Relax some dependencies

- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY

Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone).
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-20 10:59:43 +02:00
parent b596abfdc0
commit e057d3bf6b
4 changed files with 35 additions and 42 deletions

View file

@ -392,12 +392,7 @@
#error "Illegal protocol selection"
#endif
#if defined(MBEDTLS_SSL_COOKIE_C) && !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
#error "MBEDTLS_SSL_COOKIE_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && \
( !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
#endif

View file

@ -1087,8 +1087,7 @@
*
* \warning Disabling this can ba a security risk! (see above)
*
* Requires: MBEDTLS_SSL_SRV_C
* MBEDTLS_SSL_PROTO_DTLS
* Requires: MBEDTLS_SSL_PROTO_DTLS
*
* Comment this to disable support for HelloVerifyRequest.
*/
@ -2085,8 +2084,6 @@
*
* Module: library/ssl_cookie.c
* Caller:
*
* Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
*/
#define MBEDTLS_SSL_COOKIE_C

View file

@ -812,7 +812,7 @@ typedef struct
void *p_psk; /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t );
@ -1056,7 +1056,7 @@ struct mbedtls_ssl_context
/*
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
unsigned char *cli_id; /*!< transport-level ID of the client */
size_t cli_id_len; /*!< length of cli_id */
#endif
@ -1392,30 +1392,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
void *p_ticket );
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
/**
* \brief Set client's transport-level identification info.
* (Server only. DTLS only.)
*
* This is usually the IP address (and port), but could be
* anything identify the client depending on the underlying
* network stack. Used for HelloVerifyRequest with DTLS.
* This is *not* used to route the actual packets.
*
* \param ssl SSL context
* \param info Transport-level info identifying the client (eg IP + port)
* \param ilen Length of info in bytes
*
* \note An internal copy is made, so the info buffer can be reused.
*
* \return 0 on success,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
* MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
*/
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
const unsigned char *info,
size_t ilen );
/**
* \brief Callback type: generate a cookie
*
@ -1451,6 +1427,7 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
const unsigned char *cookie, size_t clen,
const unsigned char *info, size_t ilen );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/**
* \brief Register callbacks for DTLS cookies
* (Server only. DTLS only.)
@ -1474,7 +1451,31 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie );
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
/**
* \brief Set client's transport-level identification info.
* (Server only. DTLS only.)
*
* This is usually the IP address (and port), but could be
* anything identify the client depending on the underlying
* network stack. Used for HelloVerifyRequest with DTLS.
* This is *not* used to route the actual packets.
*
* \param ssl SSL context
* \param info Transport-level info identifying the client (eg IP + port)
* \param ilen Length of info in bytes
*
* \note An internal copy is made, so the info buffer can be reused.
*
* \return 0 on success,
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
* MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
*/
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
const unsigned char *info,
size_t ilen );
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
/**

View file

@ -4950,7 +4950,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
return( 0 );
}
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/* Dummy cookie callbacks for defaults */
static int ssl_cookie_write_dummy( void *ctx,
unsigned char **p, unsigned char *end,
@ -4977,7 +4977,7 @@ static int ssl_cookie_check_dummy( void *ctx,
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Initialize an SSL context
@ -5136,7 +5136,7 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
ssl->alpn_chosen = NULL;
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
mbedtls_free( ssl->cli_id );
ssl->cli_id = NULL;
ssl->cli_id_len = 0;
@ -6572,7 +6572,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
}
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
mbedtls_free( ssl->cli_id );
#endif
@ -6654,7 +6654,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
conf->curve_list = mbedtls_ecp_grp_id_list( );
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
conf->f_cookie_write = ssl_cookie_write_dummy;
conf->f_cookie_check = ssl_cookie_check_dummy;
#endif