Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
This reverts commit ab50d8d30c22f38e3e2d2373219cfbeb1940082e, reversing
changes made to e31b1d992ad0a3874646c73a44f3eb750d13e900.
diff --git a/include/polarssl/asn1.h b/include/polarssl/asn1.h
index 7dc591e..45fd6cd 100644
--- a/include/polarssl/asn1.h
+++ b/include/polarssl/asn1.h
@@ -93,13 +93,9 @@
/** Returns the size of the binary string, without the trailing \\0 */
#define OID_SIZE(x) (sizeof(x) - 1)
-/**
- * Compares an asn1_buf structure to a reference OID.
- *
- * Only works for 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
- *
- * Warning: returns true when the OIDs are equal (unlike memcmp)!
+/** Compares two asn1_buf structures for the same OID. Only works for
+ * 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a 'unsigned
+ * char *oid' here!
*/
#define OID_CMP(oid_str, oid_buf) \
( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index db34e6a..251b28b 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -203,22 +203,6 @@
//#define POLARSSL_SHA512_ALT
/**
- * \def POLARSSL_RSASSA_PSS_CERTIFICATES
- *
- * Enable parsing and verification of X.509 certificates and CRLs signed with
- * RSASSA-PSS.
- *
- * This is disabled by default since it breaks binary compatibility with the
- * 1.3.x line. If you choose to enable it, you will need to rebuild your
- * application against the new header files, relinking will not be enough.
- *
- * TODO: actually disable it when done working on this branch ,)
- *
- * Uncomment this macro to allow using RSASSA-PSS in certificates.
- */
-#define POLARSSL_RSASSA_PSS_CERTIFICATES
-
-/**
* \def POLARSSL_AES_ROM_TABLES
*
* Store the AES tables in ROM.
@@ -2224,11 +2208,6 @@
#error "POLARSSL_RSA_C defined, but not all prerequisites"
#endif
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) && \
- ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_PKCS1_V21) )
-#error "POLARSSL_RSASSA_PSS_CERTIFICATES defined, but not all prerequisites"
-#endif
-
#if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"
diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h
index 5f20b56..f000b8e 100644
--- a/include/polarssl/oid.h
+++ b/include/polarssl/oid.h
@@ -193,10 +193,6 @@
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
-/* RFC 4055 */
-#define OID_RSASSA_PSS OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define OID_MGF1 OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
-
/*
* Digest algorithms
*/
diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
index e32f9c9..013d973 100644
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -94,7 +94,6 @@
POLARSSL_PK_ECKEY_DH,
POLARSSL_PK_ECDSA,
POLARSSL_PK_RSA_ALT,
- POLARSSL_PK_RSASSA_PSS,
} pk_type_t;
/**
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 6e8641f..a456537 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -254,16 +254,9 @@
x509_name *cur );
int x509_get_alg_null( unsigned char **p, const unsigned char *end,
x509_buf *alg );
-int x509_get_alg( unsigned char **p, const unsigned char *end,
- x509_buf *alg, x509_buf *params );
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
-int x509_get_rsassa_pss_params( const x509_buf *params,
- md_type_t *md_alg, md_type_t *mgf_md,
- int *salt_len, int *trailer_field );
-#endif
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
-int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
- md_type_t *md_alg, pk_type_t *pk_alg );
+int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
+ pk_type_t *pk_alg );
int x509_get_time( unsigned char **p, const unsigned char *end,
x509_time *time );
int x509_get_serial( unsigned char **p, const unsigned char *end,
@@ -271,8 +264,6 @@
int x509_get_ext( unsigned char **p, const unsigned char *end,
x509_buf *ext, int tag );
int x509_load_file( const char *path, unsigned char **buf, size_t *n );
-int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
- pk_type_t pk_alg, const x509_buf *sig_params );
int x509_key_size_helper( char *buf, size_t size, const char *name );
int x509_string_to_names( asn1_named_data **head, const char *name );
int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len );
diff --git a/include/polarssl/x509_crl.h b/include/polarssl/x509_crl.h
index 14f648f..0c79916 100644
--- a/include/polarssl/x509_crl.h
+++ b/include/polarssl/x509_crl.h
@@ -89,9 +89,6 @@
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- x509_buf sig_params; /**< Parameters for the signature algorithm */
-#endif
struct _x509_crl *next;
}
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index 916dc3b..ee8f9e6 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -89,9 +89,6 @@
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- x509_buf sig_params; /**< Parameters for the signature algorithm */
-#endif
struct _x509_crt *next; /**< Next certificate in the CA-chain. */
}
diff --git a/include/polarssl/x509_csr.h b/include/polarssl/x509_csr.h
index a5c1096..7e38300 100644
--- a/include/polarssl/x509_csr.h
+++ b/include/polarssl/x509_csr.h
@@ -63,9 +63,6 @@
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- x509_buf sig_params; /**< Parameters for the signature algorithm */
-#endif
}
x509_csr;