From 7e5bf9b8a9d358696632d881ec907536181d606c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 17 Jul 2018 09:04:06 -0600 Subject: [PATCH] add some macro guards for CipherRequires function --- src/internal.c | 71 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 52 insertions(+), 19 deletions(-) diff --git a/src/internal.c b/src/internal.c index 67edb86d4..9039d7fb6 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7130,10 +7130,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #ifndef WOLFSSL_NO_TLS12 +#ifdef HAVE_CHACHA if (first == CHACHA_BYTE) { switch (second) { - case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : if (requirement == REQUIRES_RSA) return 1; @@ -7187,13 +7187,14 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) break; } } +#endif /* HAVE_CHACHA */ /* ECC extensions */ if (first == ECC_BYTE) { switch (second) { - -#ifndef NO_RSA +#ifdef HAVE_ECC + #ifndef NO_RSA case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : if (requirement == REQUIRES_RSA) return 1; @@ -7206,7 +7207,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; break; -#ifndef NO_DES3 + #ifndef NO_DES3 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : if (requirement == REQUIRES_RSA) return 1; @@ -7218,9 +7219,9 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_RSA_SIG) return 1; break; -#endif + #endif /* !NO_DES3 */ -#ifndef NO_RC4 + #ifndef NO_RC4 case TLS_ECDHE_RSA_WITH_RC4_128_SHA : if (requirement == REQUIRES_RSA) return 1; @@ -7232,10 +7233,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_RSA_SIG) return 1; break; -#endif -#endif /* NO_RSA */ + #endif /* !NO_RC4 */ + #endif /* NO_RSA */ -#ifndef NO_DES3 + #ifndef NO_DES3 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : if (requirement == REQUIRES_ECC) return 1; @@ -7245,8 +7246,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_ECC_STATIC) return 1; break; -#endif -#ifndef NO_RC4 + #endif /* !NO_DES3 */ + #ifndef NO_RC4 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : if (requirement == REQUIRES_ECC) return 1; @@ -7256,8 +7257,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_ECC_STATIC) return 1; break; -#endif -#ifndef NO_RSA + #endif /* !NO_RC4 */ + #ifndef NO_RSA case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : if (requirement == REQUIRES_RSA) return 1; @@ -7269,7 +7270,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_RSA_SIG) return 1; break; -#endif + #endif /* !NO_RSA */ case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : if (requirement == REQUIRES_ECC) @@ -7310,8 +7311,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_ECC_STATIC) return 1; break; +#endif /* HAVE_ECC */ #ifndef NO_RSA + #ifdef HAVE_ECC case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : if (requirement == REQUIRES_RSA) return 1; @@ -7335,7 +7338,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_RSA_SIG) return 1; break; - + #endif /* HAVE_ECC */ + #ifdef HAVE_AESCCM case TLS_RSA_WITH_AES_128_CCM_8 : case TLS_RSA_WITH_AES_256_CCM_8 : if (requirement == REQUIRES_RSA) @@ -7343,6 +7347,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_RSA_SIG) return 1; break; + #endif /* HAVE_AESCCM */ + #ifdef HAVE_ECC case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : @@ -7357,8 +7363,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_ECC_STATIC) return 1; break; -#endif + #endif /* HAVE_ECC */ +#endif /* !NO_RSA */ +#ifdef HAVE_ECC case TLS_ECDHE_ECDSA_WITH_AES_128_CCM : case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : @@ -7379,7 +7387,9 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_ECC_STATIC) return 1; break; +#endif /* HAVE_ECC */ +#ifndef NO_PSK case TLS_PSK_WITH_AES_128_CCM: case TLS_PSK_WITH_AES_256_CCM: case TLS_PSK_WITH_AES_128_CCM_8: @@ -7395,7 +7405,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_DHE) return 1; break; - +#endif /* !NO_PSK */ +#ifdef HAVE_ECC case TLS_ECDHE_ECDSA_WITH_NULL_SHA : if (requirement == REQUIRES_ECC) return 1; @@ -7410,7 +7421,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_PSK) return 1; break; - +#endif /* HAVE_ECC */ default: WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC"); return 0; @@ -7446,6 +7457,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) switch (second) { #ifndef NO_RSA + #ifndef NO_RC4 case SSL_RSA_WITH_RC4_128_SHA : if (requirement == REQUIRES_RSA) return 1; @@ -7455,16 +7467,19 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_RSA) return 1; break; + #endif /* NO_RC4 */ case SSL_RSA_WITH_3DES_EDE_CBC_SHA : if (requirement == REQUIRES_RSA) return 1; break; + #ifdef HAVE_NTRU case TLS_NTRU_RSA_WITH_RC4_128_SHA : if (requirement == REQUIRES_NTRU) return 1; break; + #endif /* HAVE_NTRU */ case TLS_RSA_WITH_AES_128_CBC_SHA : if (requirement == REQUIRES_RSA) @@ -7476,20 +7491,24 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; break; + #ifdef HAVE_NTRU case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : if (requirement == REQUIRES_NTRU) return 1; break; + #endif /* HAVE_NTRU */ case TLS_RSA_WITH_AES_256_CBC_SHA : if (requirement == REQUIRES_RSA) return 1; break; + #ifdef HAVE_NTRU case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : if (requirement == REQUIRES_NTRU) return 1; break; + #endif /* HAVE_NTRU */ case TLS_RSA_WITH_AES_256_CBC_SHA256 : if (requirement == REQUIRES_RSA) @@ -7502,17 +7521,22 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; break; + #ifdef HAVE_NTRU case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : if (requirement == REQUIRES_NTRU) return 1; break; + #endif /* HAVE_NTRU */ + #ifdef HAVE_IDEA case SSL_RSA_WITH_IDEA_CBC_SHA : if (requirement == REQUIRES_RSA) return 1; break; -#endif + #endif /* HAVE_IDEA */ +#endif /* !NO_RSA */ +#ifndef NO_PSK case TLS_PSK_WITH_AES_128_GCM_SHA256 : case TLS_PSK_WITH_AES_256_GCM_SHA384 : case TLS_PSK_WITH_AES_128_CBC_SHA256 : @@ -7537,6 +7561,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_PSK) return 1; break; +#endif /* NO_PSK */ #ifndef NO_RSA case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : @@ -7567,6 +7592,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; break; +#ifndef NO_HC128 case TLS_RSA_WITH_HC_128_MD5 : if (requirement == REQUIRES_RSA) return 1; @@ -7581,17 +7607,22 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_RSA) return 1; break; +#endif /* NO_HC128 */ +#ifdef HAVE_BLAKE2 case TLS_RSA_WITH_AES_128_CBC_B2B256: case TLS_RSA_WITH_AES_256_CBC_B2B256: if (requirement == REQUIRES_RSA) return 1; break; +#endif /* HAVE_BLAKE2 */ +#ifndef NO_RABBIT case TLS_RSA_WITH_RABBIT_SHA : if (requirement == REQUIRES_RSA) return 1; break; +#endif /* !NO_RABBIT */ case TLS_RSA_WITH_AES_128_GCM_SHA256 : case TLS_RSA_WITH_AES_256_GCM_SHA384 : @@ -7607,6 +7638,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1; break; +#ifdef HAVE_CAMELLIA case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : @@ -7626,6 +7658,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_DHE) return 1; break; +#endif /* HAVE_CAMELLIA */ case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: if (requirement == REQUIRES_RSA)