diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 33ea22a77..05b5b8c13 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -111,6 +111,10 @@ #error "MBEDTLS_ECP_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) +#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" +#endif + #if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \ !defined(MBEDTLS_SHA256_C)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index 9b2d90459..e8b288278 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -45,6 +45,8 @@ extern "C" { #endif +#if defined(MBEDTLS_ASN1_PARSE_C) + /** * \brief PKCS12 Password Based function (encryption / decryption) * for pbeWithSHAAnd128BitRC4 @@ -86,6 +88,8 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *input, size_t len, unsigned char *output ); +#endif /* MBEDTLS_ASN1_PARSE_C */ + /** * \brief The PKCS#12 derivation function uses a password and a salt * to produce pseudo-random bits for a particular "purpose". diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index ec5cb9e74..60027e8f9 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -43,6 +43,8 @@ extern "C" { #endif +#if defined(MBEDTLS_ASN1_PARSE_C) + /** * \brief PKCS#5 PBES2 function * @@ -61,6 +63,8 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *data, size_t datalen, unsigned char *output ); +#endif /* MBEDTLS_ASN1_PARSE_C */ + /** * \brief PKCS#5 PBKDF2 using HMAC * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 9dd4e67b4..082fbef2e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -552,6 +552,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, const unsigned char *hash, const unsigned char *sig ); +#if defined(MBEDTLS_ASN1_PARSE_C) /** * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) * @@ -578,6 +579,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig ); +#endif /* MBEDTLS_ASN1_PARSE_C */ /** * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) diff --git a/library/asn1write.c b/library/asn1write.c index 12e88b84a..2d196f672 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -300,14 +300,36 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, return( (int) len ); } -mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head, + +/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(), + * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */ +static mbedtls_asn1_named_data *asn1_find_named_data( + mbedtls_asn1_named_data *list, + const char *oid, size_t len ) +{ + while( list != NULL ) + { + if( list->oid.len == len && + memcmp( list->oid.p, oid, len ) == 0 ) + { + break; + } + + list = list->next; + } + + return( list ); +} + +mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( + mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len ) { mbedtls_asn1_named_data *cur; - if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) + if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) { // Add new entry if not present yet based on OID // diff --git a/library/pkcs12.c b/library/pkcs12.c index 7023b9dbc..bbc1a01f4 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -52,6 +52,8 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +#if defined(MBEDTLS_ASN1_PARSE_C) + static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations ) { @@ -230,6 +232,8 @@ exit: return( ret ); } +#endif /* MBEDTLS_ASN1_PARSE_C */ + static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, const unsigned char *filler, size_t fill_len ) { diff --git a/library/pkcs5.c b/library/pkcs5.c index a20471084..5c93b6b0b 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -54,22 +54,7 @@ #define mbedtls_printf printf #endif -#if !defined(MBEDTLS_ASN1_PARSE_C) -int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t datalen, - unsigned char *output ) -{ - ((void) pbe_params); - ((void) mode); - ((void) pwd); - ((void) pwdlen); - ((void) data); - ((void) datalen); - ((void) output); - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); -} -#else +#if defined(MBEDTLS_ASN1_PARSE_C) static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, int *keylen, mbedtls_md_type_t *md_type ) diff --git a/library/rsa.c b/library/rsa.c index d640672a4..1ba23159b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1613,7 +1613,7 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, } #endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1_PARSE_C) /* * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ @@ -1742,7 +1742,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, return( 0 ); } -#endif /* MBEDTLS_PKCS1_V15 */ +#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_ASN1_PARSE_C */ /* * Do an RSA operation and check the message digest @@ -1758,7 +1758,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { switch( ctx->padding ) { -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_ASN1_PARSE_C) case MBEDTLS_RSA_PKCS_V15: return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg, hashlen, hash, sig ); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index b273e7daa..08aba6012 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -84,10 +84,12 @@ USAGE_OUT \ "\n" -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_FS_IO) +#if !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_PK_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) int main( void ) { - mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); + mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); return( 0 ); } #else @@ -403,4 +405,4 @@ exit: return( ret ); } -#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ +#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 8b20640f3..71aa59520 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -5,7 +5,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO + * depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO * END_DEPENDENCIES */