yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-25 17:25:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

More granular define selections within code to allow for smaller code

Browse Source 
sizes
This commit is contained in:
Paul Bakker 2013-04-18 22:46:23 +02:00
parent 7e5e7ca205
commit ed27a041e4
26 changed files with 406 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/polarssl/asn1write.h
View File

@ -33,7 +33,9 @@
int asn1_write_len( unsigned char **p, unsigned char *start, size_t len ); int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ); int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
#if defined(POLARSSL_BIGNUM_C)
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ); int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
#endif
int asn1_write_null( unsigned char **p, unsigned char *start ); int asn1_write_null( unsigned char **p, unsigned char *start );
int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid ); int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid );
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, const char *algorithm_oid ); int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, const char *algorithm_oid );

10
include/polarssl/debug.h
View File

@ -44,14 +44,20 @@
#define SSL_DEBUG_BUF( level, text, buf, len ) \ #define SSL_DEBUG_BUF( level, text, buf, len ) \
debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ); debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
#if defined(POLARSSL_BIGNUM_C)
#define SSL_DEBUG_MPI( level, text, X ) \ #define SSL_DEBUG_MPI( level, text, X ) \
debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X ); debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
#endif
#if defined(POLARSSL_ECP_C)
#define SSL_DEBUG_ECP( level, text, X ) \ #define SSL_DEBUG_ECP( level, text, X ) \
debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X ); debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
#endif
#if defined(POLARSSL_X509_PARSE_C)
#define SSL_DEBUG_CRT( level, text, crt ) \ #define SSL_DEBUG_CRT( level, text, crt ) \
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ); debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
#endif
#else #else
@ -81,9 +87,11 @@ void debug_print_buf( const ssl_context *ssl, int level,
const char *file, int line, const char *text, const char *file, int line, const char *text,
unsigned char *buf, size_t len ); unsigned char *buf, size_t len );
#if defined(POLARSSL_BIGNUM_C)
void debug_print_mpi( const ssl_context *ssl, int level, void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, const mpi *X ); const char *text, const mpi *X );
#endif
#if defined(POLARSSL_ECP_C) #if defined(POLARSSL_ECP_C)
void debug_print_ecp( const ssl_context *ssl, int level, void debug_print_ecp( const ssl_context *ssl, int level,
@ -91,9 +99,11 @@ void debug_print_ecp( const ssl_context *ssl, int level,
const char *text, const ecp_point *X ); const char *text, const ecp_point *X );
#endif #endif
#if defined(POLARSSL_X509_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level, void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, const x509_cert *crt ); const char *text, const x509_cert *crt );
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }

3
include/polarssl/oid.h
View File

@ -30,6 +30,7 @@
#include <string.h> #include <string.h>
#include "asn1.h" #include "asn1.h"
#include "md.h" #include "md.h"
#include "pk.h"
#include "x509.h" #include "x509.h"
#define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */ #define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
@ -196,6 +197,7 @@ typedef struct {
*/ */
int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid ); int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
#if defined(POLARSSL_X509_PARSE_C)
/** /**
* \brief Translate an X.509 extension OID into local values * \brief Translate an X.509 extension OID into local values
* *
@ -205,6 +207,7 @@ int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
* \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
*/ */
int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type ); int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type );
#endif
/** /**
* \brief Translate an X.509 attribute type OID into the short name * \brief Translate an X.509 attribute type OID into the short name

47
include/polarssl/pk.h Normal file
View File

@ -0,0 +1,47 @@
/**
* \file pk.h
*
* \brief Public Key abstraction layer
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PK_H
#define POLARSSL_PK_H
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Public key types
*/
typedef enum {
POLARSSL_PK_NONE=0,
POLARSSL_PK_RSA,
POLARSSL_PK_ECDSA,
} pk_type_t;
#ifdef __cplusplus
}
#endif
#endif /* pk.h */

6
include/polarssl/rsa.h
View File

@ -27,6 +27,10 @@
#ifndef POLARSSL_RSA_H #ifndef POLARSSL_RSA_H
#define POLARSSL_RSA_H #define POLARSSL_RSA_H
#include "config.h"
#if defined(POLARSSL_RSA_C)
#include "bignum.h" #include "bignum.h"
#include "md.h" #include "md.h"
@ -520,4 +524,6 @@ int rsa_self_test( int verbose );
} }
#endif #endif
#endif /* POLARSSL_RSA_C */
#endif /* rsa.h */ #endif /* rsa.h */

48
include/polarssl/ssl.h
View File

@ -29,16 +29,25 @@
#include <time.h> #include <time.h>
#include "config.h"
#include "net.h" #include "net.h"
#include "rsa.h" #include "bignum.h"
#include "md5.h" #include "md5.h"
#include "sha1.h" #include "sha1.h"
#include "sha2.h" #include "sha2.h"
#include "sha4.h" #include "sha4.h"
#include "x509.h"
#include "config.h"
#include "ssl_ciphersuites.h" #include "ssl_ciphersuites.h"
#if defined(POLARSSL_X509_PARSE_C)
#include "x509.h"
#endif
#if defined(POLARSSL_RSA_C)
#include "rsa.h"
#endif
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
#include "dhm.h" #include "dhm.h"
#endif #endif
@ -227,6 +236,15 @@
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01 #define TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
* Size defines
*/
#if !defined(POLARSSL_MPI_MAX_SIZE)
#define POLARSSL_PREMASTER_SIZE 512
#else
#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
#endif
/* /*
* Generic function pointers for allowing external RSA private key * Generic function pointers for allowing external RSA private key
* implementations. * implementations.
@ -281,7 +299,10 @@ struct _ssl_session
size_t length; /*!< session id length */ size_t length; /*!< session id length */
unsigned char id[32]; /*!< session identifier */ unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */ unsigned char master[48]; /*!< the master secret */
#if defined(POLARSSL_X509_PARSE_C)
x509_cert *peer_cert; /*!< peer X.509 cert chain */ x509_cert *peer_cert; /*!< peer X.509 cert chain */
#endif /* POLARSSL_X509_PARSE_C */
}; };
/* /*
@ -340,8 +361,8 @@ struct _ssl_handshake_params
#if defined(POLARSSL_ECDH_C) #if defined(POLARSSL_ECDH_C)
ecdh_context ecdh_ctx; /*!< ECDH key exchange */ ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif #endif
#if defined(POLARSSL_ECP_C)
int ec_curve; /*!< Selected elliptic curve */ int ec_curve; /*!< Selected elliptic curve */
#if defined(POLARSSL_ECP_C)
int ec_point_format; /*!< Client supported format */ int ec_point_format; /*!< Client supported format */
#endif #endif
@ -363,7 +384,7 @@ struct _ssl_handshake_params
size_t pmslen; /*!< premaster length */ size_t pmslen; /*!< premaster length */
unsigned char randbytes[64]; /*!< random bytes */ unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[POLARSSL_MPI_MAX_SIZE]; unsigned char premaster[POLARSSL_PREMASTER_SIZE];
/*!< premaster secret */ /*!< premaster secret */
int resume; /*!< session resume indicator*/ int resume; /*!< session resume indicator*/
@ -392,7 +413,6 @@ struct _ssl_context
void (*f_dbg)(void *, int, const char *); void (*f_dbg)(void *, int, const char *);
int (*f_recv)(void *, unsigned char *, size_t); int (*f_recv)(void *, unsigned char *, size_t);
int (*f_send)(void *, const unsigned char *, size_t); int (*f_send)(void *, const unsigned char *, size_t);
int (*f_vrfy)(void *, x509_cert *, int, int *);
int (*f_get_cache)(void *, ssl_session *); int (*f_get_cache)(void *, ssl_session *);
int (*f_set_cache)(void *, const ssl_session *); int (*f_set_cache)(void *, const ssl_session *);
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t); int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
@ -401,12 +421,16 @@ struct _ssl_context
void *p_dbg; /*!< context for the debug function */ void *p_dbg; /*!< context for the debug function */
void *p_recv; /*!< context for reading operations */ void *p_recv; /*!< context for reading operations */
void *p_send; /*!< context for writing operations */ void *p_send; /*!< context for writing operations */
void *p_vrfy; /*!< context for verification */
void *p_get_cache; /*!< context for cache retrieval */ void *p_get_cache; /*!< context for cache retrieval */
void *p_set_cache; /*!< context for cache store */ void *p_set_cache; /*!< context for cache store */
void *p_sni; /*!< context for SNI extension */ void *p_sni; /*!< context for SNI extension */
void *p_hw_data; /*!< context for HW acceleration */ void *p_hw_data; /*!< context for HW acceleration */
#if defined(POLARSSL_X509_PARSE_C)
int (*f_vrfy)(void *, x509_cert *, int, int *);
void *p_vrfy; /*!< context for verification */
#endif
/* /*
* Session layer * Session layer
*/ */
@ -458,15 +482,19 @@ struct _ssl_context
/* /*
* PKI layer * PKI layer
*/ */
#if defined(POLARSSL_RSA_C)
void *rsa_key; /*!< own RSA private key */ void *rsa_key; /*!< own RSA private key */
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/ rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
rsa_sign_func rsa_sign; /*!< function for RSA sign */ rsa_sign_func rsa_sign; /*!< function for RSA sign */
rsa_key_len_func rsa_key_len; /*!< function for RSA key len*/ rsa_key_len_func rsa_key_len; /*!< function for RSA key len*/
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_X509_PARSE_C)
x509_cert *own_cert; /*!< own X.509 certificate */ x509_cert *own_cert; /*!< own X.509 certificate */
x509_cert *ca_chain; /*!< own trusted CA chain */ x509_cert *ca_chain; /*!< own trusted CA chain */
x509_crl *ca_crl; /*!< trusted CA CRLs */ x509_crl *ca_crl; /*!< trusted CA CRLs */
const char *peer_cn; /*!< expected peer CN */ const char *peer_cn; /*!< expected peer CN */
#endif /* POLARSSL_X509_PARSE_C */
/* /*
* User settings * User settings
@ -610,6 +638,7 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
*/ */
void ssl_set_authmode( ssl_context *ssl, int authmode ); void ssl_set_authmode( ssl_context *ssl, int authmode );
#if defined(POLARSSL_X509_PARSE_C)
/** /**
* \brief Set the verification callback (Optional). * \brief Set the verification callback (Optional).
* *
@ -624,6 +653,7 @@ void ssl_set_authmode( ssl_context *ssl, int authmode );
void ssl_set_verify( ssl_context *ssl, void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int *), int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy ); void *p_vrfy );
#endif /* POLARSSL_X509_PARSE_C */
/** /**
* \brief Set the random number generator callback * \brief Set the random number generator callback
@ -741,6 +771,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
const int *ciphersuites, const int *ciphersuites,
int major, int minor ); int major, int minor );
#if defined(POLARSSL_X509_PARSE_C)
/** /**
* \brief Set the data required to verify peer certificate * \brief Set the data required to verify peer certificate
* *
@ -790,6 +821,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
rsa_decrypt_func rsa_decrypt, rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign, rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len ); rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/** /**
@ -976,6 +1008,7 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl );
*/ */
const char *ssl_get_version( const ssl_context *ssl ); const char *ssl_get_version( const ssl_context *ssl );
#if defined(POLARSSL_X509_PARSE_C)
/** /**
* \brief Return the peer certificate from the current connection * \brief Return the peer certificate from the current connection
* *
@ -991,6 +1024,7 @@ const char *ssl_get_version( const ssl_context *ssl );
* \return the current peer certificate * \return the current peer certificate
*/ */
const x509_cert *ssl_get_peer_cert( const ssl_context *ssl ); const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
#endif /* POLARSSL_X509_PARSE_C */
/** /**
* \brief Perform the SSL handshake * \brief Perform the SSL handshake

2
include/polarssl/ssl_cache.h
View File

@ -46,7 +46,9 @@ struct _ssl_cache_entry
{ {
time_t timestamp; /*!< entry timestamp */ time_t timestamp; /*!< entry timestamp */
ssl_session session; /*!< entry session */ ssl_session session; /*!< entry session */
#if defined(POLARSSL_X509_PARSE_C)
x509_buf peer_cert; /*!< entry peer_cert */ x509_buf peer_cert; /*!< entry peer_cert */
#endif
ssl_cache_entry *next; /*!< chain pointer */ ssl_cache_entry *next; /*!< chain pointer */
}; };

11
include/polarssl/x509.h
View File

@ -27,10 +27,14 @@
#ifndef POLARSSL_X509_H #ifndef POLARSSL_X509_H
#define POLARSSL_X509_H #define POLARSSL_X509_H
#include "config.h"
#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C)
#include "asn1.h" #include "asn1.h"
#include "rsa.h" #include "rsa.h"
#include "dhm.h" #include "dhm.h"
#include "md.h" #include "md.h"
#include "pk.h"
/** /**
* \addtogroup x509_module * \addtogroup x509_module
@ -134,12 +138,6 @@
#define X509_FORMAT_DER 1 #define X509_FORMAT_DER 1
#define X509_FORMAT_PEM 2 #define X509_FORMAT_PEM 2
typedef enum {
POLARSSL_PK_NONE=0,
POLARSSL_PK_RSA,
POLARSSL_PK_ECDSA,
} pk_type_t;
/** /**
* \addtogroup x509_module * \addtogroup x509_module
* \{ */ * \{ */
@ -668,4 +666,5 @@ int x509_self_test( int verbose );
} }
#endif #endif
#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */
#endif /* x509.h */ #endif /* x509.h */

4
include/polarssl/x509write.h
View File

@ -27,6 +27,8 @@
#ifndef POLARSSL_X509_WRITE_H #ifndef POLARSSL_X509_WRITE_H
#define POLARSSL_X509_WRITE_H #define POLARSSL_X509_WRITE_H
#if defined(POLARSSL_X509_WRITE_C)
#include "rsa.h" #include "rsa.h"
typedef struct _x509_req_name typedef struct _x509_req_name
@ -43,4 +45,6 @@ int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa );
int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa, int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
x509_req_name *req_name, md_type_t md_alg ); x509_req_name *req_name, md_type_t md_alg );
#endif /* POLARSSL_X509_WRITE_C */
#endif /* POLARSSL_X509_WRITE_H */ #endif /* POLARSSL_X509_WRITE_H */

4
library/asn1write.c
View File

@ -72,6 +72,7 @@ int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
return( 1 ); return( 1 );
} }
#if defined(POLARSSL_BIGNUM_C)
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ) int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
{ {
int ret; int ret;
@ -104,7 +105,8 @@ int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
return( len ); return( len );
} }
#endif /* POLARSSL_BIGNUM_C */
int asn1_write_null( unsigned char **p, unsigned char *start ) int asn1_write_null( unsigned char **p, unsigned char *start )
{ {
int ret; int ret;

4
library/debug.c
View File

@ -150,6 +150,7 @@ void debug_print_ecp( const ssl_context *ssl, int level,
} }
#endif /* POLARSSL_ECP_C */ #endif /* POLARSSL_ECP_C */
#if defined(POLARSSL_BIGNUM_C)
void debug_print_mpi( const ssl_context *ssl, int level, void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, const mpi *X ) const char *text, const mpi *X )
@ -221,7 +222,9 @@ void debug_print_mpi( const ssl_context *ssl, int level,
ssl->f_dbg( ssl->p_dbg, level, "\n" ); ssl->f_dbg( ssl->p_dbg, level, "\n" );
} }
#endif /* POLARSSL_BIGNUM_C */
#if defined(POLARSSL_X509_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level, void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, const x509_cert *crt ) const char *text, const x509_cert *crt )
@ -256,5 +259,6 @@ void debug_print_crt( const ssl_context *ssl, int level,
crt = crt->next; crt = crt->next;
} }
} }
#endif /* POLARSSL_X509_PARSE_C */
#endif #endif

31
library/oid.c
View File

@ -33,6 +33,8 @@
#include "polarssl/md.h" #include "polarssl/md.h"
#include "polarssl/rsa.h" #include "polarssl/rsa.h"
#include <stdio.h>
/* /*
* For X520 attribute types * For X520 attribute types
*/ */
@ -77,6 +79,7 @@ static const oid_x520_attr_t oid_x520_attr_type[] =
} }
}; };
#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C)
/* /*
* For X509 extensions * For X509 extensions
*/ */
@ -123,6 +126,7 @@ static const oid_descriptor_t oid_ext_key_usage[] =
{ OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" }, { OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" },
{ NULL, NULL, NULL }, { NULL, NULL, NULL },
}; };
#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */
/* /*
* For SignatureAlgorithmIdentifier * For SignatureAlgorithmIdentifier
@ -378,6 +382,7 @@ static const oid_descriptor_t *oid_descriptor_from_asn1(
oid->p, oid->len ); oid->p, oid->len );
} }
#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C)
int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc ) int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc )
{ {
const oid_descriptor_t *data = oid_descriptor_from_asn1( const oid_descriptor_t *data = oid_descriptor_from_asn1(
@ -401,6 +406,20 @@ static const oid_x509_ext_t *oid_x509_ext_from_asn1( const asn1_buf *oid )
oid ); oid );
} }
int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type )
{
const oid_x509_ext_t *data = oid_x509_ext_from_asn1( oid );
if( data == NULL )
return( POLARSSL_ERR_OID_NOT_FOUND );
*ext_type = data->ext_type;
return( 0 );
}
#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */
static const oid_x520_attr_t *oid_x520_attr_from_asn1( const asn1_buf *oid ) static const oid_x520_attr_t *oid_x520_attr_from_asn1( const asn1_buf *oid )
{ {
return (const oid_x520_attr_t *) oid_descriptor_from_asn1( return (const oid_x520_attr_t *) oid_descriptor_from_asn1(
@ -433,18 +452,6 @@ static const oid_md_alg_t *oid_md_alg_from_asn1( const asn1_buf *oid )
oid ); oid );
} }
int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type )
{
const oid_x509_ext_t *data = oid_x509_ext_from_asn1( oid );
if( data == NULL )
return( POLARSSL_ERR_OID_NOT_FOUND );
*ext_type = data->ext_type;
return( 0 );
}
int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name ) int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name )
{ {
const oid_x520_attr_t *data = oid_x520_attr_from_asn1( oid ); const oid_x520_attr_t *data = oid_x520_attr_from_asn1( oid );

10
library/ssl_cache.c
View File

@ -72,6 +72,7 @@ int ssl_cache_get( void *data, ssl_session *session )
memcpy( session->master, entry->session.master, 48 ); memcpy( session->master, entry->session.master, 48 );
#if defined(POLARSSL_X509_PARSE_C)
/* /*
* Restore peer certificate (without rest of the original chain) * Restore peer certificate (without rest of the original chain)
*/ */
@ -90,6 +91,7 @@ int ssl_cache_get( void *data, ssl_session *session )
return( 1 ); return( 1 );
} }
} }
#endif /* POLARSSL_X509_PARSE_C */
return( 0 ); return( 0 );
} }
@ -140,11 +142,13 @@ int ssl_cache_set( void *data, const ssl_session *session )
{ {
cur = old; cur = old;
memset( &cur->session, 0, sizeof(ssl_session) ); memset( &cur->session, 0, sizeof(ssl_session) );
#if defined(POLARSSL_X509_PARSE_C)
if( cur->peer_cert.p != NULL ) if( cur->peer_cert.p != NULL )
{ {
free( cur->peer_cert.p ); free( cur->peer_cert.p );
memset( &cur->peer_cert, 0, sizeof(x509_buf) ); memset( &cur->peer_cert, 0, sizeof(x509_buf) );
} }
#endif /* POLARSSL_X509_PARSE_C */
} }
else else
{ {
@ -164,7 +168,8 @@ int ssl_cache_set( void *data, const ssl_session *session )
} }
memcpy( &cur->session, session, sizeof( ssl_session ) ); memcpy( &cur->session, session, sizeof( ssl_session ) );
#if defined(POLARSSL_X509_PARSE_C)
/* /*
* Store peer certificate * Store peer certificate
*/ */
@ -180,6 +185,7 @@ int ssl_cache_set( void *data, const ssl_session *session )
cur->session.peer_cert = NULL; cur->session.peer_cert = NULL;
} }
#endif /* POLARSSL_X509_PARSE_C */
return( 0 ); return( 0 );
} }
@ -211,8 +217,10 @@ void ssl_cache_free( ssl_cache_context *cache )
ssl_session_free( &prv->session ); ssl_session_free( &prv->session );
#if defined(POLARSSL_X509_PARSE_C)
if( prv->peer_cert.p != NULL ) if( prv->peer_cert.p != NULL )
free( prv->peer_cert.p ); free( prv->peer_cert.p );
#endif /* POLARSSL_X509_PARSE_C */
free( prv ); free( prv );
} }

12
library/ssl_ciphersuites.c
View File

@ -128,6 +128,7 @@ static int supported_init = 0;
static const ssl_ciphersuite_t ciphersuite_definitions[] = static const ssl_ciphersuite_t ciphersuite_definitions[] =
{ {
#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C)
#if defined(POLARSSL_ECDH_C) #if defined(POLARSSL_ECDH_C)
#if defined(POLARSSL_AES_C) #if defined(POLARSSL_AES_C)
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
@ -201,7 +202,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC }, POLARSSL_CIPHERSUITE_EC },
#endif #endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER) #if defined(POLARSSL_CIPHER_NULL_CIPHER)
{ TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
@ -209,8 +210,8 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
#endif #endif /* POLARSSL_CIPHER_NULL_CIPHER */
#endif #endif /* POLARSSL_ECDH_C */
#if defined(POLARSSL_ARC4_C) #if defined(POLARSSL_ARC4_C)
{ TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
@ -387,6 +388,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_DES_C */ #endif /* POLARSSL_DES_C */
#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
#if defined(POLARSSL_AES_C) #if defined(POLARSSL_AES_C)
@ -451,6 +453,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_ARC4_C */ #endif /* POLARSSL_ARC4_C */
#endif /* POLARSSL_DHM_C */ #endif /* POLARSSL_DHM_C */
#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C)
#if defined(POLARSSL_AES_C) #if defined(POLARSSL_AES_C)
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
@ -480,9 +483,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_ARC4_C */ #endif /* POLARSSL_ARC4_C */
#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C)
#if defined(POLARSSL_CIPHER_NULL_CIPHER) #if defined(POLARSSL_CIPHER_NULL_CIPHER)
{ TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA, POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
@ -518,6 +523,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_DES_C */ #endif /* POLARSSL_DES_C */
#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */ #endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */

56
library/ssl_cli.c
View File

@ -742,7 +742,11 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_DHM_C) #if !defined(POLARSSL_DHM_C)
((void) ssl);
((void) p);
((void) end);
#else
/* /*
* Ephemeral DH parameters: * Ephemeral DH parameters:
* *
@ -779,7 +783,11 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl,
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_ECDH_C) #if !defined(POLARSSL_ECDH_C)
((void) ssl);
((void) p);
((void) end);
#else
/* /*
* Ephemeral ECDH parameters: * Ephemeral ECDH parameters:
* *
@ -816,7 +824,11 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl,
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if !defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
((void) ssl);
((void) p);
((void) end);
#else
size_t len; size_t len;
/* /*
@ -840,6 +852,7 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl,
return( ret ); return( ret );
} }
#if defined(POLARSSL_RSA_C)
static int ssl_parse_signature_algorithm( ssl_context *ssl, static int ssl_parse_signature_algorithm( ssl_context *ssl,
unsigned char **p, unsigned char **p,
unsigned char *end, unsigned char *end,
@ -895,15 +908,18 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_RSA_C */
static int ssl_parse_server_key_exchange( ssl_context *ssl ) static int ssl_parse_server_key_exchange( ssl_context *ssl )
{ {
int ret; int ret;
size_t n;
unsigned char *p, *end; unsigned char *p, *end;
#if defined(POLARSSL_RSA_C)
size_t n;
unsigned char hash[64]; unsigned char hash[64];
md_type_t md_alg = POLARSSL_MD_NONE; md_type_t md_alg = POLARSSL_MD_NONE;
unsigned int hashlen = 0; unsigned int hashlen = 0;
#endif
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
@ -966,6 +982,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
} }
} }
#if defined(POLARSSL_RSA_C)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA || if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
{ {
@ -1065,6 +1082,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
return( ret ); return( ret );
} }
} }
#endif /* POLARSSL_RSA_C */
exit: exit:
ssl->state++; ssl->state++;
@ -1234,9 +1252,7 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
{ {
int ret; int ret;
size_t i, n; size_t i, n;
#if defined(POLARSSL_DHM_C) || defined(POLARSSL_ECDH_C)
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
#endif
SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
@ -1349,6 +1365,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
} }
else else
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
#if defined(POLARSSL_X509_PARSE_C)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA )
{ {
/* /*
* RSA key exchange -- send rsa_public(pkcs1 v1.5(premaster)) * RSA key exchange -- send rsa_public(pkcs1 v1.5(premaster))
@ -1384,6 +1402,12 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
return( ret ); return( ret );
} }
} }
else
#endif /* POLARSSL_X509_PARSE_C */
{
((void) ciphersuite_info);
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
if( ( ret = ssl_derive_keys( ssl ) ) != 0 ) if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
{ {
@ -1410,17 +1434,26 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
static int ssl_write_certificate_verify( ssl_context *ssl ) static int ssl_write_certificate_verify( ssl_context *ssl )
{ {
int ret = 0; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
#if defined(POLARSSL_X509_PARSE_C)
size_t n = 0, offset = 0; size_t n = 0, offset = 0;
unsigned char hash[48]; unsigned char hash[48];
md_type_t md_alg = POLARSSL_MD_NONE; md_type_t md_alg = POLARSSL_MD_NONE;
unsigned int hashlen = 0; unsigned int hashlen = 0;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; #endif
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
ssl->client_auth == 0 || ssl->own_cert == NULL ) {
SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
ssl->state++;
return( 0 );
}
#if defined(POLARSSL_X509_PARSE_C)
if( ssl->client_auth == 0 || ssl->own_cert == NULL )
{ {
SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
ssl->state++; ssl->state++;
@ -1519,10 +1552,11 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
SSL_DEBUG_RET( 1, "ssl_write_record", ret ); SSL_DEBUG_RET( 1, "ssl_write_record", ret );
return( ret ); return( ret );
} }
#endif /* POLARSSL_X509_PARSE_C */
SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) ); SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
return( 0 ); return( ret );
} }
/* /*

46
library/ssl_srv.c
View File

@ -1022,11 +1022,13 @@ static int ssl_write_server_hello( ssl_context *ssl )
static int ssl_write_certificate_request( ssl_context *ssl ) static int ssl_write_certificate_request( ssl_context *ssl )
{ {
int ret; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
#if defined(POLARSSL_X509_PARSE_C)
size_t n = 0, dn_size, total_dn_size; size_t n = 0, dn_size, total_dn_size;
unsigned char *buf, *p; unsigned char *buf, *p;
const x509_cert *crt; const x509_cert *crt;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; #endif /* POLARSSL_X509_PARSE_C */
SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
@ -1039,6 +1041,7 @@ static int ssl_write_certificate_request( ssl_context *ssl )
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_X509_PARSE_C)
/* /*
* 0 . 0 handshake type * 0 . 0 handshake type
* 1 . 3 handshake length * 1 . 3 handshake length
@ -1114,13 +1117,15 @@ static int ssl_write_certificate_request( ssl_context *ssl )
ssl->out_msg[7 + n] = (unsigned char)( total_dn_size ); ssl->out_msg[7 + n] = (unsigned char)( total_dn_size );
ret = ssl_write_record( ssl ); ret = ssl_write_record( ssl );
#endif /* POLARSSL_X509_PARSE_C */
SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) ); SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
return( ret ); return( ret );
} }
#if !defined(POLARSSL_DHM_C) && !defined(POLARSSL_ECDH_C) #if ( !defined(POLARSSL_DHM_C) && !defined(POLARSSL_ECDH_C) ) || \
!defined(POLARSSL_RSA_C)
static int ssl_write_server_key_exchange( ssl_context *ssl ) static int ssl_write_server_key_exchange( ssl_context *ssl )
{ {
SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
@ -1388,7 +1393,9 @@ static int ssl_parse_client_dh_public( ssl_context *ssl )
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_DHM_C) #if !defined(POLARSSL_DHM_C)
((void) ssl);
#else
size_t n; size_t n;
/* /*
@ -1432,7 +1439,9 @@ static int ssl_parse_client_ecdh_public( ssl_context *ssl )
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_ECDH_C) #if !defined(POLARSSL_ECDH_C)
((void) ssl);
#else
size_t n; size_t n;
/* /*
@ -1474,6 +1483,10 @@ static int ssl_parse_client_ecdh_public( ssl_context *ssl )
static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if !defined(POLARSSL_RSA_C)
((void) ssl);
#else
size_t i, n = 0; size_t i, n = 0;
if( ssl->rsa_key == NULL ) if( ssl->rsa_key == NULL )
@ -1534,6 +1547,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
} }
#endif /* POLARSSL_RSA_C */
return( ret ); return( ret );
} }
@ -1542,7 +1556,9 @@ static int ssl_parse_client_psk_identity( ssl_context *ssl )
{ {
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if !defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
((void) ssl);
#else
size_t n; size_t n;
unsigned char *p = ssl->handshake->premaster; unsigned char *p = ssl->handshake->premaster;
@ -1664,17 +1680,26 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
static int ssl_parse_certificate_verify( ssl_context *ssl ) static int ssl_parse_certificate_verify( ssl_context *ssl )
{ {
int ret; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_X509_PARSE_C)
size_t n = 0, n1, n2; size_t n = 0, n1, n2;
unsigned char hash[48]; unsigned char hash[48];
md_type_t md_alg = POLARSSL_MD_NONE; md_type_t md_alg = POLARSSL_MD_NONE;
unsigned int hashlen = 0; unsigned int hashlen = 0;
#endif /* POLARSSL_X509_PARSE_C */
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
ssl->session_negotiate->peer_cert == NULL ) {
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
ssl->state++;
return( 0 );
}
#if defined(POLARSSL_X509_PARSE_C)
if( ssl->session_negotiate->peer_cert == NULL )
{ {
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
ssl->state++; ssl->state++;
@ -1745,10 +1770,11 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
return( ret ); return( ret );
} }
#endif /* POLARSSL_X509_PARSE_C */
SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
return( 0 ); return( ret );
} }
/* /*

26
library/ssl_tls.c
View File

@ -69,6 +69,7 @@ int (*ssl_hw_record_read)(ssl_context *ssl) = NULL;
int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL; int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL;
#endif #endif
#if defined(POLARSSL_RSA_C)
static int ssl_rsa_decrypt( void *ctx, int mode, size_t *olen, static int ssl_rsa_decrypt( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
size_t output_max_len ) size_t output_max_len )
@ -90,6 +91,7 @@ static size_t ssl_rsa_key_len( void *ctx )
{ {
return ( (rsa_context *) ctx )->len; return ( (rsa_context *) ctx )->len;
} }
#endif /* POLARSSL_RSA_C */
/* /*
* Key material generation * Key material generation
@ -1845,9 +1847,11 @@ int ssl_send_alert_message( ssl_context *ssl,
*/ */
int ssl_write_certificate( ssl_context *ssl ) int ssl_write_certificate( ssl_context *ssl )
{ {
int ret; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_X509_PARSE_C)
size_t i, n; size_t i, n;
const x509_cert *crt; const x509_cert *crt;
#endif
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
@ -1859,6 +1863,7 @@ int ssl_write_certificate( ssl_context *ssl )
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_X509_PARSE_C)
if( ssl->endpoint == SSL_IS_CLIENT ) if( ssl->endpoint == SSL_IS_CLIENT )
{ {
if( ssl->client_auth == 0 ) if( ssl->client_auth == 0 )
@ -1942,16 +1947,19 @@ write_msg:
SSL_DEBUG_RET( 1, "ssl_write_record", ret ); SSL_DEBUG_RET( 1, "ssl_write_record", ret );
return( ret ); return( ret );
} }
#endif /* POLARSSL_X509_PARSE_C */
SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
return( 0 ); return( ret );
} }
int ssl_parse_certificate( ssl_context *ssl ) int ssl_parse_certificate( ssl_context *ssl )
{ {
int ret; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_X509_PARSE_C)
size_t i, n; size_t i, n;
#endif
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
@ -1963,6 +1971,7 @@ int ssl_parse_certificate( ssl_context *ssl )
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_X509_PARSE_C)
if( ssl->endpoint == SSL_IS_SERVER && if( ssl->endpoint == SSL_IS_SERVER &&
ssl->authmode == SSL_VERIFY_NONE ) ssl->authmode == SSL_VERIFY_NONE )
{ {
@ -2104,6 +2113,7 @@ int ssl_parse_certificate( ssl_context *ssl )
if( ssl->authmode != SSL_VERIFY_REQUIRED ) if( ssl->authmode != SSL_VERIFY_REQUIRED )
ret = 0; ret = 0;
} }
#endif /* POLARSSL_X509_PARSE_C */
SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
@ -2686,9 +2696,11 @@ int ssl_init( ssl_context *ssl )
/* /*
* Sane defaults * Sane defaults
*/ */
#if defined(POLARSSL_RSA_C)
ssl->rsa_decrypt = ssl_rsa_decrypt; ssl->rsa_decrypt = ssl_rsa_decrypt;
ssl->rsa_sign = ssl_rsa_sign; ssl->rsa_sign = ssl_rsa_sign;
ssl->rsa_key_len = ssl_rsa_key_len; ssl->rsa_key_len = ssl_rsa_key_len;
#endif
ssl->min_major_ver = SSL_MAJOR_VERSION_3; ssl->min_major_ver = SSL_MAJOR_VERSION_3;
ssl->min_minor_ver = SSL_MINOR_VERSION_0; ssl->min_minor_ver = SSL_MINOR_VERSION_0;
@ -2827,6 +2839,7 @@ void ssl_set_authmode( ssl_context *ssl, int authmode )
ssl->authmode = authmode; ssl->authmode = authmode;
} }
#if defined(POLARSSL_X509_PARSE_C)
void ssl_set_verify( ssl_context *ssl, void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int *), int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy ) void *p_vrfy )
@ -2834,6 +2847,7 @@ void ssl_set_verify( ssl_context *ssl,
ssl->f_vrfy = f_vrfy; ssl->f_vrfy = f_vrfy;
ssl->p_vrfy = p_vrfy; ssl->p_vrfy = p_vrfy;
} }
#endif /* POLARSSL_X509_PARSE_C */
void ssl_set_rng( ssl_context *ssl, void ssl_set_rng( ssl_context *ssl,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
@ -2897,6 +2911,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites
ssl->ciphersuite_list[minor] = ciphersuites; ssl->ciphersuite_list[minor] = ciphersuites;
} }
#if defined(POLARSSL_X509_PARSE_C)
void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
x509_crl *ca_crl, const char *peer_cn ) x509_crl *ca_crl, const char *peer_cn )
{ {
@ -2924,6 +2939,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
ssl->rsa_sign = rsa_sign; ssl->rsa_sign = rsa_sign;
ssl->rsa_key_len = rsa_key_len; ssl->rsa_key_len = rsa_key_len;
} }
#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
void ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len, void ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
@ -3069,6 +3085,7 @@ const char *ssl_get_version( const ssl_context *ssl )
return( "unknown" ); return( "unknown" );
} }
#if defined(POLARSSL_X509_PARSE_C)
const x509_cert *ssl_get_peer_cert( const ssl_context *ssl ) const x509_cert *ssl_get_peer_cert( const ssl_context *ssl )
{ {
if( ssl == NULL || ssl->session == NULL ) if( ssl == NULL || ssl->session == NULL )
@ -3076,6 +3093,7 @@ const x509_cert *ssl_get_peer_cert( const ssl_context *ssl )
return ssl->session->peer_cert; return ssl->session->peer_cert;
} }
#endif /* POLARSSL_X509_PARSE_C */
/* /*
* Perform a single step of the SSL handshake * Perform a single step of the SSL handshake
@ -3366,11 +3384,13 @@ void ssl_handshake_free( ssl_handshake_params *handshake )
void ssl_session_free( ssl_session *session ) void ssl_session_free( ssl_session *session )
{ {
#if defined(POLARSSL_X509_PARSE_C)
if( session->peer_cert != NULL ) if( session->peer_cert != NULL )
{ {
x509_free( session->peer_cert ); x509_free( session->peer_cert );
free( session->peer_cert ); free( session->peer_cert );
} }
#endif
memset( session, 0, sizeof( ssl_session ) ); memset( session, 0, sizeof( ssl_session ) );
} }

27
programs/pkey/key_app_writer.c
View File

@ -39,6 +39,19 @@
#include "polarssl/base64.h" #include "polarssl/base64.h"
#include "polarssl/x509write.h" #include "polarssl/x509write.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_WRITE_C) || !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_X509_WRITE_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
#define MODE_NONE 0 #define MODE_NONE 0
#define MODE_PRIVATE 1 #define MODE_PRIVATE 1
#define MODE_PUBLIC 2 #define MODE_PUBLIC 2
@ -157,18 +170,6 @@ void write_private_key( rsa_context *rsa, char *output_file )
" output_file=%%s defeult: keyfile.pem\n" \ " output_file=%%s defeult: keyfile.pem\n" \
"\n" "\n"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret = 0; int ret = 0;
@ -336,4 +337,4 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C &&
POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */ POLARSSL_X509_WRITE_C && POLARSSL_FS_IO */

5
programs/ssl/ssl_client1.c
View File

@ -57,7 +57,7 @@ void my_debug( void *ctx, int level, const char *str )
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_PARSE_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
@ -66,7 +66,8 @@ int main( int argc, char *argv[] )
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n"); "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C "
"not defined.\n");
return( 0 ); return( 0 );
} }
#else #else

59
programs/ssl/ssl_client2.c
View File

@ -92,6 +92,7 @@ void my_debug( void *ctx, int level, const char *str )
} }
} }
#if defined(POLARSSL_X509_PARSE_C)
/* /*
* Enabled if debug_level > 1 in code below * Enabled if debug_level > 1 in code below
*/ */
@ -130,7 +131,9 @@ int my_verify( void *data, x509_cert *crt, int depth, int *flags )
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_FS_IO) #if defined(POLARSSL_FS_IO)
#define USAGE_IO \ #define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
@ -144,6 +147,17 @@ int my_verify( void *data, x509_cert *crt, int depth, int *flags )
#define USAGE_IO \ #define USAGE_IO \
" No file operations available (POLARSSL_FS_IO not defined)\n" " No file operations available (POLARSSL_FS_IO not defined)\n"
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */
#else
#define USAGE_IO ""
#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
#define USAGE_PSK \
" psk=%%s default: \"\" (in hex, without 0x)\n" \
" psk_identity=%%s default: \"Client_identity\"\n"
#else
#define USAGE_PSK ""
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
#define USAGE \ #define USAGE \
"\n usage: ssl_client2 param=<>...\n" \ "\n usage: ssl_client2 param=<>...\n" \
@ -162,25 +176,22 @@ int my_verify( void *data, x509_cert *crt, int depth, int *flags )
" options: ssl3, tls1, tls1_1, tls1_2\n" \ " options: ssl3, tls1, tls1_1, tls1_2\n" \
" auth_mode=%%s default: \"optional\"\n" \ " auth_mode=%%s default: \"optional\"\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
" psk=%%s default: \"\" (in hex, without 0x)\n" \ USAGE_PSK \
" psk_identity=%%s default: \"Client_identity\"\n" \
"\n" \ "\n" \
" force_ciphersuite=<name> default: all enabled\n"\ " force_ciphersuite=<name> default: all enabled\n"\
" acceptable ciphersuite names:\n" " acceptable ciphersuite names:\n"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ #if !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
!defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
((void) argv); ((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " printf("POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 ); return( 0 );
} }
#else #else
@ -188,16 +199,20 @@ int main( int argc, char *argv[] )
{ {
int ret = 0, len, server_fd, i; int ret = 0, len, server_fd, i;
unsigned char buf[1024]; unsigned char buf[1024];
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
unsigned char psk[256]; unsigned char psk[256];
size_t psk_len = 0; size_t psk_len = 0;
#endif
char *pers = "ssl_client2"; char *pers = "ssl_client2";
entropy_context entropy; entropy_context entropy;
ctr_drbg_context ctr_drbg; ctr_drbg_context ctr_drbg;
ssl_context ssl; ssl_context ssl;
#if defined(POLARSSL_X509_PARSE_C)
x509_cert cacert; x509_cert cacert;
x509_cert clicert; x509_cert clicert;
rsa_context rsa; rsa_context rsa;
#endif
char *p, *q; char *p, *q;
const int *list; const int *list;
@ -206,9 +221,11 @@ int main( int argc, char *argv[] )
*/ */
server_fd = 0; server_fd = 0;
memset( &ssl, 0, sizeof( ssl_context ) ); memset( &ssl, 0, sizeof( ssl_context ) );
#if defined(POLARSSL_X509_PARSE_C)
memset( &cacert, 0, sizeof( x509_cert ) ); memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) ); memset( &clicert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) ); memset( &rsa, 0, sizeof( rsa_context ) );
#endif
if( argc == 0 ) if( argc == 0 )
{ {
@ -221,7 +238,11 @@ int main( int argc, char *argv[] )
list = ssl_list_ciphersuites(); list = ssl_list_ciphersuites();
while( *list ) while( *list )
{ {
printf(" %s\n", ssl_get_ciphersuite_name( *list ) ); printf(" %-40s", ssl_get_ciphersuite_name( *list ) );
list++;
if( !*list )
break;
printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++; list++;
} }
printf("\n"); printf("\n");
@ -370,6 +391,7 @@ int main( int argc, char *argv[] )
goto usage; goto usage;
} }
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/* /*
* Unhexify the pre-shared key if any is given * Unhexify the pre-shared key if any is given
*/ */
@ -417,6 +439,7 @@ int main( int argc, char *argv[] )
psk[ j / 2 ] |= c; psk[ j / 2 ] |= c;
} }
} }
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
/* /*
* 0. Initialize the RNG and the session data * 0. Initialize the RNG and the session data
@ -434,6 +457,7 @@ int main( int argc, char *argv[] )
printf( " ok\n" ); printf( " ok\n" );
#if defined(POLARSSL_X509_PARSE_C)
/* /*
* 1.1. Load the trusted CA * 1.1. Load the trusted CA
*/ */
@ -445,7 +469,7 @@ int main( int argc, char *argv[] )
ret = x509parse_crtpath( &cacert, opt.ca_path ); ret = x509parse_crtpath( &cacert, opt.ca_path );
else if( strlen( opt.ca_file ) ) else if( strlen( opt.ca_file ) )
ret = x509parse_crtfile( &cacert, opt.ca_file ); ret = x509parse_crtfile( &cacert, opt.ca_file );
else else
#endif #endif
#if defined(POLARSSL_CERTS_C) #if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt, ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
@ -475,7 +499,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO) #if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) ) if( strlen( opt.crt_file ) )
ret = x509parse_crtfile( &clicert, opt.crt_file ); ret = x509parse_crtfile( &clicert, opt.crt_file );
else else
#endif #endif
#if defined(POLARSSL_CERTS_C) #if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt, ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
@ -513,6 +537,7 @@ int main( int argc, char *argv[] )
} }
printf( " ok\n" ); printf( " ok\n" );
#endif /* POLARSSL_X509_PARSE_C */
/* /*
* 2. Start the connection * 2. Start the connection
@ -544,8 +569,10 @@ int main( int argc, char *argv[] )
printf( " ok\n" ); printf( " ok\n" );
#if defined(POLARSSL_X509_PARSE_C)
if( opt.debug_level > 0 ) if( opt.debug_level > 0 )
ssl_set_verify( &ssl, my_verify, NULL ); ssl_set_verify( &ssl, my_verify, NULL );
#endif
ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
ssl_set_authmode( &ssl, opt.auth_mode ); ssl_set_authmode( &ssl, opt.auth_mode );
@ -561,10 +588,16 @@ int main( int argc, char *argv[] )
ssl_set_renegotiation( &ssl, opt.renegotiation ); ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
#if defined(POLARSSL_X509_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
ssl_set_own_cert( &ssl, &clicert, &rsa ); ssl_set_own_cert( &ssl, &clicert, &rsa );
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
ssl_set_psk( &ssl, psk, psk_len, (unsigned char *) opt.psk_identity, ssl_set_psk( &ssl, psk, psk_len, (unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ); strlen( opt.psk_identity ) );
#endif
ssl_set_hostname( &ssl, opt.server_name ); ssl_set_hostname( &ssl, opt.server_name );
if( opt.min_version != -1 ) if( opt.min_version != -1 )
@ -590,6 +623,7 @@ int main( int argc, char *argv[] )
printf( " ok\n [ Ciphersuite is %s ]\n", printf( " ok\n [ Ciphersuite is %s ]\n",
ssl_get_ciphersuite( &ssl ) ); ssl_get_ciphersuite( &ssl ) );
#if defined(POLARSSL_X509_PARSE_C)
/* /*
* 5. Verify the server certificate * 5. Verify the server certificate
*/ */
@ -623,6 +657,7 @@ int main( int argc, char *argv[] )
ssl_get_peer_cert( &ssl ) ); ssl_get_peer_cert( &ssl ) );
printf( "%s\n", buf ); printf( "%s\n", buf );
} }
#endif /* POLARSSL_X509_PARSE_C */
/* /*
* 6. Write the GET request * 6. Write the GET request
@ -694,9 +729,11 @@ exit:
if( server_fd ) if( server_fd )
net_close( server_fd ); net_close( server_fd );
#if defined(POLARSSL_X509_PARSE_C)
x509_free( &clicert ); x509_free( &clicert );
x509_free( &cacert ); x509_free( &cacert );
rsa_free( &rsa ); rsa_free( &rsa );
#endif
ssl_free( &ssl ); ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) ); memset( &ssl, 0, sizeof( ssl ) );

5
programs/ssl/ssl_fork_server.c
View File

@ -55,7 +55,8 @@
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_X509_PARSE_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
@ -64,7 +65,7 @@ int main( int argc, char *argv[] )
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n"); "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C not defined.\n");
return( 0 ); return( 0 );
} }
#elif defined(_WIN32) #elif defined(_WIN32)

5
programs/ssl/ssl_mail_client.c
View File

@ -104,7 +104,7 @@ void my_debug( void *ctx, int level, const char *str )
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_PARSE_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
@ -113,7 +113,8 @@ int main( int argc, char *argv[] )
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n"); "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C "
"not defined.\n");
return( 0 ); return( 0 );
} }
#else #else

7
programs/ssl/ssl_server.c
View File

@ -67,8 +67,9 @@ void my_debug( void *ctx, int level, const char *str )
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
!defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_X509_PARSE_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
@ -77,7 +78,7 @@ int main( int argc, char *argv[] )
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C not defined.\n"); "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C not defined.\n");
return( 0 ); return( 0 );
} }
#else #else

55
programs/ssl/ssl_server2.c
View File

@ -98,6 +98,7 @@ void my_debug( void *ctx, int level, const char *str )
} }
} }
#if defined(POLARSSL_X509_PARSE_C)
#if defined(POLARSSL_FS_IO) #if defined(POLARSSL_FS_IO)
#define USAGE_IO \ #define USAGE_IO \
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
@ -109,8 +110,21 @@ void my_debug( void *ctx, int level, const char *str )
" key_file=%%s default: \"\" (pre-loaded)\n" " key_file=%%s default: \"\" (pre-loaded)\n"
#else #else
#define USAGE_IO \ #define USAGE_IO \
" No file operations available (POLARSSL_FS_IO not defined)\n" "\n" \
" No file operations available (POLARSSL_FS_IO not defined)\n" \
"\n"
#endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_FS_IO */
#else
#define USAGE_IO ""
#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
#define USAGE_PSK \
" psk=%%s default: \"\" (in hex, without 0x)\n" \
" psk_identity=%%s default: \"Client_identity\"\n"
#else
#define USAGE_PSK ""
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
#define USAGE \ #define USAGE \
"\n usage: ssl_server2 param=<>...\n" \ "\n usage: ssl_server2 param=<>...\n" \
@ -125,25 +139,22 @@ void my_debug( void *ctx, int level, const char *str )
" options: ssl3, tls1, tls1_1, tls1_2\n" \ " options: ssl3, tls1, tls1_1, tls1_2\n" \
" auth_mode=%%s default: \"optional\"\n" \ " auth_mode=%%s default: \"optional\"\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
" psk=%%s default: \"\" (in hex, without 0x)\n" \ USAGE_PSK \
" psk_identity=%%s default: \"Client_identity\"\n" \
"\n" \ "\n" \
" force_ciphersuite=<name> default: all enabled\n"\ " force_ciphersuite=<name> default: all enabled\n"\
" acceptable ciphersuite names:\n" " acceptable ciphersuite names:\n"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ #if !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
!defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
((void) argv); ((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " printf("POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
"POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 ); return( 0 );
} }
#else #else
@ -153,16 +164,20 @@ int main( int argc, char *argv[] )
int listen_fd; int listen_fd;
int client_fd = -1; int client_fd = -1;
unsigned char buf[1024]; unsigned char buf[1024];
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
unsigned char psk[256]; unsigned char psk[256];
size_t psk_len = 0; size_t psk_len = 0;
#endif
char *pers = "ssl_server2"; char *pers = "ssl_server2";
entropy_context entropy; entropy_context entropy;
ctr_drbg_context ctr_drbg; ctr_drbg_context ctr_drbg;
ssl_context ssl; ssl_context ssl;
#if defined(POLARSSL_X509_PARSE_C)
x509_cert cacert; x509_cert cacert;
x509_cert srvcert; x509_cert srvcert;
rsa_context rsa; rsa_context rsa;
#endif
#if defined(POLARSSL_SSL_CACHE_C) #if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache; ssl_cache_context cache;
#endif #endif
@ -175,9 +190,11 @@ int main( int argc, char *argv[] )
* Make sure memory references are valid. * Make sure memory references are valid.
*/ */
listen_fd = 0; listen_fd = 0;
#if defined(POLARSSL_X509_PARSE_C)
memset( &cacert, 0, sizeof( x509_cert ) ); memset( &cacert, 0, sizeof( x509_cert ) );
memset( &srvcert, 0, sizeof( x509_cert ) ); memset( &srvcert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) ); memset( &rsa, 0, sizeof( rsa_context ) );
#endif
#if defined(POLARSSL_SSL_CACHE_C) #if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache ); ssl_cache_init( &cache );
#endif #endif
@ -193,7 +210,11 @@ int main( int argc, char *argv[] )
list = ssl_list_ciphersuites(); list = ssl_list_ciphersuites();
while( *list ) while( *list )
{ {
printf(" %s\n", ssl_get_ciphersuite_name( *list ) ); printf(" %-40s", ssl_get_ciphersuite_name( *list ) );
list++;
if( !*list )
break;
printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++; list++;
} }
printf("\n"); printf("\n");
@ -297,6 +318,7 @@ int main( int argc, char *argv[] )
goto usage; goto usage;
} }
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/* /*
* Unhexify the pre-shared key if any is given * Unhexify the pre-shared key if any is given
*/ */
@ -344,6 +366,7 @@ int main( int argc, char *argv[] )
psk[ j / 2 ] |= c; psk[ j / 2 ] |= c;
} }
} }
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
/* /*
* 0. Initialize the RNG and the session data * 0. Initialize the RNG and the session data
@ -361,6 +384,7 @@ int main( int argc, char *argv[] )
printf( " ok\n" ); printf( " ok\n" );
#if defined(POLARSSL_X509_PARSE_C)
/* /*
* 1.1. Load the trusted CA * 1.1. Load the trusted CA
*/ */
@ -438,6 +462,7 @@ int main( int argc, char *argv[] )
} }
printf( " ok\n" ); printf( " ok\n" );
#endif /* POLARSSL_X509_PARSE_C */
/* /*
* 2. Setup the listening TCP socket * 2. Setup the listening TCP socket
@ -482,10 +507,15 @@ int main( int argc, char *argv[] )
ssl_set_renegotiation( &ssl, opt.renegotiation ); ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
#if defined(POLARSSL_X509_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa ); ssl_set_own_cert( &ssl, &srvcert, &rsa );
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
ssl_set_psk( &ssl, psk, psk_len, (unsigned char *) opt.psk_identity, ssl_set_psk( &ssl, psk, psk_len, (unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ); strlen( opt.psk_identity ) );
#endif
#if defined(POLARSSL_DHM_C) #if defined(POLARSSL_DHM_C)
/* /*
@ -574,6 +604,7 @@ reset:
printf( " ok\n [ Ciphersuite is %s ]\n", printf( " ok\n [ Ciphersuite is %s ]\n",
ssl_get_ciphersuite( &ssl ) ); ssl_get_ciphersuite( &ssl ) );
#if defined(POLARSSL_X509_PARSE_C)
/* /*
* 5. Verify the server certificate * 5. Verify the server certificate
*/ */
@ -607,6 +638,7 @@ reset:
ssl_get_peer_cert( &ssl ) ); ssl_get_peer_cert( &ssl ) );
printf( "%s\n", buf ); printf( "%s\n", buf );
} }
#endif /* POLARSSL_X509_PARSE_C */
/* /*
* 6. Read the HTTP Request * 6. Read the HTTP Request
@ -693,9 +725,12 @@ exit:
#endif #endif
net_close( client_fd ); net_close( client_fd );
#if defined(POLARSSL_X509_PARSE_C)
x509_free( &srvcert ); x509_free( &srvcert );
x509_free( &cacert ); x509_free( &cacert );
rsa_free( &rsa ); rsa_free( &rsa );
#endif
ssl_free( &ssl ); ssl_free( &ssl );
#if defined(POLARSSL_SSL_CACHE_C) #if defined(POLARSSL_SSL_CACHE_C)

14
programs/test/o_p_test.c
View File

@ -45,6 +45,18 @@
#include "polarssl/entropy.h" #include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h" #include "polarssl/ctr_drbg.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n");
return( 0 );
}
#else
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret; int ret;
@ -241,3 +253,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C &&
POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */

17
programs/test/ssl_test.c
View File

@ -65,16 +65,6 @@
#define DFL_SESSION_LIFETIME 86400 #define DFL_SESSION_LIFETIME 86400
#define DFL_FORCE_CIPHER 0 #define DFL_FORCE_CIPHER 0
/*
* server-specific data
*/
char *dhm_G = "4";
char *dhm_P =
"E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \
"11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \
"F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \
"01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF";
int server_fd = -1; int server_fd = -1;
/* /*
@ -127,7 +117,8 @@ void my_debug( void *ctx, int level, const char *str )
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
!defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_NET_C) || \ !defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_NET_C) || \
!defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_X509_PARSE_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
@ -136,7 +127,8 @@ int main( int argc, char *argv[] )
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_SSL_CLI_C and/or POLARSSL_NET_C and/or " "POLARSSL_SSL_CLI_C and/or POLARSSL_NET_C and/or "
"POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C not defined.\n"); "POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C and/or "
"POLARSSL_X509_PARSE_C not defined.\n");
return( 0 ); return( 0 );
} }
#else #else
@ -260,7 +252,6 @@ static int ssl_test( struct options *opt )
} }
ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_dh_param( &ssl, dhm_P, dhm_G );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa ); ssl_set_own_cert( &ssl, &srvcert, &rsa );
} }