From ffaba55e5d3c21a05eff736cc25d1b7d30e5c059 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Teppo=20J=C3=A4rvelin?= Date: Tue, 3 Sep 2019 12:33:16 +0300 Subject: [PATCH] Changed x509.c to be one single compilation unit for all x509 files. --- include/mbedtls/x509_crt.h | 145 +++++--------------------------- include/mbedtls/x509_internal.h | 15 ---- library/CMakeLists.txt | 6 -- library/Makefile | 4 +- library/x509.c | 7 ++ library/x509_crl.c | 5 -- library/x509_crt.c | 135 +++++++++++++++++++++++++++-- library/x509_csr.c | 10 +-- 8 files changed, 165 insertions(+), 162 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index f3ef5723a..bea165455 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -32,7 +32,6 @@ #include "x509.h" #include "x509_crl.h" -#include "x509_internal.h" /** * \addtogroup x509_module @@ -48,6 +47,22 @@ extern "C" { * \{ */ +typedef struct mbedtls_x509_crt_cache +{ +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ + defined(MBEDTLS_THREADING_C) + uint32_t frame_readers; + uint32_t pk_readers; +#endif /* !MBEDTLS_X509_ALWAYS_FLUSH || MBEDTLS_THREADING_C */ +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t frame_mutex; + mbedtls_threading_mutex_t pk_mutex; +#endif + mbedtls_x509_buf_raw pk_raw; + struct mbedtls_x509_crt_frame *frame; + struct mbedtls_pk_context *pk; +} mbedtls_x509_crt_cache; + typedef struct mbedtls_x509_crt_frame { /* Keep these 8-bit fields at the front of the structure to allow them to @@ -854,37 +869,8 @@ int mbedtls_x509_crt_flush_cache( mbedtls_x509_crt const *crt ); * to hold the address of a frame for the given CRT. * \return A negative error code on failure. */ -static inline int mbedtls_x509_crt_frame_acquire( mbedtls_x509_crt const *crt, - mbedtls_x509_crt_frame const **dst ) -{ - int ret = 0; -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &crt->cache->frame_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C */ - -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ - defined(MBEDTLS_THREADING_C) - if( crt->cache->frame_readers == 0 ) -#endif - ret = mbedtls_x509_crt_cache_provide_frame( crt ); - -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ - defined(MBEDTLS_THREADING_C) - if( crt->cache->frame_readers == MBEDTLS_X509_CACHE_FRAME_READERS_MAX ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - - crt->cache->frame_readers++; -#endif - -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &crt->cache->frame_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C */ - - *dst = crt->cache->frame; - return( ret ); -} +int mbedtls_x509_crt_frame_acquire( mbedtls_x509_crt const *crt, + mbedtls_x509_crt_frame const **dst ); /** * \brief Release access to a certificate frame acquired @@ -893,36 +879,7 @@ static inline int mbedtls_x509_crt_frame_acquire( mbedtls_x509_crt const *crt, * \param crt The certificate for which a certificate frame has * previously been acquired. */ -static inline int mbedtls_x509_crt_frame_release( mbedtls_x509_crt const *crt ) -{ -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &crt->cache->frame_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C */ - -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ - defined(MBEDTLS_THREADING_C) - if( crt->cache->frame_readers == 0 ) - return( MBEDTLS_ERR_X509_FATAL_ERROR ); - - crt->cache->frame_readers--; -#endif - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_unlock( &crt->cache->frame_mutex ); -#endif /* MBEDTLS_THREADING_C */ - -#if defined(MBEDTLS_X509_ALWAYS_FLUSH) - (void) mbedtls_x509_crt_flush_cache_frame( crt ); -#endif /* MBEDTLS_X509_ALWAYS_FLUSH */ - -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) && \ - !defined(MBEDTLS_THREADING_C) - ((void) crt); -#endif - - return( 0 ); -} +int mbedtls_x509_crt_frame_release( mbedtls_x509_crt const *crt ); /** * \brief Request temporary access to a public key context @@ -956,37 +913,8 @@ static inline int mbedtls_x509_crt_frame_release( mbedtls_x509_crt const *crt ) * certificate. * \return A negative error code on failure. */ -static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt, - mbedtls_pk_context **dst ) -{ - int ret = 0; -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &crt->cache->pk_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C */ - -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ - defined(MBEDTLS_THREADING_C) - if( crt->cache->pk_readers == 0 ) -#endif - ret = mbedtls_x509_crt_cache_provide_pk( crt ); - -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ - defined(MBEDTLS_THREADING_C) - if( crt->cache->pk_readers == MBEDTLS_X509_CACHE_PK_READERS_MAX ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - - crt->cache->pk_readers++; -#endif - -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &crt->cache->pk_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C */ - - *dst = crt->cache->pk; - return( ret ); -} +int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt, + mbedtls_pk_context **dst ); /** * \brief Release access to a public key context acquired @@ -995,36 +923,7 @@ static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt, * \param crt The certificate for which a certificate frame has * previously been acquired. */ -static inline int mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt ) -{ -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &crt->cache->pk_mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); -#endif /* MBEDTLS_THREADING_C */ - -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ - defined(MBEDTLS_THREADING_C) - if( crt->cache->pk_readers == 0 ) - return( MBEDTLS_ERR_X509_FATAL_ERROR ); - - crt->cache->pk_readers--; -#endif - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_unlock( &crt->cache->pk_mutex ); -#endif /* MBEDTLS_THREADING_C */ - -#if defined(MBEDTLS_X509_ALWAYS_FLUSH) - (void) mbedtls_x509_crt_flush_cache_pk( crt ); -#endif /* MBEDTLS_X509_ALWAYS_FLUSH */ - -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) && \ - !defined(MBEDTLS_THREADING_C) - ((void) crt); -#endif - - return( 0 ); -} +int mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/include/mbedtls/x509_internal.h b/include/mbedtls/x509_internal.h index 6ca3db590..ead688693 100644 --- a/include/mbedtls/x509_internal.h +++ b/include/mbedtls/x509_internal.h @@ -35,21 +35,6 @@ struct mbedtls_pk_context; struct mbedtls_x509_crt_frame; #define MBEDTLS_X509_CACHE_PK_READERS_MAX ((uint32_t) -1) #define MBEDTLS_X509_CACHE_FRAME_READERS_MAX ((uint32_t) -1) -typedef struct mbedtls_x509_crt_cache -{ -#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ - defined(MBEDTLS_THREADING_C) - uint32_t frame_readers; - uint32_t pk_readers; -#endif /* !MBEDTLS_X509_ALWAYS_FLUSH || MBEDTLS_THREADING_C */ -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t frame_mutex; - mbedtls_threading_mutex_t pk_mutex; -#endif - mbedtls_x509_buf_raw pk_raw; - struct mbedtls_x509_crt_frame *frame; - struct mbedtls_pk_context *pk; -} mbedtls_x509_crt_cache; /* Internal X.509 CRT cache handling functions. */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 461843b05..3b5b604bc 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -70,12 +70,6 @@ set(src_x509 certs.c pkcs11.c x509.c - x509_create.c - x509_crl.c - x509_crt.c - x509_csr.c - x509write_crt.c - x509write_csr.c ) set(src_tls diff --git a/library/Makefile b/library/Makefile index 50faed9ca..56f132142 100644 --- a/library/Makefile +++ b/library/Makefile @@ -89,9 +89,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ version_features.o xtea.o \ ecc.o ecc_dh.o ecc_dsa.o -OBJS_X509= certs.o pkcs11.o x509.o \ - x509_create.o x509_crl.o x509_crt.o \ - x509_csr.o x509write_crt.o x509write_csr.o +OBJS_X509= certs.o pkcs11.o x509.o OBJS_TLS= debug.o net_sockets.o \ ssl_cache.o ssl_ciphersuites.o \ diff --git a/library/x509.c b/library/x509.c index 19cc64b79..1310c9144 100644 --- a/library/x509.c +++ b/library/x509.c @@ -42,6 +42,13 @@ #include "mbedtls/asn1.h" #include "mbedtls/oid.h" +#include "x509_crl.c" +#include "x509_crt.c" +#include "x509_csr.c" +#include "x509_create.c" +#include "x509write_crt.c" +#include "x509write_csr.c" + #include #include diff --git a/library/x509_crl.c b/library/x509_crl.c index 3113de42c..0da871ad3 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -623,11 +623,6 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Return an informational string about the certificate. - */ -#define BEFORE_COLON 14 -#define BC "14" /* * Return an informational string about the CRL. */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 1c4237bda..0d564f9bb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2251,15 +2251,15 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, /* * Return an informational string about the certificate. */ -#define BEFORE_COLON 18 -#define BC "18" +#define BEFORE_COLON_CRT 18 +#define BC_CRT "18" int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt ) { int ret; size_t n; char *p; - char key_size_str[BEFORE_COLON]; + char key_size_str[BEFORE_COLON_CRT]; mbedtls_x509_crt_frame frame; mbedtls_pk_context pk; @@ -2385,13 +2385,13 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF_WITH_CLEANUP; /* Key size */ - if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, + if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON_CRT, mbedtls_pk_get_name( &pk ) ) ) != 0 ) { return( ret ); } - ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, + ret = mbedtls_snprintf( p, n, "\n%s%-" BC_CRT "s: %d bits", prefix, key_size_str, (int) mbedtls_pk_get_bitlen( &pk ) ); MBEDTLS_X509_SAFE_SNPRINTF_WITH_CLEANUP; @@ -3812,4 +3812,129 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +int mbedtls_x509_crt_frame_acquire( mbedtls_x509_crt const *crt, + mbedtls_x509_crt_frame const **dst ) +{ + int ret = 0; +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_lock( &crt->cache->frame_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C */ + +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ + defined(MBEDTLS_THREADING_C) + if( crt->cache->frame_readers == 0 ) +#endif + ret = mbedtls_x509_crt_cache_provide_frame( crt ); + +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ + defined(MBEDTLS_THREADING_C) + if( crt->cache->frame_readers == MBEDTLS_X509_CACHE_FRAME_READERS_MAX ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + + crt->cache->frame_readers++; +#endif + +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_unlock( &crt->cache->frame_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C */ + + *dst = crt->cache->frame; + return( ret ); +} + +int mbedtls_x509_crt_frame_release( mbedtls_x509_crt const *crt ) +{ +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_lock( &crt->cache->frame_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C */ + +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ + defined(MBEDTLS_THREADING_C) + if( crt->cache->frame_readers == 0 ) + return( MBEDTLS_ERR_X509_FATAL_ERROR ); + + crt->cache->frame_readers--; +#endif + +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_unlock( &crt->cache->frame_mutex ); +#endif /* MBEDTLS_THREADING_C */ + +#if defined(MBEDTLS_X509_ALWAYS_FLUSH) + (void) mbedtls_x509_crt_flush_cache_frame( crt ); +#endif /* MBEDTLS_X509_ALWAYS_FLUSH */ + +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) && \ + !defined(MBEDTLS_THREADING_C) + ((void) crt); +#endif + + return( 0 ); +} + +int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt, + mbedtls_pk_context **dst ) +{ + int ret = 0; +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_lock( &crt->cache->pk_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C */ + +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ + defined(MBEDTLS_THREADING_C) + if( crt->cache->pk_readers == 0 ) +#endif + ret = mbedtls_x509_crt_cache_provide_pk( crt ); + +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ + defined(MBEDTLS_THREADING_C) + if( crt->cache->pk_readers == MBEDTLS_X509_CACHE_PK_READERS_MAX ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + + crt->cache->pk_readers++; +#endif + +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_unlock( &crt->cache->pk_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C */ + + *dst = crt->cache->pk; + return( ret ); +} + +int mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt ) +{ +#if defined(MBEDTLS_THREADING_C) + if( mbedtls_mutex_lock( &crt->cache->pk_mutex ) != 0 ) + return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); +#endif /* MBEDTLS_THREADING_C */ + +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) || \ + defined(MBEDTLS_THREADING_C) + if( crt->cache->pk_readers == 0 ) + return( MBEDTLS_ERR_X509_FATAL_ERROR ); + + crt->cache->pk_readers--; +#endif + +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_unlock( &crt->cache->pk_mutex ); +#endif /* MBEDTLS_THREADING_C */ + +#if defined(MBEDTLS_X509_ALWAYS_FLUSH) + (void) mbedtls_x509_crt_flush_cache_pk( crt ); +#endif /* MBEDTLS_X509_ALWAYS_FLUSH */ + +#if !defined(MBEDTLS_X509_ALWAYS_FLUSH) && \ + !defined(MBEDTLS_THREADING_C) + ((void) crt); +#endif + + return( 0 ); +} #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/x509_csr.c b/library/x509_csr.c index 9b58a86fe..283f69da7 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -332,8 +332,8 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -#define BEFORE_COLON 14 -#define BC "14" +#define BEFORE_COLON_CSR 14 +#define BC_CSR "14" /* * Return an informational string about the CSR. */ @@ -343,7 +343,7 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, int ret; size_t n; char *p; - char key_size_str[BEFORE_COLON]; + char key_size_str[BEFORE_COLON_CSR]; p = buf; n = size; @@ -364,13 +364,13 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, csr->sig_md, csr->sig_opts ); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, + if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON_CSR, mbedtls_pk_get_name( &csr->pk ) ) ) != 0 ) { return( ret ); } - ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, + ret = mbedtls_snprintf( p, n, "\n%s%-" BC_CSR "s: %d bits\n", prefix, key_size_str, (int) mbedtls_pk_get_bitlen( &csr->pk ) ); MBEDTLS_X509_SAFE_SNPRINTF;