More granular define selections within code to allow for smaller code
sizes
diff --git a/include/polarssl/asn1write.h b/include/polarssl/asn1write.h
index 6bac6c4..f7efb20 100644
--- a/include/polarssl/asn1write.h
+++ b/include/polarssl/asn1write.h
@@ -33,7 +33,9 @@
int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
+#if defined(POLARSSL_BIGNUM_C)
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
+#endif
int asn1_write_null( unsigned char **p, unsigned char *start );
int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid );
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, const char *algorithm_oid );
diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h
index f0cc261..fdd3627 100644
--- a/include/polarssl/debug.h
+++ b/include/polarssl/debug.h
@@ -44,14 +44,20 @@
#define SSL_DEBUG_BUF( level, text, buf, len ) \
debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
+#if defined(POLARSSL_BIGNUM_C)
#define SSL_DEBUG_MPI( level, text, X ) \
debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
+#endif
+#if defined(POLARSSL_ECP_C)
#define SSL_DEBUG_ECP( level, text, X ) \
debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
+#endif
+#if defined(POLARSSL_X509_PARSE_C)
#define SSL_DEBUG_CRT( level, text, crt ) \
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
+#endif
#else
@@ -81,9 +87,11 @@
const char *file, int line, const char *text,
unsigned char *buf, size_t len );
+#if defined(POLARSSL_BIGNUM_C)
void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mpi *X );
+#endif
#if defined(POLARSSL_ECP_C)
void debug_print_ecp( const ssl_context *ssl, int level,
@@ -91,9 +99,11 @@
const char *text, const ecp_point *X );
#endif
+#if defined(POLARSSL_X509_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const x509_cert *crt );
+#endif
#ifdef __cplusplus
}
diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h
index 8b45f4f..d3a6552 100644
--- a/include/polarssl/oid.h
+++ b/include/polarssl/oid.h
@@ -30,6 +30,7 @@
#include <string.h>
#include "asn1.h"
#include "md.h"
+#include "pk.h"
#include "x509.h"
#define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
@@ -196,6 +197,7 @@
*/
int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
+#if defined(POLARSSL_X509_PARSE_C)
/**
* \brief Translate an X.509 extension OID into local values
*
@@ -205,6 +207,7 @@
* \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
*/
int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type );
+#endif
/**
* \brief Translate an X.509 attribute type OID into the short name
diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
new file mode 100644
index 0000000..d9639ee
--- /dev/null
+++ b/include/polarssl/pk.h
@@ -0,0 +1,47 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer
+ *
+ * Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_PK_H
+#define POLARSSL_PK_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Public key types
+ */
+typedef enum {
+ POLARSSL_PK_NONE=0,
+ POLARSSL_PK_RSA,
+ POLARSSL_PK_ECDSA,
+} pk_type_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pk.h */
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 8342eec..9078111 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -27,6 +27,10 @@
#ifndef POLARSSL_RSA_H
#define POLARSSL_RSA_H
+#include "config.h"
+
+#if defined(POLARSSL_RSA_C)
+
#include "bignum.h"
#include "md.h"
@@ -520,4 +524,6 @@
}
#endif
+#endif /* POLARSSL_RSA_C */
+
#endif /* rsa.h */
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 6215ffe..40f1673 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -29,16 +29,25 @@
#include <time.h>
+#include "config.h"
#include "net.h"
-#include "rsa.h"
+#include "bignum.h"
+
#include "md5.h"
#include "sha1.h"
#include "sha2.h"
#include "sha4.h"
-#include "x509.h"
-#include "config.h"
+
#include "ssl_ciphersuites.h"
+#if defined(POLARSSL_X509_PARSE_C)
+#include "x509.h"
+#endif
+
+#if defined(POLARSSL_RSA_C)
+#include "rsa.h"
+#endif
+
#if defined(POLARSSL_DHM_C)
#include "dhm.h"
#endif
@@ -228,6 +237,15 @@
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
+ * Size defines
+ */
+#if !defined(POLARSSL_MPI_MAX_SIZE)
+#define POLARSSL_PREMASTER_SIZE 512
+#else
+#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
+#endif
+
+/*
* Generic function pointers for allowing external RSA private key
* implementations.
*/
@@ -281,7 +299,10 @@
size_t length; /*!< session id length */
unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */
+
+#if defined(POLARSSL_X509_PARSE_C)
x509_cert *peer_cert; /*!< peer X.509 cert chain */
+#endif /* POLARSSL_X509_PARSE_C */
};
/*
@@ -340,8 +361,8 @@
#if defined(POLARSSL_ECDH_C)
ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif
-#if defined(POLARSSL_ECP_C)
int ec_curve; /*!< Selected elliptic curve */
+#if defined(POLARSSL_ECP_C)
int ec_point_format; /*!< Client supported format */
#endif
@@ -363,7 +384,7 @@
size_t pmslen; /*!< premaster length */
unsigned char randbytes[64]; /*!< random bytes */
- unsigned char premaster[POLARSSL_MPI_MAX_SIZE];
+ unsigned char premaster[POLARSSL_PREMASTER_SIZE];
/*!< premaster secret */
int resume; /*!< session resume indicator*/
@@ -392,7 +413,6 @@
void (*f_dbg)(void *, int, const char *);
int (*f_recv)(void *, unsigned char *, size_t);
int (*f_send)(void *, const unsigned char *, size_t);
- int (*f_vrfy)(void *, x509_cert *, int, int *);
int (*f_get_cache)(void *, ssl_session *);
int (*f_set_cache)(void *, const ssl_session *);
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
@@ -401,12 +421,16 @@
void *p_dbg; /*!< context for the debug function */
void *p_recv; /*!< context for reading operations */
void *p_send; /*!< context for writing operations */
- void *p_vrfy; /*!< context for verification */
void *p_get_cache; /*!< context for cache retrieval */
void *p_set_cache; /*!< context for cache store */
void *p_sni; /*!< context for SNI extension */
void *p_hw_data; /*!< context for HW acceleration */
+#if defined(POLARSSL_X509_PARSE_C)
+ int (*f_vrfy)(void *, x509_cert *, int, int *);
+ void *p_vrfy; /*!< context for verification */
+#endif
+
/*
* Session layer
*/
@@ -458,15 +482,19 @@
/*
* PKI layer
*/
+#if defined(POLARSSL_RSA_C)
void *rsa_key; /*!< own RSA private key */
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
rsa_sign_func rsa_sign; /*!< function for RSA sign */
rsa_key_len_func rsa_key_len; /*!< function for RSA key len*/
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_X509_PARSE_C)
x509_cert *own_cert; /*!< own X.509 certificate */
x509_cert *ca_chain; /*!< own trusted CA chain */
x509_crl *ca_crl; /*!< trusted CA CRLs */
const char *peer_cn; /*!< expected peer CN */
+#endif /* POLARSSL_X509_PARSE_C */
/*
* User settings
@@ -610,6 +638,7 @@
*/
void ssl_set_authmode( ssl_context *ssl, int authmode );
+#if defined(POLARSSL_X509_PARSE_C)
/**
* \brief Set the verification callback (Optional).
*
@@ -624,6 +653,7 @@
void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy );
+#endif /* POLARSSL_X509_PARSE_C */
/**
* \brief Set the random number generator callback
@@ -741,6 +771,7 @@
const int *ciphersuites,
int major, int minor );
+#if defined(POLARSSL_X509_PARSE_C)
/**
* \brief Set the data required to verify peer certificate
*
@@ -790,6 +821,7 @@
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
+#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/**
@@ -976,6 +1008,7 @@
*/
const char *ssl_get_version( const ssl_context *ssl );
+#if defined(POLARSSL_X509_PARSE_C)
/**
* \brief Return the peer certificate from the current connection
*
@@ -991,6 +1024,7 @@
* \return the current peer certificate
*/
const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
+#endif /* POLARSSL_X509_PARSE_C */
/**
* \brief Perform the SSL handshake
diff --git a/include/polarssl/ssl_cache.h b/include/polarssl/ssl_cache.h
index 10cff20..0b3d5cc 100644
--- a/include/polarssl/ssl_cache.h
+++ b/include/polarssl/ssl_cache.h
@@ -46,7 +46,9 @@
{
time_t timestamp; /*!< entry timestamp */
ssl_session session; /*!< entry session */
+#if defined(POLARSSL_X509_PARSE_C)
x509_buf peer_cert; /*!< entry peer_cert */
+#endif
ssl_cache_entry *next; /*!< chain pointer */
};
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 17d99af..ed02ad9 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -27,10 +27,14 @@
#ifndef POLARSSL_X509_H
#define POLARSSL_X509_H
+#include "config.h"
+
+#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C)
#include "asn1.h"
#include "rsa.h"
#include "dhm.h"
#include "md.h"
+#include "pk.h"
/**
* \addtogroup x509_module
@@ -134,12 +138,6 @@
#define X509_FORMAT_DER 1
#define X509_FORMAT_PEM 2
-typedef enum {
- POLARSSL_PK_NONE=0,
- POLARSSL_PK_RSA,
- POLARSSL_PK_ECDSA,
-} pk_type_t;
-
/**
* \addtogroup x509_module
* \{ */
@@ -668,4 +666,5 @@
}
#endif
+#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */
#endif /* x509.h */
diff --git a/include/polarssl/x509write.h b/include/polarssl/x509write.h
index 9d43efb..ea1ba7a 100644
--- a/include/polarssl/x509write.h
+++ b/include/polarssl/x509write.h
@@ -27,6 +27,8 @@
#ifndef POLARSSL_X509_WRITE_H
#define POLARSSL_X509_WRITE_H
+#if defined(POLARSSL_X509_WRITE_C)
+
#include "rsa.h"
typedef struct _x509_req_name
@@ -43,4 +45,6 @@
int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
x509_req_name *req_name, md_type_t md_alg );
+#endif /* POLARSSL_X509_WRITE_C */
+
#endif /* POLARSSL_X509_WRITE_H */