SSL_TLS doesn't depend on PK any more (But PK does depend on RSA or ECP.)

commit: 1a483833b3ea579367c7a4098747f462a875763b [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Sep 20 12:29:15 2013 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Sep 20 12:29:15 2013 +0200
tree: 62aef760f1ef83423621e22c0bd2d224568648f3
parent: 34ced2dffe5def24e5b6ecb4167fe186371f4814 [diff]
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 34daaa1..890f306 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -1194,11 +1194,12 @@
  * Enable the generic public (asymetric) key layer.
  *
  * Module:  library/pk.c
- * Caller:  library/x509parse.c
- *          library/ssl_tls.c
+ * Caller:  library/ssl_tls.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *
+ * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
+ *
  * Uncomment to enable generic public key wrappers.
  */
 #define POLARSSL_PK_C
@@ -1385,7 +1386,7 @@
  * Caller:  library/ssl_cli.c
  *          library/ssl_srv.c
  *
- * Requires: POLARSSL_CIPHER_C, POLARSSL_PK_C, POLARSSL_MD_C
+ * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
  *           and at least one of the POLARSSL_SSL_PROTO_* defines
  *
  * This module is required for SSL/TLS.
@@ -1708,7 +1709,7 @@
 #endif
 
 #if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) ||     \
-    !defined(POLARSSL_PK_C) || !defined(POLARSSL_MD_C) )
+    !defined(POLARSSL_MD_C) )
 #error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
 #endif
 

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index d9e98a4..98742dc 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -649,8 +649,10 @@
     /*
      * PKI layer
      */
+#if defined(POLARSSL_PK_C)
     pk_context *pk_key;                 /*!<  own private key         */
     int pk_key_own_alloc;               /*!<  did we allocate pk_key? */
+#endif
 
 #if defined(POLARSSL_X509_CRT_PARSE_C)
     x509_crt *own_cert;                 /*!<  own X.509 certificate   */
@@ -1493,8 +1495,11 @@
 
 void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
 
+#if defined(POLARSSL_PK_C)
 unsigned char ssl_sig_from_pk( pk_context *pk );
 pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
+#endif
+
 md_type_t ssl_md_alg_from_hash( unsigned char hash );
 
 #ifdef __cplusplus

diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h
index 62a41ec..73d6260 100644
--- a/include/polarssl/ssl_ciphersuites.h
+++ b/include/polarssl/ssl_ciphersuites.h

@@ -197,7 +197,9 @@
 const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name );
 const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id );
 
+#if defined(POLARSSL_PK_C)
 pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info );
+#endif
 
 int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info );
 

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 359a284..71094fa 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c

@@ -972,6 +972,7 @@
     return( cur->id );
 }
 
+#if defined(POLARSSL_PK_C)
 pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
 {
     switch( info->key_exchange )
@@ -989,6 +990,7 @@
             return( POLARSSL_PK_NONE );
     }
 }
+#endif
 
 int ssl_ciphersuite_uses_ec( const ssl_ciphersuite_t *info )
 {

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index dd31a64..e28c835 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -888,7 +888,9 @@
     int handshake_failure = 0;
     const int *ciphersuites;
     const ssl_ciphersuite_t *ciphersuite_info;
+#if defined(POLARSSL_PK_C)
     pk_type_t pk_alg;
+#endif
 
     SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
 
@@ -1301,11 +1303,13 @@
 
                 /* If ciphersuite requires us to have a private key of a
                  * certain type, make sure we do */
+#if defined(POLARSSL_PK_C)
                 pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
                 if( pk_alg != POLARSSL_PK_NONE &&
                     ( ssl->pk_key == NULL ||
                       ! pk_can_do( ssl->pk_key, pk_alg ) ) )
                     continue;
+#endif
 
                 goto have_ciphersuite;
             }

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c01ee36..a113ec1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -4188,11 +4188,13 @@
     }
 #endif
 
+#if defined(POLARSSL_PK_C)
     if( ssl->pk_key_own_alloc )
     {
         pk_free( ssl->pk_key );
         polarssl_free( ssl->pk_key );
     }
+#endif
 
 #if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
     if( ssl_hw_record_finish != NULL )
@@ -4208,8 +4210,9 @@
     memset( ssl, 0, sizeof( ssl_context ) );
 }
 
+#if defined(POLARSSL_PK_C)
 /*
- * Get the SSL_SIG_* constant corresponding to a public key
+ * Convert between POLARSSL_PK_XXX and SSL_SIG_XXX
  */
 unsigned char ssl_sig_from_pk( pk_context *pk )
 {
@@ -4240,7 +4243,11 @@
             return( POLARSSL_PK_NONE );
     }
 }
+#endif
 
+/*
+ * Convert between SSL_HASH_XXX and POLARSSL_MD_XXX
+ */
 md_type_t ssl_md_alg_from_hash( unsigned char hash )
 {
     switch( hash )
commit	1a483833b3ea579367c7a4098747f462a875763b	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Sep 20 12:29:15 2013 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Sep 20 12:29:15 2013 +0200
tree	62aef760f1ef83423621e22c0bd2d224568648f3
parent	34ced2dffe5def24e5b6ecb4167fe186371f4814 [diff]