SSL_TLS doesn't depend on PK any more

(But PK does depend on RSA or ECP.)
This commit is contained in:
Manuel Pégourié-Gonnard 2013-09-20 12:29:15 +02:00
parent 34ced2dffe
commit 1a483833b3
6 changed files with 26 additions and 5 deletions

View file

@ -1194,11 +1194,12 @@
* Enable the generic public (asymetric) key layer.
*
* Module: library/pk.c
* Caller: library/x509parse.c
* library/ssl_tls.c
* Caller: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
*
* Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
*
* Uncomment to enable generic public key wrappers.
*/
#define POLARSSL_PK_C
@ -1385,7 +1386,7 @@
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* Requires: POLARSSL_CIPHER_C, POLARSSL_PK_C, POLARSSL_MD_C
* Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
* and at least one of the POLARSSL_SSL_PROTO_* defines
*
* This module is required for SSL/TLS.
@ -1708,7 +1709,7 @@
#endif
#if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \
!defined(POLARSSL_PK_C) || !defined(POLARSSL_MD_C) )
!defined(POLARSSL_MD_C) )
#error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
#endif

View file

@ -649,8 +649,10 @@ struct _ssl_context
/*
* PKI layer
*/
#if defined(POLARSSL_PK_C)
pk_context *pk_key; /*!< own private key */
int pk_key_own_alloc; /*!< did we allocate pk_key? */
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt *own_cert; /*!< own X.509 certificate */
@ -1493,8 +1495,11 @@ int ssl_write_finished( ssl_context *ssl );
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
#if defined(POLARSSL_PK_C)
unsigned char ssl_sig_from_pk( pk_context *pk );
pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
#endif
md_type_t ssl_md_alg_from_hash( unsigned char hash );
#ifdef __cplusplus

View file

@ -197,7 +197,9 @@ const int *ssl_list_ciphersuites( void );
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
#if defined(POLARSSL_PK_C)
pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
#endif
int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );

View file

@ -972,6 +972,7 @@ int ssl_get_ciphersuite_id( const char *ciphersuite_name )
return( cur->id );
}
#if defined(POLARSSL_PK_C)
pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
@ -989,6 +990,7 @@ pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
return( POLARSSL_PK_NONE );
}
}
#endif
int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
{

View file

@ -888,7 +888,9 @@ static int ssl_parse_client_hello( ssl_context *ssl )
int handshake_failure = 0;
const int *ciphersuites;
const ssl_ciphersuite_t *ciphersuite_info;
#if defined(POLARSSL_PK_C)
pk_type_t pk_alg;
#endif
SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
@ -1301,11 +1303,13 @@ static int ssl_parse_client_hello( ssl_context *ssl )
/* If ciphersuite requires us to have a private key of a
* certain type, make sure we do */
#if defined(POLARSSL_PK_C)
pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
if( pk_alg != POLARSSL_PK_NONE &&
( ssl->pk_key == NULL ||
! pk_can_do( ssl->pk_key, pk_alg ) ) )
continue;
#endif
goto have_ciphersuite;
}

View file

@ -4188,11 +4188,13 @@ void ssl_free( ssl_context *ssl )
}
#endif
#if defined(POLARSSL_PK_C)
if( ssl->pk_key_own_alloc )
{
pk_free( ssl->pk_key );
polarssl_free( ssl->pk_key );
}
#endif
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
if( ssl_hw_record_finish != NULL )
@ -4208,8 +4210,9 @@ void ssl_free( ssl_context *ssl )
memset( ssl, 0, sizeof( ssl_context ) );
}
#if defined(POLARSSL_PK_C)
/*
* Get the SSL_SIG_* constant corresponding to a public key
* Convert between POLARSSL_PK_XXX and SSL_SIG_XXX
*/
unsigned char ssl_sig_from_pk( pk_context *pk )
{
@ -4240,7 +4243,11 @@ pk_type_t ssl_pk_alg_from_sig( unsigned char sig )
return( POLARSSL_PK_NONE );
}
}
#endif
/*
* Convert between SSL_HASH_XXX and POLARSSL_MD_XXX
*/
md_type_t ssl_md_alg_from_hash( unsigned char hash )
{
switch( hash )