mbedtls: add support for pkcs7 PKCS7 signing format is used by OpenPOWER Key Management, which is using mbedtls as its crypto library. This patch adds the limited support of pkcs7 parser and verification to the mbedtls. The limitations are: * Only signed data is supported. * CRLs are not currently handled. * Single signer is supported. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Eric Richter <erichte@linux.ibm.com> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>

commit: c9deb184b0bf5e72d5761d06af0db165676e0f8a [log] [tgz]
author: Nayna Jain <nayna@linux.ibm.com> Mon Nov 16 19:03:12 2020 +0000
committer: Nick Child <nick.child@ibm.com> Thu Sep 01 19:45:33 2022 -0500
tree: 58e6f98e9854bdbd7ea22fc088568f7072210f0c
parent: e00d6d6b55130c905aee5d1a7fca9b9afa9e53f2 [diff] [blame]
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index b5d2c40..dcb6392 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -989,6 +989,13 @@
 #error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341"
 #endif
 
+#if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \
+    ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \
+    ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) ||\
+    ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || ( !defined(MBEDTLS_BIGNUM_C) ) )
+#error  "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
+#endif
+
 /*
  * Avoid warning from -pedantic. This is a convenient place for this
  * workaround since this is included by every single file before the
commit	c9deb184b0bf5e72d5761d06af0db165676e0f8a	[log] [tgz]
author	Nayna Jain <nayna@linux.ibm.com>	Mon Nov 16 19:03:12 2020 +0000
committer	Nick Child <nick.child@ibm.com>	Thu Sep 01 19:45:33 2022 -0500
tree	58e6f98e9854bdbd7ea22fc088568f7072210f0c
parent	e00d6d6b55130c905aee5d1a7fca9b9afa9e53f2 [diff] [blame]