1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #include "bsl_sal.h"
18 #include "tls_binlog_id.h"
19 #include "hitls_type.h"
20 #include "hitls_crypt_type.h"
21 #include "hitls_config.h"
22 #include "hitls_error.h"
23 #include "tls_config.h"
24 #include "config.h"
25 #include "cipher_suite.h"
26 #include "cert_mgr.h"
27 #ifdef HITLS_TLS_FEATURE_SESSION
28 #include "session_mgr.h"
29 #endif
30 #ifdef HITLS_TLS_FEATURE_SECURITY
31 #include "security.h"
32 #endif
33 #include "config_type.h"
34
35 #ifdef HITLS_TLS_PROTO_TLCP11
36 uint16_t g_tlcpCipherSuites[] = {
37 HITLS_ECDHE_SM4_CBC_SM3,
38 HITLS_ECC_SM4_CBC_SM3,
39 HITLS_ECDHE_SM4_GCM_SM3,
40 HITLS_ECC_SM4_GCM_SM3,
41 };
42 #endif
43
44 uint16_t g_tls12CipherSuites[] = {
45 HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
46 HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
47 HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
48 HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
49 HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
50 HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
51 HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
52 HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
53 HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
54 HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
55 HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
56 HITLS_ECDHE_ECDSA_WITH_AES_128_CCM,
57 HITLS_ECDHE_ECDSA_WITH_AES_256_CCM,
58 HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
59 HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
60 HITLS_DHE_RSA_WITH_AES_128_CCM,
61 HITLS_DHE_RSA_WITH_AES_256_CCM,
62 HITLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
63 HITLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
64 HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
65 HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
66 HITLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
67 HITLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
68 HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
69 HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
70 HITLS_DHE_RSA_WITH_AES_256_CBC_SHA,
71 HITLS_DHE_DSS_WITH_AES_256_CBC_SHA,
72 HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
73 HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
74 HITLS_DHE_RSA_WITH_AES_128_CBC_SHA,
75 HITLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
76 HITLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
77 HITLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
78 HITLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
79 HITLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
80 HITLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
81 HITLS_DHE_DSS_WITH_AES_128_CBC_SHA,
82 HITLS_RSA_WITH_AES_256_GCM_SHA384,
83 HITLS_PSK_WITH_AES_256_GCM_SHA384,
84 HITLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
85 HITLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
86 HITLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
87 HITLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
88 HITLS_RSA_WITH_AES_128_GCM_SHA256,
89 HITLS_PSK_WITH_AES_128_GCM_SHA256,
90 HITLS_PSK_WITH_AES_256_CCM,
91 HITLS_RSA_WITH_AES_256_CBC_SHA256,
92 HITLS_RSA_WITH_AES_128_CBC_SHA256,
93 HITLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256,
94 HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
95 HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
96 HITLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
97 HITLS_DHE_PSK_WITH_AES_128_CCM,
98 HITLS_DHE_PSK_WITH_AES_256_CCM,
99 HITLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
100 HITLS_RSA_PSK_WITH_AES_256_CBC_SHA,
101 HITLS_DHE_PSK_WITH_AES_256_CBC_SHA,
102 HITLS_RSA_WITH_AES_256_CBC_SHA,
103 HITLS_PSK_WITH_AES_256_CBC_SHA384,
104 HITLS_PSK_WITH_AES_256_CBC_SHA,
105 HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
106 HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
107 HITLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
108 HITLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
109 HITLS_RSA_PSK_WITH_AES_128_CBC_SHA,
110 HITLS_DHE_PSK_WITH_AES_128_CBC_SHA,
111 HITLS_RSA_WITH_AES_128_CBC_SHA,
112 HITLS_PSK_WITH_AES_128_CBC_SHA256,
113 HITLS_PSK_WITH_AES_128_CBC_SHA,
114 };
115
SetDefaultCipherSuite(HITLS_Config * config,const uint16_t * cipherSuites,uint32_t cipherSuiteSize)116 int32_t SetDefaultCipherSuite(HITLS_Config *config, const uint16_t *cipherSuites, uint32_t cipherSuiteSize)
117 {
118 BSL_SAL_FREE(config->cipherSuites);
119 config->cipherSuites = BSL_SAL_Dump(cipherSuites, cipherSuiteSize);
120 if (config->cipherSuites == NULL) {
121 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16563, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "Dump fail", 0, 0, 0, 0);
122 return HITLS_MEMALLOC_FAIL;
123 }
124
125 config->cipherSuitesSize = cipherSuiteSize / sizeof(uint16_t);
126 return HITLS_SUCCESS;
127 }
128
129 #ifdef HITLS_TLS_PROTO_TLS13
SetTLS13DefaultCipherSuites(HITLS_Config * config)130 static int32_t SetTLS13DefaultCipherSuites(HITLS_Config *config)
131 {
132 const uint16_t ciphersuites13[] = {
133 HITLS_AES_256_GCM_SHA384,
134 HITLS_CHACHA20_POLY1305_SHA256,
135 HITLS_AES_128_GCM_SHA256,
136 };
137
138 BSL_SAL_FREE(config->tls13CipherSuites);
139 config->tls13CipherSuites = BSL_SAL_Dump(ciphersuites13, sizeof(ciphersuites13));
140 if (config->tls13CipherSuites == NULL) {
141 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16564, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "Dump fail", 0, 0, 0, 0);
142 return HITLS_MEMALLOC_FAIL;
143 }
144
145 config->tls13cipherSuitesSize = sizeof(ciphersuites13) / sizeof(uint16_t);
146 return HITLS_SUCCESS;
147 }
148 #endif
SetDefaultPointFormats(HITLS_Config * config)149 static int32_t SetDefaultPointFormats(HITLS_Config *config)
150 {
151 const uint8_t pointFormats[] = {HITLS_POINT_FORMAT_UNCOMPRESSED};
152 uint32_t size = sizeof(pointFormats);
153
154 BSL_SAL_FREE(config->pointFormats);
155 config->pointFormats = BSL_SAL_Dump(pointFormats, size);
156 if (config->pointFormats == NULL) {
157 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16565, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "Dump fail", 0, 0, 0, 0);
158 return HITLS_MEMALLOC_FAIL;
159 }
160 config->pointFormatsSize = size / sizeof(uint8_t);
161
162 return HITLS_SUCCESS;
163 }
164
BasicInitConfig(HITLS_Config * config)165 static void BasicInitConfig(HITLS_Config *config)
166 {
167 config->isSupportExtendMasterSecret = false;
168 config->emptyRecordsNum = HITLS_MAX_EMPTY_RECORDS;
169 #if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
170 config->allowLegacyRenegotiate = false;
171 #endif
172 #ifdef HITLS_TLS_FEATURE_ETM
173 config->isEncryptThenMac = true;
174 #endif
175 }
InitConfig(HITLS_Config * config)176 static void InitConfig(HITLS_Config *config)
177 {
178 BasicInitConfig(config);
179 #ifdef HITLS_TLS_FEATURE_RENEGOTIATION
180 config->allowClientRenegotiate = false;
181 config->isSupportRenegotiation = false;
182 #endif
183 #if defined(HITLS_TLS_FEATURE_RENEGOTIATION) && defined(HITLS_TLS_FEATURE_SESSION)
184 config->isResumptionOnRenego = false;
185 #endif
186 #ifdef HITLS_TLS_SUITE_KX_RSA
187 config->needCheckPmsVersion = false;
188 #endif
189 config->readAhead = 0;
190 #ifdef HITLS_TLS_CONFIG_KEY_USAGE
191 config->needCheckKeyUsage = true;
192 #endif
193 #ifdef HITLS_TLS_CONFIG_MANUAL_DH
194 config->isSupportDhAuto = false;
195 #endif
196 if (config->maxVersion == HITLS_VERSION_TLCP_DTLCP11) {
197 config->isSupportExtendMasterSecret = false;
198 }
199 #ifdef HITLS_TLS_FEATURE_FLIGHT
200 config->isFlightTransmitEnable = true;
201 #endif
202 #if defined(HITLS_TLS_PROTO_DTLS12) && defined(HITLS_BSL_UIO_UDP)
203 config->isSupportDtlsCookieExchange = false;
204 #endif
205 #ifdef HITLS_TLS_FEATURE_CERT_MODE
206 /** Set the certificate verification mode */
207 config->isSupportClientVerify = false;
208 config->isSupportNoClientCert = true;
209 config->isSupportVerifyNone = false;
210 #endif
211 #ifdef HITLS_TLS_FEATURE_PHA
212 config->isSupportPostHandshakeAuth = false;
213 #endif
214 #if defined(HITLS_TLS_FEATURE_RENEGOTIATION) && defined(HITLS_TLS_FEATURE_CERT_MODE)
215 config->isSupportClientOnceVerify = false;
216 #endif
217 config->isQuietShutdown = false;
218 config->maxCertList = HITLS_MAX_CERT_LIST_DEFAULT;
219 config->isKeepPeerCert = true;
220 #ifdef HITLS_TLS_FEATURE_SESSION_TICKET
221 config->isSupportSessionTicket = true;
222 config->ticketNums = HITLS_TLS13_TICKET_NUM_DEFAULT;
223 #endif
224 #ifdef HITLS_TLS_FEATURE_SECURITY
225 // Default security settings
226 SECURITY_SetDefault(config);
227 #endif
228 }
229
DefaultCipherSuitesByVersion(uint16_t version,HITLS_Config * config)230 static int32_t DefaultCipherSuitesByVersion(uint16_t version, HITLS_Config *config)
231 {
232 const uint16_t *groups = g_tls12CipherSuites;
233 uint32_t size = sizeof(g_tls12CipherSuites);
234 switch (version) {
235 #ifdef HITLS_TLS_PROTO_TLCP11
236 case HITLS_VERSION_TLCP_DTLCP11:
237 groups = g_tlcpCipherSuites;
238 size = sizeof(g_tlcpCipherSuites);
239 break;
240 #endif
241 default:
242 break;
243 }
244 return SetDefaultCipherSuite(config, groups, size);
245 }
246
DefaultConfig(HITLS_Lib_Ctx * libCtx,const char * attrName,uint16_t version,HITLS_Config * config)247 int32_t DefaultConfig(HITLS_Lib_Ctx *libCtx, const char *attrName, uint16_t version, HITLS_Config *config)
248 {
249 // Static settings
250 config->minVersion = version;
251 config->maxVersion = version;
252
253 config->libCtx = libCtx;
254 config->attrName = attrName;
255
256 InitConfig(config);
257
258 int32_t ret = DefaultCipherSuitesByVersion(version, config);
259 if (ret != HITLS_SUCCESS) {
260 goto ERR;
261 }
262 #ifdef HITLS_TLS_PROTO_TLS13
263 /* Configure the TLS1.3 cipher suite for all TLS versions */
264 ret = SetTLS13DefaultCipherSuites(config);
265 if (ret != HITLS_SUCCESS) {
266 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16570, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
267 "SetCipherSuites fail", 0, 0, 0, 0);
268 goto ERR;
269 }
270 #endif
271 if (ConfigLoadSignatureSchemeInfo(config) != HITLS_SUCCESS) {
272 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16571, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
273 "SetSignHashAlg fail", 0, 0, 0, 0);
274 goto ERR;
275 }
276
277 if ((SetDefaultPointFormats(config) != HITLS_SUCCESS) ||
278 (ConfigLoadGroupInfo(config) != HITLS_SUCCESS)) {
279 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16572, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
280 "SetPointFormats or SetGroups fail", 0, 0, 0, 0);
281 goto ERR;
282 }
283
284 if (SAL_CERT_MgrIsEnable()) {
285 config->certMgrCtx = SAL_CERT_MgrCtxProviderNew(libCtx, attrName);
286 if (config->certMgrCtx == NULL) {
287 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16573, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
288 "sessMgr new fail", 0, 0, 0, 0);
289 goto ERR;
290 }
291 }
292 #ifdef HITLS_TLS_FEATURE_SESSION
293 config->sessMgr = SESSMGR_New(config->libCtx);
294 if (config->sessMgr == NULL) {
295 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16574, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
296 "sessMgr new fail", 0, 0, 0, 0);
297 goto ERR;
298 }
299 #endif
300 return HITLS_SUCCESS;
301 ERR:
302 CFG_CleanConfig(config);
303 return HITLS_MEMALLOC_FAIL;
304 }
305 #ifdef HITLS_TLS_PROTO_TLS13
DefaultTLS13Config(HITLS_Config * config)306 int32_t DefaultTLS13Config(HITLS_Config *config)
307 {
308 // Static settings
309 config->minVersion = HITLS_VERSION_TLS13;
310 config->maxVersion = HITLS_VERSION_TLS13;
311
312 InitConfig(config);
313
314 // Dynamic setting. By default, only the cipher suite and point format are set. For details, see the comments in
315 // HITLS_CFG_NewDTLS12Config.
316 if ((SetTLS13DefaultCipherSuites(config) != HITLS_SUCCESS) ||
317 (SetDefaultPointFormats(config) != HITLS_SUCCESS) ||
318 (ConfigLoadGroupInfo(config) != HITLS_SUCCESS) ||
319 (ConfigLoadSignatureSchemeInfo(config) != HITLS_SUCCESS)) {
320 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16575, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
321 "Failed to set the default configuration of tls13", 0, 0, 0, 0);
322 CFG_CleanConfig(config);
323 return HITLS_MEMALLOC_FAIL;
324 }
325
326 config->keyExchMode = TLS13_KE_MODE_PSK_WITH_DHE;
327
328 if (SAL_CERT_MgrIsEnable()) {
329 config->certMgrCtx = SAL_CERT_MgrCtxProviderNew(LIBCTX_FROM_CONFIG(config), ATTRIBUTE_FROM_CONFIG(config));
330 if (config->certMgrCtx == NULL) {
331 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16576, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
332 "certMgrCtx new fail", 0, 0, 0, 0);
333 CFG_CleanConfig(config);
334 return HITLS_MEMALLOC_FAIL;
335 }
336 }
337 #ifdef HITLS_TLS_FEATURE_SESSION
338 config->sessMgr = SESSMGR_New(config->libCtx);
339 if (config->sessMgr == NULL) {
340 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16577, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
341 "sessMgr new fail", 0, 0, 0, 0);
342 CFG_CleanConfig(config);
343 return HITLS_MEMALLOC_FAIL;
344 }
345 #endif
346 return HITLS_SUCCESS;
347 }
348 #endif
349 #ifdef HITLS_TLS_PROTO_ALL
SetDefaultTlsAllCipherSuites(HITLS_Config * config)350 static int32_t SetDefaultTlsAllCipherSuites(HITLS_Config *config)
351 {
352 #ifdef HITLS_TLS_PROTO_TLS13
353 int32_t ret = SetTLS13DefaultCipherSuites(config);
354 if (ret != HITLS_SUCCESS) {
355 return ret;
356 }
357 #endif
358
359 return SetDefaultCipherSuite(config, g_tls12CipherSuites, sizeof(g_tls12CipherSuites));
360 }
361 #endif
362 #ifdef HITLS_TLS_PROTO_ALL
DefaultTlsAllConfig(HITLS_Config * config)363 int32_t DefaultTlsAllConfig(HITLS_Config *config)
364 {
365 // Support full version
366 config->minVersion = HITLS_VERSION_TLS12;
367 config->maxVersion = HITLS_VERSION_TLS13;
368
369 InitConfig(config);
370
371 // Dynamic setting
372 if ((SetDefaultTlsAllCipherSuites(config) != HITLS_SUCCESS) ||
373 (SetDefaultPointFormats(config) != HITLS_SUCCESS) ||
374 (ConfigLoadGroupInfo(config) != HITLS_SUCCESS) ||
375 (ConfigLoadSignatureSchemeInfo(config) != HITLS_SUCCESS)) {
376 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16578, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
377 "Failed to set the default configuration of tls_all", 0, 0, 0, 0);
378 CFG_CleanConfig(config);
379 return HITLS_MEMALLOC_FAIL;
380 }
381
382 config->keyExchMode = TLS13_KE_MODE_PSK_WITH_DHE;
383
384 if (SAL_CERT_MgrIsEnable()) {
385 config->certMgrCtx = SAL_CERT_MgrCtxProviderNew(LIBCTX_FROM_CONFIG(config), ATTRIBUTE_FROM_CONFIG(config));
386 if (config->certMgrCtx == NULL) {
387 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16579, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
388 "MgrCtx new fail", 0, 0, 0, 0);
389 CFG_CleanConfig(config);
390 return HITLS_MEMALLOC_FAIL;
391 }
392 }
393 #ifdef HITLS_TLS_FEATURE_SESSION
394 config->sessMgr = SESSMGR_New(config->libCtx);
395 if (config->sessMgr == NULL) {
396 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16580, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
397 "sessMgr new fail", 0, 0, 0, 0);
398 CFG_CleanConfig(config);
399 return HITLS_MEMALLOC_FAIL;
400 }
401 #endif
402 return HITLS_SUCCESS;
403 }
404 #endif
405 #ifdef HITLS_TLS_PROTO_DTLS
SetDefaultDtlsAllCipherSuites(HITLS_Config * config)406 static int32_t SetDefaultDtlsAllCipherSuites(HITLS_Config *config)
407 {
408 const uint16_t cipherSuites[] = {
409 /* DTLS1.2 */
410 HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
411 HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384, HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
412 HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
413 HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
414 HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
415 HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
416
417 /* The DTLS1.0 cipher suite is not supported */
418 };
419
420 return SetDefaultCipherSuite(config, cipherSuites, sizeof(cipherSuites));
421 }
422
DefaultDtlsAllConfig(HITLS_Config * config)423 int32_t DefaultDtlsAllConfig(HITLS_Config *config)
424 {
425 // Static settings
426 config->minVersion =
427 HITLS_VERSION_DTLS12; // does not support DTLS 1.0. Therefore, the minimum version number is set to DTLS 1.2.
428 config->maxVersion = HITLS_VERSION_DTLS12;
429
430 InitConfig(config);
431
432 // Dynamic setting
433 if ((SetDefaultDtlsAllCipherSuites(config) != HITLS_SUCCESS) ||
434 (SetDefaultPointFormats(config) != HITLS_SUCCESS) ||
435 (ConfigLoadGroupInfo(config) != HITLS_SUCCESS) ||
436 (ConfigLoadSignatureSchemeInfo(config) != HITLS_SUCCESS)) {
437 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16581, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
438 "set default config fail", 0, 0, 0, 0);
439 CFG_CleanConfig(config);
440 return HITLS_MEMALLOC_FAIL;
441 }
442
443 if (SAL_CERT_MgrIsEnable()) {
444 config->certMgrCtx = SAL_CERT_MgrCtxProviderNew(LIBCTX_FROM_CONFIG(config), ATTRIBUTE_FROM_CONFIG(config));
445 if (config->certMgrCtx == NULL) {
446 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16582, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
447 "MgrCtxNew fail", 0, 0, 0, 0);
448 CFG_CleanConfig(config);
449 return HITLS_MEMALLOC_FAIL;
450 }
451 }
452 #ifdef HITLS_TLS_FEATURE_SESSION
453 config->sessMgr = SESSMGR_New(config->libCtx);
454 if (config->sessMgr == NULL) {
455 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16583, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
456 "SESSMGR_New fail", 0, 0, 0, 0);
457 CFG_CleanConfig(config);
458 return HITLS_MEMALLOC_FAIL;
459 }
460 #endif
461 return HITLS_SUCCESS;
462 }
463 #endif
464