Make sig_opts non-optional in X509 structures

This simplifies the code.

ChangeLog

@@ -1,7 +1,8 @@
 PolarSSL ChangeLog (Sorted per branch, date)
 
-TODO: bump SOVERSION
+TODO: bump SOVERSION for ABI change
 (internal-but-not-static function x509_get_sig_alg() changed prototype)
+(and various x509 structures got a new member)
 
 = PolarSSL 1.3 branch
 Features

include/polarssl/config.h

@@ -223,16 +223,10 @@
 /**
  * \def POLARSSL_RSASSA_PSS_CERTIFICATES
  *
- * Enable parsing and verification of X.509 certificates and CRLs signed with
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
- * RSASSA-PSS.
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
  *
- * This is disabled by default since it breaks binary compatibility with the
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
- * 1.3.x line. If you choose to enable it, you will need to rebuild your
- * application against the new header files, relinking will not be enough.
- *
- * TODO: actually disable it when done working on this branch ,)
- *
- * Uncomment this macro to allow using RSASSA-PSS in certificates.
  */
 #define POLARSSL_RSASSA_PSS_CERTIFICATES
 

include/polarssl/x509_crl.h

@@ -93,9 +93,7 @@ typedef struct _x509_crl
     x509_buf sig;
     md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
     pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
     void *sig_opts;             /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
-#endif
 
     struct _x509_crl *next;
 }

include/polarssl/x509_crt.h

@@ -93,9 +93,7 @@ typedef struct _x509_crt
     x509_buf sig;               /**< Signature: hash of the tbs part signed with the private key. */
     md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
     pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
     void *sig_opts;             /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
-#endif
 
     struct _x509_crt *next;     /**< Next certificate in the CA-chain. */
 }

include/polarssl/x509_csr.h

@@ -67,9 +67,7 @@ typedef struct _x509_csr
     x509_buf sig;
     md_type_t sig_md;       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
     pk_type_t sig_pk;       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
     void *sig_opts;             /**< Signature options to be passed to pk_verify_ext(), eg for RSASSA-PSS */
-#endif
 }
 x509_csr;
 

library/x509_crl.c

@@ -626,11 +626,6 @@ int x509_crl_info( char *buf, size_t size, const char *prefix,
     size_t n;
     char *p;
     const x509_crl_entry *entry;
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
-    const void *sig_opts = crl->sig_opts;
-#else
-    const void *sig_opts = NULL;
-#endif
 
     p = buf;
     n = size;
@@ -687,7 +682,7 @@ int x509_crl_info( char *buf, size_t size, const char *prefix,
     SAFE_SNPRINTF();
 
     ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, crl->sig_md,
-                             sig_opts );
+                             crl->sig_opts );
     SAFE_SNPRINTF();
 
     ret = snprintf( p, n, "\n" );

library/x509_crt.c

@@ -1253,11 +1253,6 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
     size_t n;
     char *p;
     char key_size_str[BEFORE_COLON];
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
-    const void *sig_opts = crt->sig_opts;
-#else
-    const void *sig_opts = NULL;
-#endif
 
     p = buf;
     n = size;
@@ -1300,7 +1295,7 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
     SAFE_SNPRINTF();
 
     ret = x509_sig_alg_gets( p, n, &crt->sig_oid1, crt->sig_pk,
-                             crt->sig_md, sig_opts );
+                             crt->sig_md, crt->sig_opts );
     SAFE_SNPRINTF();
 
     /* Key size */

library/x509_csr.c

@@ -366,11 +366,6 @@ int x509_csr_info( char *buf, size_t size, const char *prefix,
     size_t n;
     char *p;
     char key_size_str[BEFORE_COLON];
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
-    const void *sig_opts = csr->sig_opts;
-#else
-    const void *sig_opts = NULL;
-#endif
 
     p = buf;
     n = size;
@@ -388,7 +383,7 @@ int x509_csr_info( char *buf, size_t size, const char *prefix,
     SAFE_SNPRINTF();
 
     ret = x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
-                             sig_opts );
+                             csr->sig_opts );
     SAFE_SNPRINTF();
 
     if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,