yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-07-08 06:50:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

X509: Remove MBEDTLS_SSL_PREVERIFY_CB

Browse source 
Add a callback typedef
This commit is contained in:
Andrzej Kurek 2018-03-30 05:59:52 -04:00
parent cc0b242894
commit 50ef31218b
6 changed files with 27 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
include/mbedtls/check_config.h
View file

@ -600,11 +600,6 @@
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites" #error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_SSL_PREVERIFY_CB) && \
!defined(MBEDTLS_X509_CRT_PARSE_C)
#error "MBEDTLS_SSL_PREVERIFY_CB defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_THREADING_PTHREAD) #if defined(MBEDTLS_THREADING_PTHREAD)
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites" #error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"

9
include/mbedtls/config.h
View file

@ -1436,15 +1436,6 @@
*/ */
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
/**
* \def MBEDTLS_SSL_PREVERIFY_CB
*
* Enable support for a pre-verification callback for received certificates.
*
* Uncomment this to enable support for the preverification callback
*/
//#define MBEDTLS_SSL_PREVERIFY_CB
/** /**
* \def MBEDTLS_THREADING_ALT * \def MBEDTLS_THREADING_ALT
* *

26
include/mbedtls/ssl.h
View file

@ -535,6 +535,16 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx,
*/ */
typedef int mbedtls_ssl_get_timer_t( void * ctx ); typedef int mbedtls_ssl_get_timer_t( void * ctx );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Callback type: receive notification before X.509 chain
* building
*
* \param ctx Context pointer
* \param crt X.509 certificate pointer
*/
typedef void mbedtls_ssl_pre_verify_t( void *ctx, mbedtls_x509_crt *crt );
#endif
/* Defined below */ /* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session; typedef struct mbedtls_ssl_session mbedtls_ssl_session;
@ -624,17 +634,15 @@ struct mbedtls_ssl_config
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to receive notification before X.509 chain building */
mbedtls_ssl_pre_verify_t *f_pre_vrfy;
void *p_pre_vrfy; /*!< context for pre-verify calllback */
/** Callback to customize X.509 certificate chain verification */ /** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify calllback */ void *p_vrfy; /*!< context for X.509 verify calllback */
#endif #endif
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
/** Callback to receive notification before X.509 chain building */
void (*f_pre_vrfy)(void *, mbedtls_x509_crt *);
void *p_pre_vrfy; /*!< context for pre-verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/** Callback to retrieve PSK key from identity */ /** Callback to retrieve PSK key from identity */
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
@ -1082,9 +1090,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy ); void *p_vrfy );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
/** /**
* \brief Set the pre-verification callback (Optional). * \brief Set the pre-verification callback (Optional).
* *
@ -1097,9 +1103,9 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
* \param p_pre_vrfy pre-verification parameter * \param p_pre_vrfy pre-verification parameter
*/ */
void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf,
void(*f_pre_vrfy)(void *, mbedtls_x509_crt *), mbedtls_ssl_pre_verify_t *f_pre_vrfy,
void *p_pre_vrfy); void *p_pre_vrfy);
#endif /* MBEDTLS_SSL_PREVERIFY_CB */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/** /**
* \brief Set the random number generator callback * \brief Set the random number generator callback

15
library/ssl_tls.c
View file

@ -4625,16 +4625,15 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
ca_crl = ssl->conf->ca_crl; ca_crl = ssl->conf->ca_crl;
} }
/*
* Main check: verify certificate
*/
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
if( ssl->conf->f_pre_vrfy != NULL ) if( ssl->conf->f_pre_vrfy != NULL )
{ {
ssl->conf->f_pre_vrfy( ssl->conf->p_pre_vrfy, ssl->conf->f_pre_vrfy( ssl->conf->p_pre_vrfy,
ssl->session_negotiate->peer_cert ); ssl->session_negotiate->peer_cert );
} }
#endif
/*
* Main check: verify certificate
*/
ret = mbedtls_x509_crt_verify_with_profile( ret = mbedtls_x509_crt_verify_with_profile(
ssl->session_negotiate->peer_cert, ssl->session_negotiate->peer_cert,
ca_chain, ca_crl, ca_chain, ca_crl,
@ -5884,17 +5883,15 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
conf->f_vrfy = f_vrfy; conf->f_vrfy = f_vrfy;
conf->p_vrfy = p_vrfy; conf->p_vrfy = p_vrfy;
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf,
void(*f_pre_vrfy)(void *, mbedtls_x509_crt *), mbedtls_ssl_pre_verify_t *f_pre_vrfy,
void *p_pre_vrfy) void *p_pre_vrfy)
{ {
conf->f_pre_vrfy = f_pre_vrfy; conf->f_pre_vrfy = f_pre_vrfy;
conf->p_pre_vrfy = p_pre_vrfy; conf->p_pre_vrfy = p_pre_vrfy;
} }
#endif /* MBEDTLS_SSL_PREVERIFY_CB */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),

3
library/version_features.c
View file

@ -471,9 +471,6 @@ static const char *features[] = {
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
"MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT", "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */ #endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
"MBEDTLS_SSL_PREVERIFY_CB",
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
#if defined(MBEDTLS_THREADING_ALT) #if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT", "MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */ #endif /* MBEDTLS_THREADING_ALT */

2
tests/suites/test_suite_ssl.function
View file

@ -82,7 +82,7 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PREVERIFY_CB:MBEDTLS_FS_IO:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_CIPHER_MODE_CBC */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_CIPHER_MODE_CBC */
void ssl_preverifycb( char *crt_file ) void ssl_preverifycb( char *crt_file )
{ {
mbedtls_ssl_context ssl; mbedtls_ssl_context ssl;