Add an "SSL" infix to MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

configs/baremetal.h

@@ -163,7 +163,7 @@
 
 /* Further optimizations */
 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
-#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+#define MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
 #define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
 #define MBEDTLS_SSL_IMMEDIATE_TRANSMISSION
 #define MBEDTLS_SSL_EARLY_KEY_COMPUTATION

include/mbedtls/check_config.h

@@ -910,8 +910,8 @@
 #undef MBEDTLS_HASHES_ENABLED
 #endif /* MBEDTLS_MD_SINGLE_HASH */
 
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-#error "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+#error "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
 #endif
 
 

include/mbedtls/config.h

@@ -41,13 +41,13 @@
  */
 
 /**
- * \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+ * \def MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
  *
  * Enable the delayed verification of server
  * certificates on the client side.
  *
  */
-//#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+//#define MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
 
 /**
  * \def MBEDTLS_HAVE_ASM

include/mbedtls/ssl_internal.h

@@ -1089,12 +1089,12 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
                                 mbedtls_md_type_t md );
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
 int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl,
                                                   int authmode,
                                                   mbedtls_x509_crt *chain,
                                                   void *rs_ctx );
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
 
 
 static inline int mbedtls_ssl_get_minor_ver( mbedtls_ssl_context const *ssl )

library/ssl_cli.c

@@ -4229,10 +4229,10 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
 int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
 {
     int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
     void *rs_ctx = NULL;
     int authmode;
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
 
     if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -4339,7 +4339,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
 
        case MBEDTLS_SSL_CLIENT_FINISHED:
 
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
            authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
                        ? ssl->handshake->sni_authmode
@@ -4354,7 +4354,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
                                    ssl->session_negotiate->peer_cert, rs_ctx );
            if( ret != 0 )
                break;
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
 
            ret = mbedtls_ssl_write_finished( ssl );
            break;

library/ssl_tls.c

@@ -8022,7 +8022,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
 }
 
 
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
 /* mbedtls_ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify
  * to call it in ssl_cli.c rather than purely internal to ssl_tls.c.
  */
@@ -8038,7 +8038,7 @@ int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl,
                                           rs_ctx ) );
 
 }
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
 
 
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
@@ -8181,13 +8181,13 @@ crt_verify:
         rs_ctx = &ssl->handshake->ecrs_ctx;
 #endif
 
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
     if (mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT )
     {
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "delay server certificate verification" ) );
     }
     else
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
     {
         ret = ssl_parse_certificate_verify( ssl, authmode,
                                             chain, rs_ctx );

library/version_features.c

@@ -33,9 +33,9 @@
 
 static const char *features[] = {
 #if defined(MBEDTLS_VERSION_FEATURES)
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
-    "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION",
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
+    "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION",
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
 #if defined(MBEDTLS_HAVE_ASM)
     "MBEDTLS_HAVE_ASM",
 #endif /* MBEDTLS_HAVE_ASM */

programs/ssl/query_config.c

@@ -130,13 +130,13 @@
 
 int query_config( const char *config )
 {
-#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION)
-    if( strcmp( "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 )
+#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION)
+    if( strcmp( "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 )
     {
-        MACRO_EXPANSION_TO_STR( MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION );
+        MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION );
         return( 0 );
     }
-#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */
+#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */
 
 #if defined(MBEDTLS_HAVE_ASM)
     if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 )

scripts/config.pl

@@ -62,7 +62,7 @@
 #   MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
 #   MBEDTLS_AES_128_BIT_MASKED
 #   MBEDTLS_PLATFORM_FAULT_CALLBACKS
-#   MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+#   MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
 #   MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
 #   MBEDTLS_SSL_IMMEDIATE_TRANSMISSION
 #   MBEDTLS_SSL_EARLY_KEY_COMPUTATION
@@ -154,7 +154,7 @@ MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY
 MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
 MBEDTLS_AES_128_BIT_MASKED
 MBEDTLS_PLATFORM_FAULT_CALLBACKS
-MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
+MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION
 MBEDTLS_SSL_FREE_SERVER_CERTIFICATE
 MBEDTLS_SSL_IMMEDIATE_TRANSMISSION
 MBEDTLS_SSL_EARLY_KEY_COMPUTATION