Hanno Becker adc282a5e8 Add zero-cost abstraction layer for CRT verification chain ... When verifying an X.509 certificate, the current verification logic maintains an instance of the internal mbedtls_x509_crt_verify_chain structure representing the state of the verification process. This instance references the list of certificates that comprise the chain built so far together with their verification flags. This information must be stored during verification because it's being passed to the verification callback at the end of verification - if the user has specified those. If the user hasn't specified a verification callback, it is not necessary to maintain the list of CRTs, and it is also not necessary to maintain verification flags for each CRT individually, as they're merged at the end of the verification process. To allow a readable simplification of the code in case no verification callbacks are used, this commit introduces a zero-cost abstraction layer for the functionality that's required from the verification chain structure: - init/reset - add a new CRT to the chain - get pointer to current CRT flags - add flags to EE certificate - get current chain length - trigger callbacks and get final (merged) flags This gives flexibility for re-implementing the verification chain structure, e.g. in the case where no verification callbacks are provided, and there's hence no need to store CRTs and flags individually. This will be done in a later commit.		2019-09-09 09:55:31 +01:00
..
mbedtls	Add zero-cost abstraction layer for CRT verification chain	2019-09-09 09:55:31 +01:00
tinycrypt	Consistently use the name tinycrypt over uecc	2019-05-09 11:24:11 +02:00
.gitignore
CMakeLists.txt	Merge branch 'mbedtls-2.16' into baremetal	2019-06-18 09:00:37 +01:00