mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-05-09 03:04:24 +02:00
Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the mbedtls_x509_*_info() function and closely related APIs. When this is not defined, also omit name and description from mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that are entirely unused. This saves several KB of code space. Change-Id: I056312613379890e0d70e1d08c34171287c0aa17
This commit is contained in:
Peter Kolbus
committed by
Hanno Becker
Hanno Becker
parent
1abb159e90
commit
dc470ae8af
@@ -252,13 +252,17 @@ int main( int argc, char *argv[] )
|
||||
* MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
|
||||
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
char vrfy_buf[512];
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " failed\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
|
||||
|
||||
mbedtls_printf( "%s\n", vrfy_buf );
|
||||
#endif
|
||||
}
|
||||
else
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
@@ -1482,6 +1482,14 @@ int query_config( const char *config )
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
if( strcmp( "MBEDTLS_X509_INFO", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_INFO );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_INFO */
|
||||
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
|
||||
{
|
||||
|
||||
@@ -230,13 +230,17 @@ int main( void )
|
||||
/* In real life, we probably want to bail out when ret != 0 */
|
||||
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
char vrfy_buf[512];
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " failed\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
|
||||
|
||||
mbedtls_printf( "%s\n", vrfy_buf );
|
||||
#endif
|
||||
}
|
||||
else
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
@@ -488,19 +488,28 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
|
||||
static int my_verify( void *data, mbedtls_x509_crt *crt,
|
||||
int depth, uint32_t *flags )
|
||||
{
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
char buf[1024];
|
||||
#endif
|
||||
((void) data);
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
|
||||
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
|
||||
mbedtls_printf( "%s", buf );
|
||||
#else
|
||||
((void) crt);
|
||||
((void) depth);
|
||||
#endif
|
||||
|
||||
if ( ( *flags ) == 0 )
|
||||
mbedtls_printf( " This certificate has no flags\n" );
|
||||
else
|
||||
{
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
|
||||
mbedtls_printf( "%s\n", buf );
|
||||
#endif
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
@@ -1976,14 +1985,18 @@ int main( int argc, char *argv[] )
|
||||
|
||||
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
char vrfy_buf[512];
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " failed\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
|
||||
" ! ", flags );
|
||||
|
||||
mbedtls_printf( "%s\n", vrfy_buf );
|
||||
#endif
|
||||
}
|
||||
else
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
@@ -220,21 +220,27 @@ static int do_handshake( mbedtls_ssl_context *ssl )
|
||||
/* In real life, we probably want to bail out when ret != 0 */
|
||||
if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
char vrfy_buf[512];
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " failed\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
|
||||
|
||||
mbedtls_printf( "%s\n", vrfy_buf );
|
||||
#endif
|
||||
}
|
||||
else
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
mbedtls_printf( " . Peer certificate information ...\n" );
|
||||
mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
|
||||
mbedtls_ssl_get_peer_cert( ssl ) );
|
||||
mbedtls_printf( "%s\n", buf );
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
@@ -2942,7 +2942,7 @@ handshake:
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO)
|
||||
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||
{
|
||||
char vrfy_buf[512];
|
||||
@@ -2994,17 +2994,22 @@ handshake:
|
||||
|
||||
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
char vrfy_buf[512];
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " failed\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
|
||||
|
||||
mbedtls_printf( "%s\n", vrfy_buf );
|
||||
#endif
|
||||
}
|
||||
else
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_INFO)
|
||||
if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
|
||||
{
|
||||
char crt_buf[512];
|
||||
@@ -3014,6 +3019,7 @@ handshake:
|
||||
mbedtls_ssl_get_peer_cert( &ssl ) );
|
||||
mbedtls_printf( "%s\n", crt_buf );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_INFO */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
|
||||
@@ -43,14 +43,14 @@
|
||||
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
|
||||
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_CTR_DRBG_C)
|
||||
!defined(MBEDTLS_X509_INFO) || !defined(MBEDTLS_CTR_DRBG_C)
|
||||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
|
||||
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
"MBEDTLS_X509_INFO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -37,11 +37,13 @@
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO)
|
||||
!defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_X509_INFO)
|
||||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_X509_INFO not defined.\n");
|
||||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
@@ -37,11 +37,13 @@
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO)
|
||||
!defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_X509_INFO)
|
||||
int main( void )
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
|
||||
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
|
||||
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_X509_INFO not defined.\n");
|
||||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
Reference in New Issue
Block a user