Commit 348bcb36 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Make RSA_ALT support optionnal

parent 32076e66
......@@ -46,6 +46,9 @@ Default behavior changes
* Support for receiving SSLv2 ClientHello is now disabled by default at
compile time.
* The default authmode for SSL/TLS clients is now REQUIRED.
* Support for RSA_ALT contexts in the PK layer is now optional. Since is is
enabled in the default configuration, this is only noticeable if using a
custom config.h
Changes
* Remove test program o_p_test, the script compat.sh does more.
......
......@@ -768,6 +768,15 @@
*/
//#define POLARSSL_MEMORY_BACKTRACE
/**
* \def POLARSSL_PK_RSA_ALT_SUPPORT
*
* Support external private RSA keys (eg from a HSM) in the PK layer.
*
* Comment this macro to disable support for external private RSA keys.
*/
#define POLARSSL_PK_RSA_ALT_SUPPORT
/**
* \def POLARSSL_PKCS1_V15
*
......
......@@ -197,6 +197,7 @@ typedef struct
void * pk_ctx; /**< Underlying public key context */
} pk_context;
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/**
* \brief Types for RSA-alt abstraction
*/
......@@ -208,6 +209,7 @@ typedef int (*pk_rsa_alt_sign_func)( void *ctx,
int mode, md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig );
typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx );
#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
/**
* \brief Return information associated with the given PK type
......@@ -244,6 +246,7 @@ void pk_free( pk_context *ctx );
*/
int pk_init_ctx( pk_context *ctx, const pk_info_t *info );
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/**
* \brief Initialize an RSA-alt context
*
......@@ -262,6 +265,7 @@ int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
pk_rsa_alt_decrypt_func decrypt_func,
pk_rsa_alt_sign_func sign_func,
pk_rsa_alt_key_len_func key_len_func );
#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
/**
* \brief Get the size in bits of the underlying key
......
......@@ -33,6 +33,7 @@
#include "pk.h"
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/* Container for RSA-alt */
typedef struct
{
......@@ -41,6 +42,7 @@ typedef struct
pk_rsa_alt_sign_func sign_func;
pk_rsa_alt_key_len_func key_len_func;
} rsa_alt_context;
#endif
#if defined(POLARSSL_RSA_C)
extern const pk_info_t rsa_info;
......@@ -55,6 +57,8 @@ extern const pk_info_t eckeydh_info;
extern const pk_info_t ecdsa_info;
#endif
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
extern const pk_info_t rsa_alt_info;
#endif
#endif /* POLARSSL_PK_WRAP_H */
......@@ -112,6 +112,7 @@ int pk_init_ctx( pk_context *ctx, const pk_info_t *info )
return( 0 );
}
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/*
* Initialize an RSA-alt context
*/
......@@ -140,6 +141,7 @@ int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
return( 0 );
}
#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
/*
* Tell if a PK can do the operations of the given type
......
......@@ -50,10 +50,12 @@
#define polarssl_free free
#endif
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#endif
#if defined(POLARSSL_RSA_C)
static int rsa_can_do( pk_type_t type )
......@@ -377,6 +379,7 @@ const pk_info_t ecdsa_info = {
};
#endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/*
* Support for alternative RSA-private implementations
*/
......@@ -488,4 +491,6 @@ const pk_info_t rsa_alt_info = {
NULL,
};
#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
#endif /* POLARSSL_PK_C */
......@@ -98,7 +98,7 @@ void pk_check_pair( char *pub_file, char *prv_file, int ret )
TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret );
#if defined(POLARSSL_RSA_C)
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_PK_RSA_ALT_SUPPORT)
if( pk_get_type( &prv ) == POLARSSL_PK_RSA )
{
TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ),
......@@ -414,7 +414,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
/* BEGIN_CASE depends_on:POLARSSL_RSA_C:POLARSSL_PK_RSA_ALT_SUPPORT */
void pk_rsa_alt( )
{
/*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment