From b807cc6ebaea1d353bd877a4f7e110619477eab7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 30 Nov 2023 17:16:20 +0800 Subject: [PATCH 1/6] Add checks for PK_[PARSE/WRITE]_C when PK_HAVE_ECC_KEYS is set When PK_HAVE_ECC_KEYS is set with PK_[PARSE/WRITE]_C, it needs OID_C to be enabled. This commit adds proper checks in check_config.h Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index a7a346fe53..af78087b12 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -444,6 +444,16 @@ #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) && \ + !defined(MBEDTLS_OID_C) +#error "MBEDTLS_PK_PARSE_C and MBEDTLS_PK_HAVE_ECC_KEYS require MBEDTLS_OID_C" +#endif + +#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) && \ + !defined(MBEDTLS_OID_C) +#error "MBEDTLS_PK_WRITE_C and MBEDTLS_PK_HAVE_ECC_KEYS require MBEDTLS_OID_C" +#endif + #if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites" #endif From e9954bb9d532acf18796f4babab391a1eb7a790e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 30 Nov 2023 17:16:33 +0800 Subject: [PATCH 2/6] test_suite_pk.function: add correct dependency In valid_parameters_pkwrite, we first parse a public key then test with mbedtls_pk_write_xxx functions. So valid_parameters_pkwrite should depend on both MBEDTLS_PK_WRITE_C and MBEDTLS_PK_PARSE_C. Signed-off-by: Yanray Wang --- tests/suites/test_suite_pk.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 681de0ff06..ff843cb8d0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -681,7 +681,7 @@ void valid_parameters() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_PK_PARSE_C */ void valid_parameters_pkwrite(data_t *key_data) { mbedtls_pk_context pk; From 687bfcb54ca7cf59cc59dd2ad6b46e705e7b8826 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 12:15:17 +0800 Subject: [PATCH 3/6] pk: remove duplicate define of MBEDTLS_PK_HAVE_ECC_KEYS In pk.h, MBEDTLS_PK_HAVE_ECC_KEYS is enabled if ECP_C is defined or USE_PSA_CRYPTO && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY are defined. But this logic is duplicate with its definition in config_adjust_legacy_crypto.h. Signed-off-by: Yanray Wang --- include/mbedtls/pk.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 66f39015fa..919543cc61 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -181,13 +181,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_USE_PSA_EC_DATA #endif -/* Helper symbol to state that the PK module has support for EC keys. This - * can either be provided through the legacy ECP solution or through the - * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_HAVE_ECC_KEYS -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ - /** * \brief Types for interfacing with the debug module */ From 5b118d4aed8b3e211c00d55c48298aea5f14c03f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 5 Dec 2023 10:31:54 +0800 Subject: [PATCH 4/6] Check MBEDTLS_PK_{PARSE,WRITE}_C requires MBEDTLS_OID_C - check_config.h: add this dependency check - mbedtls_config.h: update corresponding requirement documentation Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 16 ++++------------ include/mbedtls/mbedtls_config.h | 4 ++-- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index af78087b12..6aa87b8a98 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -436,24 +436,16 @@ #error "MBEDTLS_PK_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C) +#if defined(MBEDTLS_PK_PARSE_C) && \ + (!defined(MBEDTLS_PK_C) || !defined(MBEDTLS_OID_C)) #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C) +#if defined(MBEDTLS_PK_WRITE_C) && \ + (!defined(MBEDTLS_PK_C) || !defined(MBEDTLS_OID_C)) #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) && \ - !defined(MBEDTLS_OID_C) -#error "MBEDTLS_PK_PARSE_C and MBEDTLS_PK_HAVE_ECC_KEYS require MBEDTLS_OID_C" -#endif - -#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) && \ - !defined(MBEDTLS_OID_C) -#error "MBEDTLS_PK_WRITE_C and MBEDTLS_PK_HAVE_ECC_KEYS require MBEDTLS_OID_C" -#endif - #if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 6a5828c740..edf4a0b304 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3059,7 +3059,7 @@ * Caller: library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_PK_C + * Requires: MBEDTLS_PK_C, MBEDTLS_OID_C * * Uncomment to enable generic public key parse functions. */ @@ -3073,7 +3073,7 @@ * Module: library/pkwrite.c * Caller: library/x509write.c * - * Requires: MBEDTLS_PK_C + * Requires: MBEDTLS_PK_C, MBEDTLS_OID_C * * Uncomment to enable generic public key write functions. */ From 072a068f9f184a9b2ede7f4e940ca35e3b49ea3e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 5 Dec 2023 10:53:04 +0800 Subject: [PATCH 5/6] check_config: combine check for MBEDTLS_PK_PARSE_C - check_config.h: combine separate check for MBEDTLS_PK_PARSE_C - mbedtls_config.h: update documentation for `Requires` Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 8 +++----- include/mbedtls/mbedtls_config.h | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 6aa87b8a98..1ccd24edf3 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -207,10 +207,6 @@ #error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites" #endif -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) -#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_ENTROPY_C) && \ !(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" @@ -437,7 +433,9 @@ #endif #if defined(MBEDTLS_PK_PARSE_C) && \ - (!defined(MBEDTLS_PK_C) || !defined(MBEDTLS_OID_C)) + (!defined(MBEDTLS_ASN1_PARSE_C) || \ + !defined(MBEDTLS_OID_C) || \ + !defined(MBEDTLS_PK_C)) #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index edf4a0b304..2cfb4fcaba 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3059,7 +3059,7 @@ * Caller: library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_PK_C, MBEDTLS_OID_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C * * Uncomment to enable generic public key parse functions. */ From a8f8eb1e356564bd5aeb3b0c34795188105798f1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 5 Dec 2023 11:00:33 +0800 Subject: [PATCH 6/6] check_config: add missing dependency check for MBEDTLS_PK_WRITE_C MBEDTLS_PK_WRITE_C requires MBEDTLS_ASN1_WRITE_C, but there is no corresponding check in check_config.h. In addition, corresponding documentation for `Requires` is updated in mbedtls_config.h. Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 4 +++- include/mbedtls/mbedtls_config.h | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1ccd24edf3..576efeae03 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -440,7 +440,9 @@ #endif #if defined(MBEDTLS_PK_WRITE_C) && \ - (!defined(MBEDTLS_PK_C) || !defined(MBEDTLS_OID_C)) + (!defined(MBEDTLS_ASN1_WRITE_C) || \ + !defined(MBEDTLS_OID_C) || \ + !defined(MBEDTLS_PK_C)) #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2cfb4fcaba..254e75a1a3 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3073,7 +3073,7 @@ * Module: library/pkwrite.c * Caller: library/x509write.c * - * Requires: MBEDTLS_PK_C, MBEDTLS_OID_C + * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C * * Uncomment to enable generic public key write functions. */