssl_cache_set_max_entries( &cache, opt.cache_max );
+ mbedtls_ssl_cache_set_max_entries( cache, opt.cache_max );
if( opt.cache_timeout != -1 )
- mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
+ mbedtls_ssl_cache_set_timeout( cache, opt.cache_timeout );
#if !defined(MBEDTLS_SSL_NO_SESSION_CACHE)
- mbedtls_ssl_conf_session_cache( &conf, &cache,
+ mbedtls_ssl_conf_session_cache( conf, cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
#endif /* !MBEDTLS_SSL_NO_SESSION_CACHE */
@@ -2850,11 +2881,11 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
{
- if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
+ if( ( ret = mbedtls_ssl_ticket_setup( ticket_ctx,
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_random, &ctr_drbg,
+ mbedtls_ctr_drbg_random, ctr_drbg,
#else
- mbedtls_hmac_drbg_random, &hmac_drbg,
+ mbedtls_hmac_drbg_random, hmac_drbg,
#endif
MBEDTLS_CIPHER_AES_256_GCM,
opt.ticket_timeout ) ) != 0 )
@@ -2863,10 +2894,10 @@
goto exit;
}
- mbedtls_ssl_conf_session_tickets_cb( &conf,
+ mbedtls_ssl_conf_session_tickets_cb( conf,
mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse,
- &ticket_ctx );
+ ticket_ctx );
}
#endif
@@ -2878,9 +2909,9 @@
{
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_random, &ctr_drbg
+ mbedtls_ctr_drbg_random, ctr_drbg
#else
- mbedtls_hmac_drbg_random, &hmac_drbg
+ mbedtls_hmac_drbg_random, hmac_drbg
#endif /* MBEDTLS_CTR_DRBG_C */
) ) != 0 )
{
@@ -2888,7 +2919,7 @@
goto exit;
}
- mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ mbedtls_ssl_conf_dtls_cookies( conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
}
else
@@ -2896,7 +2927,7 @@
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( opt.cookies == 0 )
{
- mbedtls_ssl_conf_dtls_cookies( &conf, NULL, NULL, NULL );
+ mbedtls_ssl_conf_dtls_cookies( conf, NULL, NULL, NULL );
}
else
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
@@ -2907,40 +2938,40 @@
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
!defined(MBEDTLS_SSL_CONF_ANTI_REPLAY)
if( opt.anti_replay != DFL_ANTI_REPLAY )
- mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
+ mbedtls_ssl_conf_dtls_anti_replay( conf, opt.anti_replay );
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
!defined(MBEDTLS_SSL_CONF_BADMAC_LIMIT)
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
- mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
+ mbedtls_ssl_conf_dtls_badmac_limit( conf, opt.badmac_limit );
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
+ mbedtls_ssl_conf_ciphersuites( conf, opt.force_ciphersuite );
#endif /* !MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
#if defined(MBEDTLS_ARC4_C)
if( opt.arc4 != DFL_ARC4 )
- mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
+ mbedtls_ssl_conf_arc4_support( conf, opt.arc4 );
#endif
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
if( opt.version_suites != NULL )
{
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
+ mbedtls_ssl_conf_ciphersuites_for_version( conf, version_suites[0],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_0 );
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
+ mbedtls_ssl_conf_ciphersuites_for_version( conf, version_suites[1],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_1 );
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
+ mbedtls_ssl_conf_ciphersuites_for_version( conf, version_suites[2],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_2 );
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[3],
+ mbedtls_ssl_conf_ciphersuites_for_version( conf, version_suites[3],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3 );
}
@@ -2948,18 +2979,18 @@
#if !defined(MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION)
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
- mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
+ mbedtls_ssl_conf_legacy_renegotiation( conf, opt.allow_legacy );
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
+ mbedtls_ssl_conf_renegotiation( conf, opt.renegotiation );
if( opt.renego_delay != DFL_RENEGO_DELAY )
- mbedtls_ssl_conf_renegotiation_enforced( &conf, opt.renego_delay );
+ mbedtls_ssl_conf_renegotiation_enforced( conf, opt.renego_delay );
if( opt.renego_period != DFL_RENEGO_PERIOD )
{
PUT_UINT64_BE( renego_period, opt.renego_period, 0 );
- mbedtls_ssl_conf_renegotiation_period( &conf, renego_period );
+ mbedtls_ssl_conf_renegotiation_period( conf, renego_period );
}
#endif
@@ -2967,15 +2998,15 @@
if( strcmp( opt.ca_path, "none" ) != 0 &&
strcmp( opt.ca_file, "none" ) != 0 )
{
- mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_ca_chain( conf, cacert, NULL );
}
if( key_cert_init )
{
- mbedtls_pk_context *pk = &pkey;
+ mbedtls_pk_context *pk = pkey;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay1 >= 0 )
{
- ret = ssl_async_set_key( &ssl_async_keys, &srvcert, pk, 0,
+ ret = ssl_async_set_key( ssl_async_keys, srvcert, pk, 0,
opt.async_private_delay1 );
if( ret < 0 )
{
@@ -2986,7 +3017,7 @@
pk = NULL;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, pk ) ) != 0 )
+ if( ( ret = mbedtls_ssl_conf_own_cert( conf, srvcert, pk ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
goto exit;
@@ -2994,11 +3025,11 @@
}
if( key_cert_init2 )
{
- mbedtls_pk_context *pk = &pkey2;
+ mbedtls_pk_context *pk = pkey2;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay2 >= 0 )
{
- ret = ssl_async_set_key( &ssl_async_keys, &srvcert2, pk, 0,
+ ret = ssl_async_set_key( ssl_async_keys, srvcert2, pk, 0,
opt.async_private_delay2 );
if( ret < 0 )
{
@@ -3009,7 +3040,7 @@
pk = NULL;
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
- if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert2, pk ) ) != 0 )
+ if( ( ret = mbedtls_ssl_conf_own_cert( conf, srvcert2, pk ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
goto exit;
@@ -3038,13 +3069,13 @@
- opt.async_private_error :
opt.async_private_error );
ssl_async_keys.f_rng = mbedtls_ctr_drbg_random;
- ssl_async_keys.p_rng = &ctr_drbg;
- mbedtls_ssl_conf_async_private_cb( &conf,
+ ssl_async_keys.p_rng = ctr_drbg;
+ mbedtls_ssl_conf_async_private_cb( conf,
sign,
decrypt,
ssl_async_resume,
ssl_async_cancel,
- &ssl_async_keys );
+ ssl_async_keys );
}
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -3052,14 +3083,14 @@
#if defined(SNI_OPTION)
if( opt.sni != NULL )
{
- mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info );
+ mbedtls_ssl_conf_sni( conf, sni_callback, sni_info );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay2 >= 0 )
{
sni_entry *cur;
for( cur = sni_info; cur != NULL; cur = cur->next )
{
- ret = ssl_async_set_key( &ssl_async_keys,
+ ret = ssl_async_set_key( ssl_async_keys,
cur->cert, cur->key, 1,
opt.async_private_delay2 );
if( ret < 0 )
@@ -3080,7 +3111,7 @@
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
- mbedtls_ssl_conf_curves( &conf, curve_list );
+ mbedtls_ssl_conf_curves( conf, curve_list );
}
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C*/
@@ -3088,7 +3119,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
{
- ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
+ ret = mbedtls_ssl_conf_psk( conf, psk, psk_len,
(const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) );
if( ret != 0 )
@@ -3099,7 +3130,7 @@
}
if( opt.psk_list != NULL )
- mbedtls_ssl_conf_psk_cb( &conf, psk_callback, psk_info );
+ mbedtls_ssl_conf_psk_cb( conf, psk_callback, psk_info );
#endif
#if defined(MBEDTLS_DHM_C)
@@ -3108,7 +3139,7 @@
*/
#if defined(MBEDTLS_FS_IO)
if( opt.dhm_file != NULL )
- ret = mbedtls_ssl_conf_dh_param_ctx( &conf, &dhm );
+ ret = mbedtls_ssl_conf_dh_param_ctx( conf, &dhm );
#endif
if( ret != 0 )
{
@@ -3122,13 +3153,13 @@
!defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) || \
!defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER)
if( opt.min_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ mbedtls_ssl_conf_min_version( conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( opt.max_version != DFL_MIN_VERSION )
- mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ mbedtls_ssl_conf_max_version( conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
#endif
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_setup( ssl, conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
goto exit;
@@ -3137,18 +3168,18 @@
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
- io_ctx.ssl = &ssl;
+ io_ctx.ssl = ssl;
io_ctx.net = &client_fd;
- mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
+ mbedtls_ssl_set_bio( ssl, &io_ctx, send_cb, recv_cb,
opt.nbio == 0 ? recv_timeout_cb : NULL );
#else
- mbedtls_ssl_set_bio_ctx( &ssl, &client_fd );
+ mbedtls_ssl_set_bio_ctx( ssl, &client_fd );
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled,
+ if( ( ret = mbedtls_ssl_set_cid( ssl, opt.cid_enabled,
cid, cid_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
@@ -3160,16 +3191,16 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.dtls_mtu != DFL_DTLS_MTU )
- mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
+ mbedtls_ssl_set_mtu( ssl, opt.dtls_mtu );
#endif
#if defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \
!defined(MBEDTLS_SSL_CONF_GET_TIMER)
- mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_ssl_set_timer_cb( ssl, timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#else
- mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer );
+ mbedtls_ssl_set_timer_cb_ctx( ssl, timer );
#endif
#endif
@@ -3204,7 +3235,7 @@
mbedtls_net_free( &client_fd );
- mbedtls_ssl_session_reset( &ssl );
+ mbedtls_ssl_session_reset( ssl );
/*
* 3. Wait until a client connects
@@ -3241,13 +3272,13 @@
}
#if !defined(MBEDTLS_SSL_CONF_READ_TIMEOUT)
- mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
+ mbedtls_ssl_conf_read_timeout( conf, opt.read_timeout );
#endif /* MBEDTLS_SSL_CONF_READ_TIMEOUT */
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
+ if( ( ret = mbedtls_ssl_set_client_transport_id( ssl,
client_ip, cliip_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
@@ -3260,7 +3291,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
{
- if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
+ if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( ssl,
(const unsigned char *) opt.ecjpake_pw,
strlen( opt.ecjpake_pw ) ) ) != 0 )
{
@@ -3279,7 +3310,7 @@
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
- while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
+ while( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
{
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
@@ -3297,7 +3328,7 @@
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
- ret = idle( &client_fd, &timer, ret );
+ ret = idle( &client_fd, timer, ret );
#else
ret = idle( &client_fd, ret );
#endif
@@ -3320,7 +3351,7 @@
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
{
char vrfy_buf[512];
- flags = mbedtls_ssl_get_verify_result( &ssl );
+ flags = mbedtls_ssl_get_verify_result( ssl );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
@@ -3338,23 +3369,23 @@
else /* ret == 0 */
{
mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
- mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
+ mbedtls_ssl_get_version( ssl ), mbedtls_ssl_get_ciphersuite( ssl ) );
}
- if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
+ if( ( ret = mbedtls_ssl_get_record_expansion( ssl ) ) >= 0 )
mbedtls_printf( " [ Record expansion is %d ]\n", ret );
else
mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
mbedtls_printf( " [ Maximum fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
+ (unsigned int) mbedtls_ssl_get_max_frag_len( ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
{
- const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
+ const char *alp = mbedtls_ssl_get_alpn_protocol( ssl );
mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
alp ? alp : "(none)" );
}
@@ -3366,7 +3397,7 @@
*/
mbedtls_printf( " . Verifying peer X.509 certificate..." );
- if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
+ if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
{
#if !defined(MBEDTLS_X509_REMOVE_INFO)
char vrfy_buf[512];
@@ -3384,26 +3415,26 @@
mbedtls_printf( " ok\n" );
#if !defined(MBEDTLS_X509_REMOVE_INFO)
- if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
+ if( mbedtls_ssl_get_peer_cert( ssl ) != NULL )
{
char crt_buf[512];
mbedtls_printf( " . Peer certificate information ...\n" );
mbedtls_x509_crt_info( crt_buf, sizeof( crt_buf ), " ",
- mbedtls_ssl_get_peer_cert( &ssl ) );
+ mbedtls_ssl_get_peer_cert( ssl ) );
mbedtls_printf( "%s\n", crt_buf );
}
#endif /* !MBEDTLS_X509_REMOVE_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ret = report_cid_usage( &ssl, "initial handshake" );
+ ret = report_cid_usage( ssl, "initial handshake" );
if( ret != 0 )
goto exit;
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
- if( ( ret = mbedtls_ssl_set_cid( &ssl, opt.cid_enabled_renego,
+ if( ( ret = mbedtls_ssl_set_cid( ssl, opt.cid_enabled_renego,
cid_renego, cid_renego_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
@@ -3434,14 +3465,14 @@
int terminated = 0;
len = opt.buffer_size - 1;
memset( buf, 0, opt.buffer_size );
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ ret = mbedtls_ssl_read( ssl, buf, len );
if( mbedtls_status_is_ssl_in_progress( ret ) )
{
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, ret );
+ idle( &client_fd, timer, ret );
#else
idle( &client_fd, ret );
#endif
@@ -3470,7 +3501,7 @@
}
}
- if( mbedtls_ssl_get_bytes_avail( &ssl ) == 0 )
+ if( mbedtls_ssl_get_bytes_avail( ssl ) == 0 )
{
len = ret;
buf[len] = '\0';
@@ -3487,7 +3518,7 @@
unsigned char *larger_buf;
ori_len = ret;
- extra_len = (int) mbedtls_ssl_get_bytes_avail( &ssl );
+ extra_len = (int) mbedtls_ssl_get_bytes_avail( ssl );
larger_buf = mbedtls_calloc( 1, ori_len + extra_len + 1 );
if( larger_buf == NULL )
@@ -3501,9 +3532,9 @@
memcpy( larger_buf, buf, ori_len );
/* This read should never fail and get the whole cached data */
- ret = mbedtls_ssl_read( &ssl, larger_buf + ori_len, extra_len );
+ ret = mbedtls_ssl_read( ssl, larger_buf + ori_len, extra_len );
if( ret != extra_len ||
- mbedtls_ssl_get_bytes_avail( &ssl ) != 0 )
+ mbedtls_ssl_get_bytes_avail( ssl ) != 0 )
{
mbedtls_printf( " ! mbedtls_ssl_read failed on cached data\n" );
ret = 1;
@@ -3550,17 +3581,17 @@
*/
/* For event-driven IO, wait for socket to become available */
- if( mbedtls_ssl_check_pending( &ssl ) == 0 &&
+ if( mbedtls_ssl_check_pending( ssl ) == 0 &&
opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ );
+ idle( &client_fd, timer, MBEDTLS_ERR_SSL_WANT_READ );
#else
idle( &client_fd, MBEDTLS_ERR_SSL_WANT_READ );
#endif
}
- ret = mbedtls_ssl_read( &ssl, buf, len );
+ ret = mbedtls_ssl_read( ssl, buf, len );
/* Note that even if `mbedtls_ssl_check_pending` returns true,
* it can happen that the subsequent call to `mbedtls_ssl_read`
@@ -3600,7 +3631,7 @@
mbedtls_printf( " . Requestion renegotiation..." );
fflush( stdout );
- while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
+ while( ( ret = mbedtls_ssl_renegotiate( ssl ) ) != 0 )
{
if( ! mbedtls_status_is_ssl_in_progress( ret ) )
{
@@ -3612,7 +3643,7 @@
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, ret );
+ idle( &client_fd, timer, ret );
#else
idle( &client_fd, ret );
#endif
@@ -3624,7 +3655,7 @@
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ret = report_cid_usage( &ssl, "after renegotiation" );
+ ret = report_cid_usage( ssl, "after renegotiation" );
if( ret != 0 )
goto exit;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
@@ -3636,7 +3667,7 @@
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
- mbedtls_ssl_get_ciphersuite( &ssl ) );
+ mbedtls_ssl_get_ciphersuite( ssl ) );
/* Add padding to the response to reach opt.response_size in length */
if( opt.response_size != DFL_RESPONSE_SIZE &&
@@ -3661,7 +3692,7 @@
{
for( written = 0, frags = 0; written < len; written += ret, frags++ )
{
- while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
+ while( ( ret = mbedtls_ssl_write( ssl, buf + written, len - written ) )
<= 0 )
{
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
@@ -3680,7 +3711,7 @@
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, ret );
+ idle( &client_fd, timer, ret );
#else
idle( &client_fd, ret );
#endif
@@ -3692,7 +3723,7 @@
{
while( 1 )
{
- ret = mbedtls_ssl_write( &ssl, buf, len );
+ ret = mbedtls_ssl_write( ssl, buf, len );
if( ! mbedtls_status_is_ssl_in_progress( ret ) )
break;
@@ -3701,7 +3732,7 @@
if( opt.event == 1 /* level triggered IO */ )
{
#if defined(MBEDTLS_TIMING_C)
- idle( &client_fd, &timer, ret );
+ idle( &client_fd, timer, ret );
#else
idle( &client_fd, ret );
#endif
@@ -3732,7 +3763,7 @@
mbedtls_printf( " . Serializing live connection..." );
- ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len );
+ ret = mbedtls_ssl_context_save( ssl, NULL, 0, &buf_len );
if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
@@ -3750,7 +3781,7 @@
}
context_buf_len = buf_len;
- if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf,
+ if( ( ret = mbedtls_ssl_context_save( ssl, context_buf,
buf_len, &buf_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned "
@@ -3786,11 +3817,11 @@
{
mbedtls_printf( " . Freeing and reinitializing context..." );
- mbedtls_ssl_free( &ssl );
+ mbedtls_ssl_free( ssl );
- mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_init( ssl );
- if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
+ if( ( ret = mbedtls_ssl_setup( ssl, conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned "
"-0x%x\n\n", -ret );
@@ -3807,20 +3838,20 @@
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
- mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
+ mbedtls_ssl_set_bio( ssl, &io_ctx, send_cb, recv_cb,
opt.nbio == 0 ? recv_timeout_cb : NULL );
#else
- mbedtls_ssl_set_bio_ctx( &ssl, &client_fd );
+ mbedtls_ssl_set_bio_ctx( ssl, &client_fd );
#endif
#if defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \
!defined(MBEDTLS_SSL_CONF_GET_TIMER)
- mbedtls_ssl_set_timer_cb( &ssl, &timer,
+ mbedtls_ssl_set_timer_cb( ssl, timer,
mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#else
- mbedtls_ssl_set_timer_cb_ctx( &ssl, &timer );
+ mbedtls_ssl_set_timer_cb_ctx( ssl, timer );
#endif
#endif /* MBEDTLS_TIMING_C */
@@ -3829,7 +3860,7 @@
mbedtls_printf( " . Deserializing connection..." );
- if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf,
+ if( ( ret = mbedtls_ssl_context_load( ssl, context_buf,
buf_len ) ) != 0 )
{
mbedtls_printf( "failed\n ! mbedtls_ssl_context_load returned "
@@ -3859,7 +3890,7 @@
mbedtls_printf( " . Closing the connection..." );
/* No error checking, the connection might be closed already */
- do ret = mbedtls_ssl_close_notify( &ssl );
+ do ret = mbedtls_ssl_close_notify( ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
ret = 0;
@@ -3871,6 +3902,7 @@
* Cleanup and exit
*/
exit:
+
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
@@ -3890,11 +3922,11 @@
mbedtls_dhm_free( &dhm );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_x509_crt_free( &cacert );
- mbedtls_x509_crt_free( &srvcert );
- mbedtls_pk_free( &pkey );
- mbedtls_x509_crt_free( &srvcert2 );
- mbedtls_pk_free( &pkey2 );
+ mbedtls_x509_crt_free( cacert );
+ mbedtls_x509_crt_free( srvcert );
+ mbedtls_pk_free( pkey );
+ mbedtls_x509_crt_free( srvcert2 );
+ mbedtls_pk_free( pkey2 );
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
for( i = 0; (size_t) i < ssl_async_keys.slots_used; i++ )
@@ -3917,20 +3949,20 @@
mbedtls_dhm_free( &dhm );
#endif
- mbedtls_ssl_free( &ssl );
- mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( ssl );
+ mbedtls_ssl_config_free( conf );
#if defined(MBEDTLS_CTR_DRBG_C)
- mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ctr_drbg_free( ctr_drbg );
#else
- mbedtls_hmac_drbg_free( &hmac_drbg );
+ mbedtls_hmac_drbg_free( hmac_drbg );
#endif
- mbedtls_entropy_free( &entropy );
+ mbedtls_entropy_free( entropy );
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_cache_free( &cache );
+ mbedtls_ssl_cache_free( cache );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- mbedtls_ssl_ticket_free( &ticket_ctx );
+ mbedtls_ssl_ticket_free( ticket_ctx );
#endif
#if defined(MBEDTLS_SSL_COOKIE_C)
mbedtls_ssl_cookie_free( &cookie_ctx );
@@ -3944,6 +3976,23 @@
mbedtls_free( context_buf );
#endif
+ mbedtls_free( ssl );
+ mbedtls_free( conf );
+ mbedtls_free( cacert );
+ mbedtls_free( srvcert );
+ mbedtls_free( pkey );
+ mbedtls_free( srvcert2 );
+ mbedtls_free( pkey2 );
+ mbedtls_free( cache );
+ mbedtls_free( timer );
+ mbedtls_free( ticket_ctx );
+ mbedtls_free( entropy );
+#if defined(MBEDTLS_CTR_DRBG_C)
+ mbedtls_free( ctr_drbg );
+#else
+ mbedtls_free( hmac_drbg );
+#endif
+
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_memory_buffer_alloc_status();