Merge remote-tracking branch 'public/pr/2103' into mbedtls-2.1

2024-11-22 13:15:42 +01:00 · 2018-12-20 01:21:44 +00:00 · 2018-12-20 01:21:44 +00:00 · bfc26104ad
commit bfc26104ad
parent 4f41b61d94 b46e733b90
10 changed files with 52 additions and 25 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -111,6 +111,10 @@
 #error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif

+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#endif
+
 #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
                                    !defined(MBEDTLS_SHA256_C))
 #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@ -45,6 +45,8 @@
 extern "C" {
 #endif

+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 /**
 * \brief            PKCS12 Password Based function (encryption / decryption)
 *                   for pbeWithSHAAnd128BitRC4
@ -86,6 +88,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
                const unsigned char *input, size_t len,
                unsigned char *output );

+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 /**
 * \brief            The PKCS#12 derivation function uses a password and a salt
 *                   to produce pseudo-random bits for a particular "purpose".
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@ -43,6 +43,8 @@
 extern "C" {
 #endif

+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 /**
 * \brief          PKCS#5 PBES2 function
 *
@ -61,6 +63,8 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
                 const unsigned char *data, size_t datalen,
                 unsigned char *output );

+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 /**
 * \brief          PKCS#5 PBKDF2 using HMAC
 *
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -552,6 +552,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
                      const unsigned char *hash,
                      const unsigned char *sig );

+#if defined(MBEDTLS_ASN1_PARSE_C)
 /**
 * \brief          Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
 *
@ -578,6 +579,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
                                 unsigned int hashlen,
                                 const unsigned char *hash,
                                 const unsigned char *sig );
+#endif /* MBEDTLS_ASN1_PARSE_C */

 /**
 * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
--- a/library/asn1write.c
+++ b/library/asn1write.c
@ -300,14 +300,36 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
    return( (int) len );
 }

-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head,
+
+/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
+ * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
+static mbedtls_asn1_named_data *asn1_find_named_data(
+                                               mbedtls_asn1_named_data *list,
+                                               const char *oid, size_t len )
+{
+    while( list != NULL )
+    {
+        if( list->oid.len == len &&
+            memcmp( list->oid.p, oid, len ) == 0 )
+        {
+            break;
+        }
+
+        list = list->next;
+    }
+
+    return( list );
+}
+
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
+                                        mbedtls_asn1_named_data **head,
                                        const char *oid, size_t oid_len,
                                        const unsigned char *val,
                                        size_t val_len )
 {
    mbedtls_asn1_named_data *cur;

-    if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
+    if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
    {
        // Add new entry if not present yet based on OID
        //
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@ -52,6 +52,8 @@ static void mbedtls_zeroize( void *v, size_t n ) {
    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }

+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
                                    mbedtls_asn1_buf *salt, int *iterations )
 {
@ -230,6 +232,8 @@ exit:
    return( ret );
 }

+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
                                const unsigned char *filler, size_t fill_len )
 {
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@ -54,22 +54,7 @@
 #define mbedtls_printf printf
 #endif

-#if !defined(MBEDTLS_ASN1_PARSE_C)
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output )
-{
-    ((void) pbe_params);
-    ((void) mode);
-    ((void) pwd);
-    ((void) pwdlen);
-    ((void) data);
-    ((void) datalen);
-    ((void) output);
-    return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-}
-#else
+#if defined(MBEDTLS_ASN1_PARSE_C)
 static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
                                      mbedtls_asn1_buf *salt, int *iterations,
                                      int *keylen, mbedtls_md_type_t *md_type )
--- a/library/rsa.c
+++ b/library/rsa.c
@ -1613,7 +1613,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
 }
 #endif /* MBEDTLS_PKCS1_V21 */

-#if defined(MBEDTLS_PKCS1_V15)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1_PARSE_C)
 /*
 * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
 */
@ -1742,7 +1742,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,

    return( 0 );
 }
-#endif /* MBEDTLS_PKCS1_V15 */
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_ASN1_PARSE_C */

 /*
 * Do an RSA operation and check the message digest
@ -1758,7 +1758,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
 {
    switch( ctx->padding )
    {
-#if defined(MBEDTLS_PKCS1_V15)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1_PARSE_C)
        case MBEDTLS_RSA_PKCS_V15:
            return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
                                                hashlen, hash, sig );
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@ -84,10 +84,12 @@
    USAGE_OUT                                           \
    "\n"

-#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO)
+#if !defined(MBEDTLS_PK_PARSE_C) || \
+    !defined(MBEDTLS_PK_WRITE_C) || \
+    !defined(MBEDTLS_FS_IO)
 int main( void )
 {
-    mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
+    mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
    return( 0 );
 }
 #else
@ -403,4 +405,4 @@ exit:

    return( ret );
 }
-#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@ -5,7 +5,7 @@
 /* END_HEADER */

 /* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
+ * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
 * END_DEPENDENCIES
 */