yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-11-04 07:14:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix a few things that broke with RSA compiled out

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-09-17 21:17:44 +02:00 committed by Paul Bakker
parent 161ef968db
commit a310459f5c
3 changed files with 36 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
library/ssl_cli.c
View file

@ -1581,16 +1581,34 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
p = buf + 5; p = buf + 5;
while( cert_type_len > 0 ) while( cert_type_len > 0 )
{ {
if( *p == SSL_CERT_TYPE_RSA_SIGN ) #if defined(POLARSSL_RSA_C)
if( *p == SSL_CERT_TYPE_RSA_SIGN &&
pk_can_do( ssl->pk_key, POLARSSL_PK_RSA ) )
{ {
ssl->handshake->cert_type = SSL_CERT_TYPE_RSA_SIGN; ssl->handshake->cert_type = SSL_CERT_TYPE_RSA_SIGN;
break; break;
} }
else
#endif
#if defined(POLARSSL_ECDSA_C)
if( *p == SSL_CERT_TYPE_ECDSA_SIGN &&
pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) )
{
ssl->handshake->cert_type = SSL_CERT_TYPE_ECDSA_SIGN;
break;
}
else
#endif
{
; /* Unsupported cert type, ignore */
}
cert_type_len--; cert_type_len--;
p++; p++;
} }
// TODO: shall we abort now or send an empty certificate list later?
if( ssl->handshake->cert_type == 0 ) if( ssl->handshake->cert_type == 0 )
{ {
SSL_DEBUG_MSG( 1, ( "no known cert_type provided" ) ); SSL_DEBUG_MSG( 1, ( "no known cert_type provided" ) );
@ -1600,6 +1618,8 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
#if defined(POLARSSL_SSL_PROTO_TLS1_2) #if defined(POLARSSL_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{ {
/* Ignored, see comments about hash in write_certificate_verify */
// TODO: should check the signature part against our pk_key though
size_t sig_alg_len = ( ( buf[5 + n] << 8 ) size_t sig_alg_len = ( ( buf[5 + n] << 8 )
| ( buf[6 + n] ) ); | ( buf[6 + n] ) );
@ -1615,6 +1635,8 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
} }
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */ #endif /* POLARSSL_SSL_PROTO_TLS1_2 */
/* Ignore certificate_authorities, we only have one cert anyway */
// TODO: should not send cert if no CA matches
dn_len = ( ( buf[5 + m + n] << 8 ) dn_len = ( ( buf[5 + m + n] << 8 )
| ( buf[6 + m + n] ) ); | ( buf[6 + m + n] ) );
@ -1930,7 +1952,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_write_certificate_verify( ssl_context *ssl ) static int ssl_write_certificate_verify( ssl_context *ssl )
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
@ -1946,6 +1969,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
return( 0 ); return( 0 );
} }
SSL_DEBUG_MSG( 1, ( "should not happen" ) );
return( ret ); return( ret );
} }
#else #else

8
library/ssl_srv.c
View file

@ -1642,7 +1642,8 @@ static int ssl_write_server_hello( ssl_context *ssl )
#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_write_certificate_request( ssl_context *ssl ) static int ssl_write_certificate_request( ssl_context *ssl )
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
@ -1658,6 +1659,7 @@ static int ssl_write_certificate_request( ssl_context *ssl )
return( 0 ); return( 0 );
} }
SSL_DEBUG_MSG( 1, ( "should not happen" ) );
return( ret ); return( ret );
} }
#else #else
@ -2510,7 +2512,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_parse_certificate_verify( ssl_context *ssl ) static int ssl_parse_certificate_verify( ssl_context *ssl )
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
@ -2526,6 +2529,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
return( 0 ); return( 0 );
} }
SSL_DEBUG_MSG( 1, ( "should not happen" ) );
return( ret ); return( ret );
} }
#else #else

5
library/ssl_tls.c
View file

@ -2231,7 +2231,8 @@ int ssl_send_alert_message( ssl_context *ssl,
*/ */
#if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ #if !defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ !defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) !defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
int ssl_write_certificate( ssl_context *ssl ) int ssl_write_certificate( ssl_context *ssl )
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
@ -2247,6 +2248,7 @@ int ssl_write_certificate( ssl_context *ssl )
return( 0 ); return( 0 );
} }
SSL_DEBUG_MSG( 1, ( "should not happen" ) );
return( ret ); return( ret );
} }
@ -2265,6 +2267,7 @@ int ssl_parse_certificate( ssl_context *ssl )
return( 0 ); return( 0 );
} }
SSL_DEBUG_MSG( 1, ( "should not happen" ) );
return( ret ); return( ret );
} }
#else #else