diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4328f7198c..22ddaa80fd 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -287,14 +287,12 @@ #endif #if defined(MBEDTLS_X509_USE_C) && \ - (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C)) + (!defined(MBEDTLS_ASN1_PARSE_C) || !defined(MBEDTLS_PK_PARSE_C)) #error "MBEDTLS_X509_USE_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_X509_CREATE_C) && \ - (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ - !defined(MBEDTLS_PK_PARSE_C)) + (!defined(MBEDTLS_ASN1_WRITE_C) || !defined(MBEDTLS_PK_PARSE_C)) #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" #endif @@ -389,7 +387,7 @@ #endif #if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ - ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \ + ( !defined(MBEDTLS_PK_PARSE_C) ) || \ ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \ ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \ ( !defined(MBEDTLS_MD_C) ) ) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d5a488341d..ddab7d0c32 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1100,7 +1100,7 @@ * * Module: library/pkcs7.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C, * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C * @@ -1115,7 +1115,7 @@ * * Module: library/x509_create.c * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C, * * \warning You must call psa_crypto_init() before doing any X.509 operation. * @@ -1247,7 +1247,7 @@ * library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C * * \warning You must call psa_crypto_init() before doing any X.509 operation. * diff --git a/library/x509_oid.c b/library/x509_oid.c index 06a9e92fc8..80c8873452 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -9,7 +9,10 @@ #include "x509_internal.h" -#if defined(MBEDTLS_OID_C) +/* Each group of tables and functions has its own dependencies, but + * don't even bother to define helper macros if X.509 is completely + * disabled. */ +#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) #include "mbedtls/oid.h" #include "x509_oid.h" @@ -145,6 +148,7 @@ /* * For X520 attribute types */ +#if defined(MBEDTLS_X509_USE_C) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; const char *short_name; @@ -259,10 +263,12 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_attr_short_name, x520_attr, const char *, short_name) +#endif /* MBEDTLS_X509_USE_C */ /* * For X509 extensions */ +#if defined(MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; int ext_type; @@ -324,8 +330,9 @@ static const oid_x509_ext_t oid_x509_ext[] = FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) +#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_X509_CSR_PARSE_C */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static const mbedtls_x509_oid_descriptor_t oid_ext_key_usage[] = { OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, @@ -364,11 +371,13 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies, certificate_policies, const char *, description) -#endif /* MBEDTLS_X509_REMOVE_INFO */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ /* * For SignatureAlgorithmIdentifier */ +#if defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; @@ -471,14 +480,15 @@ static const oid_sig_alg_t oid_sig_alg[] = FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_USE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_x509_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description) -#endif +#endif /* MBEDTLS_X509_USE_C && !MBEDTLS_X509_REMOVE_INFO */ +#if defined(MBEDTLS_X509_USE_C) FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, oid_sig_alg_t, sig_alg, @@ -486,6 +496,8 @@ FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, md_alg, mbedtls_pk_type_t, pk_alg) +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, @@ -493,10 +505,17 @@ FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, pk_alg, mbedtls_md_type_t, md_alg) +#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ +#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ + +#if defined(MBEDTLS_X509_OID_HAVE_GET_MD_ALG) /* * For digestAlgorithm */ +/* The table of digest OIDs is duplicated in TF-PSA-Crypto (which uses it to + * look up the OID for a hash algorithm in RSA PKCS#1v1.5 signature and + * verification). */ typedef struct { mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; @@ -579,4 +598,6 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -#endif /* MBEDTLS_OID_C */ +#endif /* (MBEDTLS_X509_USE_C && MBEDTLS_X509_RSASSA_PSS_SUPPORT) || MBEDTLS_PKCS7_C */ + +#endif /* some X.509 is enabled */ diff --git a/library/x509_oid.h b/library/x509_oid.h index f3646f8a1a..c2fe8dc403 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -40,6 +40,8 @@ typedef struct { #endif } mbedtls_x509_oid_descriptor_t; +#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_X509_CSR_PARSE_C) +#define MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE /** * \brief Translate an X.509 extension OID into local values * @@ -49,7 +51,9 @@ typedef struct { * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); +#endif /* MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ +#if defined(MBEDTLS_X509_USE_C) /** * \brief Translate an X.509 attribute type OID into the short name * (e.g. the OID for an X520 Common Name into "CN") @@ -60,7 +64,9 @@ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_typ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_USE_C) /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type * @@ -73,6 +79,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); +#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Translate SignatureAlgorithm OID into description * @@ -82,7 +89,10 @@ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) /** * \brief Translate md_type and pk_type into SignatureAlgorithm OID * @@ -95,7 +105,11 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** */ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); +#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ +#if (defined(MBEDTLS_X509_USE_C) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)) || \ + defined(MBEDTLS_PKCS7_C) +#define MBEDTLS_X509_OID_HAVE_GET_MD_ALG /** * \brief Translate hash algorithm OID into md_type * @@ -105,8 +119,9 @@ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_typ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); +#endif /* MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Translate Extended Key Usage OID into description * @@ -116,7 +131,6 @@ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t * * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); -#endif /** * \brief Translate certificate policies OID into description @@ -127,6 +141,7 @@ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const c * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ #ifdef __cplusplus } diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index f10c68dc54..b988aa0f67 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -5,12 +5,7 @@ #include "string.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_OID_C:!MBEDTLS_X509_REMOVE_INFO - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void oid_get_certificate_policies(data_t *oid, char *result_str) { mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; @@ -31,7 +26,7 @@ void oid_get_certificate_policies(data_t *oid, char *result_str) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void oid_get_extended_key_usage(data_t *oid, char *result_str) { mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; @@ -52,7 +47,7 @@ void oid_get_extended_key_usage(data_t *oid, char *result_str) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ void oid_get_x509_extension(data_t *oid, int exp_type) { mbedtls_asn1_buf ext_oid = { 0, 0, NULL }; @@ -73,7 +68,7 @@ void oid_get_x509_extension(data_t *oid, int exp_type) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ void oid_get_md_alg_id(data_t *oid, int exp_md_id) { mbedtls_asn1_buf md_oid = { 0, 0, NULL }; diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index d03884ffe9..9ee693e665 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1504,7 +1504,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void x509_oid_desc(data_t *buf, char *ref_desc) { mbedtls_x509_buf oid;