Fix some dependencies and warnings in small config

1032c1d3 · Manuel Pégourié-Gonnard · 5ad403f5 · 1032c1d3 · 1032c1d3 · 1032c1d3
Commit 1032c1d3 authored Sep 18, 2013 by Manuel Pégourié-Gonnard
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -287,7 +287,8 @@
 *
 * Enable the RSA-PSK based ciphersuite modes in SSL / TLS
 * (NOT YET IMPLEMENTED)
- * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ *           POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
@@ -307,7 +308,8 @@
 *
 * Enable the RSA-only based ciphersuite modes in SSL / TLS
 *
- * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ *           POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
@@ -332,8 +334,8 @@
 *
 * Enable the DHE-RSA based ciphersuite modes in SSL / TLS
 *
- * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
- *           POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ *           POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
@@ -354,8 +356,8 @@
 *
 * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS
 *
- * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
- *           POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ *           POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
@@ -377,7 +379,8 @@
 *
 * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS
 *
- * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C
+ * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
+ *           POLARSSL_X509_CRL_PARSE_C
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
@@ -1636,31 +1639,34 @@

 #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
    ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) ||           \
-      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
+      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
+      !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
 #endif

 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
    ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) ||          \
-      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
+      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
+      !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
 #endif

 #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
    ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) ||          \
-      !defined(POLARSSL_X509_CRT_PARSE_C) )
+      !defined(POLARSSL_X509_CRT_PARSE_C) ||                              \
+      !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
 #endif

 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
    ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
-      !defined(POLARSSL_PKCS1_V15) )
+      !defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
 #endif

 #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) &&                       \
    ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
-      !defined(POLARSSL_PKCS1_V15) )
+      !defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
 #endif


--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -954,6 +954,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
                                       int major, int minor );

 #if defined(POLARSSL_X509_CRT_PARSE_C)
+#if defined(POLARSSL_X509_CRL_PARSE_C)
 /**
 * \brief          Set the data required to verify peer certificate
 *
@@ -964,6 +965,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
 */
 void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
                       x509_crl *ca_crl, const char *peer_cn );
+#endif /* POLARSSL_X509_CRL_PARSE_C */

 /**
 * \brief          Set own certificate chain and private key

--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -198,6 +198,7 @@ int x509_crt_parse_path( x509_crt *chain, const char *path );
 int x509_crt_info( char *buf, size_t size, const char *prefix,
                   const x509_crt *crt );

+#if defined(POLARSSL_X509_CRL_PARSE_C)
 /**
 * \brief          Verify the certificate signature
 *
@@ -241,7 +242,6 @@ int x509_crt_verify( x509_crt *crt,
                     int (*f_vrfy)(void *, x509_crt *, int, int *),
                     void *p_vrfy );

-#if defined(POLARSSL_X509_CRL_PARSE_C)
 /**
 * \brief          Verify the certificate signature
 *

--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -745,7 +745,10 @@ static int pk_parse_key_pkcs8_encrypted_der(
    }
    else
 #endif /* POLARSSL_PKCS5_C */
+    {
+        ((void) pwd);
        return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
+    }

    return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
 }

--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -740,13 +740,15 @@ static int ssl_parse_supported_point_formats_ext( ssl_context *ssl,

 static int ssl_parse_server_hello( ssl_context *ssl )
 {
-    uint32_t t;
    int ret, i, comp;
    size_t n;
    size_t ext_len = 0;
    unsigned char *buf, *ext;
    int renegotiation_info_seen = 0;
    int handshake_failure = 0;
+#if defined(POLARSSL_DEBUG_C)
+    uint32_t t;
+#endif

    SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );

@@ -807,13 +809,13 @@ static int ssl_parse_server_hello( ssl_context *ssl )
      | ( (uint32_t) buf[7] << 16 )
      | ( (uint32_t) buf[8] <<  8 )
      | ( (uint32_t) buf[9]       );
+    SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
 #endif

    memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );

    n = buf[38];

-    SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
    SSL_DEBUG_BUF( 3,   "server hello, random bytes", buf + 6, 32 );

    if( n > 32 )