diff --git a/configs/baremetal.h b/configs/baremetal.h index 3c59bb926..a0fb744e6 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -163,7 +163,7 @@ /* Further optimizations */ #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE -#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +#define MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION #define MBEDTLS_SSL_FREE_SERVER_CERTIFICATE #define MBEDTLS_SSL_IMMEDIATE_TRANSMISSION #define MBEDTLS_SSL_EARLY_KEY_COMPUTATION diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 2a2f19c14..4c92954e9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -910,8 +910,8 @@ #undef MBEDTLS_HASHES_ENABLED #endif /* MBEDTLS_MD_SINGLE_HASH */ -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -#error "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) && !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +#error "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION can only be used with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d9b69224a..22eba11de 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -41,13 +41,13 @@ */ /** - * \def MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION + * \def MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION * * Enable the delayed verification of server * certificates on the client side. * */ -//#define MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +//#define MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION /** * \def MBEDTLS_HAVE_ASM diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 5d8f6fdbd..441109dd4 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1089,12 +1089,12 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ); #endif -#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, int authmode, mbedtls_x509_crt *chain, void *rs_ctx ); -#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ static inline int mbedtls_ssl_get_minor_ver( mbedtls_ssl_context const *ssl ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index ba6a806e4..cc6c86d31 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4229,10 +4229,10 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) void *rs_ctx = NULL; int authmode; -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -4339,7 +4339,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_CLIENT_FINISHED: -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ? ssl->handshake->sni_authmode @@ -4354,7 +4354,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) ssl->session_negotiate->peer_cert, rs_ctx ); if( ret != 0 ) break; -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ ret = mbedtls_ssl_write_finished( ssl ); break; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 75ec82170..64152814a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8022,7 +8022,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, } -#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) /* mbedtls_ssl_parse_delayed_certificate_verify() defines a wrapper around ssl_parse_certificate_verify * to call it in ssl_cli.c rather than purely internal to ssl_tls.c. */ @@ -8038,7 +8038,7 @@ int mbedtls_ssl_parse_delayed_certificate_verify( mbedtls_ssl_context *ssl, rs_ctx ) ); } -#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED && MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) @@ -8181,13 +8181,13 @@ crt_verify: rs_ctx = &ssl->handshake->ecrs_ctx; #endif -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) if (mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "delay server certificate verification" ) ); } else -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ { ret = ssl_parse_certificate_verify( ssl, authmode, chain, rs_ctx ); diff --git a/library/version_features.c b/library/version_features.c index 0ada3c672..c270c3a63 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -33,9 +33,9 @@ static const char *features[] = { #if defined(MBEDTLS_VERSION_FEATURES) -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) - "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION", -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) + "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION", +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index 1f8ae210c..4798f7ca7 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -130,13 +130,13 @@ int query_config( const char *config ) { -#if defined(MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION) - if( strcmp( "MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 ) +#if defined(MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION) + if( strcmp( "MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION ); + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION ); return( 0 ); } -#endif /* MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION */ +#endif /* MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION */ #if defined(MBEDTLS_HAVE_ASM) if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 ) diff --git a/scripts/config.pl b/scripts/config.pl index d2af5a475..6d6a470b9 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -62,7 +62,7 @@ # MBEDTLS_OPTIMIZE_TINYCRYPT_ASM # MBEDTLS_AES_128_BIT_MASKED # MBEDTLS_PLATFORM_FAULT_CALLBACKS -# MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +# MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION # MBEDTLS_SSL_FREE_SERVER_CERTIFICATE # MBEDTLS_SSL_IMMEDIATE_TRANSMISSION # MBEDTLS_SSL_EARLY_KEY_COMPUTATION @@ -154,7 +154,7 @@ MBEDTLS_VALIDATE_SSL_KEYS_INTEGRITY MBEDTLS_OPTIMIZE_TINYCRYPT_ASM MBEDTLS_AES_128_BIT_MASKED MBEDTLS_PLATFORM_FAULT_CALLBACKS -MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION +MBEDTLS_SSL_DELAYED_SERVER_CERT_VERIFICATION MBEDTLS_SSL_FREE_SERVER_CERTIFICATE MBEDTLS_SSL_IMMEDIATE_TRANSMISSION MBEDTLS_SSL_EARLY_KEY_COMPUTATION