SSL_TLS doesn't depend on PK any more
(But PK does depend on RSA or ECP.)
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 34daaa1..890f306 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1194,11 +1194,12 @@
* Enable the generic public (asymetric) key layer.
*
* Module: library/pk.c
- * Caller: library/x509parse.c
- * library/ssl_tls.c
+ * Caller: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
*
+ * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
+ *
* Uncomment to enable generic public key wrappers.
*/
#define POLARSSL_PK_C
@@ -1385,7 +1386,7 @@
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
- * Requires: POLARSSL_CIPHER_C, POLARSSL_PK_C, POLARSSL_MD_C
+ * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
* and at least one of the POLARSSL_SSL_PROTO_* defines
*
* This module is required for SSL/TLS.
@@ -1708,7 +1709,7 @@
#endif
#if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \
- !defined(POLARSSL_PK_C) || !defined(POLARSSL_MD_C) )
+ !defined(POLARSSL_MD_C) )
#error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
#endif
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index d9e98a4..98742dc 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -649,8 +649,10 @@
/*
* PKI layer
*/
+#if defined(POLARSSL_PK_C)
pk_context *pk_key; /*!< own private key */
int pk_key_own_alloc; /*!< did we allocate pk_key? */
+#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
x509_crt *own_cert; /*!< own X.509 certificate */
@@ -1493,8 +1495,11 @@
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
+#if defined(POLARSSL_PK_C)
unsigned char ssl_sig_from_pk( pk_context *pk );
pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
+#endif
+
md_type_t ssl_md_alg_from_hash( unsigned char hash );
#ifdef __cplusplus
diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h
index 62a41ec..73d6260 100644
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h
@@ -197,7 +197,9 @@
const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
+#if defined(POLARSSL_PK_C)
pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
+#endif
int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 359a284..71094fa 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -972,6 +972,7 @@
return( cur->id );
}
+#if defined(POLARSSL_PK_C)
pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
@@ -989,6 +990,7 @@
return( POLARSSL_PK_NONE );
}
}
+#endif
int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
{
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index dd31a64..e28c835 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -888,7 +888,9 @@
int handshake_failure = 0;
const int *ciphersuites;
const ssl_ciphersuite_t *ciphersuite_info;
+#if defined(POLARSSL_PK_C)
pk_type_t pk_alg;
+#endif
SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
@@ -1301,11 +1303,13 @@
/* If ciphersuite requires us to have a private key of a
* certain type, make sure we do */
+#if defined(POLARSSL_PK_C)
pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
if( pk_alg != POLARSSL_PK_NONE &&
( ssl->pk_key == NULL ||
! pk_can_do( ssl->pk_key, pk_alg ) ) )
continue;
+#endif
goto have_ciphersuite;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c01ee36..a113ec1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4188,11 +4188,13 @@
}
#endif
+#if defined(POLARSSL_PK_C)
if( ssl->pk_key_own_alloc )
{
pk_free( ssl->pk_key );
polarssl_free( ssl->pk_key );
}
+#endif
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
if( ssl_hw_record_finish != NULL )
@@ -4208,8 +4210,9 @@
memset( ssl, 0, sizeof( ssl_context ) );
}
+#if defined(POLARSSL_PK_C)
/*
- * Get the SSL_SIG_* constant corresponding to a public key
+ * Convert between POLARSSL_PK_XXX and SSL_SIG_XXX
*/
unsigned char ssl_sig_from_pk( pk_context *pk )
{
@@ -4240,7 +4243,11 @@
return( POLARSSL_PK_NONE );
}
}
+#endif
+/*
+ * Convert between SSL_HASH_XXX and POLARSSL_MD_XXX
+ */
md_type_t ssl_md_alg_from_hash( unsigned char hash )
{
switch( hash )