From b85378efb3b9b839456c6dc72065779bf6fadae0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 31 Aug 2017 11:48:34 +0100 Subject: [PATCH] Add missing dependencies to x509_ocsp.c Add missing dependency checks to check_config.h and documentation to config.h. Note that SHA-1 is required for OCSP as RFC 6960 Section 4.4.2 specifies that the ResponderID byKey is the SHA-1 hash of the responder's public key. That is, without SHA-1 we might not be able to tell who signed the OCSP response. --- include/mbedtls/check_config.h | 5 ++++- include/mbedtls/config.h | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 38323a08e7..dd1010b06d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -643,7 +643,10 @@ #endif #if defined(MBEDTLS_X509_OCSP_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) + !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ + !defined(MBEDTLS_PK_C) || !defined(MBEDTLS_RSA_C) || \ + !defined(MBEDTLS_SHA1_C) || !defined(MBEDTLS_SHA256_C) ) #error "MBEDTLS_X509_OCSP_PARSE_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 390cf91864..49c14a345a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2525,7 +2525,9 @@ * * Module: library/x509_ocsp.c * - * Requires: MBEDTLS_X509_USE_C, MBEDTLS_X509_CRT_PARSE_C + * Requires: MBEDTLS_X509_USE_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_MD_C, + * MBEDTLS_OID_C, MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_C, MBEDTLS_RSA_C, + * MBEDTLS_SHA1_C, MBEDTLS_SHA256_C * * This module is used for reading X.509 OCSP responses. */