yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Relax some dependencies

Browse source 
- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY

Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone).
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-20 10:59:43 +02:00
parent b596abfdc0
commit e057d3bf6b
4 changed files with 35 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
include/mbedtls/check_config.h
View file

@ -392,12 +392,7 @@
#error "Illegal protocol selection" #error "Illegal protocol selection"
#endif #endif
#if defined(MBEDTLS_SSL_COOKIE_C) && !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
#error "MBEDTLS_SSL_COOKIE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && \
( !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites" #error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
#endif #endif

5
include/mbedtls/config.h
View file

@ -1087,8 +1087,7 @@
* *
* \warning Disabling this can ba a security risk! (see above) * \warning Disabling this can ba a security risk! (see above)
* *
* Requires: MBEDTLS_SSL_SRV_C * Requires: MBEDTLS_SSL_PROTO_DTLS
* MBEDTLS_SSL_PROTO_DTLS
* *
* Comment this to disable support for HelloVerifyRequest. * Comment this to disable support for HelloVerifyRequest.
*/ */
@ -2085,8 +2084,6 @@
* *
* Module: library/ssl_cookie.c * Module: library/ssl_cookie.c
* Caller: * Caller:
*
* Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
*/ */
#define MBEDTLS_SSL_COOKIE_C #define MBEDTLS_SSL_COOKIE_C

55
include/mbedtls/ssl.h
View file

@ -812,7 +812,7 @@ typedef struct
void *p_psk; /*!< context for PSK callback */ void *p_psk; /*!< context for PSK callback */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */ /** Callback to create & write a cookie for ClientHello veirifcation */
int (*f_cookie_write)( void *, unsigned char **, unsigned char *, int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t ); const unsigned char *, size_t );
@ -1056,7 +1056,7 @@ struct mbedtls_ssl_context
/* /*
* Information for DTLS hello verify * Information for DTLS hello verify
*/ */
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
unsigned char *cli_id; /*!< transport-level ID of the client */ unsigned char *cli_id; /*!< transport-level ID of the client */
size_t cli_id_len; /*!< length of cli_id */ size_t cli_id_len; /*!< length of cli_id */
#endif #endif
@ -1392,30 +1392,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
void *p_ticket ); void *p_ticket );
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
/**
* \brief Set client's transport-level identification info.
* (Server only. DTLS only.)
*
* This is usually the IP address (and port), but could be
* anything identify the client depending on the underlying
* network stack. Used for HelloVerifyRequest with DTLS.
* This is *not* used to route the actual packets.
*
* \param ssl SSL context
* \param info Transport-level info identifying the client (eg IP + port)
* \param ilen Length of info in bytes
*
* \note An internal copy is made, so the info buffer can be reused.
*
* \return 0 on success,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
* MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
*/
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
const unsigned char *info,
size_t ilen );
/** /**
* \brief Callback type: generate a cookie * \brief Callback type: generate a cookie
* *
@ -1451,6 +1427,7 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
const unsigned char *cookie, size_t clen, const unsigned char *cookie, size_t clen,
const unsigned char *info, size_t ilen ); const unsigned char *info, size_t ilen );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** /**
* \brief Register callbacks for DTLS cookies * \brief Register callbacks for DTLS cookies
* (Server only. DTLS only.) * (Server only. DTLS only.)
@ -1474,7 +1451,31 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check, mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie ); void *p_cookie );
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
/**
* \brief Set client's transport-level identification info.
* (Server only. DTLS only.)
*
* This is usually the IP address (and port), but could be
* anything identify the client depending on the underlying
* network stack. Used for HelloVerifyRequest with DTLS.
* This is *not* used to route the actual packets.
*
* \param ssl SSL context
* \param info Transport-level info identifying the client (eg IP + port)
* \param ilen Length of info in bytes
*
* \note An internal copy is made, so the info buffer can be reused.
*
* \return 0 on success,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
* MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
*/
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
const unsigned char *info,
size_t ilen );
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
/** /**

10
library/ssl_tls.c
View file

@ -4950,7 +4950,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/* Dummy cookie callbacks for defaults */ /* Dummy cookie callbacks for defaults */
static int ssl_cookie_write_dummy( void *ctx, static int ssl_cookie_write_dummy( void *ctx,
unsigned char **p, unsigned char *end, unsigned char **p, unsigned char *end,
@ -4977,7 +4977,7 @@ static int ssl_cookie_check_dummy( void *ctx,
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
} }
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/* /*
* Initialize an SSL context * Initialize an SSL context
@ -5136,7 +5136,7 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
ssl->alpn_chosen = NULL; ssl->alpn_chosen = NULL;
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
mbedtls_free( ssl->cli_id ); mbedtls_free( ssl->cli_id );
ssl->cli_id = NULL; ssl->cli_id = NULL;
ssl->cli_id_len = 0; ssl->cli_id_len = 0;
@ -6572,7 +6572,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
} }
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
mbedtls_free( ssl->cli_id ); mbedtls_free( ssl->cli_id );
#endif #endif
@ -6654,7 +6654,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->curve_list = mbedtls_ecp_grp_id_list( ); conf->curve_list = mbedtls_ecp_grp_id_list( );
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
conf->f_cookie_write = ssl_cookie_write_dummy; conf->f_cookie_write = ssl_cookie_write_dummy;
conf->f_cookie_check = ssl_cookie_check_dummy; conf->f_cookie_check = ssl_cookie_check_dummy;
#endif #endif