From e511ffca5020f25aed9df8249d853294f63c802f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 22 Aug 2013 17:33:21 +0200
Subject: [PATCH] Allow compiling without RSA or DH

Only library and programs now, need to check test suites later.
---
 include/polarssl/rsa.h |  8 ++++++--
 library/pk_wrap.c      |  6 +++---
 library/ssl_cli.c      |  6 ++++--
 library/ssl_srv.c      |  6 ++++--
 library/x509parse.c    | 12 +++++++-----
 5 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 8e52e7d1e..90cfd552a 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -29,8 +29,6 @@
 
 #include "config.h"
 
-#if defined(POLARSSL_RSA_C)
-
 #include "bignum.h"
 #include "md.h"
 
@@ -59,6 +57,12 @@
 #define RSA_SIGN        1
 #define RSA_CRYPT       2
 
+/*
+ * The above constants may be used even if the RSA module is compile out,
+ * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ */
+#if defined(POLARSSL_RSA_C)
+
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 7e8a3f192..94f5282e2 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -29,9 +29,8 @@
 
 #include "polarssl/pk_wrap.h"
 
-#if defined(POLARSSL_RSA_C)
+/* Even if RSA not activated, for the sake of RSA-alt */
 #include "polarssl/rsa.h"
-#endif
 
 #if defined(POLARSSL_ECP_C)
 #include "polarssl/ecp.h"
@@ -49,12 +48,13 @@
 #define polarssl_free       free
 #endif
 
-#if defined(POLARSSL_RSA_C)
+/* Used by RSA-alt too */
 static int rsa_can_do( pk_type_t type )
 {
     return( type == POLARSSL_PK_RSA );
 }
 
+#if defined(POLARSSL_RSA_C)
 static size_t rsa_get_size( const void *ctx )
 {
     return( 8 * ((rsa_context *) ctx)->len );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 79bba4242..1beefab33 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1071,7 +1071,8 @@ static int ssl_parse_server_hello( ssl_context *ssl )
     return( 0 );
 }
 
-#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
+    defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
 static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
                                        unsigned char *end )
 {
@@ -1105,7 +1106,8 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
 
     return( ret );
 }
-#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+          POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
 
 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
     defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ff914e552..ce45898d0 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2144,7 +2144,8 @@ static int ssl_parse_client_dh_public( ssl_context *ssl, unsigned char **p,
 #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
           POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
 
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
+    defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
 static int ssl_parse_client_ecdh_public( ssl_context *ssl )
 {
     int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -2173,7 +2174,8 @@ static int ssl_parse_client_ecdh_public( ssl_context *ssl )
 
     return( ret );
 }
-#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+          POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 
 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
 static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
diff --git a/library/x509parse.c b/library/x509parse.c
index 9f90b5ab6..132d28525 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3937,7 +3937,7 @@ int x509_self_test( int verbose )
     size_t i, j;
     x509_cert cacert;
     x509_cert clicert;
-    rsa_context rsa;
+    pk_context pkey;
 #if defined(POLARSSL_DHM_C)
     dhm_context dhm;
 #endif
@@ -3975,9 +3975,9 @@ int x509_self_test( int verbose )
     i = strlen( test_ca_key );
     j = strlen( test_ca_pwd );
 
-    rsa_init( &rsa, RSA_PKCS_V15, 0 );
+    pk_init( &pkey );
 
-    if( ( ret = x509parse_key_rsa( &rsa,
+    if( ( ret = x509parse_key( &pkey,
                     (const unsigned char *) test_ca_key, i,
                     (const unsigned char *) test_ca_pwd, j ) ) != 0 )
     {
@@ -3990,12 +3990,14 @@ int x509_self_test( int verbose )
     if( verbose != 0 )
         printf( "passed\n  X.509 signature verify: ");
 
-    ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
+    ret = x509parse_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
     if( ret != 0 )
     {
         if( verbose != 0 )
             printf( "failed\n" );
 
+        printf("ret = %d, &flags = %04x\n", ret, flags);
+
         return( ret );
     }
 
@@ -4020,7 +4022,7 @@ int x509_self_test( int verbose )
 
     x509_free( &cacert  );
     x509_free( &clicert );
-    rsa_free( &rsa );
+    pk_free( &pkey );
 #if defined(POLARSSL_DHM_C)
     dhm_free( &dhm );
 #endif