yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 04:55:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

X509: Remove MBEDTLS_SSL_PREVERIFY_CB

Browse Source 
Add a callback typedef
This commit is contained in:
Andrzej Kurek 2018-03-30 05:59:52 -04:00
parent cc0b242894
commit 50ef31218b
6 changed files with 27 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/mbedtls/check_config.h
View File

@ -600,11 +600,6 @@
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_PREVERIFY_CB) && \
!defined(MBEDTLS_X509_CRT_PARSE_C)
#error "MBEDTLS_SSL_PREVERIFY_CB defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_THREADING_PTHREAD)
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"

9
include/mbedtls/config.h
View File

@ -1436,15 +1436,6 @@
*/
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
/**
* \def MBEDTLS_SSL_PREVERIFY_CB
*
* Enable support for a pre-verification callback for received certificates.
*
* Uncomment this to enable support for the preverification callback
*/
//#define MBEDTLS_SSL_PREVERIFY_CB
/**
* \def MBEDTLS_THREADING_ALT
*

30
include/mbedtls/ssl.h
View File

@ -535,6 +535,16 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx,
*/
typedef int mbedtls_ssl_get_timer_t( void * ctx );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Callback type: receive notification before X.509 chain
* building
*
* \param ctx Context pointer
* \param crt X.509 certificate pointer
*/
typedef void mbedtls_ssl_pre_verify_t( void *ctx, mbedtls_x509_crt *crt );
#endif
/* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
@ -624,17 +634,15 @@ struct mbedtls_ssl_config
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to receive notification before X.509 chain building */
mbedtls_ssl_pre_verify_t *f_pre_vrfy;
void *p_pre_vrfy; /*!< context for pre-verify calllback */
/** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
/** Callback to receive notification before X.509 chain building */
void (*f_pre_vrfy)(void *, mbedtls_x509_crt *);
void *p_pre_vrfy; /*!< context for pre-verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
@ -1082,9 +1090,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
/**
* \brief Set the pre-verification callback (Optional).
*
@ -1096,10 +1102,10 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
* \param f_pre_vrfy pre-verification function
* \param p_pre_vrfy pre-verification parameter
*/
void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
void(*f_pre_vrfy)(void *, mbedtls_x509_crt *),
void *p_pre_vrfy);
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf,
mbedtls_ssl_pre_verify_t *f_pre_vrfy,
void *p_pre_vrfy);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
* \brief Set the random number generator callback

19
library/ssl_tls.c
View File

@ -4625,16 +4625,15 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
ca_crl = ssl->conf->ca_crl;
}
/*
* Main check: verify certificate
*/
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
if( ssl->conf->f_pre_vrfy != NULL )
{
ssl->conf->f_pre_vrfy( ssl->conf->p_pre_vrfy,
ssl->session_negotiate->peer_cert );
}
#endif
/*
* Main check: verify certificate
*/
ret = mbedtls_x509_crt_verify_with_profile(
ssl->session_negotiate->peer_cert,
ca_chain, ca_crl,
@ -5884,17 +5883,15 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
conf->f_vrfy = f_vrfy;
conf->p_vrfy = p_vrfy;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
void(*f_pre_vrfy)(void *, mbedtls_x509_crt *),
void *p_pre_vrfy)
void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf,
mbedtls_ssl_pre_verify_t *f_pre_vrfy,
void *p_pre_vrfy)
{
conf->f_pre_vrfy = f_pre_vrfy;
conf->p_pre_vrfy = p_pre_vrfy;
}
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
int (*f_rng)(void *, unsigned char *, size_t),

3
library/version_features.c
View File

@ -471,9 +471,6 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
"MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
"MBEDTLS_SSL_PREVERIFY_CB",
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
#if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */

2
tests/suites/test_suite_ssl.function
View File

@ -82,7 +82,7 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PREVERIFY_CB:MBEDTLS_FS_IO:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_CIPHER_MODE_CBC */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_CIPHER_MODE_CBC */
void ssl_preverifycb( char *crt_file )
{
mbedtls_ssl_context ssl;