From bc9ae7a7aed4d04020c8d5e14fa5df053d3f124d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 12 Oct 2018 10:44:27 +0100
Subject: [PATCH 1/8] Guard PK-parse module by ASN.1-parse module in
 check_config.h

---
 include/mbedtls/check_config.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 33ea22a77..05b5b8c13 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -111,6 +111,10 @@
 #error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#endif
+
 #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
                                     !defined(MBEDTLS_SHA256_C))
 #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"

From 027c1f247070bb662796f0a60dd982a5b212f488 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 12 Oct 2018 10:46:32 +0100
Subject: [PATCH 2/8] Make PBE-related parts of PKCS12 depend on
 MBEDTLS_ASN1_PARSE_C

---
 include/mbedtls/pkcs12.h | 4 ++++
 library/pkcs12.c         | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index 9b2d90459..e8b288278 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -45,6 +45,8 @@
 extern "C" {
 #endif
 
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 /**
  * \brief            PKCS12 Password Based function (encryption / decryption)
  *                   for pbeWithSHAAnd128BitRC4
@@ -86,6 +88,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
                 const unsigned char *input, size_t len,
                 unsigned char *output );
 
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 /**
  * \brief            The PKCS#12 derivation function uses a password and a salt
  *                   to produce pseudo-random bits for a particular "purpose".
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 7023b9dbc..bbc1a01f4 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -52,6 +52,8 @@ static void mbedtls_zeroize( void *v, size_t n ) {
     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }
 
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
                                     mbedtls_asn1_buf *salt, int *iterations )
 {
@@ -230,6 +232,8 @@ exit:
     return( ret );
 }
 
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
                                 const unsigned char *filler, size_t fill_len )
 {

From 5e0f4a5e48dde95b70612d70c48c441b091ba837 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 12 Oct 2018 10:57:33 +0100
Subject: [PATCH 3/8] Guard mbedtls_pkcs5_pbes2() by MBEDTLS_ASN1_PARSE_C

Previously, mbedtls_pkcs5_pbes2() was unconditionally declared
in `pkcs5.h` but defined as a stub returning
`MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE` in case
MBEDTLS_ASN1_PARSE_C was not defined.

In line with the previous commits, this commit removes declaration
and definition from both `pkcs5.h` and `pkcs5.c` in case
MBEDTLS_ASN1_PARSE_C is not defined.
---
 include/mbedtls/pkcs5.h |  4 ++++
 library/pkcs5.c         | 17 +----------------
 2 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index ec5cb9e74..60027e8f9 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -43,6 +43,8 @@
 extern "C" {
 #endif
 
+#if defined(MBEDTLS_ASN1_PARSE_C)
+
 /**
  * \brief          PKCS#5 PBES2 function
  *
@@ -61,6 +63,8 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
                  const unsigned char *data, size_t datalen,
                  unsigned char *output );
 
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
 /**
  * \brief          PKCS#5 PBKDF2 using HMAC
  *
diff --git a/library/pkcs5.c b/library/pkcs5.c
index a20471084..5c93b6b0b 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -54,22 +54,7 @@
 #define mbedtls_printf printf
 #endif
 
-#if !defined(MBEDTLS_ASN1_PARSE_C)
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output )
-{
-    ((void) pbe_params);
-    ((void) mode);
-    ((void) pwd);
-    ((void) pwdlen);
-    ((void) data);
-    ((void) datalen);
-    ((void) output);
-    return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-}
-#else
+#if defined(MBEDTLS_ASN1_PARSE_C)
 static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
                                       mbedtls_asn1_buf *salt, int *iterations,
                                       int *keylen, mbedtls_md_type_t *md_type )

From 9928807a62adc67f539b177ad566acd0546a327c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 12 Oct 2018 10:42:13 +0100
Subject: [PATCH 4/8] Duplicate mbedtls_asn1_find_named_data in asn1write.c to
 avoid dep.

This commit duplicates the public function mbedtls_asn1_find_named_data()
defined in library/asn1parse.c within library/asn1write.c in order to
avoid a dependency of the ASN.1 writing module on the ASN.1 parsing module.

The duplication is unproblematic from a semantic and an efficiency
perspective becasue it is just a short list traversal that doesn't
actually do any ASN.1 parsing.
---
 library/asn1write.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/library/asn1write.c b/library/asn1write.c
index 12e88b84a..2d196f672 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -300,14 +300,36 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
     return( (int) len );
 }
 
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head,
+
+/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
+ * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
+static mbedtls_asn1_named_data *asn1_find_named_data(
+                                               mbedtls_asn1_named_data *list,
+                                               const char *oid, size_t len )
+{
+    while( list != NULL )
+    {
+        if( list->oid.len == len &&
+            memcmp( list->oid.p, oid, len ) == 0 )
+        {
+            break;
+        }
+
+        list = list->next;
+    }
+
+    return( list );
+}
+
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
+                                        mbedtls_asn1_named_data **head,
                                         const char *oid, size_t oid_len,
                                         const unsigned char *val,
                                         size_t val_len )
 {
     mbedtls_asn1_named_data *cur;
 
-    if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
+    if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
     {
         // Add new entry if not present yet based on OID
         //

From c2eba85d70cea614ab0ce5e26e4fdef352584dba Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 16 Oct 2018 13:45:22 +0100
Subject: [PATCH 5/8] Add dependency of key_app_writer example program on PK
 parse module

---
 programs/pkey/key_app_writer.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index b273e7daa..08aba6012 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -84,10 +84,12 @@
     USAGE_OUT                                           \
     "\n"
 
-#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO)
+#if !defined(MBEDTLS_PK_PARSE_C) || \
+    !defined(MBEDTLS_PK_WRITE_C) || \
+    !defined(MBEDTLS_FS_IO)
 int main( void )
 {
-    mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
+    mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
     return( 0 );
 }
 #else
@@ -403,4 +405,4 @@ exit:
 
     return( ret );
 }
-#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */

From a359f2764cf2ec486bee3dabc76bc6ee6c29ec0a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 16 Oct 2018 13:46:25 +0100
Subject: [PATCH 6/8] Add dependency of pkwrite test suite on pkparse module

---
 tests/suites/test_suite_pkwrite.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 8b20640f3..71aa59520 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -5,7 +5,7 @@
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
+ * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO
  * END_DEPENDENCIES
  */
 

From 4577beb9454246bf941d847959f5f99f4176a663 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 16 Oct 2018 14:06:20 +0100
Subject: [PATCH 7/8] Add dep of mbedtls_rsa_rsassa_pkcs1_v15_verify on ASN.1
 parsing

---
 include/mbedtls/rsa.h | 2 ++
 library/rsa.c         | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 9dd4e67b4..8146c902b 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -552,6 +552,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
                       const unsigned char *hash,
                       const unsigned char *sig );
 
+#if defined(MBEDTLS_ASN1PARSE_C)
 /**
  * \brief          Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
  *
@@ -578,6 +579,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
                                  unsigned int hashlen,
                                  const unsigned char *hash,
                                  const unsigned char *sig );
+#endif /* MBEDTLS_ASN1PARSE_C */
 
 /**
  * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
diff --git a/library/rsa.c b/library/rsa.c
index 13beba4df..2e07958c0 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1460,7 +1460,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
 }
 #endif /* MBEDTLS_PKCS1_V21 */
 
-#if defined(MBEDTLS_PKCS1_V15)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1PARSE_C)
 /*
  * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
  */
@@ -1589,7 +1589,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
 
     return( 0 );
 }
-#endif /* MBEDTLS_PKCS1_V15 */
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_ASN1PARSE_C */
 
 /*
  * Do an RSA operation and check the message digest
@@ -1605,7 +1605,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
 {
     switch( ctx->padding )
     {
-#if defined(MBEDTLS_PKCS1_V15)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1PARSE_C)
         case MBEDTLS_RSA_PKCS_V15:
             return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
                                                 hashlen, hash, sig );

From b46e733b905084911afe4820bf469525d5247b5a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 25 Oct 2018 14:37:35 +0100
Subject: [PATCH 8/8] Correct typo MBEDTLS_ASN1PARSE_C -> MBEDTLS_ASN1_PARSE_C

---
 include/mbedtls/rsa.h | 4 ++--
 library/rsa.c         | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 8146c902b..082fbef2e 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -552,7 +552,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
                       const unsigned char *hash,
                       const unsigned char *sig );
 
-#if defined(MBEDTLS_ASN1PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C)
 /**
  * \brief          Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
  *
@@ -579,7 +579,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
                                  unsigned int hashlen,
                                  const unsigned char *hash,
                                  const unsigned char *sig );
-#endif /* MBEDTLS_ASN1PARSE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C */
 
 /**
  * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
diff --git a/library/rsa.c b/library/rsa.c
index 2e07958c0..57b4ecf38 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1460,7 +1460,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
 }
 #endif /* MBEDTLS_PKCS1_V21 */
 
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1PARSE_C)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1_PARSE_C)
 /*
  * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
  */
@@ -1589,7 +1589,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
 
     return( 0 );
 }
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_ASN1PARSE_C */
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_ASN1_PARSE_C */
 
 /*
  * Do an RSA operation and check the message digest
@@ -1605,7 +1605,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
 {
     switch( ctx->padding )
     {
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1PARSE_C)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1_PARSE_C)
         case MBEDTLS_RSA_PKCS_V15:
             return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
                                                 hashlen, hash, sig );