diff --git a/ChangeLog b/ChangeLog index 29b848da1..bbfc3234c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,8 @@ PolarSSL ChangeLog (Sorted per branch, date) -TODO: bump SOVERSION +TODO: bump SOVERSION for ABI change (internal-but-not-static function x509_get_sig_alg() changed prototype) +(and various x509 structures got a new member) = PolarSSL 1.3 branch Features diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 58e8cff08..1d1533810 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -223,16 +223,10 @@ /** * \def POLARSSL_RSASSA_PSS_CERTIFICATES * - * Enable parsing and verification of X.509 certificates and CRLs signed with - * RSASSA-PSS. + * Enable parsing and verification of X.509 certificates, CRLs and CSRS + * signed with RSASSA-PSS (aka PKCS#1 v2.1). * - * This is disabled by default since it breaks binary compatibility with the - * 1.3.x line. If you choose to enable it, you will need to rebuild your - * application against the new header files, relinking will not be enough. - * - * TODO: actually disable it when done working on this branch ,) - * - * Uncomment this macro to allow using RSASSA-PSS in certificates. + * Comment this macro to disallow using RSASSA-PSS in certificates. */ #define POLARSSL_RSASSA_PSS_CERTIFICATES diff --git a/include/polarssl/x509_crl.h b/include/polarssl/x509_crl.h index 886a536fd..067d5e6d5 100644 --- a/include/polarssl/x509_crl.h +++ b/include/polarssl/x509_crl.h @@ -93,9 +93,7 @@ typedef struct _x509_crl x509_buf sig; md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ -#endif struct _x509_crl *next; } diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h index 8877e694a..57dbed236 100644 --- a/include/polarssl/x509_crt.h +++ b/include/polarssl/x509_crt.h @@ -93,9 +93,7 @@ typedef struct _x509_crt x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ -#endif struct _x509_crt *next; /**< Next certificate in the CA-chain. */ } diff --git a/include/polarssl/x509_csr.h b/include/polarssl/x509_csr.h index 531fa0912..a4bad3f78 100644 --- a/include/polarssl/x509_csr.h +++ b/include/polarssl/x509_csr.h @@ -67,9 +67,7 @@ typedef struct _x509_csr x509_buf sig; md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */ -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */ -#endif } x509_csr; diff --git a/library/x509_crl.c b/library/x509_crl.c index 26d351ae3..2191b47c8 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -626,11 +626,6 @@ int x509_crl_info( char *buf, size_t size, const char *prefix, size_t n; char *p; const x509_crl_entry *entry; -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - const void *sig_opts = crl->sig_opts; -#else - const void *sig_opts = NULL; -#endif p = buf; n = size; @@ -687,7 +682,7 @@ int x509_crl_info( char *buf, size_t size, const char *prefix, SAFE_SNPRINTF(); ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md, - sig_opts ); + crl->sig_opts ); SAFE_SNPRINTF(); ret = snprintf( p, n, "\n" ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 6e01db827..d6164a865 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1253,11 +1253,6 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, size_t n; char *p; char key_size_str[BEFORE_COLON]; -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - const void *sig_opts = crt->sig_opts; -#else - const void *sig_opts = NULL; -#endif p = buf; n = size; @@ -1300,7 +1295,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix, SAFE_SNPRINTF(); ret = x509_sig_alg_gets( p, n, &crt->sig_oid1, crt->sig_pk, - crt->sig_md, sig_opts ); + crt->sig_md, crt->sig_opts ); SAFE_SNPRINTF(); /* Key size */ diff --git a/library/x509_csr.c b/library/x509_csr.c index 81043469d..1c70a3373 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -366,11 +366,6 @@ int x509_csr_info( char *buf, size_t size, const char *prefix, size_t n; char *p; char key_size_str[BEFORE_COLON]; -#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) - const void *sig_opts = csr->sig_opts; -#else - const void *sig_opts = NULL; -#endif p = buf; n = size; @@ -388,7 +383,7 @@ int x509_csr_info( char *buf, size_t size, const char *prefix, SAFE_SNPRINTF(); ret = x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, - sig_opts ); + csr->sig_opts ); SAFE_SNPRINTF(); if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,