yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 19:25:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID removing IDs

Browse source
This commit is contained in:
Hanno Becker 2019-06-25 10:19:58 +01:00
parent 843b71a1df
commit d07614c529
5 changed files with 57 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
configs/baremetal.h
View file

@ -105,6 +105,7 @@
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_REMOVE_INFO #define MBEDTLS_X509_REMOVE_INFO
#define MBEDTLS_X509_CRT_REMOVE_TIME #define MBEDTLS_X509_CRT_REMOVE_TIME
#define MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID
#define MBEDTLS_X509_ON_DEMAND_PARSING #define MBEDTLS_X509_ON_DEMAND_PARSING
#define MBEDTLS_X509_ALWAYS_FLUSH #define MBEDTLS_X509_ALWAYS_FLUSH
#define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_PARSE_C

10
include/mbedtls/config.h
View file

@ -1955,6 +1955,16 @@
*/ */
//#define MBEDTLS_X509_CRT_REMOVE_TIME //#define MBEDTLS_X509_CRT_REMOVE_TIME
/**
* \def MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID
*
* Don't store subject and issuer ID in X.509 certificate structures.
*
* Uncomment this to save some code and RAM on constrained systems which
* don't need to inspect issuer and subject ID fields in certificates.
*/
//#define MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID
/** /**
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
* *

8
include/mbedtls/x509_crt.h
View file

@ -82,10 +82,12 @@ typedef struct mbedtls_x509_crt_frame
mbedtls_x509_buf_raw pubkey_raw; /**< The raw public key data (DER). */ mbedtls_x509_buf_raw pubkey_raw; /**< The raw public key data (DER). */
#if !defined(MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID)
mbedtls_x509_buf_raw issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ mbedtls_x509_buf_raw issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf_raw issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
mbedtls_x509_buf_raw subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf_raw subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
#endif /* !MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
mbedtls_x509_buf_raw issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
mbedtls_x509_buf_raw subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ mbedtls_x509_buf_raw subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
mbedtls_x509_buf_raw sig; /**< Signature: hash of the tbs part signed with the private key. */ mbedtls_x509_buf_raw sig; /**< Signature: hash of the tbs part signed with the private key. */
@ -133,8 +135,10 @@ typedef struct mbedtls_x509_crt
mbedtls_x509_buf pk_raw; mbedtls_x509_buf pk_raw;
mbedtls_pk_context pk; /**< Container for the public key context. */ mbedtls_pk_context pk; /**< Container for the public key context. */
#if !defined(MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID)
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
#endif /* !MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */ mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */

38
library/x509_crt.c
View file

@ -235,8 +235,10 @@ int mbedtls_x509_crt_cache_provide_frame( mbedtls_x509_crt const *crt )
x509_buf_to_buf_raw( &frame->pubkey_raw, &crt->pk_raw ); x509_buf_to_buf_raw( &frame->pubkey_raw, &crt->pk_raw );
x509_buf_to_buf_raw( &frame->issuer_raw, &crt->issuer_raw ); x509_buf_to_buf_raw( &frame->issuer_raw, &crt->issuer_raw );
x509_buf_to_buf_raw( &frame->subject_raw, &crt->subject_raw ); x509_buf_to_buf_raw( &frame->subject_raw, &crt->subject_raw );
#if !defined(MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID)
x509_buf_to_buf_raw( &frame->subject_id, &crt->subject_id ); x509_buf_to_buf_raw( &frame->subject_id, &crt->subject_id );
x509_buf_to_buf_raw( &frame->issuer_id, &crt->issuer_id ); x509_buf_to_buf_raw( &frame->issuer_id, &crt->issuer_id );
#endif /* !MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
x509_buf_to_buf_raw( &frame->sig, &crt->sig ); x509_buf_to_buf_raw( &frame->sig, &crt->sig );
x509_buf_to_buf_raw( &frame->v3_ext, &crt->v3_ext ); x509_buf_to_buf_raw( &frame->v3_ext, &crt->v3_ext );
@ -751,6 +753,7 @@ static int x509_skip_dates( unsigned char **p,
} }
#endif /* MBEDTLS_X509_CRT_REMOVE_TIME */ #endif /* MBEDTLS_X509_CRT_REMOVE_TIME */
#if !defined(MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID)
/* /*
* X.509 v2/v3 unique identifier (not parsed) * X.509 v2/v3 unique identifier (not parsed)
*/ */
@ -777,6 +780,30 @@ static int x509_get_uid( unsigned char **p,
return( 0 ); return( 0 );
} }
#else /* !MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
static int x509_skip_uid( unsigned char **p,
const unsigned char *end,
int n )
{
int ret;
size_t len;
if( *p == end )
return( 0 );
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
{
if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( 0 );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
}
*p += len;
return( 0 );
}
#endif /* MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
static int x509_get_basic_constraints( unsigned char **p, static int x509_get_basic_constraints( unsigned char **p,
const unsigned char *end, const unsigned char *end,
@ -1365,6 +1392,7 @@ static int x509_crt_parse_frame( unsigned char *start,
if( frame->version != 1 ) if( frame->version != 1 )
{ {
#if !defined(MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID)
/* /*
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3 * -- If present, version shall be v2 or v3
@ -1380,6 +1408,14 @@ static int x509_crt_parse_frame( unsigned char *start,
ret = x509_get_uid( &p, end, &frame->subject_id, 2 /* implicit tag */ ); ret = x509_get_uid( &p, end, &frame->subject_id, 2 /* implicit tag */ );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
#else /* !MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
ret = x509_skip_uid( &p, end, 1 /* implicit tag */ );
if( ret != 0 )
return( ret );
ret = x509_skip_uid( &p, end, 2 /* implicit tag */ );
if( ret != 0 )
return( ret );
#endif /* MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
} }
/* /*
@ -1562,8 +1598,10 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
x509_buf_raw_to_buf( &crt->serial, &frame->serial ); x509_buf_raw_to_buf( &crt->serial, &frame->serial );
x509_buf_raw_to_buf( &crt->issuer_raw, &frame->issuer_raw ); x509_buf_raw_to_buf( &crt->issuer_raw, &frame->issuer_raw );
x509_buf_raw_to_buf( &crt->subject_raw, &frame->subject_raw ); x509_buf_raw_to_buf( &crt->subject_raw, &frame->subject_raw );
#if !defined(MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID)
x509_buf_raw_to_buf( &crt->issuer_id, &frame->issuer_id ); x509_buf_raw_to_buf( &crt->issuer_id, &frame->issuer_id );
x509_buf_raw_to_buf( &crt->subject_id, &frame->subject_id ); x509_buf_raw_to_buf( &crt->subject_id, &frame->subject_id );
#endif /* !MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID */
x509_buf_raw_to_buf( &crt->pk_raw, &frame->pubkey_raw ); x509_buf_raw_to_buf( &crt->pk_raw, &frame->pubkey_raw );
x509_buf_raw_to_buf( &crt->sig, &frame->sig ); x509_buf_raw_to_buf( &crt->sig, &frame->sig );
x509_buf_raw_to_buf( &crt->v3_ext, &frame->v3_ext ); x509_buf_raw_to_buf( &crt->v3_ext, &frame->v3_ext );

2
scripts/config.pl
View file

@ -40,6 +40,7 @@
# - this could be enabled if the respective tests were adapted # - this could be enabled if the respective tests were adapted
# MBEDTLS_X509_REMOVE_INFO # MBEDTLS_X509_REMOVE_INFO
# MBEDTLS_X509_CRT_REMOVE_TIME # MBEDTLS_X509_CRT_REMOVE_TIME
# MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID
# MBEDTLS_ZLIB_SUPPORT # MBEDTLS_ZLIB_SUPPORT
# MBEDTLS_PKCS11_C # MBEDTLS_PKCS11_C
# and any symbol beginning _ALT # and any symbol beginning _ALT
@ -104,6 +105,7 @@ MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
MBEDTLS_X509_REMOVE_INFO MBEDTLS_X509_REMOVE_INFO
MBEDTLS_X509_CRT_REMOVE_TIME MBEDTLS_X509_CRT_REMOVE_TIME
MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID
MBEDTLS_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
MBEDTLS_PKCS11_C MBEDTLS_PKCS11_C
MBEDTLS_NO_UDBL_DIVISION MBEDTLS_NO_UDBL_DIVISION