Adapt ssl_set_own_cert() to generic keys
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 65a7c53..b98551b 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -578,6 +578,7 @@
/*
* PKI layer
*/
+ pk_context *pk_key; /*!< own private key */
#if defined(POLARSSL_RSA_C)
void *rsa_key; /*!< own RSA private key */
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
@@ -903,13 +904,29 @@
*
* \param ssl SSL context
* \param own_cert own public certificate chain
- * \param rsa_key own private RSA key
+ * \param pk_key own private key
*/
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
- rsa_context *rsa_key );
+ pk_context *rsa_key );
+
+#if defined(POLARSSL_RSA_C)
+/**
+ * \brief Set own certificate chain and private RSA key
+ *
+ * Note: own_cert should contain IN order from the bottom
+ * up your certificate chain. The top certificate (self-signed)
+ * can be omitted.
+ *
+ * \param ssl SSL context
+ * \param own_cert own public certificate chain
+ * \param rsa_key own private RSA key
+ */
+void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
+ rsa_context *rsa_key );
+#endif /* POLARSSL_RSA_C */
/**
- * \brief Set own certificate and alternate non-PolarSSL private
+ * \brief Set own certificate and alternate non-PolarSSL RSA private
* key and handling callbacks, such as the PKCS#11 wrappers
* or any other external private key handler.
* (see the respective RSA functions in rsa.h for documentation
@@ -927,11 +944,11 @@
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
* \param rsa_key_len_func function returning length of RSA key in bytes
*/
-void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
- void *rsa_key,
- rsa_decrypt_func rsa_decrypt,
- rsa_sign_func rsa_sign,
- rsa_key_len_func rsa_key_len );
+void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert,
+ void *rsa_key,
+ rsa_decrypt_func rsa_decrypt,
+ rsa_sign_func rsa_sign,
+ rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 033c9fa..4e5b3e6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3143,22 +3143,35 @@
}
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
- rsa_context *rsa_key )
+ pk_context *pk_key )
+{
+ ssl->own_cert = own_cert;
+ ssl->pk_key = pk_key;
+
+ /* Temporary, until everything is moved to PK */
+ if( pk_key->pk_info->type == POLARSSL_PK_RSA )
+ ssl->rsa_key = pk_key->pk_ctx;
+}
+
+#if defined(POLARSSL_RSA_C)
+void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
+ rsa_context *rsa_key )
{
ssl->own_cert = own_cert;
ssl->rsa_key = rsa_key;
}
+#endif /* POLARSSL_RSA_C */
-void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
- void *rsa_key,
- rsa_decrypt_func rsa_decrypt,
- rsa_sign_func rsa_sign,
- rsa_key_len_func rsa_key_len )
+void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert,
+ void *rsa_key,
+ rsa_decrypt_func rsa_decrypt,
+ rsa_sign_func rsa_sign,
+ rsa_key_len_func rsa_key_len )
{
- ssl->own_cert = own_cert;
- ssl->rsa_key = rsa_key;
+ ssl->own_cert = own_cert;
+ ssl->rsa_key = rsa_key;
ssl->rsa_decrypt = rsa_decrypt;
- ssl->rsa_sign = rsa_sign;
+ ssl->rsa_sign = rsa_sign;
ssl->rsa_key_len = rsa_key_len;
}
#endif /* POLARSSL_X509_PARSE_C */
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index dd7fc46..e5adef7 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -257,7 +257,7 @@
#if defined(POLARSSL_X509_PARSE_C)
x509_cert cacert;
x509_cert clicert;
- rsa_context rsa;
+ pk_context pkey;
#endif
char *p, *q;
const int *list;
@@ -271,7 +271,7 @@
#if defined(POLARSSL_X509_PARSE_C)
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
- memset( &rsa, 0, sizeof( rsa_context ) );
+ pk_init( &pkey );
#endif
if( argc == 0 )
@@ -626,11 +626,11 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.key_file ) )
- ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
+ ret = x509parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(POLARSSL_CERTS_C)
- ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_cli_key,
+ ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key,
strlen( test_cli_key ), NULL, 0 );
#else
{
@@ -640,7 +640,7 @@
#endif
if( ret != 0 )
{
- printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret );
+ printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret );
goto exit;
}
@@ -711,7 +711,7 @@
#if defined(POLARSSL_X509_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
- ssl_set_own_cert( &ssl, &clicert, &rsa );
+ ssl_set_own_cert( &ssl, &clicert, &pkey );
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
@@ -911,7 +911,7 @@
#if defined(POLARSSL_X509_PARSE_C)
x509_free( &clicert );
x509_free( &cacert );
- rsa_free( &rsa );
+ pk_free( &pkey );
#endif
ssl_session_free( &saved_session );
ssl_free( &ssl );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 986458b..98a518c 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -104,7 +104,7 @@
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_cert srvcert;
- rsa_context rsa;
+ pk_context pkey;
((void) argc);
((void) argv);
@@ -139,7 +139,7 @@
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509parse_crtfile() to read the
- * server and CA certificates, as well as x509parse_keyfile_rsa().
+ * server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
@@ -157,12 +157,12 @@
goto exit;
}
- rsa_init( &rsa, RSA_PKCS_V15, 0 );
- ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
+ pk_init( &pkey );
+ ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
- printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
+ printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
@@ -265,7 +265,7 @@
net_send, &client_fd );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &rsa );
+ ssl_set_own_cert( &ssl, &srvcert, &pkey );
/*
* 5. Handshake
@@ -363,7 +363,7 @@
net_close( client_fd );
x509_free( &srvcert );
- rsa_free( &rsa );
+ pk_free( &pkey );
ssl_free( &ssl );
#if defined(_WIN32)
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 665cdbf..6333d17 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -352,7 +352,7 @@
ssl_context ssl;
x509_cert cacert;
x509_cert clicert;
- rsa_context rsa;
+ pk_context pkey;
int i;
size_t n;
char *p, *q;
@@ -364,7 +364,7 @@
server_fd = 0;
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
- memset( &rsa, 0, sizeof( rsa_context ) );
+ pk_init( &pkey );
if( argc == 0 )
{
@@ -532,11 +532,11 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.key_file ) )
- ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
+ ret = x509parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(POLARSSL_CERTS_C)
- ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_cli_key,
+ ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key,
strlen( test_cli_key ), NULL, 0 );
#else
{
@@ -546,7 +546,7 @@
#endif
if( ret != 0 )
{
- printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
+ printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
@@ -594,7 +594,7 @@
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
- ssl_set_own_cert( &ssl, &clicert, &rsa );
+ ssl_set_own_cert( &ssl, &clicert, &pkey );
ssl_set_hostname( &ssl, opt.server_name );
@@ -789,7 +789,7 @@
net_close( server_fd );
x509_free( &clicert );
x509_free( &cacert );
- rsa_free( &rsa );
+ pk_free( &pkey );
ssl_free( &ssl );
#if defined(_WIN32)
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index dbb193b..801c0c6 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -94,7 +94,7 @@
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_cert srvcert;
- rsa_context rsa;
+ pk_context pkey;
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
#endif
@@ -117,7 +117,7 @@
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509parse_crtfile() to read the
- * server and CA certificates, as well as x509parse_keyfile_rsa().
+ * server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
@@ -135,12 +135,12 @@
goto exit;
}
- rsa_init( &rsa, RSA_PKCS_V15, 0 );
- ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
+ pk_init( &pkey );
+ ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
- printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
+ printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
@@ -201,7 +201,7 @@
#endif
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &rsa );
+ ssl_set_own_cert( &ssl, &srvcert, &pkey );
printf( " ok\n" );
@@ -364,7 +364,7 @@
net_close( client_fd );
x509_free( &srvcert );
- rsa_free( &rsa );
+ pk_free( &pkey );
ssl_free( &ssl );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 681850b..8831190 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -215,7 +215,7 @@
#if defined(POLARSSL_X509_PARSE_C)
x509_cert cacert;
x509_cert srvcert;
- rsa_context rsa;
+ pk_context pkey;
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
@@ -239,7 +239,7 @@
#if defined(POLARSSL_X509_PARSE_C)
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &srvcert, 0, sizeof( x509_cert ) );
- memset( &rsa, 0, sizeof( rsa_context ) );
+ pk_init( &pkey );
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
@@ -575,11 +575,11 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.key_file ) )
- ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
+ ret = x509parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(POLARSSL_CERTS_C)
- ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
+ ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
#else
{
@@ -589,7 +589,7 @@
#endif
if( ret != 0 )
{
- printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret );
+ printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret );
goto exit;
}
@@ -649,7 +649,7 @@
#if defined(POLARSSL_X509_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &rsa );
+ ssl_set_own_cert( &ssl, &srvcert, &pkey );
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
@@ -877,7 +877,7 @@
#if defined(POLARSSL_X509_PARSE_C)
x509_free( &srvcert );
x509_free( &cacert );
- rsa_free( &rsa );
+ pk_free( &pkey );
#endif
ssl_free( &ssl );
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index ce45ccf..797226b 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -166,7 +166,7 @@
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_cert srvcert;
- rsa_context rsa;
+ pk_context pkey;
ret = 1;
@@ -187,7 +187,7 @@
memset( write_state, 0, sizeof( write_state ) );
memset( &srvcert, 0, sizeof( x509_cert ) );
- memset( &rsa, 0, sizeof( rsa_context ) );
+ pk_init( &pkey );
if( opt->opmode == OPMODE_CLIENT )
{
@@ -229,11 +229,11 @@
goto exit;
}
- ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
+ ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
- printf( " ! x509parse_key_rsa returned %d\n\n", ret );
+ printf( " ! x509parse_key returned %d\n\n", ret );
goto exit;
}
#endif
@@ -262,7 +262,7 @@
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &rsa );
+ ssl_set_own_cert( &ssl, &srvcert, &pkey );
}
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
@@ -400,7 +400,7 @@
ssl_close_notify( &ssl );
x509_free( &srvcert );
- rsa_free( &rsa );
+ pk_free( &pkey );
ssl_free( &ssl );
net_close( client_fd );
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index d7cacdb..40d76d8 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -157,7 +157,7 @@
ssl_context ssl;
x509_cert cacert;
x509_cert clicert;
- rsa_context rsa;
+ pk_context pkey;
int i, j, n;
int flags, verify = 0;
char *p, *q;
@@ -169,7 +169,7 @@
server_fd = 0;
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
- memset( &rsa, 0, sizeof( rsa_context ) );
+ pk_init( &pkey );
if( argc == 0 )
{
@@ -404,7 +404,7 @@
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
- ssl_set_own_cert( &ssl, &clicert, &rsa );
+ ssl_set_own_cert( &ssl, &clicert, &pkey );
ssl_set_hostname( &ssl, opt.server_name );
@@ -450,7 +450,7 @@
net_close( server_fd );
x509_free( &cacert );
x509_free( &clicert );
- rsa_free( &rsa );
+ pk_free( &pkey );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
