Allow compiling without RSA or DH
Only library and programs now, need to check test suites later.
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 7e8a3f1..94f5282 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -29,9 +29,8 @@
#include "polarssl/pk_wrap.h"
-#if defined(POLARSSL_RSA_C)
+/* Even if RSA not activated, for the sake of RSA-alt */
#include "polarssl/rsa.h"
-#endif
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
@@ -49,12 +48,13 @@
#define polarssl_free free
#endif
-#if defined(POLARSSL_RSA_C)
+/* Used by RSA-alt too */
static int rsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_RSA );
}
+#if defined(POLARSSL_RSA_C)
static size_t rsa_get_size( const void *ctx )
{
return( 8 * ((rsa_context *) ctx)->len );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 79bba42..1beefab 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1071,7 +1071,8 @@
return( 0 );
}
-#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
unsigned char *end )
{
@@ -1105,7 +1106,8 @@
return( ret );
}
-#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ff914e5..ce45898 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2144,7 +2144,8 @@
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_parse_client_ecdh_public( ssl_context *ssl )
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -2173,7 +2174,8 @@
return( ret );
}
-#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
diff --git a/library/x509parse.c b/library/x509parse.c
index 9f90b5a..132d285 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3937,7 +3937,7 @@
size_t i, j;
x509_cert cacert;
x509_cert clicert;
- rsa_context rsa;
+ pk_context pkey;
#if defined(POLARSSL_DHM_C)
dhm_context dhm;
#endif
@@ -3975,9 +3975,9 @@
i = strlen( test_ca_key );
j = strlen( test_ca_pwd );
- rsa_init( &rsa, RSA_PKCS_V15, 0 );
+ pk_init( &pkey );
- if( ( ret = x509parse_key_rsa( &rsa,
+ if( ( ret = x509parse_key( &pkey,
(const unsigned char *) test_ca_key, i,
(const unsigned char *) test_ca_pwd, j ) ) != 0 )
{
@@ -3990,12 +3990,14 @@
if( verbose != 0 )
printf( "passed\n X.509 signature verify: ");
- ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
+ ret = x509parse_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
+ printf("ret = %d, &flags = %04x\n", ret, flags);
+
return( ret );
}
@@ -4020,7 +4022,7 @@
x509_free( &cacert );
x509_free( &clicert );
- rsa_free( &rsa );
+ pk_free( &pkey );
#if defined(POLARSSL_DHM_C)
dhm_free( &dhm );
#endif