commit 9ec3fe0d4371b3d384b53da199775def7ab3abee
author Hanno Becker <hanno.becker@arm.com> Mon Jul 01 17:36:12 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Sep 09 09:55:31 2019 +0100
tree 1b9623cc2ef68484502afb0a1befe907bb51db39
parent 0e895727be97b3679e8bfef86a264e3300700db1

Introduce configuration option to remove CRT verification callbacks

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 0089ef2..730126b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -3590,9 +3590,12 @@
 #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
                      const char *cn,
 #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
-                     uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
+                     uint32_t *flags
+#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
+                     , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *)
+                     , void *p_vrfy
+#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
+    )
 {
     return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl,
                 &mbedtls_x509_crt_profile_default,
@@ -3600,7 +3603,10 @@
                 cn,
 #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
                 flags,
-                f_vrfy, p_vrfy, NULL ) );
+#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
+                f_vrfy, p_vrfy,
+#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
+                NULL ) );
 }
 
 /*
@@ -3613,16 +3619,23 @@
 #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
                      const char *cn,
 #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
-                     uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
+                     uint32_t *flags
+#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
+                     , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *)
+                     , void *p_vrfy
+#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
+    )
 {
     return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl,
                 profile,
 #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION)
                 cn,
 #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
-                flags, f_vrfy, p_vrfy, NULL ) );
+                flags,
+#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
+                f_vrfy, p_vrfy,
+#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
+                NULL ) );
 }
 
 /*
@@ -3643,8 +3656,10 @@
                      const char *cn,
 #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
                      uint32_t *flags,
+#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
                      int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
                      void *p_vrfy,
+#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
                      mbedtls_x509_crt_restart_ctx *rs_ctx )
 {
     int ret;
@@ -3702,7 +3717,11 @@
     ver_chain.items[0].flags |= ee_flags;
 
     /* Build final flags, calling callback on the way if any */
+#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
     ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
+#else
+    ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, NULL, NULL );
+#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
 
 exit:
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)