Fix dependencies

include/polarssl/config.h

@@ -2102,6 +2102,11 @@
 #error "POLARSSL_RSA_C defined, but not all prerequisites"
 #endif
 
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) &&                        \
+    ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_PKCS1_V21) )
+#error "POLARSSL_RSASSA_PSS_CERTIFICATES defined, but not all prerequisites"
+#endif
+
 #if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) ||     \
     !defined(POLARSSL_SHA1_C) )
 #error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"

include/polarssl/x509.h

@@ -256,9 +256,11 @@ int x509_get_alg_null( unsigned char **p, const unsigned char *end,
                        x509_buf *alg );
 int x509_get_alg( unsigned char **p, const unsigned char *end,
                   x509_buf *alg, x509_buf *params );
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
 int x509_get_rsassa_pss_params( const x509_buf *params,
                                 md_type_t *md_alg, md_type_t *mgf_md,
                                 int *salt_len, int *trailer_field );
+#endif
 int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
 int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
                       pk_type_t *pk_alg );

library/x509.c

@@ -132,6 +132,7 @@ int x509_get_alg( unsigned char **p, const unsigned char *end,
     return( 0 );
 }
 
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
 /*
  * HashAlgorithm ::= AlgorithmIdentifier
  *
@@ -324,6 +325,7 @@ int x509_get_rsassa_pss_params( const x509_buf *params,
 
     return( 0 );
 }
+#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
 
 /*
  *  AttributeTypeAndValue ::= SEQUENCE {

library/x509_crt.c

@@ -596,7 +596,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
     if( ( ret = x509_get_version(  &p, end, &crt->version  ) ) != 0 ||
         ( ret = x509_get_serial(   &p, end, &crt->serial   ) ) != 0 ||
         ( ret = x509_get_alg(      &p, end, &crt->sig_oid1,
-                                            &crt->sig_params ) ) != 0 )
+                                            &sig_params ) ) != 0 )
     {
         x509_crt_free( crt );
         return( ret );
@@ -617,22 +617,26 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
         return( ret );
     }
 
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
     if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS )
     {
         int salt_len, trailer_field;
         md_type_t mgf_md;
 
         /* Make sure params are valid */
-        ret = x509_get_rsassa_pss_params( &crt->sig_params,
+        ret = x509_get_rsassa_pss_params( &sig_params,
                 &crt->sig_md, &mgf_md, &salt_len, &trailer_field );
         if( ret != 0 )
             return( ret );
+
+        memcpy( &crt->sig_params, &sig_params, sizeof( x509_buf ) );
     }
     else
+#endif
     {
-        /* Make sure parameters were absent or NULL */
-        if( ( crt->sig_params.tag != ASN1_NULL && crt->sig_params.tag != 0 ) ||
-              crt->sig_params.len != 0 )
+        /* Make sure parameters are absent or NULL */
+        if( ( sig_params.tag != ASN1_NULL && sig_params.tag != 0 ) ||
+              sig_params.len != 0 )
         return( POLARSSL_ERR_X509_INVALID_ALG );
     }
 
@@ -763,9 +767,13 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
     }
 
     if( crt->sig_oid1.len != crt->sig_oid2.len ||
-        memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
+        memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
+        ||
         crt->sig_params.len != sig_params.len ||
-        memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0 )
+        memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0
+#endif
+        )
     {
         x509_crt_free( crt );
         return( POLARSSL_ERR_X509_SIG_MISMATCH );
@@ -1185,6 +1193,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
         ret = snprintf( p, n, "%s", desc );
     SAFE_SNPRINTF();
 
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
     if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS )
     {
         md_type_t md_alg, mgf_md;
@@ -1204,6 +1213,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
                               salt_len, trailer_field );
         SAFE_SNPRINTF();
     }
+#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
 
     if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
                                       pk_get_name( &crt->pk ) ) ) != 0 )

tests/suites/test_suite_x509parse.data

@@ -43,23 +43,23 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
 x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued  on    \: 2011-02-12 14\:44\:07\nexpires on    \: 2021-02-12 14\:44\:07\nsigned using  \: RSA with SHA-512\nRSA key size  \: 2048 bits\n"
 
 X509 Certificate information RSA-PSS, SHA1 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
 x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nissued  on    \: 2014-01-20 13\:38\:16\nexpires on    \: 2024-01-18 13\:38\:16\nsigned using  \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA, 1)\nRSA key size  \: 1024 bits\n"
 
 X509 Certificate information RSA-PSS, SHA224 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
 x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nissued  on    \: 2014-01-20 13\:57\:36\nexpires on    \: 2024-01-18 13\:57\:36\nsigned using  \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2, 1)\nRSA key size  \: 1024 bits\n"
 
 X509 Certificate information RSA-PSS, SHA256 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
 x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nissued  on    \: 2014-01-20 13\:57\:45\nexpires on    \: 2024-01-18 13\:57\:45\nsigned using  \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE, 1)\nRSA key size  \: 1024 bits\n"
 
 X509 Certificate information RSA-PSS, SHA384 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
 x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nissued  on    \: 2014-01-20 13\:57\:58\nexpires on    \: 2024-01-18 13\:57\:58\nsigned using  \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE, 1)\nRSA key size  \: 1024 bits\n"
 
 X509 Certificate information RSA-PSS, SHA512 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
 x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name  \: C=NL, O=PolarSSL, CN=localhost\nissued  on    \: 2014-01-20 13\:58\:12\nexpires on    \: 2024-01-18 13\:58\:12\nsigned using  \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE, 1)\nRSA key size  \: 1024 bits\n"
 
 X509 Certificate information EC, SHA1 Digest