Relax some dependencies
- DTLS_HELLO_VERIFY no longer depends on SRV_C - SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY Not that much work for us, and easier on users (esp. since it allows just disabling SRV_C alone).
This commit is contained in:
parent
b596abfdc0
commit
e057d3bf6b
4 changed files with 35 additions and 42 deletions
|
@ -392,12 +392,7 @@
|
|||
#error "Illegal protocol selection"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_COOKIE_C) && !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
#error "MBEDTLS_SSL_COOKIE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && \
|
||||
( !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1087,8 +1087,7 @@
|
|||
*
|
||||
* \warning Disabling this can ba a security risk! (see above)
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_SRV_C
|
||||
* MBEDTLS_SSL_PROTO_DTLS
|
||||
* Requires: MBEDTLS_SSL_PROTO_DTLS
|
||||
*
|
||||
* Comment this to disable support for HelloVerifyRequest.
|
||||
*/
|
||||
|
@ -2085,8 +2084,6 @@
|
|||
*
|
||||
* Module: library/ssl_cookie.c
|
||||
* Caller:
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
|
||||
*/
|
||||
#define MBEDTLS_SSL_COOKIE_C
|
||||
|
||||
|
|
|
@ -812,7 +812,7 @@ typedef struct
|
|||
void *p_psk; /*!< context for PSK callback */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/** Callback to create & write a cookie for ClientHello veirifcation */
|
||||
int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
|
||||
const unsigned char *, size_t );
|
||||
|
@ -1056,7 +1056,7 @@ struct mbedtls_ssl_context
|
|||
/*
|
||||
* Information for DTLS hello verify
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
unsigned char *cli_id; /*!< transport-level ID of the client */
|
||||
size_t cli_id_len; /*!< length of cli_id */
|
||||
#endif
|
||||
|
@ -1392,30 +1392,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
|
|||
void *p_ticket );
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
/**
|
||||
* \brief Set client's transport-level identification info.
|
||||
* (Server only. DTLS only.)
|
||||
*
|
||||
* This is usually the IP address (and port), but could be
|
||||
* anything identify the client depending on the underlying
|
||||
* network stack. Used for HelloVerifyRequest with DTLS.
|
||||
* This is *not* used to route the actual packets.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param info Transport-level info identifying the client (eg IP + port)
|
||||
* \param ilen Length of info in bytes
|
||||
*
|
||||
* \note An internal copy is made, so the info buffer can be reused.
|
||||
*
|
||||
* \return 0 on success,
|
||||
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
|
||||
* MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
|
||||
*/
|
||||
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *info,
|
||||
size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief Callback type: generate a cookie
|
||||
*
|
||||
|
@ -1451,6 +1427,7 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
|
|||
const unsigned char *cookie, size_t clen,
|
||||
const unsigned char *info, size_t ilen );
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/**
|
||||
* \brief Register callbacks for DTLS cookies
|
||||
* (Server only. DTLS only.)
|
||||
|
@ -1474,7 +1451,31 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
|
|||
mbedtls_ssl_cookie_write_t *f_cookie_write,
|
||||
mbedtls_ssl_cookie_check_t *f_cookie_check,
|
||||
void *p_cookie );
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
||||
/**
|
||||
* \brief Set client's transport-level identification info.
|
||||
* (Server only. DTLS only.)
|
||||
*
|
||||
* This is usually the IP address (and port), but could be
|
||||
* anything identify the client depending on the underlying
|
||||
* network stack. Used for HelloVerifyRequest with DTLS.
|
||||
* This is *not* used to route the actual packets.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param info Transport-level info identifying the client (eg IP + port)
|
||||
* \param ilen Length of info in bytes
|
||||
*
|
||||
* \note An internal copy is made, so the info buffer can be reused.
|
||||
*
|
||||
* \return 0 on success,
|
||||
* MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
|
||||
* MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
|
||||
*/
|
||||
int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *info,
|
||||
size_t ilen );
|
||||
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
/**
|
||||
|
|
|
@ -4950,7 +4950,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
/* Dummy cookie callbacks for defaults */
|
||||
static int ssl_cookie_write_dummy( void *ctx,
|
||||
unsigned char **p, unsigned char *end,
|
||||
|
@ -4977,7 +4977,7 @@ static int ssl_cookie_check_dummy( void *ctx,
|
|||
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
|
||||
|
||||
/*
|
||||
* Initialize an SSL context
|
||||
|
@ -5136,7 +5136,7 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
|
|||
ssl->alpn_chosen = NULL;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
mbedtls_free( ssl->cli_id );
|
||||
ssl->cli_id = NULL;
|
||||
ssl->cli_id_len = 0;
|
||||
|
@ -6572,7 +6572,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
mbedtls_free( ssl->cli_id );
|
||||
#endif
|
||||
|
||||
|
@ -6654,7 +6654,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
conf->curve_list = mbedtls_ecp_grp_id_list( );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
|
||||
conf->f_cookie_write = ssl_cookie_write_dummy;
|
||||
conf->f_cookie_check = ssl_cookie_check_dummy;
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue