Fix dependencies
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 29ba54f..f00a7fc 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -2102,6 +2102,11 @@
#error "POLARSSL_RSA_C defined, but not all prerequisites"
#endif
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) && \
+ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_PKCS1_V21) )
+#error "POLARSSL_RSASSA_PSS_CERTIFICATES defined, but not all prerequisites"
+#endif
+
#if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 36f19b0..0ffaca1 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -256,9 +256,11 @@
x509_buf *alg );
int x509_get_alg( unsigned char **p, const unsigned char *end,
x509_buf *alg, x509_buf *params );
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
int x509_get_rsassa_pss_params( const x509_buf *params,
md_type_t *md_alg, md_type_t *mgf_md,
int *salt_len, int *trailer_field );
+#endif
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
pk_type_t *pk_alg );
diff --git a/library/x509.c b/library/x509.c
index e9dc680..1a5f98a 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -132,6 +132,7 @@
return( 0 );
}
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
/*
* HashAlgorithm ::= AlgorithmIdentifier
*
@@ -324,6 +325,7 @@
return( 0 );
}
+#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
/*
* AttributeTypeAndValue ::= SEQUENCE {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1447689..dc71c14 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -596,7 +596,7 @@
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crt->sig_oid1,
- &crt->sig_params ) ) != 0 )
+ &sig_params ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
@@ -617,22 +617,26 @@
return( ret );
}
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS )
{
int salt_len, trailer_field;
md_type_t mgf_md;
/* Make sure params are valid */
- ret = x509_get_rsassa_pss_params( &crt->sig_params,
+ ret = x509_get_rsassa_pss_params( &sig_params,
&crt->sig_md, &mgf_md, &salt_len, &trailer_field );
if( ret != 0 )
return( ret );
+
+ memcpy( &crt->sig_params, &sig_params, sizeof( x509_buf ) );
}
else
+#endif
{
- /* Make sure parameters were absent or NULL */
- if( ( crt->sig_params.tag != ASN1_NULL && crt->sig_params.tag != 0 ) ||
- crt->sig_params.len != 0 )
+ /* Make sure parameters are absent or NULL */
+ if( ( sig_params.tag != ASN1_NULL && sig_params.tag != 0 ) ||
+ sig_params.len != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG );
}
@@ -763,9 +767,13 @@
}
if( crt->sig_oid1.len != crt->sig_oid2.len ||
- memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 ||
+ memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
+ ||
crt->sig_params.len != sig_params.len ||
- memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0 )
+ memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0
+#endif
+ )
{
x509_crt_free( crt );
return( POLARSSL_ERR_X509_SIG_MISMATCH );
@@ -1185,6 +1193,7 @@
ret = snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
+#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
if( crt->sig_pk == POLARSSL_PK_RSASSA_PSS )
{
md_type_t md_alg, mgf_md;
@@ -1204,6 +1213,7 @@
salt_len, trailer_field );
SAFE_SNPRINTF();
}
+#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
pk_get_name( &crt->pk ) ) ) != 0 )
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index a1c008e..5e6afca 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -43,23 +43,23 @@
x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
X509 Certificate information RSA-PSS, SHA1 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA1_C
x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA, 1)\nRSA key size \: 1024 bits\n"
X509 Certificate information RSA-PSS, SHA224 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2, 1)\nRSA key size \: 1024 bits\n"
X509 Certificate information RSA-PSS, SHA256 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA256_C
x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE, 1)\nRSA key size \: 1024 bits\n"
X509 Certificate information RSA-PSS, SHA384 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE, 1)\nRSA key size \: 1024 bits\n"
X509 Certificate information RSA-PSS, SHA512 Digest
-depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSASSA_PSS_CERTIFICATES:POLARSSL_SHA512_C
x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE, 1)\nRSA key size \: 1024 bits\n"
X509 Certificate information EC, SHA1 Digest
