Add missing dependencies to x509_ocsp.c

Add missing dependency checks to check_config.h and documentation to config.h. Note that SHA-1 is required for OCSP as RFC 6960 Section 4.4.2 specifies that the ResponderID byKey is the SHA-1 hash of the responder's public key. That is, without SHA-1 we might not be able to tell who signed the OCSP response.
2026-04-11 06:40:47 +02:00 · 2017-08-31 11:48:34 +01:00
parent 1c0aac06f7
commit b85378efb3
2 changed files with 7 additions and 2 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -643,7 +643,10 @@
 #endif

 #if defined(MBEDTLS_X509_OCSP_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) || \
-    !defined(MBEDTLS_X509_CRT_PARSE_C) )
+    !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_MD_C) || \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
+    !defined(MBEDTLS_PK_C) || !defined(MBEDTLS_RSA_C) || \
+    !defined(MBEDTLS_SHA1_C) || !defined(MBEDTLS_SHA256_C) )
 #error "MBEDTLS_X509_OCSP_PARSE_C defined, but not all prerequisites"
 #endif

--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2525,7 +2525,9 @@
 *
 * Module:  library/x509_ocsp.c
 *
- * Requires: MBEDTLS_X509_USE_C, MBEDTLS_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_X509_USE_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_MD_C,
+ *           MBEDTLS_OID_C, MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_C, MBEDTLS_RSA_C,
+ *           MBEDTLS_SHA1_C, MBEDTLS_SHA256_C
 *
 * This module is used for reading X.509 OCSP responses.
 */