From 1032c1d3ec74b934021ff9f91d6a7c0af63f7a8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Sep 2013 17:18:34 +0200 Subject: [PATCH] Fix some dependencies and warnings in small config --- include/polarssl/config.h | 30 ++++++++++++++++++------------ include/polarssl/ssl.h | 2 ++ include/polarssl/x509_crt.h | 2 +- library/pkparse.c | 3 +++ library/ssl_cli.c | 6 ++++-- 5 files changed, 28 insertions(+), 15 deletions(-) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 8c92faf64..34daaa131 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -287,7 +287,8 @@ * * Enable the RSA-PSK based ciphersuite modes in SSL / TLS * (NOT YET IMPLEMENTED) - * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15 + * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, + * POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -307,7 +308,8 @@ * * Enable the RSA-only based ciphersuite modes in SSL / TLS * - * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15 + * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15, + * POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -332,8 +334,8 @@ * * Enable the DHE-RSA based ciphersuite modes in SSL / TLS * - * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, - * POLARSSL_PKCS1_V15 + * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, + * POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -354,8 +356,8 @@ * * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS * - * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, - * POLARSSL_PKCS1_V15 + * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15, + * POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -377,7 +379,8 @@ * * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS * - * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C + * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C, + * POLARSSL_X509_CRL_PARSE_C * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -1636,31 +1639,34 @@ #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) ) + !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \ + !defined(POLARSSL_X509_CRL_PARSE_C) ) #error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites" #endif #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) ) + !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \ + !defined(POLARSSL_X509_CRL_PARSE_C) ) #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \ - !defined(POLARSSL_X509_CRT_PARSE_C) ) + !defined(POLARSSL_X509_CRT_PARSE_C) || \ + !defined(POLARSSL_X509_CRL_PARSE_C) ) #error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\ - !defined(POLARSSL_PKCS1_V15) ) + !defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) ) #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" #endif #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\ - !defined(POLARSSL_PKCS1_V15) ) + !defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) ) #error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" #endif diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index fa313f41f..d9e98a431 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -954,6 +954,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl, int major, int minor ); #if defined(POLARSSL_X509_CRT_PARSE_C) +#if defined(POLARSSL_X509_CRL_PARSE_C) /** * \brief Set the data required to verify peer certificate * @@ -964,6 +965,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl, */ void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain, x509_crl *ca_crl, const char *peer_cn ); +#endif /* POLARSSL_X509_CRL_PARSE_C */ /** * \brief Set own certificate chain and private key diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h index f5703beb0..dab1296ca 100644 --- a/include/polarssl/x509_crt.h +++ b/include/polarssl/x509_crt.h @@ -198,6 +198,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path ); int x509_crt_info( char *buf, size_t size, const char *prefix, const x509_crt *crt ); +#if defined(POLARSSL_X509_CRL_PARSE_C) /** * \brief Verify the certificate signature * @@ -241,7 +242,6 @@ int x509_crt_verify( x509_crt *crt, int (*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy ); -#if defined(POLARSSL_X509_CRL_PARSE_C) /** * \brief Verify the certificate signature * diff --git a/library/pkparse.c b/library/pkparse.c index 9160e8577..2ecf143b7 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -745,7 +745,10 @@ static int pk_parse_key_pkcs8_encrypted_der( } else #endif /* POLARSSL_PKCS5_C */ + { + ((void) pwd); return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE ); + } return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b134b9217..80bef3511 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -740,13 +740,15 @@ static int ssl_parse_supported_point_formats_ext( ssl_context *ssl, static int ssl_parse_server_hello( ssl_context *ssl ) { - uint32_t t; int ret, i, comp; size_t n; size_t ext_len = 0; unsigned char *buf, *ext; int renegotiation_info_seen = 0; int handshake_failure = 0; +#if defined(POLARSSL_DEBUG_C) + uint32_t t; +#endif SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); @@ -807,13 +809,13 @@ static int ssl_parse_server_hello( ssl_context *ssl ) | ( (uint32_t) buf[7] << 16 ) | ( (uint32_t) buf[8] << 8 ) | ( (uint32_t) buf[9] ); + SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); #endif memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 ); n = buf[38]; - SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 ); if( n > 32 )