RSA and ECDSA key exchanges don't depend on CRL

This commit is contained in:
Manuel Pégourié-Gonnard 2013-09-23 12:20:02 +02:00
parent dfe0ea9f02
commit cbf3ef3861
8 changed files with 18 additions and 28 deletions

View file

@ -286,7 +286,7 @@
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
* (NOT YET IMPLEMENTED)
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
* POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@ -307,7 +307,7 @@
* Enable the RSA-only based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
* POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@ -333,7 +333,7 @@
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
* POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@ -355,7 +355,7 @@
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
* POLARSSL_X509_CRT_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@ -378,7 +378,6 @@
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
*
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
* POLARSSL_X509_CRL_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@ -1683,34 +1682,31 @@
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
!defined(POLARSSL_X509_CRL_PARSE_C) )
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
!defined(POLARSSL_X509_CRL_PARSE_C) )
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || \
!defined(POLARSSL_X509_CRL_PARSE_C) )
!defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif

View file

@ -58,9 +58,7 @@
#include "x509_crt.h"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C)
#include "x509_crl.h"
#endif
#if defined(POLARSSL_DHM_C)
#include "dhm.h"
@ -659,9 +657,7 @@ struct _ssl_context
x509_crt *ca_chain; /*!< own trusted CA chain */
const char *peer_cn; /*!< expected peer CN */
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_X509_CRL_PARSE_C)
x509_crl *ca_crl; /*!< trusted CA CRLs */
#endif /* POLARSSL_X509_CRL_PARSE_C */
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/*
@ -956,7 +952,6 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
int major, int minor );
#if defined(POLARSSL_X509_CRT_PARSE_C)
#if defined(POLARSSL_X509_CRL_PARSE_C)
/**
* \brief Set the data required to verify peer certificate
*
@ -967,7 +962,6 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
*/
void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
x509_crl *ca_crl, const char *peer_cn );
#endif /* POLARSSL_X509_CRL_PARSE_C */
/**
* \brief Set own certificate chain and private key

View file

@ -31,9 +31,7 @@
#include "x509.h"
#if defined(POLARSSL_X509_CRL_PARSE_C)
#include "x509_crl.h"
#endif
/**
* \addtogroup x509_module
@ -198,7 +196,6 @@ int x509_crt_parse_path( x509_crt *chain, const char *path );
int x509_crt_info( char *buf, size_t size, const char *prefix,
const x509_crt *crt );
#if defined(POLARSSL_X509_CRL_PARSE_C)
/**
* \brief Verify the certificate signature
*
@ -242,8 +239,9 @@ int x509_crt_verify( x509_crt *crt,
int (*f_vrfy)(void *, x509_crt *, int, int *),
void *p_vrfy );
#if defined(POLARSSL_X509_CRL_PARSE_C)
/**
* \brief Verify the certificate signature
* \brief Verify the certificate revocation status
*
* \param crt a certificate to be verified
* \param crl the CRL to verify against

View file

@ -1391,6 +1391,8 @@ static int x509_crt_verify_top(
#if defined(POLARSSL_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the chain's top crt */
*flags |= x509_crt_verifycrl( child, trust_ca, ca_crl );
#else
((void) ca_crl);
#endif
if( x509_time_expired( &trust_ca->valid_to ) )

View file

@ -29,13 +29,14 @@
#include <stdio.h>
#if !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
!defined(POLARSSL_FS_IO)
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_X509_CRL_PARSE_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_RSA_C and/or POLARSSL_X509_CRT_PARSE_C "
"POLARSSL_FS_IO and/or POLARSSL_X509_CRL_PARSE_C "
"not defined.\n");
return( 0 );
}
@ -257,4 +258,5 @@ exit:
return( ret );
}
#endif /* POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO */
#endif /* POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_X509_CRL_PARSE_C */

View file

@ -34,7 +34,6 @@
#define POLARSSL_SSL_CLI_C
#define POLARSSL_SSL_SRV_C
#define POLARSSL_SSL_TLS_C
#define POLARSSL_X509_CRL_PARSE_C
#define POLARSSL_X509_CRT_PARSE_C
#define POLARSSL_X509_USE_C

View file

@ -34,7 +34,6 @@
#define POLARSSL_SSL_CLI_C
#define POLARSSL_SSL_SRV_C
#define POLARSSL_SSL_TLS_C
#define POLARSSL_X509_CRL_PARSE_C
#define POLARSSL_X509_CRT_PARSE_C
#define POLARSSL_X509_USE_C

View file

@ -75,7 +75,7 @@ void x509_crl_info( char *crl_file, char *result_str )
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result,
char *verify_callback )