Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.
Change-Id: I056312613379890e0d70e1d08c34171287c0aa17
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 90db06c..d455b04 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -252,13 +252,17 @@
* MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
+#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
+#endif
mbedtls_printf( " failed\n" );
+#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
+#endif
}
else
mbedtls_printf( " ok\n" );
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index be35a76..b9070c8 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -1482,6 +1482,14 @@
}
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
+#if defined(MBEDTLS_X509_INFO)
+ if( strcmp( "MBEDTLS_X509_INFO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_INFO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_INFO */
+
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
{
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index fc601ec..55215f2 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -230,13 +230,17 @@
/* In real life, we probably want to bail out when ret != 0 */
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
+#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
+#endif
mbedtls_printf( " failed\n" );
+#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
+#endif
}
else
mbedtls_printf( " ok\n" );
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 6841f7b..f2e00f7 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -488,19 +488,28 @@
static int my_verify( void *data, mbedtls_x509_crt *crt,
int depth, uint32_t *flags )
{
+#if defined(MBEDTLS_X509_INFO)
char buf[1024];
+#endif
((void) data);
+#if defined(MBEDTLS_X509_INFO)
mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
mbedtls_printf( "%s", buf );
+#else
+ ((void) crt);
+ ((void) depth);
+#endif
if ( ( *flags ) == 0 )
mbedtls_printf( " This certificate has no flags\n" );
else
{
+#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
mbedtls_printf( "%s\n", buf );
+#endif
}
return( 0 );
@@ -1976,14 +1985,18 @@
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
+#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
+#endif
mbedtls_printf( " failed\n" );
+#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
" ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
+#endif
}
else
mbedtls_printf( " ok\n" );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 55c90c6..7a84b6a 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -220,21 +220,27 @@
/* In real life, we probably want to bail out when ret != 0 */
if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
{
+#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
+#endif
mbedtls_printf( " failed\n" );
+#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
+#endif
}
else
mbedtls_printf( " ok\n" );
+#if defined(MBEDTLS_X509_INFO)
mbedtls_printf( " . Peer certificate information ...\n" );
mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
mbedtls_ssl_get_peer_cert( ssl ) );
mbedtls_printf( "%s\n", buf );
+#endif
return( 0 );
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3bd76ec..bf97514 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2942,7 +2942,7 @@
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO)
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
{
char vrfy_buf[512];
@@ -2994,17 +2994,22 @@
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
+#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
+#endif
mbedtls_printf( " failed\n" );
+#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
+#endif
}
else
mbedtls_printf( " ok\n" );
+#if defined(MBEDTLS_X509_INFO)
if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
{
char crt_buf[512];
@@ -3014,6 +3019,7 @@
mbedtls_ssl_get_peer_cert( &ssl ) );
mbedtls_printf( "%s\n", crt_buf );
}
+#endif /* MBEDTLS_X509_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)