commit bf696d030b078db77c13d926ef1c16559780a711
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Jun 05 17:07:30 2014 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Jun 05 17:08:46 2014 +0200
tree 342d3431a91d4f5695ae6efcbd6f6c28e55e44af
parent dddbb1d1eb03871de34c284083813ab116a66f77

Make sig_opts non-optional in X509 structures

This simplifies the code.

include/polarssl/config.h

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 58e8cff..1d15338 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -223,16 +223,10 @@
 /**
  * \def POLARSSL_RSASSA_PSS_CERTIFICATES
  *
- * Enable parsing and verification of X.509 certificates and CRLs signed with
- * RSASSA-PSS.
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
  *
- * This is disabled by default since it breaks binary compatibility with the
- * 1.3.x line. If you choose to enable it, you will need to rebuild your
- * application against the new header files, relinking will not be enough.
- *
- * TODO: actually disable it when done working on this branch ,)
- *
- * Uncomment this macro to allow using RSASSA-PSS in certificates.
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
  */
 #define POLARSSL_RSASSA_PSS_CERTIFICATES
 

include/polarssl/x509_crl.h

diff --git a/include/polarssl/x509_crl.h b/include/polarssl/x509_crl.h
index 886a536..067d5e6 100644
--- a/include/polarssl/x509_crl.h
+++ b/include/polarssl/x509_crl.h
@@ -93,9 +93,7 @@
     x509_buf sig;
     md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
     pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
     void *sig_opts;             /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
-#endif
 
     struct _x509_crl *next;
 }

include/polarssl/x509_crt.h

diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index 8877e69..57dbed2 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -93,9 +93,7 @@
     x509_buf sig;               /**< Signature: hash of the tbs part signed with the private key. */
     md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
     pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
     void *sig_opts;             /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
-#endif
 
     struct _x509_crt *next;     /**< Next certificate in the CA-chain. */
 }

include/polarssl/x509_csr.h

diff --git a/include/polarssl/x509_csr.h b/include/polarssl/x509_csr.h
index 531fa09..a4bad3f 100644
--- a/include/polarssl/x509_csr.h
+++ b/include/polarssl/x509_csr.h
@@ -67,9 +67,7 @@
     x509_buf sig;
     md_type_t sig_md;       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
     pk_type_t sig_pk;       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
     void *sig_opts;             /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
-#endif
 }
 x509_csr;