More granular define selections within code to allow for smaller code

sizes

include/polarssl/asn1write.h

@@ -33,7 +33,9 @@
 
 int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
 int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
+#if defined(POLARSSL_BIGNUM_C)
 int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
+#endif
 int asn1_write_null( unsigned char **p, unsigned char *start );
 int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid );
 int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, const char *algorithm_oid );

include/polarssl/debug.h

@@ -44,14 +44,20 @@
 #define SSL_DEBUG_BUF( level, text, buf, len )           \
     debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
 
+#if defined(POLARSSL_BIGNUM_C)
 #define SSL_DEBUG_MPI( level, text, X )                  \
     debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
+#endif
 
+#if defined(POLARSSL_ECP_C)
 #define SSL_DEBUG_ECP( level, text, X )                  \
     debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
+#endif
 
+#if defined(POLARSSL_X509_PARSE_C)
 #define SSL_DEBUG_CRT( level, text, crt )                \
     debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
+#endif
 
 #else
 
@@ -81,9 +87,11 @@ void debug_print_buf( const ssl_context *ssl, int level,
                       const char *file, int line, const char *text,
                       unsigned char *buf, size_t len );
 
+#if defined(POLARSSL_BIGNUM_C)
 void debug_print_mpi( const ssl_context *ssl, int level,
                       const char *file, int line,
                       const char *text, const mpi *X );
+#endif
 
 #if defined(POLARSSL_ECP_C)
 void debug_print_ecp( const ssl_context *ssl, int level,
@@ -91,9 +99,11 @@ void debug_print_ecp( const ssl_context *ssl, int level,
                       const char *text, const ecp_point *X );
 #endif
 
+#if defined(POLARSSL_X509_PARSE_C)
 void debug_print_crt( const ssl_context *ssl, int level,
                       const char *file, int line,
                       const char *text, const x509_cert *crt );
+#endif
 
 #ifdef __cplusplus
 }

include/polarssl/oid.h

@@ -30,6 +30,7 @@
 #include <string.h>
 #include "asn1.h"
 #include "md.h"
+#include "pk.h"
 #include "x509.h"
 
 #define POLARSSL_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
@@ -196,6 +197,7 @@ typedef struct {
  */
 int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
 
+#if defined(POLARSSL_X509_PARSE_C)
 /**
  * \brief          Translate an X.509 extension OID into local values
  *
@@ -205,6 +207,7 @@ int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
  * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
  */
 int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type );
+#endif
 
 /**
  * \brief          Translate an X.509 attribute type OID into the short name

include/polarssl/pk.h

@@ -0,0 +1,47 @@
+/**
+ * \file pk.h
+ *
+ * \brief Public Key abstraction layer
+ *
+ *  Copyright (C) 2006-2013, Brainspark B.V.
+ *
+ *  This file is part of PolarSSL (http://www.polarssl.org)
+ *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ *  All rights reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, write to the Free Software Foundation, Inc.,
+ *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef POLARSSL_PK_H
+#define POLARSSL_PK_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief          Public key types
+ */
+typedef enum {
+    POLARSSL_PK_NONE=0,
+    POLARSSL_PK_RSA,
+    POLARSSL_PK_ECDSA,
+} pk_type_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* pk.h */

include/polarssl/rsa.h

@@ -27,6 +27,10 @@
 #ifndef POLARSSL_RSA_H
 #define POLARSSL_RSA_H
 
+#include "config.h"
+
+#if defined(POLARSSL_RSA_C)
+
 #include "bignum.h"
 #include "md.h"
 
@@ -520,4 +524,6 @@ int rsa_self_test( int verbose );
 }
 #endif
 
+#endif /* POLARSSL_RSA_C */
+
 #endif /* rsa.h */

include/polarssl/ssl.h

@@ -29,16 +29,25 @@
 
 #include <time.h>
 
+#include "config.h"
 #include "net.h"
-#include "rsa.h"
+#include "bignum.h"
+
 #include "md5.h"
 #include "sha1.h"
 #include "sha2.h"
 #include "sha4.h"
-#include "x509.h"
-#include "config.h"
+
 #include "ssl_ciphersuites.h"
 
+#if defined(POLARSSL_X509_PARSE_C)
+#include "x509.h"
+#endif
+
+#if defined(POLARSSL_RSA_C)
+#include "rsa.h"
+#endif
+
 #if defined(POLARSSL_DHM_C)
 #include "dhm.h"
 #endif
@@ -227,6 +236,15 @@
 
 #define TLS_EXT_RENEGOTIATION_INFO      0xFF01
 
+/*
+ * Size defines
+ */
+#if !defined(POLARSSL_MPI_MAX_SIZE)
+#define POLARSSL_PREMASTER_SIZE             512
+#else
+#define POLARSSL_PREMASTER_SIZE             POLARSSL_MPI_MAX_SIZE
+#endif
+
 /*
  * Generic function pointers for allowing external RSA private key
  * implementations.
@@ -281,7 +299,10 @@ struct _ssl_session
     size_t length;              /*!< session id length  */
     unsigned char id[32];       /*!< session identifier */
     unsigned char master[48];   /*!< the master secret  */
+
+#if defined(POLARSSL_X509_PARSE_C)
     x509_cert *peer_cert;       /*!< peer X.509 cert chain */
+#endif /* POLARSSL_X509_PARSE_C */
 };
 
 /*
@@ -340,8 +361,8 @@ struct _ssl_handshake_params
 #if defined(POLARSSL_ECDH_C)
     ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
 #endif
-#if defined(POLARSSL_ECP_C)
     int ec_curve;                       /*!<  Selected elliptic curve */
+#if defined(POLARSSL_ECP_C)
     int ec_point_format;                /*!<  Client supported format */
 #endif
 
@@ -363,7 +384,7 @@ struct _ssl_handshake_params
     size_t pmslen;                      /*!<  premaster length        */
 
     unsigned char randbytes[64];        /*!<  random bytes            */
-    unsigned char premaster[POLARSSL_MPI_MAX_SIZE];
+    unsigned char premaster[POLARSSL_PREMASTER_SIZE];
                                         /*!<  premaster secret        */
 
     int resume;                         /*!<  session resume indicator*/
@@ -392,7 +413,6 @@ struct _ssl_context
     void (*f_dbg)(void *, int, const char *);
     int (*f_recv)(void *, unsigned char *, size_t);
     int (*f_send)(void *, const unsigned char *, size_t);
-    int (*f_vrfy)(void *, x509_cert *, int, int *);
     int (*f_get_cache)(void *, ssl_session *);
     int (*f_set_cache)(void *, const ssl_session *);
     int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
@@ -401,12 +421,16 @@ struct _ssl_context
     void *p_dbg;                /*!< context for the debug function   */
     void *p_recv;               /*!< context for reading operations   */
     void *p_send;               /*!< context for writing operations   */
-    void *p_vrfy;               /*!< context for verification         */
     void *p_get_cache;          /*!< context for cache retrieval      */
     void *p_set_cache;          /*!< context for cache store          */
     void *p_sni;                /*!< context for SNI extension        */
     void *p_hw_data;            /*!< context for HW acceleration      */
 
+#if defined(POLARSSL_X509_PARSE_C)
+    int (*f_vrfy)(void *, x509_cert *, int, int *);
+    void *p_vrfy;               /*!< context for verification         */
+#endif
+
     /*
      * Session layer
      */
@@ -458,15 +482,19 @@ struct _ssl_context
     /*
      * PKI layer
      */
+#if defined(POLARSSL_RSA_C)
     void *rsa_key;                      /*!<  own RSA private key     */
     rsa_decrypt_func rsa_decrypt;       /*!<  function for RSA decrypt*/
     rsa_sign_func rsa_sign;             /*!<  function for RSA sign   */
     rsa_key_len_func rsa_key_len;       /*!<  function for RSA key len*/
+#endif /* POLARSSL_RSA_C */
 
+#if defined(POLARSSL_X509_PARSE_C)
     x509_cert *own_cert;                /*!<  own X.509 certificate   */
     x509_cert *ca_chain;                /*!<  own trusted CA chain    */
     x509_crl *ca_crl;                   /*!<  trusted CA CRLs         */
     const char *peer_cn;                /*!<  expected peer CN        */
+#endif /* POLARSSL_X509_PARSE_C */
 
     /*
      * User settings
@@ -610,6 +638,7 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
  */
 void ssl_set_authmode( ssl_context *ssl, int authmode );
 
+#if defined(POLARSSL_X509_PARSE_C)
 /**
  * \brief          Set the verification callback (Optional).
  *
@@ -624,6 +653,7 @@ void ssl_set_authmode( ssl_context *ssl, int authmode );
 void ssl_set_verify( ssl_context *ssl,
                      int (*f_vrfy)(void *, x509_cert *, int, int *),
                      void *p_vrfy );
+#endif /* POLARSSL_X509_PARSE_C */
 
 /**
  * \brief          Set the random number generator callback
@@ -741,6 +771,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
                                        const int *ciphersuites,
                                        int major, int minor );
 
+#if defined(POLARSSL_X509_PARSE_C)
 /**
  * \brief          Set the data required to verify peer certificate
  *
@@ -790,6 +821,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
                            rsa_decrypt_func rsa_decrypt,
                            rsa_sign_func rsa_sign,
                            rsa_key_len_func rsa_key_len );
+#endif /* POLARSSL_X509_PARSE_C */
 
 #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
 /**
@@ -976,6 +1008,7 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl );
  */
 const char *ssl_get_version( const ssl_context *ssl );
 
+#if defined(POLARSSL_X509_PARSE_C)
 /**
  * \brief          Return the peer certificate from the current connection
  *
@@ -991,6 +1024,7 @@ const char *ssl_get_version( const ssl_context *ssl );
  * \return         the current peer certificate
  */
 const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
+#endif /* POLARSSL_X509_PARSE_C */
 
 /**
  * \brief          Perform the SSL handshake

include/polarssl/ssl_cache.h

@@ -46,7 +46,9 @@ struct _ssl_cache_entry
 {
     time_t timestamp;           /*!< entry timestamp    */
     ssl_session session;        /*!< entry session      */
+#if defined(POLARSSL_X509_PARSE_C)
     x509_buf peer_cert;         /*!< entry peer_cert    */
+#endif
     ssl_cache_entry *next;      /*!< chain pointer      */
 };
 

include/polarssl/x509.h

@@ -27,10 +27,14 @@
 #ifndef POLARSSL_X509_H
 #define POLARSSL_X509_H
 
+#include "config.h"
+
+#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C)
 #include "asn1.h"
 #include "rsa.h"
 #include "dhm.h"
 #include "md.h"
+#include "pk.h"
 
 /** 
  * \addtogroup x509_module
@@ -134,12 +138,6 @@
 #define X509_FORMAT_DER                 1
 #define X509_FORMAT_PEM                 2
 
-typedef enum {
-    POLARSSL_PK_NONE=0,
-    POLARSSL_PK_RSA,
-    POLARSSL_PK_ECDSA,
-} pk_type_t;
-
 /** 
  * \addtogroup x509_module
  * \{ */
@@ -668,4 +666,5 @@ int x509_self_test( int verbose );
 }
 #endif
 
+#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */
 #endif /* x509.h */

include/polarssl/x509write.h

@@ -27,6 +27,8 @@
 #ifndef POLARSSL_X509_WRITE_H
 #define POLARSSL_X509_WRITE_H
 
+#if defined(POLARSSL_X509_WRITE_C)
+
 #include "rsa.h"
 
 typedef struct _x509_req_name
@@ -43,4 +45,6 @@ int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa );
 int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
                          x509_req_name *req_name, md_type_t md_alg );
 
+#endif /* POLARSSL_X509_WRITE_C */
+
 #endif /* POLARSSL_X509_WRITE_H */