yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:15:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement context-specific verification callbacks

Browse source
This commit is contained in:
Hanno Becker 2019-04-03 12:52:50 +01:00
parent 726c97a825
commit 8927c83312
2 changed files with 31 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
include/mbedtls/ssl.h
View file

@ -1090,6 +1090,12 @@ struct mbedtls_ssl_context
unsigned badmac_seen; /*!< records with a bad MAC received */ unsigned badmac_seen; /*!< records with a bad MAC received */
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify calllback */
#endif
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
mbedtls_ssl_recv_timeout_t *f_recv_timeout; mbedtls_ssl_recv_timeout_t *f_recv_timeout;

26
library/ssl_tls.c
View file

@ -6038,6 +6038,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
mbedtls_x509_crt *ca_chain; mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl; mbedtls_x509_crl *ca_crl;
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy;
if( authmode == MBEDTLS_SSL_VERIFY_NONE ) if( authmode == MBEDTLS_SSL_VERIFY_NONE )
return( 0 ); return( 0 );
@ -6054,6 +6057,17 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
ca_crl = ssl->conf->ca_crl; ca_crl = ssl->conf->ca_crl;
} }
if( ssl->f_vrfy != NULL )
{
f_vrfy = ssl->f_vrfy;
p_vrfy = ssl->p_vrfy;
}
else
{
f_vrfy = ssl->conf->f_vrfy;
p_vrfy = ssl->conf->p_vrfy;
}
/* /*
* Main check: verify certificate * Main check: verify certificate
*/ */
@ -6063,7 +6077,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
ssl->conf->cert_profile, ssl->conf->cert_profile,
ssl->hostname, ssl->hostname,
&ssl->session_negotiate->verify_result, &ssl->session_negotiate->verify_result,
ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx ); f_vrfy, p_vrfy, rs_ctx );
if( ret != 0 ) if( ret != 0 )
{ {
@ -7902,6 +7916,16 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy )
{
ssl->f_vrfy = f_vrfy;
ssl->p_vrfy = p_vrfy;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* /*
* Set EC J-PAKE password for current handshake * Set EC J-PAKE password for current handshake