From ed27a041e473eea79a57b758e09b13569e95781f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 18 Apr 2013 22:46:23 +0200 Subject: [PATCH] More granular define selections within code to allow for smaller code sizes --- include/polarssl/asn1write.h | 2 ++ include/polarssl/debug.h | 10 ++++++ include/polarssl/oid.h | 3 ++ include/polarssl/pk.h | 47 +++++++++++++++++++++++++++ include/polarssl/rsa.h | 6 ++++ include/polarssl/ssl.h | 48 +++++++++++++++++++++++---- include/polarssl/ssl_cache.h | 2 ++ include/polarssl/x509.h | 11 +++---- include/polarssl/x509write.h | 4 +++ library/asn1write.c | 4 ++- library/debug.c | 4 +++ library/oid.c | 31 +++++++++++------- library/ssl_cache.c | 10 +++++- library/ssl_ciphersuites.c | 12 +++++-- library/ssl_cli.c | 56 +++++++++++++++++++++++++------- library/ssl_srv.c | 46 ++++++++++++++++++++------ library/ssl_tls.c | 26 +++++++++++++-- programs/pkey/key_app_writer.c | 27 ++++++++-------- programs/ssl/ssl_client1.c | 5 +-- programs/ssl/ssl_client2.c | 59 +++++++++++++++++++++++++++------- programs/ssl/ssl_fork_server.c | 5 +-- programs/ssl/ssl_mail_client.c | 5 +-- programs/ssl/ssl_server.c | 7 ++-- programs/ssl/ssl_server2.c | 55 +++++++++++++++++++++++++------ programs/test/o_p_test.c | 14 ++++++++ programs/test/ssl_test.c | 17 +++------- 26 files changed, 406 insertions(+), 110 deletions(-) create mode 100644 include/polarssl/pk.h diff --git a/include/polarssl/asn1write.h b/include/polarssl/asn1write.h index 6bac6c4fa..f7efb20cd 100644 --- a/include/polarssl/asn1write.h +++ b/include/polarssl/asn1write.h @@ -33,7 +33,9 @@ int asn1_write_len( unsigned char **p, unsigned char *start, size_t len ); int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ); +#if defined(POLARSSL_BIGNUM_C) int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ); +#endif int asn1_write_null( unsigned char **p, unsigned char *start ); int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid ); int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, const char *algorithm_oid ); diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h index f0cc26177..fdd36273e 100644 --- a/include/polarssl/debug.h +++ b/include/polarssl/debug.h @@ -44,14 +44,20 @@ #define SSL_DEBUG_BUF( level, text, buf, len ) \ debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ); +#if defined(POLARSSL_BIGNUM_C) #define SSL_DEBUG_MPI( level, text, X ) \ debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X ); +#endif +#if defined(POLARSSL_ECP_C) #define SSL_DEBUG_ECP( level, text, X ) \ debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X ); +#endif +#if defined(POLARSSL_X509_PARSE_C) #define SSL_DEBUG_CRT( level, text, crt ) \ debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ); +#endif #else @@ -81,9 +87,11 @@ void debug_print_buf( const ssl_context *ssl, int level, const char *file, int line, const char *text, unsigned char *buf, size_t len ); +#if defined(POLARSSL_BIGNUM_C) void debug_print_mpi( const ssl_context *ssl, int level, const char *file, int line, const char *text, const mpi *X ); +#endif #if defined(POLARSSL_ECP_C) void debug_print_ecp( const ssl_context *ssl, int level, @@ -91,9 +99,11 @@ void debug_print_ecp( const ssl_context *ssl, int level, const char *text, const ecp_point *X ); #endif +#if defined(POLARSSL_X509_PARSE_C) void debug_print_crt( const ssl_context *ssl, int level, const char *file, int line, const char *text, const x509_cert *crt ); +#endif #ifdef __cplusplus } diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h index 8b45f4fac..d3a6552a5 100644 --- a/include/polarssl/oid.h +++ b/include/polarssl/oid.h @@ -30,6 +30,7 @@ #include #include "asn1.h" #include "md.h" +#include "pk.h" #include "x509.h" #define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */ @@ -196,6 +197,7 @@ typedef struct { */ int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid ); +#if defined(POLARSSL_X509_PARSE_C) /** * \brief Translate an X.509 extension OID into local values * @@ -205,6 +207,7 @@ int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid ); * \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND */ int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type ); +#endif /** * \brief Translate an X.509 attribute type OID into the short name diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h new file mode 100644 index 000000000..d9639eeed --- /dev/null +++ b/include/polarssl/pk.h @@ -0,0 +1,47 @@ +/** + * \file pk.h + * + * \brief Public Key abstraction layer + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_PK_H +#define POLARSSL_PK_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Public key types + */ +typedef enum { + POLARSSL_PK_NONE=0, + POLARSSL_PK_RSA, + POLARSSL_PK_ECDSA, +} pk_type_t; + +#ifdef __cplusplus +} +#endif + +#endif /* pk.h */ diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h index 8342eecb6..907811164 100644 --- a/include/polarssl/rsa.h +++ b/include/polarssl/rsa.h @@ -27,6 +27,10 @@ #ifndef POLARSSL_RSA_H #define POLARSSL_RSA_H +#include "config.h" + +#if defined(POLARSSL_RSA_C) + #include "bignum.h" #include "md.h" @@ -520,4 +524,6 @@ int rsa_self_test( int verbose ); } #endif +#endif /* POLARSSL_RSA_C */ + #endif /* rsa.h */ diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 6215ffe45..40f167319 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -29,16 +29,25 @@ #include +#include "config.h" #include "net.h" -#include "rsa.h" +#include "bignum.h" + #include "md5.h" #include "sha1.h" #include "sha2.h" #include "sha4.h" -#include "x509.h" -#include "config.h" + #include "ssl_ciphersuites.h" +#if defined(POLARSSL_X509_PARSE_C) +#include "x509.h" +#endif + +#if defined(POLARSSL_RSA_C) +#include "rsa.h" +#endif + #if defined(POLARSSL_DHM_C) #include "dhm.h" #endif @@ -227,6 +236,15 @@ #define TLS_EXT_RENEGOTIATION_INFO 0xFF01 +/* + * Size defines + */ +#if !defined(POLARSSL_MPI_MAX_SIZE) +#define POLARSSL_PREMASTER_SIZE 512 +#else +#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE +#endif + /* * Generic function pointers for allowing external RSA private key * implementations. @@ -281,7 +299,10 @@ struct _ssl_session size_t length; /*!< session id length */ unsigned char id[32]; /*!< session identifier */ unsigned char master[48]; /*!< the master secret */ + +#if defined(POLARSSL_X509_PARSE_C) x509_cert *peer_cert; /*!< peer X.509 cert chain */ +#endif /* POLARSSL_X509_PARSE_C */ }; /* @@ -340,8 +361,8 @@ struct _ssl_handshake_params #if defined(POLARSSL_ECDH_C) ecdh_context ecdh_ctx; /*!< ECDH key exchange */ #endif -#if defined(POLARSSL_ECP_C) int ec_curve; /*!< Selected elliptic curve */ +#if defined(POLARSSL_ECP_C) int ec_point_format; /*!< Client supported format */ #endif @@ -363,7 +384,7 @@ struct _ssl_handshake_params size_t pmslen; /*!< premaster length */ unsigned char randbytes[64]; /*!< random bytes */ - unsigned char premaster[POLARSSL_MPI_MAX_SIZE]; + unsigned char premaster[POLARSSL_PREMASTER_SIZE]; /*!< premaster secret */ int resume; /*!< session resume indicator*/ @@ -392,7 +413,6 @@ struct _ssl_context void (*f_dbg)(void *, int, const char *); int (*f_recv)(void *, unsigned char *, size_t); int (*f_send)(void *, const unsigned char *, size_t); - int (*f_vrfy)(void *, x509_cert *, int, int *); int (*f_get_cache)(void *, ssl_session *); int (*f_set_cache)(void *, const ssl_session *); int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t); @@ -401,12 +421,16 @@ struct _ssl_context void *p_dbg; /*!< context for the debug function */ void *p_recv; /*!< context for reading operations */ void *p_send; /*!< context for writing operations */ - void *p_vrfy; /*!< context for verification */ void *p_get_cache; /*!< context for cache retrieval */ void *p_set_cache; /*!< context for cache store */ void *p_sni; /*!< context for SNI extension */ void *p_hw_data; /*!< context for HW acceleration */ +#if defined(POLARSSL_X509_PARSE_C) + int (*f_vrfy)(void *, x509_cert *, int, int *); + void *p_vrfy; /*!< context for verification */ +#endif + /* * Session layer */ @@ -458,15 +482,19 @@ struct _ssl_context /* * PKI layer */ +#if defined(POLARSSL_RSA_C) void *rsa_key; /*!< own RSA private key */ rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/ rsa_sign_func rsa_sign; /*!< function for RSA sign */ rsa_key_len_func rsa_key_len; /*!< function for RSA key len*/ +#endif /* POLARSSL_RSA_C */ +#if defined(POLARSSL_X509_PARSE_C) x509_cert *own_cert; /*!< own X.509 certificate */ x509_cert *ca_chain; /*!< own trusted CA chain */ x509_crl *ca_crl; /*!< trusted CA CRLs */ const char *peer_cn; /*!< expected peer CN */ +#endif /* POLARSSL_X509_PARSE_C */ /* * User settings @@ -610,6 +638,7 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint ); */ void ssl_set_authmode( ssl_context *ssl, int authmode ); +#if defined(POLARSSL_X509_PARSE_C) /** * \brief Set the verification callback (Optional). * @@ -624,6 +653,7 @@ void ssl_set_authmode( ssl_context *ssl, int authmode ); void ssl_set_verify( ssl_context *ssl, int (*f_vrfy)(void *, x509_cert *, int, int *), void *p_vrfy ); +#endif /* POLARSSL_X509_PARSE_C */ /** * \brief Set the random number generator callback @@ -741,6 +771,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites, int major, int minor ); +#if defined(POLARSSL_X509_PARSE_C) /** * \brief Set the data required to verify peer certificate * @@ -790,6 +821,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, rsa_decrypt_func rsa_decrypt, rsa_sign_func rsa_sign, rsa_key_len_func rsa_key_len ); +#endif /* POLARSSL_X509_PARSE_C */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) /** @@ -976,6 +1008,7 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl ); */ const char *ssl_get_version( const ssl_context *ssl ); +#if defined(POLARSSL_X509_PARSE_C) /** * \brief Return the peer certificate from the current connection * @@ -991,6 +1024,7 @@ const char *ssl_get_version( const ssl_context *ssl ); * \return the current peer certificate */ const x509_cert *ssl_get_peer_cert( const ssl_context *ssl ); +#endif /* POLARSSL_X509_PARSE_C */ /** * \brief Perform the SSL handshake diff --git a/include/polarssl/ssl_cache.h b/include/polarssl/ssl_cache.h index 10cff2020..0b3d5ccbb 100644 --- a/include/polarssl/ssl_cache.h +++ b/include/polarssl/ssl_cache.h @@ -46,7 +46,9 @@ struct _ssl_cache_entry { time_t timestamp; /*!< entry timestamp */ ssl_session session; /*!< entry session */ +#if defined(POLARSSL_X509_PARSE_C) x509_buf peer_cert; /*!< entry peer_cert */ +#endif ssl_cache_entry *next; /*!< chain pointer */ }; diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 17d99af82..ed02ad9cf 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -27,10 +27,14 @@ #ifndef POLARSSL_X509_H #define POLARSSL_X509_H +#include "config.h" + +#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C) #include "asn1.h" #include "rsa.h" #include "dhm.h" #include "md.h" +#include "pk.h" /** * \addtogroup x509_module @@ -134,12 +138,6 @@ #define X509_FORMAT_DER 1 #define X509_FORMAT_PEM 2 -typedef enum { - POLARSSL_PK_NONE=0, - POLARSSL_PK_RSA, - POLARSSL_PK_ECDSA, -} pk_type_t; - /** * \addtogroup x509_module * \{ */ @@ -668,4 +666,5 @@ int x509_self_test( int verbose ); } #endif +#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */ #endif /* x509.h */ diff --git a/include/polarssl/x509write.h b/include/polarssl/x509write.h index 9d43efbcc..ea1ba7adf 100644 --- a/include/polarssl/x509write.h +++ b/include/polarssl/x509write.h @@ -27,6 +27,8 @@ #ifndef POLARSSL_X509_WRITE_H #define POLARSSL_X509_WRITE_H +#if defined(POLARSSL_X509_WRITE_C) + #include "rsa.h" typedef struct _x509_req_name @@ -43,4 +45,6 @@ int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa ); int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa, x509_req_name *req_name, md_type_t md_alg ); +#endif /* POLARSSL_X509_WRITE_C */ + #endif /* POLARSSL_X509_WRITE_H */ diff --git a/library/asn1write.c b/library/asn1write.c index 4ea8a46a3..b1d68392f 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -72,6 +72,7 @@ int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ) return( 1 ); } +#if defined(POLARSSL_BIGNUM_C) int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ) { int ret; @@ -104,7 +105,8 @@ int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ) return( len ); } - +#endif /* POLARSSL_BIGNUM_C */ + int asn1_write_null( unsigned char **p, unsigned char *start ) { int ret; diff --git a/library/debug.c b/library/debug.c index b898eb89f..23b901996 100644 --- a/library/debug.c +++ b/library/debug.c @@ -150,6 +150,7 @@ void debug_print_ecp( const ssl_context *ssl, int level, } #endif /* POLARSSL_ECP_C */ +#if defined(POLARSSL_BIGNUM_C) void debug_print_mpi( const ssl_context *ssl, int level, const char *file, int line, const char *text, const mpi *X ) @@ -221,7 +222,9 @@ void debug_print_mpi( const ssl_context *ssl, int level, ssl->f_dbg( ssl->p_dbg, level, "\n" ); } +#endif /* POLARSSL_BIGNUM_C */ +#if defined(POLARSSL_X509_PARSE_C) void debug_print_crt( const ssl_context *ssl, int level, const char *file, int line, const char *text, const x509_cert *crt ) @@ -256,5 +259,6 @@ void debug_print_crt( const ssl_context *ssl, int level, crt = crt->next; } } +#endif /* POLARSSL_X509_PARSE_C */ #endif diff --git a/library/oid.c b/library/oid.c index 53c2e5dff..51851ba81 100644 --- a/library/oid.c +++ b/library/oid.c @@ -33,6 +33,8 @@ #include "polarssl/md.h" #include "polarssl/rsa.h" +#include + /* * For X520 attribute types */ @@ -77,6 +79,7 @@ static const oid_x520_attr_t oid_x520_attr_type[] = } }; +#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C) /* * For X509 extensions */ @@ -123,6 +126,7 @@ static const oid_descriptor_t oid_ext_key_usage[] = { OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" }, { NULL, NULL, NULL }, }; +#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */ /* * For SignatureAlgorithmIdentifier @@ -378,6 +382,7 @@ static const oid_descriptor_t *oid_descriptor_from_asn1( oid->p, oid->len ); } +#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C) int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc ) { const oid_descriptor_t *data = oid_descriptor_from_asn1( @@ -401,6 +406,20 @@ static const oid_x509_ext_t *oid_x509_ext_from_asn1( const asn1_buf *oid ) oid ); } +int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type ) +{ + const oid_x509_ext_t *data = oid_x509_ext_from_asn1( oid ); + + if( data == NULL ) + return( POLARSSL_ERR_OID_NOT_FOUND ); + + *ext_type = data->ext_type; + + return( 0 ); +} + +#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */ + static const oid_x520_attr_t *oid_x520_attr_from_asn1( const asn1_buf *oid ) { return (const oid_x520_attr_t *) oid_descriptor_from_asn1( @@ -433,18 +452,6 @@ static const oid_md_alg_t *oid_md_alg_from_asn1( const asn1_buf *oid ) oid ); } -int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type ) -{ - const oid_x509_ext_t *data = oid_x509_ext_from_asn1( oid ); - - if( data == NULL ) - return( POLARSSL_ERR_OID_NOT_FOUND ); - - *ext_type = data->ext_type; - - return( 0 ); -} - int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name ) { const oid_x520_attr_t *data = oid_x520_attr_from_asn1( oid ); diff --git a/library/ssl_cache.c b/library/ssl_cache.c index f5686be04..93d5d8b33 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -72,6 +72,7 @@ int ssl_cache_get( void *data, ssl_session *session ) memcpy( session->master, entry->session.master, 48 ); +#if defined(POLARSSL_X509_PARSE_C) /* * Restore peer certificate (without rest of the original chain) */ @@ -90,6 +91,7 @@ int ssl_cache_get( void *data, ssl_session *session ) return( 1 ); } } +#endif /* POLARSSL_X509_PARSE_C */ return( 0 ); } @@ -140,11 +142,13 @@ int ssl_cache_set( void *data, const ssl_session *session ) { cur = old; memset( &cur->session, 0, sizeof(ssl_session) ); +#if defined(POLARSSL_X509_PARSE_C) if( cur->peer_cert.p != NULL ) { free( cur->peer_cert.p ); memset( &cur->peer_cert, 0, sizeof(x509_buf) ); } +#endif /* POLARSSL_X509_PARSE_C */ } else { @@ -164,7 +168,8 @@ int ssl_cache_set( void *data, const ssl_session *session ) } memcpy( &cur->session, session, sizeof( ssl_session ) ); - + +#if defined(POLARSSL_X509_PARSE_C) /* * Store peer certificate */ @@ -180,6 +185,7 @@ int ssl_cache_set( void *data, const ssl_session *session ) cur->session.peer_cert = NULL; } +#endif /* POLARSSL_X509_PARSE_C */ return( 0 ); } @@ -211,8 +217,10 @@ void ssl_cache_free( ssl_cache_context *cache ) ssl_session_free( &prv->session ); +#if defined(POLARSSL_X509_PARSE_C) if( prv->peer_cert.p != NULL ) free( prv->peer_cert.p ); +#endif /* POLARSSL_X509_PARSE_C */ free( prv ); } diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 99629658d..38d873f96 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -128,6 +128,7 @@ static int supported_init = 0; static const ssl_ciphersuite_t ciphersuite_definitions[] = { +#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C) #if defined(POLARSSL_ECDH_C) #if defined(POLARSSL_AES_C) { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", @@ -201,7 +202,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC }, -#endif +#endif /* POLARSSL_ARC4_C */ #if defined(POLARSSL_CIPHER_NULL_CIPHER) { TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", @@ -209,8 +210,8 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK }, -#endif -#endif +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ +#endif /* POLARSSL_ECDH_C */ #if defined(POLARSSL_ARC4_C) { TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", @@ -387,6 +388,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_DES_C */ +#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_AES_C) @@ -451,6 +453,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* POLARSSL_ARC4_C */ #endif /* POLARSSL_DHM_C */ +#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C) #if defined(POLARSSL_AES_C) { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK, @@ -480,9 +483,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, 0 }, #endif /* POLARSSL_ARC4_C */ +#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */ #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ #if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES) +#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C) #if defined(POLARSSL_CIPHER_NULL_CIPHER) { TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA, @@ -518,6 +523,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] = SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, POLARSSL_CIPHERSUITE_WEAK }, #endif /* POLARSSL_DES_C */ +#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */ #endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 86d720b40..a4cc3d750 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -742,7 +742,11 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p, { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(POLARSSL_DHM_C) +#if !defined(POLARSSL_DHM_C) + ((void) ssl); + ((void) p); + ((void) end); +#else /* * Ephemeral DH parameters: * @@ -779,7 +783,11 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl, { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(POLARSSL_ECDH_C) +#if !defined(POLARSSL_ECDH_C) + ((void) ssl); + ((void) p); + ((void) end); +#else /* * Ephemeral ECDH parameters: * @@ -816,7 +824,11 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl, { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if !defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) + ((void) ssl); + ((void) p); + ((void) end); +#else size_t len; /* @@ -840,6 +852,7 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl, return( ret ); } +#if defined(POLARSSL_RSA_C) static int ssl_parse_signature_algorithm( ssl_context *ssl, unsigned char **p, unsigned char *end, @@ -895,15 +908,18 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, return( 0 ); } +#endif /* POLARSSL_RSA_C */ static int ssl_parse_server_key_exchange( ssl_context *ssl ) { int ret; - size_t n; unsigned char *p, *end; +#if defined(POLARSSL_RSA_C) + size_t n; unsigned char hash[64]; md_type_t md_alg = POLARSSL_MD_NONE; unsigned int hashlen = 0; +#endif const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; @@ -966,6 +982,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) } } +#if defined(POLARSSL_RSA_C) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) { @@ -1065,6 +1082,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) return( ret ); } } +#endif /* POLARSSL_RSA_C */ exit: ssl->state++; @@ -1234,9 +1252,7 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) { int ret; size_t i, n; -#if defined(POLARSSL_DHM_C) || defined(POLARSSL_ECDH_C) const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; -#endif SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); @@ -1349,6 +1365,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) } else #endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ +#if defined(POLARSSL_X509_PARSE_C) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA ) { /* * RSA key exchange -- send rsa_public(pkcs1 v1.5(premaster)) @@ -1384,6 +1402,12 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) return( ret ); } } + else +#endif /* POLARSSL_X509_PARSE_C */ + { + ((void) ciphersuite_info); + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } if( ( ret = ssl_derive_keys( ssl ) ) != 0 ) { @@ -1410,17 +1434,26 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) static int ssl_write_certificate_verify( ssl_context *ssl ) { - int ret = 0; + int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; + const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; +#if defined(POLARSSL_X509_PARSE_C) size_t n = 0, offset = 0; unsigned char hash[48]; md_type_t md_alg = POLARSSL_MD_NONE; unsigned int hashlen = 0; - const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; +#endif SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); - if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || - ssl->client_auth == 0 || ssl->own_cert == NULL ) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ) + { + SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + ssl->state++; + return( 0 ); + } + +#if defined(POLARSSL_X509_PARSE_C) + if( ssl->client_auth == 0 || ssl->own_cert == NULL ) { SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); ssl->state++; @@ -1519,10 +1552,11 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) SSL_DEBUG_RET( 1, "ssl_write_record", ret ); return( ret ); } +#endif /* POLARSSL_X509_PARSE_C */ SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) ); - return( 0 ); + return( ret ); } /* diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 27d7a7ebe..07c5e3718 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1022,11 +1022,13 @@ static int ssl_write_server_hello( ssl_context *ssl ) static int ssl_write_certificate_request( ssl_context *ssl ) { - int ret; + int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; + const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; +#if defined(POLARSSL_X509_PARSE_C) size_t n = 0, dn_size, total_dn_size; unsigned char *buf, *p; const x509_cert *crt; - const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; +#endif /* POLARSSL_X509_PARSE_C */ SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); @@ -1039,6 +1041,7 @@ static int ssl_write_certificate_request( ssl_context *ssl ) return( 0 ); } +#if defined(POLARSSL_X509_PARSE_C) /* * 0 . 0 handshake type * 1 . 3 handshake length @@ -1114,13 +1117,15 @@ static int ssl_write_certificate_request( ssl_context *ssl ) ssl->out_msg[7 + n] = (unsigned char)( total_dn_size ); ret = ssl_write_record( ssl ); +#endif /* POLARSSL_X509_PARSE_C */ SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) ); return( ret ); } -#if !defined(POLARSSL_DHM_C) && !defined(POLARSSL_ECDH_C) +#if ( !defined(POLARSSL_DHM_C) && !defined(POLARSSL_ECDH_C) ) || \ + !defined(POLARSSL_RSA_C) static int ssl_write_server_key_exchange( ssl_context *ssl ) { SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); @@ -1388,7 +1393,9 @@ static int ssl_parse_client_dh_public( ssl_context *ssl ) { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(POLARSSL_DHM_C) +#if !defined(POLARSSL_DHM_C) + ((void) ssl); +#else size_t n; /* @@ -1432,7 +1439,9 @@ static int ssl_parse_client_ecdh_public( ssl_context *ssl ) { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(POLARSSL_ECDH_C) +#if !defined(POLARSSL_ECDH_C) + ((void) ssl); +#else size_t n; /* @@ -1474,6 +1483,10 @@ static int ssl_parse_client_ecdh_public( ssl_context *ssl ) static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; + +#if !defined(POLARSSL_RSA_C) + ((void) ssl); +#else size_t i, n = 0; if( ssl->rsa_key == NULL ) @@ -1534,6 +1547,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) if( ret != 0 ) return( ret ); } +#endif /* POLARSSL_RSA_C */ return( ret ); } @@ -1542,7 +1556,9 @@ static int ssl_parse_client_psk_identity( ssl_context *ssl ) { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; -#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#if !defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) + ((void) ssl); +#else size_t n; unsigned char *p = ssl->handshake->premaster; @@ -1664,17 +1680,26 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) static int ssl_parse_certificate_verify( ssl_context *ssl ) { - int ret; + int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; +#if defined(POLARSSL_X509_PARSE_C) size_t n = 0, n1, n2; unsigned char hash[48]; md_type_t md_alg = POLARSSL_MD_NONE; unsigned int hashlen = 0; +#endif /* POLARSSL_X509_PARSE_C */ const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); - if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK || - ssl->session_negotiate->peer_cert == NULL ) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ) + { + SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + ssl->state++; + return( 0 ); + } + +#if defined(POLARSSL_X509_PARSE_C) + if( ssl->session_negotiate->peer_cert == NULL ) { SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); ssl->state++; @@ -1745,10 +1770,11 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); return( ret ); } +#endif /* POLARSSL_X509_PARSE_C */ SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); - return( 0 ); + return( ret ); } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6b478383f..3c2541558 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -69,6 +69,7 @@ int (*ssl_hw_record_read)(ssl_context *ssl) = NULL; int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL; #endif +#if defined(POLARSSL_RSA_C) static int ssl_rsa_decrypt( void *ctx, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) @@ -90,6 +91,7 @@ static size_t ssl_rsa_key_len( void *ctx ) { return ( (rsa_context *) ctx )->len; } +#endif /* POLARSSL_RSA_C */ /* * Key material generation @@ -1845,9 +1847,11 @@ int ssl_send_alert_message( ssl_context *ssl, */ int ssl_write_certificate( ssl_context *ssl ) { - int ret; + int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; +#if defined(POLARSSL_X509_PARSE_C) size_t i, n; const x509_cert *crt; +#endif const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); @@ -1859,6 +1863,7 @@ int ssl_write_certificate( ssl_context *ssl ) return( 0 ); } +#if defined(POLARSSL_X509_PARSE_C) if( ssl->endpoint == SSL_IS_CLIENT ) { if( ssl->client_auth == 0 ) @@ -1942,16 +1947,19 @@ write_msg: SSL_DEBUG_RET( 1, "ssl_write_record", ret ); return( ret ); } +#endif /* POLARSSL_X509_PARSE_C */ SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); - return( 0 ); + return( ret ); } int ssl_parse_certificate( ssl_context *ssl ) { - int ret; + int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; +#if defined(POLARSSL_X509_PARSE_C) size_t i, n; +#endif const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); @@ -1963,6 +1971,7 @@ int ssl_parse_certificate( ssl_context *ssl ) return( 0 ); } +#if defined(POLARSSL_X509_PARSE_C) if( ssl->endpoint == SSL_IS_SERVER && ssl->authmode == SSL_VERIFY_NONE ) { @@ -2104,6 +2113,7 @@ int ssl_parse_certificate( ssl_context *ssl ) if( ssl->authmode != SSL_VERIFY_REQUIRED ) ret = 0; } +#endif /* POLARSSL_X509_PARSE_C */ SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); @@ -2686,9 +2696,11 @@ int ssl_init( ssl_context *ssl ) /* * Sane defaults */ +#if defined(POLARSSL_RSA_C) ssl->rsa_decrypt = ssl_rsa_decrypt; ssl->rsa_sign = ssl_rsa_sign; ssl->rsa_key_len = ssl_rsa_key_len; +#endif ssl->min_major_ver = SSL_MAJOR_VERSION_3; ssl->min_minor_ver = SSL_MINOR_VERSION_0; @@ -2827,6 +2839,7 @@ void ssl_set_authmode( ssl_context *ssl, int authmode ) ssl->authmode = authmode; } +#if defined(POLARSSL_X509_PARSE_C) void ssl_set_verify( ssl_context *ssl, int (*f_vrfy)(void *, x509_cert *, int, int *), void *p_vrfy ) @@ -2834,6 +2847,7 @@ void ssl_set_verify( ssl_context *ssl, ssl->f_vrfy = f_vrfy; ssl->p_vrfy = p_vrfy; } +#endif /* POLARSSL_X509_PARSE_C */ void ssl_set_rng( ssl_context *ssl, int (*f_rng)(void *, unsigned char *, size_t), @@ -2897,6 +2911,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl, const int *ciphersuites ssl->ciphersuite_list[minor] = ciphersuites; } +#if defined(POLARSSL_X509_PARSE_C) void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, x509_crl *ca_crl, const char *peer_cn ) { @@ -2924,6 +2939,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, ssl->rsa_sign = rsa_sign; ssl->rsa_key_len = rsa_key_len; } +#endif /* POLARSSL_X509_PARSE_C */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) void ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len, @@ -3069,6 +3085,7 @@ const char *ssl_get_version( const ssl_context *ssl ) return( "unknown" ); } +#if defined(POLARSSL_X509_PARSE_C) const x509_cert *ssl_get_peer_cert( const ssl_context *ssl ) { if( ssl == NULL || ssl->session == NULL ) @@ -3076,6 +3093,7 @@ const x509_cert *ssl_get_peer_cert( const ssl_context *ssl ) return ssl->session->peer_cert; } +#endif /* POLARSSL_X509_PARSE_C */ /* * Perform a single step of the SSL handshake @@ -3366,11 +3384,13 @@ void ssl_handshake_free( ssl_handshake_params *handshake ) void ssl_session_free( ssl_session *session ) { +#if defined(POLARSSL_X509_PARSE_C) if( session->peer_cert != NULL ) { x509_free( session->peer_cert ); free( session->peer_cert ); } +#endif memset( session, 0, sizeof( ssl_session ) ); } diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index ab05952d3..8c384c893 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -39,6 +39,19 @@ #include "polarssl/base64.h" #include "polarssl/x509write.h" +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ + !defined(POLARSSL_X509_WRITE_C) || !defined(POLARSSL_FS_IO) +int main( int argc, char *argv[] ) +{ + ((void) argc); + ((void) argv); + + printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_X509_WRITE_C and/or POLARSSL_FS_IO not defined.\n"); + return( 0 ); +} +#else + #define MODE_NONE 0 #define MODE_PRIVATE 1 #define MODE_PUBLIC 2 @@ -157,18 +170,6 @@ void write_private_key( rsa_context *rsa, char *output_file ) " output_file=%%s defeult: keyfile.pem\n" \ "\n" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) -int main( int argc, char *argv[] ) -{ - ((void) argc); - ((void) argv); - - printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); - return( 0 ); -} -#else int main( int argc, char *argv[] ) { int ret = 0; @@ -336,4 +337,4 @@ exit: return( ret ); } #endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && - POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */ + POLARSSL_X509_WRITE_C && POLARSSL_FS_IO */ diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 78ad43e72..b69c78ea1 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -57,7 +57,7 @@ void my_debug( void *ctx, int level, const char *str ) #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_CTR_DRBG_C) + !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -66,7 +66,8 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C not defined.\n"); + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C " + "not defined.\n"); return( 0 ); } #else diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 62daab184..cce7e35bb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -92,6 +92,7 @@ void my_debug( void *ctx, int level, const char *str ) } } +#if defined(POLARSSL_X509_PARSE_C) /* * Enabled if debug_level > 1 in code below */ @@ -130,7 +131,9 @@ int my_verify( void *data, x509_cert *crt, int depth, int *flags ) return( 0 ); } +#endif /* POLARSSL_X509_PARSE_C */ +#if defined(POLARSSL_X509_PARSE_C) #if defined(POLARSSL_FS_IO) #define USAGE_IO \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ @@ -144,6 +147,17 @@ int my_verify( void *data, x509_cert *crt, int depth, int *flags ) #define USAGE_IO \ " No file operations available (POLARSSL_FS_IO not defined)\n" #endif /* POLARSSL_FS_IO */ +#else +#define USAGE_IO "" +#endif /* POLARSSL_X509_PARSE_C */ + +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#define USAGE_PSK \ + " psk=%%s default: \"\" (in hex, without 0x)\n" \ + " psk_identity=%%s default: \"Client_identity\"\n" +#else +#define USAGE_PSK "" +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ #define USAGE \ "\n usage: ssl_client2 param=<>...\n" \ @@ -162,25 +176,22 @@ int my_verify( void *data, x509_cert *crt, int depth, int *flags ) " options: ssl3, tls1, tls1_1, tls1_2\n" \ " auth_mode=%%s default: \"optional\"\n" \ " options: none, optional, required\n" \ - " psk=%%s default: \"\" (in hex, without 0x)\n" \ - " psk_identity=%%s default: \"Client_identity\"\n" \ + USAGE_PSK \ "\n" \ " force_ciphersuite= default: all enabled\n"\ " acceptable ciphersuite names:\n" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ +#if !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ - !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_CTR_DRBG_C) + !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " + printf("POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " - "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C not defined.\n"); + "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -188,16 +199,20 @@ int main( int argc, char *argv[] ) { int ret = 0, len, server_fd, i; unsigned char buf[1024]; +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) unsigned char psk[256]; size_t psk_len = 0; +#endif char *pers = "ssl_client2"; entropy_context entropy; ctr_drbg_context ctr_drbg; ssl_context ssl; +#if defined(POLARSSL_X509_PARSE_C) x509_cert cacert; x509_cert clicert; rsa_context rsa; +#endif char *p, *q; const int *list; @@ -206,9 +221,11 @@ int main( int argc, char *argv[] ) */ server_fd = 0; memset( &ssl, 0, sizeof( ssl_context ) ); +#if defined(POLARSSL_X509_PARSE_C) memset( &cacert, 0, sizeof( x509_cert ) ); memset( &clicert, 0, sizeof( x509_cert ) ); memset( &rsa, 0, sizeof( rsa_context ) ); +#endif if( argc == 0 ) { @@ -221,7 +238,11 @@ int main( int argc, char *argv[] ) list = ssl_list_ciphersuites(); while( *list ) { - printf(" %s\n", ssl_get_ciphersuite_name( *list ) ); + printf(" %-40s", ssl_get_ciphersuite_name( *list ) ); + list++; + if( !*list ) + break; + printf(" %s\n", ssl_get_ciphersuite_name( *list ) ); list++; } printf("\n"); @@ -370,6 +391,7 @@ int main( int argc, char *argv[] ) goto usage; } +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) /* * Unhexify the pre-shared key if any is given */ @@ -417,6 +439,7 @@ int main( int argc, char *argv[] ) psk[ j / 2 ] |= c; } } +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ /* * 0. Initialize the RNG and the session data @@ -434,6 +457,7 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); +#if defined(POLARSSL_X509_PARSE_C) /* * 1.1. Load the trusted CA */ @@ -445,7 +469,7 @@ int main( int argc, char *argv[] ) ret = x509parse_crtpath( &cacert, opt.ca_path ); else if( strlen( opt.ca_file ) ) ret = x509parse_crtfile( &cacert, opt.ca_file ); - else + else #endif #if defined(POLARSSL_CERTS_C) ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt, @@ -475,7 +499,7 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_FS_IO) if( strlen( opt.crt_file ) ) ret = x509parse_crtfile( &clicert, opt.crt_file ); - else + else #endif #if defined(POLARSSL_CERTS_C) ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt, @@ -513,6 +537,7 @@ int main( int argc, char *argv[] ) } printf( " ok\n" ); +#endif /* POLARSSL_X509_PARSE_C */ /* * 2. Start the connection @@ -544,8 +569,10 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); +#if defined(POLARSSL_X509_PARSE_C) if( opt.debug_level > 0 ) ssl_set_verify( &ssl, my_verify, NULL ); +#endif ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); ssl_set_authmode( &ssl, opt.auth_mode ); @@ -561,10 +588,16 @@ int main( int argc, char *argv[] ) ssl_set_renegotiation( &ssl, opt.renegotiation ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); +#if defined(POLARSSL_X509_PARSE_C) ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); ssl_set_own_cert( &ssl, &clicert, &rsa ); +#endif + +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) ssl_set_psk( &ssl, psk, psk_len, (unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ); +#endif + ssl_set_hostname( &ssl, opt.server_name ); if( opt.min_version != -1 ) @@ -590,6 +623,7 @@ int main( int argc, char *argv[] ) printf( " ok\n [ Ciphersuite is %s ]\n", ssl_get_ciphersuite( &ssl ) ); +#if defined(POLARSSL_X509_PARSE_C) /* * 5. Verify the server certificate */ @@ -623,6 +657,7 @@ int main( int argc, char *argv[] ) ssl_get_peer_cert( &ssl ) ); printf( "%s\n", buf ); } +#endif /* POLARSSL_X509_PARSE_C */ /* * 6. Write the GET request @@ -694,9 +729,11 @@ exit: if( server_fd ) net_close( server_fd ); +#if defined(POLARSSL_X509_PARSE_C) x509_free( &clicert ); x509_free( &cacert ); rsa_free( &rsa ); +#endif ssl_free( &ssl ); memset( &ssl, 0, sizeof( ssl ) ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 024277013..d90c3fee9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -55,7 +55,8 @@ #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ - !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) + !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \ + !defined(POLARSSL_X509_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -64,7 +65,7 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C not defined.\n"); + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C not defined.\n"); return( 0 ); } #elif defined(_WIN32) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 4eb49e242..a2434bbb4 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -104,7 +104,7 @@ void my_debug( void *ctx, int level, const char *str ) #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_CTR_DRBG_C) + !defined(POLARSSL_CTR_DRBG_C) || !defined(POLARSSL_X509_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -113,7 +113,8 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C not defined.\n"); + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C " + "not defined.\n"); return( 0 ); } #else diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index fc1f4ede3..5445a7d4d 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -67,8 +67,9 @@ void my_debug( void *ctx, int level, const char *str ) #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \ - !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ - !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) + !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \ + !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \ + !defined(POLARSSL_X509_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -77,7 +78,7 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C " "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C not defined.\n"); + "POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_PARSE_C not defined.\n"); return( 0 ); } #else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 73c332796..40333dc26 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -98,6 +98,7 @@ void my_debug( void *ctx, int level, const char *str ) } } +#if defined(POLARSSL_X509_PARSE_C) #if defined(POLARSSL_FS_IO) #define USAGE_IO \ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ @@ -109,8 +110,21 @@ void my_debug( void *ctx, int level, const char *str ) " key_file=%%s default: \"\" (pre-loaded)\n" #else #define USAGE_IO \ - " No file operations available (POLARSSL_FS_IO not defined)\n" + "\n" \ + " No file operations available (POLARSSL_FS_IO not defined)\n" \ + "\n" #endif /* POLARSSL_FS_IO */ +#else +#define USAGE_IO "" +#endif /* POLARSSL_X509_PARSE_C */ + +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) +#define USAGE_PSK \ + " psk=%%s default: \"\" (in hex, without 0x)\n" \ + " psk_identity=%%s default: \"Client_identity\"\n" +#else +#define USAGE_PSK "" +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ @@ -125,25 +139,22 @@ void my_debug( void *ctx, int level, const char *str ) " options: ssl3, tls1, tls1_1, tls1_2\n" \ " auth_mode=%%s default: \"optional\"\n" \ " options: none, optional, required\n" \ - " psk=%%s default: \"\" (in hex, without 0x)\n" \ - " psk_identity=%%s default: \"Client_identity\"\n" \ + USAGE_PSK \ "\n" \ " force_ciphersuite= default: all enabled\n"\ " acceptable ciphersuite names:\n" -#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ +#if !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \ - !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \ - !defined(POLARSSL_CTR_DRBG_C) + !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C) int main( int argc, char *argv[] ) { ((void) argc); ((void) argv); - printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " + printf("POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " - "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or " - "POLARSSL_CTR_DRBG_C not defined.\n"); + "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n"); return( 0 ); } #else @@ -153,16 +164,20 @@ int main( int argc, char *argv[] ) int listen_fd; int client_fd = -1; unsigned char buf[1024]; +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) unsigned char psk[256]; size_t psk_len = 0; +#endif char *pers = "ssl_server2"; entropy_context entropy; ctr_drbg_context ctr_drbg; ssl_context ssl; +#if defined(POLARSSL_X509_PARSE_C) x509_cert cacert; x509_cert srvcert; rsa_context rsa; +#endif #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_context cache; #endif @@ -175,9 +190,11 @@ int main( int argc, char *argv[] ) * Make sure memory references are valid. */ listen_fd = 0; +#if defined(POLARSSL_X509_PARSE_C) memset( &cacert, 0, sizeof( x509_cert ) ); memset( &srvcert, 0, sizeof( x509_cert ) ); memset( &rsa, 0, sizeof( rsa_context ) ); +#endif #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_init( &cache ); #endif @@ -193,7 +210,11 @@ int main( int argc, char *argv[] ) list = ssl_list_ciphersuites(); while( *list ) { - printf(" %s\n", ssl_get_ciphersuite_name( *list ) ); + printf(" %-40s", ssl_get_ciphersuite_name( *list ) ); + list++; + if( !*list ) + break; + printf(" %s\n", ssl_get_ciphersuite_name( *list ) ); list++; } printf("\n"); @@ -297,6 +318,7 @@ int main( int argc, char *argv[] ) goto usage; } +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) /* * Unhexify the pre-shared key if any is given */ @@ -344,6 +366,7 @@ int main( int argc, char *argv[] ) psk[ j / 2 ] |= c; } } +#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */ /* * 0. Initialize the RNG and the session data @@ -361,6 +384,7 @@ int main( int argc, char *argv[] ) printf( " ok\n" ); +#if defined(POLARSSL_X509_PARSE_C) /* * 1.1. Load the trusted CA */ @@ -438,6 +462,7 @@ int main( int argc, char *argv[] ) } printf( " ok\n" ); +#endif /* POLARSSL_X509_PARSE_C */ /* * 2. Setup the listening TCP socket @@ -482,10 +507,15 @@ int main( int argc, char *argv[] ) ssl_set_renegotiation( &ssl, opt.renegotiation ); ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); +#if defined(POLARSSL_X509_PARSE_C) ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); ssl_set_own_cert( &ssl, &srvcert, &rsa ); +#endif + +#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) ssl_set_psk( &ssl, psk, psk_len, (unsigned char *) opt.psk_identity, strlen( opt.psk_identity ) ); +#endif #if defined(POLARSSL_DHM_C) /* @@ -574,6 +604,7 @@ reset: printf( " ok\n [ Ciphersuite is %s ]\n", ssl_get_ciphersuite( &ssl ) ); +#if defined(POLARSSL_X509_PARSE_C) /* * 5. Verify the server certificate */ @@ -607,6 +638,7 @@ reset: ssl_get_peer_cert( &ssl ) ); printf( "%s\n", buf ); } +#endif /* POLARSSL_X509_PARSE_C */ /* * 6. Read the HTTP Request @@ -693,9 +725,12 @@ exit: #endif net_close( client_fd ); +#if defined(POLARSSL_X509_PARSE_C) x509_free( &srvcert ); x509_free( &cacert ); rsa_free( &rsa ); +#endif + ssl_free( &ssl ); #if defined(POLARSSL_SSL_CACHE_C) diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c index 187372af9..eb02350d0 100644 --- a/programs/test/o_p_test.c +++ b/programs/test/o_p_test.c @@ -45,6 +45,18 @@ #include "polarssl/entropy.h" #include "polarssl/ctr_drbg.h" +#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ + !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) +int main( int argc, char *argv[] ) +{ + ((void) argc); + ((void) argv); + + printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " + "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO not defined.\n"); + return( 0 ); +} +#else int main( int argc, char *argv[] ) { int ret; @@ -241,3 +253,5 @@ exit: return( ret ); } +#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && + POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */ diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index e067652f5..5d829e5bc 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -65,16 +65,6 @@ #define DFL_SESSION_LIFETIME 86400 #define DFL_FORCE_CIPHER 0 -/* - * server-specific data - */ -char *dhm_G = "4"; -char *dhm_P = -"E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \ -"11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \ -"F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \ -"01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF"; - int server_fd = -1; /* @@ -127,7 +117,8 @@ void my_debug( void *ctx, int level, const char *str ) #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \ !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \ !defined(POLARSSL_SSL_CLI_C) || !defined(POLARSSL_NET_C) || \ - !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) + !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C) || \ + !defined(POLARSSL_X509_PARSE_C) int main( int argc, char *argv[] ) { ((void) argc); @@ -136,7 +127,8 @@ int main( int argc, char *argv[] ) printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or " "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or " "POLARSSL_SSL_CLI_C and/or POLARSSL_NET_C and/or " - "POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C not defined.\n"); + "POLARSSL_RSA_C and/or POLARSSL_CTR_DRBG_C and/or " + "POLARSSL_X509_PARSE_C not defined.\n"); return( 0 ); } #else @@ -260,7 +252,6 @@ static int ssl_test( struct options *opt ) } ssl_set_endpoint( &ssl, SSL_IS_SERVER ); - ssl_set_dh_param( &ssl, dhm_P, dhm_G ); ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); ssl_set_own_cert( &ssl, &srvcert, &rsa ); }