From bb1f70121218b461a4197224d547e6bcfae4f991 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 2 Nov 2018 18:15:18 +0000 Subject: [PATCH] config: Remove X.509 options Note that this fails check-names.sh because options that TLS and X.509 files use are no longer present in config.h. --- configs/config-no-entropy.h | 5 - configs/config-psa-crypto.h | 208 +---------------------------- configs/config-suite-b.h | 3 - include/mbedtls/check_config.h | 41 ------ include/mbedtls/config.h | 227 +------------------------------- library/version_features.c | 45 ------- programs/test/query_config.c | 120 ----------------- scripts/config.pl | 7 - tests/scripts/depends-pkalgs.pl | 5 +- 9 files changed, 4 insertions(+), 657 deletions(-) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index d40b48caf..6f44899e4 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -51,8 +51,6 @@ #define MBEDTLS_PKCS1_V21 #define MBEDTLS_SELF_TEST #define MBEDTLS_VERSION_FEATURES -#define MBEDTLS_X509_CHECK_KEY_USAGE -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE /* mbed TLS modules */ #define MBEDTLS_AES_C @@ -78,9 +76,6 @@ #define MBEDTLS_SHA256_C #define MBEDTLS_SHA512_C #define MBEDTLS_VERSION_C -#define MBEDTLS_X509_USE_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CRL_PARSE_C //#define MBEDTLS_CMAC_C /* Miscellaneous options */ diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 2e85819df..682fa87d7 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -1024,64 +1024,6 @@ */ #define MBEDTLS_VERSION_FEATURES -/** - * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an extension in a v1 or v2 certificate. - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - -/** - * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an unknown critical extension. - * - * \warning Depending on your PKI use, enabling this can be a security risk! - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT /* \} name SECTION: mbed TLS feature support */ /** @@ -1212,8 +1154,7 @@ * Enable the generic ASN1 parser. * * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c + * Caller: library/dhm.c * library/pkcs12.c * library/pkcs5.c * library/pkparse.c @@ -1228,9 +1169,6 @@ * Module: library/asn1write.c * Caller: library/ecdsa.c * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/x509write_csr.c */ #define MBEDTLS_ASN1_WRITE_C @@ -1388,18 +1326,6 @@ */ #define MBEDTLS_CCM_C -/** - * \def MBEDTLS_CERTS_C - * - * Enable the test certificates. - * - * Module: library/certs.c - * Caller: - * - * This module is used for testing (ssl_client/server). - */ -#define MBEDTLS_CERTS_C - /** * \def MBEDTLS_CHACHA20_C * @@ -1768,13 +1694,6 @@ * library/pkparse.c * library/pkwrite.c * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * library/x509write_crt.c - * library/x509write_csr.c * * This modules translates between OIDs and internal values. */ @@ -1802,9 +1721,6 @@ * Module: library/pem.c * Caller: library/dhm.c * library/pkparse.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -1819,8 +1735,6 @@ * * Module: library/pem.c * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/x509write_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -1847,8 +1761,6 @@ * Enable the generic public (asymetric) key parser. * * Module: library/pkparse.c - * Caller: library/x509_crt.c - * library/x509_csr.c * * Requires: MBEDTLS_PK_C * @@ -1862,7 +1774,6 @@ * Enable the generic public (asymetric) key writer. * * Module: library/pkwrite.c - * Caller: library/x509write.c * * Requires: MBEDTLS_PK_C * @@ -1883,21 +1794,6 @@ */ #define MBEDTLS_PKCS5_C -/** - * \def MBEDTLS_PKCS11_C - * - * Enable wrapper for PKCS#11 smartcard support. - * - * Module: library/pkcs11.c - * Caller: library/pk.c - * - * Requires: MBEDTLS_PK_C - * - * This module enables SSL/TLS PKCS #11 smartcard support. - * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) - */ -//#define MBEDTLS_PKCS11_C - /** * \def MBEDTLS_PKCS12_C * @@ -1999,7 +1895,6 @@ * * Module: library/rsa.c * library/rsa_internal.c - * Caller: library/x509.c * * This module is used by the following key exchanges: * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK @@ -2015,7 +1910,6 @@ * * Module: library/sha1.c * Caller: library/md.c - * library/x509write_crt.c * * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 * depending on the handshake parameters, and for SHA1-signed certificates. @@ -2110,106 +2004,6 @@ */ #define MBEDTLS_VERSION_C -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/x509_crl.c - * Caller: library/x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - /** * \def MBEDTLS_XTEA_C * diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index dd9a2a019..4faaa7718 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -66,12 +66,9 @@ #define MBEDTLS_PK_PARSE_C #define MBEDTLS_SHA256_C #define MBEDTLS_SHA512_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_USE_C /* For test certificates */ #define MBEDTLS_BASE64_C -#define MBEDTLS_CERTS_C #define MBEDTLS_PEM_PARSE_C /* Save RAM at the expense of ROM */ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 933e46045..8f6ff5f8e 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -255,10 +255,6 @@ #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C) -#error "MBEDTLS_PKCS11_C defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites" #endif @@ -493,11 +489,6 @@ #error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled" #endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) -#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_THREADING_PTHREAD) #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites" @@ -525,38 +516,6 @@ #error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites" #endif -#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) ) -#error "MBEDTLS_X509_USE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) ) -#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) ) -#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) ) -#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index be0f1924a..4c86e90d2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1053,83 +1053,6 @@ */ #define MBEDTLS_VERSION_FEATURES -/** - * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an extension in a v1 or v2 certificate. - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 - -/** - * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an unknown critical extension. - * - * \warning Depending on your PKI use, enabling this can be a security risk! - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - -/** - * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - * - * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()` - * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure - * the set of trusted certificates through a callback instead of a linked - * list. - * - * This is useful for example in environments where a large number of trusted - * certificates is present and storing them in a linked list isn't efficient - * enough, or when the set of trusted certificates changes frequently. - * - * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and - * `mbedtls_ssl_conf_ca_cb()` for more information. - * - * Uncomment to enable trusted certificate callbacks. - */ -//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - -/** - * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT - * - * Enable parsing and verification of X.509 certificates, CRLs and CSRS - * signed with RSASSA-PSS (aka PKCS#1 v2.1). - * - * Comment this macro to disallow using RSASSA-PSS in certificates. - */ -#define MBEDTLS_X509_RSASSA_PSS_SUPPORT /* \} name SECTION: mbed TLS feature support */ /** @@ -1260,8 +1183,7 @@ * Enable the generic ASN1 parser. * * Module: library/asn1.c - * Caller: library/x509.c - * library/dhm.c + * Caller: library/dhm.c * library/pkcs12.c * library/pkcs5.c * library/pkparse.c @@ -1276,9 +1198,6 @@ * Module: library/asn1write.c * Caller: library/ecdsa.c * library/pkwrite.c - * library/x509_create.c - * library/x509write_crt.c - * library/x509write_csr.c */ #define MBEDTLS_ASN1_WRITE_C @@ -1436,18 +1355,6 @@ */ #define MBEDTLS_CCM_C -/** - * \def MBEDTLS_CERTS_C - * - * Enable the test certificates. - * - * Module: library/certs.c - * Caller: - * - * This module is used for testing (ssl_client/server). - */ -#define MBEDTLS_CERTS_C - /** * \def MBEDTLS_CHACHA20_C * @@ -1816,13 +1723,6 @@ * library/pkparse.c * library/pkwrite.c * library/rsa.c - * library/x509.c - * library/x509_create.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * library/x509write_crt.c - * library/x509write_csr.c * * This modules translates between OIDs and internal values. */ @@ -1850,9 +1750,6 @@ * Module: library/pem.c * Caller: library/dhm.c * library/pkparse.c - * library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -1867,8 +1764,6 @@ * * Module: library/pem.c * Caller: library/pkwrite.c - * library/x509write_crt.c - * library/x509write_csr.c * * Requires: MBEDTLS_BASE64_C * @@ -1895,8 +1790,6 @@ * Enable the generic public (asymetric) key parser. * * Module: library/pkparse.c - * Caller: library/x509_crt.c - * library/x509_csr.c * * Requires: MBEDTLS_PK_C * @@ -1910,7 +1803,6 @@ * Enable the generic public (asymetric) key writer. * * Module: library/pkwrite.c - * Caller: library/x509write.c * * Requires: MBEDTLS_PK_C * @@ -1931,21 +1823,6 @@ */ #define MBEDTLS_PKCS5_C -/** - * \def MBEDTLS_PKCS11_C - * - * Enable wrapper for PKCS#11 smartcard support. - * - * Module: library/pkcs11.c - * Caller: library/pk.c - * - * Requires: MBEDTLS_PK_C - * - * This module enables SSL/TLS PKCS #11 smartcard support. - * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) - */ -//#define MBEDTLS_PKCS11_C - /** * \def MBEDTLS_PKCS12_C * @@ -2047,7 +1924,6 @@ * * Module: library/rsa.c * library/rsa_internal.c - * Caller: library/x509.c * * This module is used by the following key exchanges: * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK @@ -2063,7 +1939,6 @@ * * Module: library/sha1.c * Caller: library/md.c - * library/x509write_crt.c * * This module is required for SSL/TLS up to version 1.1, for TLS 1.2 * depending on the handshake parameters, and for SHA1-signed certificates. @@ -2158,106 +2033,6 @@ */ #define MBEDTLS_VERSION_C -/** - * \def MBEDTLS_X509_USE_C - * - * Enable X.509 core for using certificates. - * - * Module: library/x509.c - * Caller: library/x509_crl.c - * library/x509_crt.c - * library/x509_csr.c - * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, - * MBEDTLS_PK_PARSE_C - * - * This module is required for the X.509 parsing modules. - */ -#define MBEDTLS_X509_USE_C - -/** - * \def MBEDTLS_X509_CRT_PARSE_C - * - * Enable X.509 certificate parsing. - * - * Module: library/x509_crt.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c - * library/ssl_tls.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 certificate parsing. - */ -#define MBEDTLS_X509_CRT_PARSE_C - -/** - * \def MBEDTLS_X509_CRL_PARSE_C - * - * Enable X.509 CRL parsing. - * - * Module: library/x509_crl.c - * Caller: library/x509_crt.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is required for X.509 CRL parsing. - */ -#define MBEDTLS_X509_CRL_PARSE_C - -/** - * \def MBEDTLS_X509_CSR_PARSE_C - * - * Enable X.509 Certificate Signing Request (CSR) parsing. - * - * Module: library/x509_csr.c - * Caller: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_USE_C - * - * This module is used for reading X.509 certificate request. - */ -#define MBEDTLS_X509_CSR_PARSE_C - -/** - * \def MBEDTLS_X509_CREATE_C - * - * Enable X.509 core for creating certificates. - * - * Module: library/x509_create.c - * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C - * - * This module is the basis for creating X.509 certificates and CSRs. - */ -#define MBEDTLS_X509_CREATE_C - -/** - * \def MBEDTLS_X509_CRT_WRITE_C - * - * Enable creating X.509 certificates. - * - * Module: library/x509_crt_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate creation. - */ -#define MBEDTLS_X509_CRT_WRITE_C - -/** - * \def MBEDTLS_X509_CSR_WRITE_C - * - * Enable creating X.509 Certificate Signing Requests (CSR). - * - * Module: library/x509_csr_write.c - * - * Requires: MBEDTLS_X509_CREATE_C - * - * This module is required for X.509 certificate request writing. - */ -#define MBEDTLS_X509_CSR_WRITE_C - /** * \def MBEDTLS_XTEA_C * diff --git a/library/version_features.c b/library/version_features.c index b355b2b16..4f1da6aea 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -417,24 +417,6 @@ static const char *features[] = { #if defined(MBEDTLS_VERSION_FEATURES) "MBEDTLS_VERSION_FEATURES", #endif /* MBEDTLS_VERSION_FEATURES */ -#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) - "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3", -#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */ -#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", -#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - "MBEDTLS_X509_CHECK_KEY_USAGE", -#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ -#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) - "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", -#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - "MBEDTLS_X509_RSASSA_PSS_SUPPORT", -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ #if defined(MBEDTLS_AESNI_C) "MBEDTLS_AESNI_C", #endif /* MBEDTLS_AESNI_C */ @@ -468,9 +450,6 @@ static const char *features[] = { #if defined(MBEDTLS_CCM_C) "MBEDTLS_CCM_C", #endif /* MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CERTS_C) - "MBEDTLS_CERTS_C", -#endif /* MBEDTLS_CERTS_C */ #if defined(MBEDTLS_CHACHA20_C) "MBEDTLS_CHACHA20_C", #endif /* MBEDTLS_CHACHA20_C */ @@ -564,9 +543,6 @@ static const char *features[] = { #if defined(MBEDTLS_PKCS5_C) "MBEDTLS_PKCS5_C", #endif /* MBEDTLS_PKCS5_C */ -#if defined(MBEDTLS_PKCS11_C) - "MBEDTLS_PKCS11_C", -#endif /* MBEDTLS_PKCS11_C */ #if defined(MBEDTLS_PKCS12_C) "MBEDTLS_PKCS12_C", #endif /* MBEDTLS_PKCS12_C */ @@ -609,27 +585,6 @@ static const char *features[] = { #if defined(MBEDTLS_VERSION_C) "MBEDTLS_VERSION_C", #endif /* MBEDTLS_VERSION_C */ -#if defined(MBEDTLS_X509_USE_C) - "MBEDTLS_X509_USE_C", -#endif /* MBEDTLS_X509_USE_C */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) - "MBEDTLS_X509_CRT_PARSE_C", -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_X509_CRL_PARSE_C) - "MBEDTLS_X509_CRL_PARSE_C", -#endif /* MBEDTLS_X509_CRL_PARSE_C */ -#if defined(MBEDTLS_X509_CSR_PARSE_C) - "MBEDTLS_X509_CSR_PARSE_C", -#endif /* MBEDTLS_X509_CSR_PARSE_C */ -#if defined(MBEDTLS_X509_CREATE_C) - "MBEDTLS_X509_CREATE_C", -#endif /* MBEDTLS_X509_CREATE_C */ -#if defined(MBEDTLS_X509_CRT_WRITE_C) - "MBEDTLS_X509_CRT_WRITE_C", -#endif /* MBEDTLS_X509_CRT_WRITE_C */ -#if defined(MBEDTLS_X509_CSR_WRITE_C) - "MBEDTLS_X509_CSR_WRITE_C", -#endif /* MBEDTLS_X509_CSR_WRITE_C */ #if defined(MBEDTLS_XTEA_C) "MBEDTLS_XTEA_C", #endif /* MBEDTLS_XTEA_C */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index bffe9f89c..94c8ec16d 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1154,54 +1154,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_VERSION_FEATURES */ -#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) - if( strcmp( "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 ); - return( 0 ); - } -#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */ - -#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - if( strcmp( "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION ); - return( 0 ); - } -#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if( strcmp( "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK ); - return( 0 ); - } -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( strcmp( "MBEDTLS_X509_CHECK_KEY_USAGE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_KEY_USAGE ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ - -#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) - if( strcmp( "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_RSASSA_PSS_SUPPORT ); - return( 0 ); - } -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - #if defined(MBEDTLS_AESNI_C) if( strcmp( "MBEDTLS_AESNI_C", config ) == 0 ) { @@ -1290,14 +1242,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CERTS_C) - if( strcmp( "MBEDTLS_CERTS_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CERTS_C ); - return( 0 ); - } -#endif /* MBEDTLS_CERTS_C */ - #if defined(MBEDTLS_CHACHA20_C) if( strcmp( "MBEDTLS_CHACHA20_C", config ) == 0 ) { @@ -1546,14 +1490,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PKCS5_C */ -#if defined(MBEDTLS_PKCS11_C) - if( strcmp( "MBEDTLS_PKCS11_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS11_C ); - return( 0 ); - } -#endif /* MBEDTLS_PKCS11_C */ - #if defined(MBEDTLS_PKCS12_C) if( strcmp( "MBEDTLS_PKCS12_C", config ) == 0 ) { @@ -1666,62 +1602,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_VERSION_C */ -#if defined(MBEDTLS_X509_USE_C) - if( strcmp( "MBEDTLS_X509_USE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_USE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_USE_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if( strcmp( "MBEDTLS_X509_CRT_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - if( strcmp( "MBEDTLS_X509_CRL_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRL_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CRL_PARSE_C */ - -#if defined(MBEDTLS_X509_CSR_PARSE_C) - if( strcmp( "MBEDTLS_X509_CSR_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - -#if defined(MBEDTLS_X509_CREATE_C) - if( strcmp( "MBEDTLS_X509_CREATE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CREATE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CREATE_C */ - -#if defined(MBEDTLS_X509_CRT_WRITE_C) - if( strcmp( "MBEDTLS_X509_CRT_WRITE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_WRITE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CRT_WRITE_C */ - -#if defined(MBEDTLS_X509_CSR_WRITE_C) - if( strcmp( "MBEDTLS_X509_CSR_WRITE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_WRITE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CSR_WRITE_C */ - #if defined(MBEDTLS_XTEA_C) if( strcmp( "MBEDTLS_XTEA_C", config ) == 0 ) { diff --git a/scripts/config.pl b/scripts/config.pl index bdd20901c..b66790514 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -29,10 +29,6 @@ # MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES # MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_RSA_NO_CRT -# MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 -# MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION -# - this could be enabled if the respective tests were adapted -# MBEDTLS_PKCS11_C # MBEDTLS_USE_PSA_CRYPTO # - experimental, and more an alternative implementation than a feature # and any symbol beginning _ALT @@ -87,9 +83,6 @@ MBEDTLS_ECP_DP_M511_ENABLED MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_RSA_NO_CRT -MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 -MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION -MBEDTLS_PKCS11_C MBEDTLS_NO_UDBL_DIVISION MBEDTLS_NO_64BIT_MULTIPLICATION MBEDTLS_PSA_CRYPTO_SPM diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 3522aa595..72c7f4103 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -39,10 +39,9 @@ my %algs = ( 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C', 'MBEDTLS_ECJPAKE_C'], - 'MBEDTLS_X509_RSASSA_PSS_SUPPORT' => [], - 'MBEDTLS_PKCS1_V21' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], + 'MBEDTLS_PKCS1_V21' => [], 'MBEDTLS_PKCS1_V15' => [], - 'MBEDTLS_RSA_C' => ['MBEDTLS_X509_RSASSA_PSS_SUPPORT'], + 'MBEDTLS_RSA_C' => [], ); system( "cp $config_h $config_h.bak" ) and die;