commit da0afcc2fb5eab22b30d761ef86330858ba35f89
author Valerio Setti <vsetti@baylibre.com> Thu Jan 05 16:46:59 2023 +0100
committer Valerio Setti <vsetti@baylibre.com> Thu Jan 12 17:01:44 2023 +0100
tree 2b8343cd48620c74833b60869bb23f918c792124
parent 449bd8303eed8164b83682d2ce028dca0e49b1fa

x509: remove direct dependency from BIGNUM_C

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

include/mbedtls/x509_crt.h

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 661f8aa..f552345 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -197,7 +197,7 @@
 #define MBEDTLS_X509_CRT_VERSION_2              1
 #define MBEDTLS_X509_CRT_VERSION_3              2
 
-#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
+#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 20
 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
 
 #if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
@@ -277,7 +277,8 @@
  */
 typedef struct mbedtls_x509write_cert {
     int MBEDTLS_PRIVATE(version);
-    mbedtls_mpi MBEDTLS_PRIVATE(serial);
+    unsigned char MBEDTLS_PRIVATE(serial)[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
+    size_t MBEDTLS_PRIVATE(serial_len);
     mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
     mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
     mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
@@ -986,15 +987,42 @@
  */
 void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version);
 
+#if defined(MBEDTLS_BIGNUM_C)
 /**
  * \brief           Set the serial number for a Certificate.
  *
+ * \deprecated      This function is deprecated and will be removed in a
+ *                  future version of the library. Please use
+ *                  mbedtls_x509write_crt_set_serial_new() instead.
+ *
+ * \note            Even though the MBEDTLS_BIGNUM_C guard looks redundant since
+ *                  X509 depends on PK and PK depends on BIGNUM, this emphasizes
+ *                  a direct dependency between X509 and BIGNUM which is going
+ *                  to be deprecated in the future.
+ *
  * \param ctx       CRT context to use
  * \param serial    serial number to set
  *
  * \return          0 if successful
  */
 int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
+#endif
+
+/**
+ * \brief           Set the serial number for a Certificate.
+ *
+ * \param ctx               CRT context to use
+ * \param serial_buff       Input buffer containing the serial number in big
+ *                          endian format
+ * \param serial_buff_len   Length of the previous input buffer buffer
+ *
+ * \return          0 if successful, or
+ *                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer:
+ *                  - is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
+ *                  - contains invalid chars
+ */
+int mbedtls_x509write_crt_set_serial_new(mbedtls_x509write_cert *ctx,
+                                         char *serial_buff, size_t serial_buff_len);
 
 /**
  * \brief           Set the validity period for a Certificate