From 1a483833b3ea579367c7a4098747f462a875763b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Fri, 20 Sep 2013 12:29:15 +0200
Subject: [PATCH] SSL_TLS doesn't depend on PK any more

(But PK does depend on RSA or ECP.)
---
 include/polarssl/config.h           | 9 +++++----
 include/polarssl/ssl.h              | 5 +++++
 include/polarssl/ssl_ciphersuites.h | 2 ++
 library/ssl_ciphersuites.c          | 2 ++
 library/ssl_srv.c                   | 4 ++++
 library/ssl_tls.c                   | 9 ++++++++-
 6 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 34daaa131..890f306e9 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1194,11 +1194,12 @@
  * Enable the generic public (asymetric) key layer.
  *
  * Module:  library/pk.c
- * Caller:  library/x509parse.c
- *          library/ssl_tls.c
+ * Caller:  library/ssl_tls.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *
+ * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
+ *
  * Uncomment to enable generic public key wrappers.
  */
 #define POLARSSL_PK_C
@@ -1385,7 +1386,7 @@
  * Caller:  library/ssl_cli.c
  *          library/ssl_srv.c
  *
- * Requires: POLARSSL_CIPHER_C, POLARSSL_PK_C, POLARSSL_MD_C
+ * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
  *           and at least one of the POLARSSL_SSL_PROTO_* defines
  *
  * This module is required for SSL/TLS.
@@ -1708,7 +1709,7 @@
 #endif
 
 #if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) ||     \
-    !defined(POLARSSL_PK_C) || !defined(POLARSSL_MD_C) )
+    !defined(POLARSSL_MD_C) )
 #error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
 #endif
 
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index d9e98a431..98742dc69 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -649,8 +649,10 @@ struct _ssl_context
     /*
      * PKI layer
      */
+#if defined(POLARSSL_PK_C)
     pk_context *pk_key;                 /*!<  own private key         */
     int pk_key_own_alloc;               /*!<  did we allocate pk_key? */
+#endif
 
 #if defined(POLARSSL_X509_CRT_PARSE_C)
     x509_crt *own_cert;                 /*!<  own X.509 certificate   */
@@ -1493,8 +1495,11 @@ int ssl_write_finished( ssl_context *ssl );
 
 void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
 
+#if defined(POLARSSL_PK_C)
 unsigned char ssl_sig_from_pk( pk_context *pk );
 pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
+#endif
+
 md_type_t ssl_md_alg_from_hash( unsigned char hash );
 
 #ifdef __cplusplus
diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h
index 62a41ec47..73d626067 100644
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@@ -197,7 +197,9 @@ const int *ssl_list_ciphersuites( void );
 const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
 const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
 
+#if defined(POLARSSL_PK_C)
 pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
+#endif
 
 int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
 
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 359a2842c..71094fa59 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -972,6 +972,7 @@ int ssl_get_ciphersuite_id( const char *ciphersuite_name )
     return( cur->id );
 }
 
+#if defined(POLARSSL_PK_C)
 pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
 {
     switch( info->key_exchange )
@@ -989,6 +990,7 @@ pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
             return( POLARSSL_PK_NONE );
     }
 }
+#endif
 
 int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
 {
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index dd31a6414..e28c835c5 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -888,7 +888,9 @@ static int ssl_parse_client_hello( ssl_context *ssl )
     int handshake_failure = 0;
     const int *ciphersuites;
     const ssl_ciphersuite_t *ciphersuite_info;
+#if defined(POLARSSL_PK_C)
     pk_type_t pk_alg;
+#endif
 
     SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
 
@@ -1301,11 +1303,13 @@ static int ssl_parse_client_hello( ssl_context *ssl )
 
                 /* If ciphersuite requires us to have a private key of a
                  * certain type, make sure we do */
+#if defined(POLARSSL_PK_C)
                 pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
                 if( pk_alg != POLARSSL_PK_NONE &&
                     ( ssl->pk_key == NULL ||
                       ! pk_can_do( ssl->pk_key, pk_alg ) ) )
                     continue;
+#endif
 
                 goto have_ciphersuite;
             }
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c01ee3635..a113ec1f2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4188,11 +4188,13 @@ void ssl_free( ssl_context *ssl )
     }
 #endif
 
+#if defined(POLARSSL_PK_C)
     if( ssl->pk_key_own_alloc )
     {
         pk_free( ssl->pk_key );
         polarssl_free( ssl->pk_key );
     }
+#endif
 
 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
     if( ssl_hw_record_finish != NULL )
@@ -4208,8 +4210,9 @@ void ssl_free( ssl_context *ssl )
     memset( ssl, 0, sizeof( ssl_context ) );
 }
 
+#if defined(POLARSSL_PK_C)
 /*
- * Get the SSL_SIG_* constant corresponding to a public key
+ * Convert between POLARSSL_PK_XXX and SSL_SIG_XXX
  */
 unsigned char ssl_sig_from_pk( pk_context *pk )
 {
@@ -4240,7 +4243,11 @@ pk_type_t ssl_pk_alg_from_sig( unsigned char sig )
             return( POLARSSL_PK_NONE );
     }
 }
+#endif
 
+/*
+ * Convert between SSL_HASH_XXX and POLARSSL_MD_XXX
+ */
 md_type_t ssl_md_alg_from_hash( unsigned char hash )
 {
     switch( hash )