yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 02:55:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

RSA and ECDSA key exchanges don't depend on CRL

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-09-23 12:20:02 +02:00
parent dfe0ea9f02
commit cbf3ef3861
8 changed files with 18 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
include/polarssl/config.h
View File

@ -286,7 +286,7 @@
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS. * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
* (NOT YET IMPLEMENTED) * (NOT YET IMPLEMENTED)
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -307,7 +307,7 @@
* Enable the RSA-only based ciphersuite modes in SSL / TLS. * Enable the RSA-only based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -333,7 +333,7 @@
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS. * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -355,7 +355,7 @@
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * POLARSSL_X509_CRT_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -378,7 +378,6 @@
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
* *
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
* POLARSSL_X509_CRL_PARSE_C
* *
* This enables the following ciphersuites (if other requisites are * This enables the following ciphersuites (if other requisites are
* enabled as well): * enabled as well):
@ -1683,34 +1682,31 @@
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \ ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
!defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
!defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || \ !defined(POLARSSL_X509_CRT_PARSE_C) )
!defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) ) !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) ) !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" #error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif #endif

6
include/polarssl/ssl.h
View File

@ -58,9 +58,7 @@
#include "x509_crt.h" #include "x509_crt.h"
#endif #endif
#if defined(POLARSSL_X509_CRL_PARSE_C)
#include "x509_crl.h" #include "x509_crl.h"
#endif
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
#include "dhm.h" #include "dhm.h"
@ -659,9 +657,7 @@ struct _ssl_context
x509_crt *ca_chain; /*!< own trusted CA chain */ x509_crt *ca_chain; /*!< own trusted CA chain */
const char *peer_cn; /*!< expected peer CN */ const char *peer_cn; /*!< expected peer CN */
#endif /* POLARSSL_X509_CRT_PARSE_C */ #endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_X509_CRL_PARSE_C)
x509_crl *ca_crl; /*!< trusted CA CRLs */ x509_crl *ca_crl; /*!< trusted CA CRLs */
#endif /* POLARSSL_X509_CRL_PARSE_C */
#if defined(POLARSSL_SSL_SESSION_TICKETS) #if defined(POLARSSL_SSL_SESSION_TICKETS)
/* /*
@ -956,7 +952,6 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
int major, int minor ); int major, int minor );
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(POLARSSL_X509_CRL_PARSE_C)
/** /**
* \brief Set the data required to verify peer certificate * \brief Set the data required to verify peer certificate
* *
@ -967,7 +962,6 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
*/ */
void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain, void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
x509_crl *ca_crl, const char *peer_cn ); x509_crl *ca_crl, const char *peer_cn );
#endif /* POLARSSL_X509_CRL_PARSE_C */
/** /**
* \brief Set own certificate chain and private key * \brief Set own certificate chain and private key

6
include/polarssl/x509_crt.h
View File

@ -31,9 +31,7 @@
#include "x509.h" #include "x509.h"
#if defined(POLARSSL_X509_CRL_PARSE_C)
#include "x509_crl.h" #include "x509_crl.h"
#endif
/** /**
* \addtogroup x509_module * \addtogroup x509_module
@ -198,7 +196,6 @@ int x509_crt_parse_path( x509_crt *chain, const char *path );
int x509_crt_info( char *buf, size_t size, const char *prefix, int x509_crt_info( char *buf, size_t size, const char *prefix,
const x509_crt *crt ); const x509_crt *crt );
#if defined(POLARSSL_X509_CRL_PARSE_C)
/** /**
* \brief Verify the certificate signature * \brief Verify the certificate signature
* *
@ -242,8 +239,9 @@ int x509_crt_verify( x509_crt *crt,
int (*f_vrfy)(void *, x509_crt *, int, int *), int (*f_vrfy)(void *, x509_crt *, int, int *),
void *p_vrfy ); void *p_vrfy );
#if defined(POLARSSL_X509_CRL_PARSE_C)
/** /**
* \brief Verify the certificate signature * \brief Verify the certificate revocation status
* *
* \param crt a certificate to be verified * \param crt a certificate to be verified
* \param crl the CRL to verify against * \param crl the CRL to verify against

2
library/x509_crt.c
View File

@ -1391,6 +1391,8 @@ static int x509_crt_verify_top(
#if defined(POLARSSL_X509_CRL_PARSE_C) #if defined(POLARSSL_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the chain's top crt */ /* Check trusted CA's CRL for the chain's top crt */
*flags |= x509_crt_verifycrl( child, trust_ca, ca_crl ); *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl );
#else
((void) ca_crl);
#endif #endif
if( x509_time_expired( &trust_ca->valid_to ) ) if( x509_time_expired( &trust_ca->valid_to ) )

6
programs/test/ssl_cert_test.c
View File

@ -29,13 +29,14 @@
#include <stdio.h> #include <stdio.h>
#if !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \ #if !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
!defined(POLARSSL_FS_IO) !defined(POLARSSL_FS_IO) || !defined(POLARSSL_X509_CRL_PARSE_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
((void) argv); ((void) argv);
printf("POLARSSL_RSA_C and/or POLARSSL_X509_CRT_PARSE_C " printf("POLARSSL_RSA_C and/or POLARSSL_X509_CRT_PARSE_C "
"POLARSSL_FS_IO and/or POLARSSL_X509_CRL_PARSE_C "
"not defined.\n"); "not defined.\n");
return( 0 ); return( 0 );
} }
@ -257,4 +258,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO */ #endif /* POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_X509_CRL_PARSE_C */

1
scripts/data_files/config-mini-tls1_1.h
View File

@ -34,7 +34,6 @@
#define POLARSSL_SSL_CLI_C #define POLARSSL_SSL_CLI_C
#define POLARSSL_SSL_SRV_C #define POLARSSL_SSL_SRV_C
#define POLARSSL_SSL_TLS_C #define POLARSSL_SSL_TLS_C
#define POLARSSL_X509_CRL_PARSE_C
#define POLARSSL_X509_CRT_PARSE_C #define POLARSSL_X509_CRT_PARSE_C
#define POLARSSL_X509_USE_C #define POLARSSL_X509_USE_C

1
scripts/data_files/config-suite-b.h
View File

@ -34,7 +34,6 @@
#define POLARSSL_SSL_CLI_C #define POLARSSL_SSL_CLI_C
#define POLARSSL_SSL_SRV_C #define POLARSSL_SSL_SRV_C
#define POLARSSL_SSL_TLS_C #define POLARSSL_SSL_TLS_C
#define POLARSSL_X509_CRL_PARSE_C
#define POLARSSL_X509_CRT_PARSE_C #define POLARSSL_X509_CRT_PARSE_C
#define POLARSSL_X509_USE_C #define POLARSSL_X509_USE_C

2
tests/suites/test_suite_x509parse.function
View File

@ -75,7 +75,7 @@ void x509_crl_info( char *crl_file, char *result_str )
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */ /* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file, void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result, char *cn_name_str, int result, int flags_result,
char *verify_callback ) char *verify_callback )