Move things to conf substructure

A simple series of sed invocations.

This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
parent 6df3196e
......@@ -868,11 +868,13 @@ typedef struct
* Numerical settings (int then char)
*/
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
uint32_t hs_timeout_min; /*!< initial value of the handshake
retransmission timeout */
retransmission timeout (ms) */
uint32_t hs_timeout_max; /*!< maximum value of the handshake
retransmission timeout */
retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
......@@ -934,11 +936,12 @@ mbedtls_ssl_config;
struct mbedtls_ssl_context
{
mbedtls_ssl_config *conf; /*!< configuration information */
/*
* Miscellaneous
*/
int state; /*!< SSL handshake: current state */
int transport; /*!< Transport: stream or datagram */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renego_status; /*!< Initial, in progress, pending? */
int renego_records_seen; /*!< Records since renego request, or with DTLS,
......@@ -949,60 +952,24 @@ struct mbedtls_ssl_context
int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
int max_major_ver; /*!< max. major version used */
int max_minor_ver; /*!< max. minor version used */
int min_major_ver; /*!< min. major version used */
int min_minor_ver; /*!< min. minor version used */
uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read in milliseconds */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
unsigned badmac_limit; /*!< limit of records with a bad MAC */
unsigned badmac_seen; /*!< records with a bad MAC received */
#endif
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
char fallback; /*!< flag for fallback connections */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
char encrypt_then_mac; /*!< flag for encrypt-then-mac */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
char extended_ms; /*!< flag for extended master secret */
#endif
char arc4_disabled; /*!< flag for disabling RC4 */
/*
* Callbacks (RNG, debug, I/O, verification)
* Callbacks
*/
int (*f_rng)(void *, unsigned char *, size_t);
void (*f_dbg)(void *, int, const char *);
void *p_rng; /*!< context for the RNG function */
int (*f_send)(void *, const unsigned char *, size_t);
int (*f_recv)(void *, unsigned char *, size_t);
int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t);
int (*f_get_cache)(void *, mbedtls_ssl_session *);
int (*f_set_cache)(void *, const mbedtls_ssl_session *);
void *p_rng; /*!< context for the RNG function */
void *p_dbg; /*!< context for the debug function */
void *p_bio; /*!< context for I/O operations */
void *p_get_cache; /*!< context for cache retrieval */
void *p_set_cache; /*!< context for cache store */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *p_sni; /*!< context for SNI extension */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *);
void *p_vrfy; /*!< context for verification */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
void *p_psk; /*!< context for PSK retrieval */
#endif
/*
* Session layer
......@@ -1029,10 +996,6 @@ struct mbedtls_ssl_context
#if defined(MBEDTLS_SSL_PROTO_DTLS)
struct mbedtls_timing_hr_time time_info; /*!< timer context */
unsigned long time_limit; /*!< limit for the running timer */
uint32_t hs_timeout_min; /*!< initial value of the handshake
retransmission timeout */
uint32_t hs_timeout_max; /*!< maximum value of the handshake
retransmission timeout */
#endif
/*
......@@ -1059,7 +1022,6 @@ struct mbedtls_ssl_context
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
uint64_t in_window_top; /*!< last validated record seq_num */
uint64_t in_window; /*!< bitmask for replay detection */
char anti_replay; /*!< is anti-replay on? */
#endif
size_t in_hslen; /*!< current handshake message length,
......@@ -1084,9 +1046,6 @@ struct mbedtls_ssl_context
#if defined(MBEDTLS_ZLIB_SUPPORT)
unsigned char *compress_buf; /*!< zlib data buffer */
#endif
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
unsigned char mfl_code; /*!< MaxFragmentLength chosen by us */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
signed char split_done; /*!< flag for record splitting:
-1 disabled, 0 todo, 1 done */
......@@ -1096,10 +1055,6 @@ struct mbedtls_ssl_context
* PKI layer
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_ssl_key_cert *key_cert; /*!< own certificate(s)/key(s) */
mbedtls_x509_crt *ca_chain; /*!< own trusted CA chain */
mbedtls_x509_crl *ca_crl; /*!< trusted CA CRLs */
const char *peer_cn; /*!< expected peer CN */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
......@@ -1110,48 +1065,12 @@ struct mbedtls_ssl_context
mbedtls_ssl_ticket_keys *ticket_keys; /*!< keys for ticket encryption */
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
/*
* User settings
*/
int endpoint; /*!< 0: client, 1: server */
int authmode; /*!< verification mode */
int client_auth; /*!< flag for client auth. */
int verify_result; /*!< verification result */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int disable_renegotiation; /*!< enable/disable renegotiation */
int renego_max_records; /*!< grace period for renegotiation */
unsigned char renego_period[8]; /*!< value of the record counters
that triggers renegotiation */
#endif
/* needed for option break handshake with insecure peers */
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
#if defined(MBEDTLS_SSL_SET_CURVES)
const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< negotiate truncated hmac? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int session_tickets; /*!< use session tickets? */
int ticket_lifetime; /*!< session ticket lifetime */
#endif
#if defined(MBEDTLS_DHM_C)
mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
mbedtls_mpi dhm_G; /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/*
* PSK values
* User settings
*/
unsigned char *psk;
size_t psk_len;
unsigned char *psk_identity;
size_t psk_identity_len;
#endif
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/*
* SNI extension
......@@ -1161,10 +1080,6 @@ struct mbedtls_ssl_context
#endif
#if defined(MBEDTLS_SSL_ALPN)
/*
* ALPN extension
*/
const char **alpn_list; /*!< ordered list of supported protocols */
const char *alpn_chosen; /*!< negotiated protocol */
#endif
......@@ -1174,11 +1089,6 @@ struct mbedtls_ssl_context
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
unsigned char *cli_id; /*!< transport-level ID of the client */
size_t cli_id_len; /*!< length of cli_id */
int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t );
int (*f_cookie_check)( void *, const unsigned char *, size_t,
const unsigned char *, size_t );
void *p_cookie; /*!< context for the cookie callbacks */
#endif
/*
......@@ -2446,7 +2356,7 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 13 );
#else
((void) ssl);
......@@ -2457,7 +2367,7 @@ static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
return( 12 );
#else
((void) ssl);
......
......@@ -83,18 +83,18 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
char str[512];
int maxlen = sizeof( str ) - 1;
if( ssl->f_dbg == NULL || level > debug_threshold )
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_RAW )
{
ssl->f_dbg( ssl->p_dbg, level, text );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, text );
return;
}
mbedtls_snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
}
void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
......@@ -105,7 +105,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
int maxlen = sizeof( str ) - 1;
size_t idx = 0;
if( ssl->f_dbg == NULL || level > debug_threshold )
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
......@@ -115,7 +115,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
text, ret, -ret );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
}
void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
......@@ -126,7 +126,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
char txt[17];
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
if( ssl->f_dbg == NULL || level > debug_threshold )
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
......@@ -136,7 +136,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
text, (unsigned int) len );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
......@@ -150,7 +150,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
if( i > 0 )
{
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
idx = 0;
memset( txt, 0, sizeof( txt ) );
......@@ -175,7 +175,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
idx += mbedtls_snprintf( str + idx, maxlen - idx, " " );
mbedtls_snprintf( str + idx, maxlen - idx, " %s\n", txt );
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
}
}
......@@ -187,7 +187,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
char str[512];
int maxlen = sizeof( str ) - 1;
if( ssl->f_dbg == NULL || level > debug_threshold )
if( ssl->conf->f_dbg == NULL || level > debug_threshold )
return;
mbedtls_snprintf( str, maxlen, "%s(X)", text );
......@@ -209,7 +209,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
int j, k, maxlen = sizeof( str ) - 1, zeros = 1;
size_t i, n, idx = 0;
if( ssl->f_dbg == NULL || X == NULL || level > debug_threshold )
if( ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold )
return;
for( n = X->n - 1; n > 0; n-- )
......@@ -227,7 +227,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
idx = 0;
for( i = n + 1, j = 0; i > 0; i-- )
......@@ -247,7 +247,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
if( j > 0 )
{
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
idx = 0;
}
......@@ -274,7 +274,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
}
mbedtls_snprintf( str + idx, maxlen - idx, "\n" );
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
}
#endif /* MBEDTLS_BIGNUM_C */
......@@ -322,7 +322,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
char str[1024], prefix[64];
int i = 0, maxlen = sizeof( prefix ) - 1, idx = 0;
if( ssl->f_dbg == NULL || crt == NULL || level > debug_threshold )
if( ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
return;
if( debug_log_mode == MBEDTLS_DEBUG_LOG_FULL )
......@@ -347,7 +347,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
text, ++i, buf );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->conf->f_dbg( ssl->conf->p_dbg, level, str );
debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
......
......@@ -158,7 +158,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
*olen = 0;
if( ssl->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
return;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
......@@ -262,7 +262,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
#if defined(MBEDTLS_SSL_SET_CURVES)
for( grp_id = ssl->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
#else
......@@ -320,7 +320,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
{
unsigned char *p = buf;
if( ssl->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
*olen = 0;
return;
}
......@@ -333,7 +333,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
*p++ = 0x00;
*p++ = 1;
*p++ = ssl->mfl_code;
*p++ = ssl->conf->mfl_code;
*olen = 5;
}
......@@ -345,7 +345,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
{
unsigned char *p = buf;
if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
{
*olen = 0;
return;
......@@ -369,8 +369,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
{
unsigned char *p = buf;
if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
*olen = 0;
return;
......@@ -395,8 +395,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
{
unsigned char *p = buf;
if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
ssl->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
{
*olen = 0;
return;
......@@ -422,7 +422,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
unsigned char *p = buf;
size_t tlen = ssl->session_negotiate->ticket_len;
if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
{
*olen = 0;
return;
......@@ -459,7 +459,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
unsigned char *p = buf;
const char **cur;
if( ssl->alpn_list == NULL )
if( ssl->conf->alpn_list == NULL )
{
*olen = 0;
return;
......@@ -481,7 +481,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
/* Skip writing extension and list length for now */
p += 4;
for( cur = ssl->alpn_list; *cur != NULL; cur++ )
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
{
*p = (unsigned char)( strlen( *cur ) & 0xFF );
memcpy( p + 1, *cur, *p );
......@@ -515,7 +515,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
* When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->verify_cookie != NULL )
{
return( 0 );
......@@ -565,14 +565,14 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
#endif
{
ssl->major_ver = ssl->min_major_ver;
ssl->minor_ver = ssl->min_minor_ver;
ssl->major_ver = ssl->conf->min_major_ver;
ssl->minor_ver = ssl->conf->min_minor_ver;
}
if( ssl->max_major_ver == 0 && ssl->max_minor_ver == 0 )
if( ssl->conf->max_major_ver == 0 && ssl->conf->max_minor_ver == 0 )
{
ssl->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
ssl->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
ssl->conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
ssl->conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
}
/*
......@@ -585,8 +585,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
buf = ssl->out_msg;
p = buf + 4;
mbedtls_ssl_write_version( ssl->max_major_ver, ssl->max_minor_ver,
ssl->transport, p );
mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
ssl->conf->transport, p );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
......@@ -659,7 +659,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
* DTLS cookie
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if( ssl->handshake->verify_cookie == NULL )
{
......@@ -683,7 +683,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
/*
* Ciphersuite list
*/
ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
/* Skip writing ciphersuite length for now */
n = 0;
......@@ -697,17 +697,17 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
if( ciphersuite_info == NULL )
continue;
if( ciphersuite_info->min_minor_ver > ssl->max_minor_ver ||
ciphersuite_info->max_minor_ver < ssl->min_minor_ver )
if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
continue;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
continue;
#endif
if( ssl->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
continue;
......@@ -760,7 +760,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
* an actual need for it.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
offer_compress = 0;
#endif
......@@ -860,7 +860,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_send_flight_completed( ssl );
#endif
......@@ -928,9 +928,9 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
* server should use the extension only if we did,
* and if so the server's value should match ours (and len is always 1)
*/
if( ssl->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
len != 1 ||
buf[0] != ssl->mfl_code )
buf[0] != ssl->conf->mfl_code )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
......@@ -944,7 +944,7 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
len != 0 )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
......@@ -963,7 +963,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
len != 0 )
{
......@@ -983,7 +983,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
len != 0 )
{
......@@ -1003,7 +1003,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
len != 0 )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
......@@ -1060,7 +1060,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
const char **p;
/* If we didn't send it, the server shouldn't send it */
if( ssl->alpn_list == NULL )
if( ssl->conf->alpn_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
/*
......@@ -1086,7 +1086,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
/* Check that the server chosen protocol was in our list and save it */
for( p = ssl->alpn_list; *p != NULL; p++ )
for( p = ssl->conf->alpn_list; *p != NULL; p++ )
{
if( name_len == strlen( *p ) &&
memcmp( buf + 3, *p, name_len ) == 0 )
......@@ -1119,7 +1119,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
* } HelloVerifyRequest;
*/
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->transport, p );
mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
p += 2;
/*
......@@ -1128,8 +1128,8 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
*/
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
major_ver > ssl->max_major_ver ||
minor_ver > ssl->max_minor_ver )
major_ver > ssl->conf->max_major_ver ||
minor_ver > ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
......@@ -1199,8 +1199,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
{
ssl->renego_records_seen++;
if( ssl->renego_max_records >= 0 &&
ssl->renego_records_seen > ssl->renego_max_records )
if( ssl->conf->renego_max_records >= 0 &&
ssl->renego_records_seen > ssl->conf->renego_max_records )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
"but not honored by server" ) );
......@@ -1217,7 +1217,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )