diff --git a/src/internal.c b/src/internal.c index aeb8d82a2..c8e74fe46 100644 --- a/src/internal.c +++ b/src/internal.c @@ -15965,12 +15965,15 @@ const char* GetCipherNameInternal(const char* cipherName, int cipherSuite) /* if first is null then not any */ if (first == NULL) { + #if defined(HAVE_AESCCM) || defined(HAVE_CHACHA) || \ + defined(HAVE_ECC) if ( !XSTRSTR(nameFound, "CHACHA") && !XSTRSTR(nameFound, "EC") && !XSTRSTR(nameFound, "CCM")) { result = nameFound; break; } + #endif } else if (XSTRSTR(nameFound, first)) { result = nameFound; @@ -16486,26 +16489,51 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) return 0; /* suites buffer not large enough, error out */ } - suites->suites[idx++] = (XSTRSTR(name, "TLS13")) ? TLS13_BYTE - : (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE - : (XSTRSTR(name, "QSH")) ? QSH_BYTE - : (XSTRSTR(name, "EC")) ? ECC_BYTE - : (XSTRSTR(name, "CCM")) ? ECC_BYTE - : 0x00; /* normal */ - suites->suites[idx++] = (byte)cipher_name_idx[i]; + suites->suites[idx++] = + #ifdef WOLFSSL_TLS13 + (XSTRSTR(name, "TLS13")) ? TLS13_BYTE : + #endif + #ifdef HAVE_CHACHA + (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE : + #endif + #ifdef HAVE_QSH + (XSTRSTR(name, "QSH")) ? QSH_BYTE : + #endif + #ifdef HAVE_ECC + (XSTRSTR(name, "EC")) ? ECC_BYTE : + #endif + #ifdef HAVE_AESCCM + (XSTRSTR(name, "CCM")) ? ECC_BYTE : + #endif + 0x00; /* normal */ + suites->suites[idx++] = (byte)cipher_name_idx[i]; /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA * suites don't necessarily have RSA in the name. */ + #ifdef WOLFSSL_TLS13 if (XSTRSTR(name, "TLS13")) { haveRSAsig = 1; haveECDSAsig = 1; } - else if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA")) + else + #endif + #ifdef HAVE_ECC + if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA")) haveECDSAsig = 1; - else if (XSTRSTR(name, "ADH")) + else + #endif + #ifdef HAVE_ANON + if (XSTRSTR(name, "ADH")) haveAnon = 1; - else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL)) + else + #endif + if (haveRSAsig == 0 + #ifndef NO_PSK + && (XSTRSTR(name, "PSK") == NULL) + #endif + ) { haveRSAsig = 1; + } ret = 1; /* found at least one */ break; diff --git a/src/ssl.c b/src/ssl.c index 6e0c63db8..75709d657 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4690,8 +4690,10 @@ int PemToDer(const unsigned char* buff, long longSz, int type, case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break; #endif +#ifndef NO_DSA case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break; +#endif #ifdef HAVE_ECC case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break; @@ -4782,7 +4784,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, word32 lineSz; char* finish; word32 finishSz; - char* start; + char* start = NULL; word32 startSz; char* newline; @@ -4791,12 +4793,17 @@ int PemToDer(const unsigned char* buff, long longSz, int type, } lineSz = (word32)(bufferEnd - line); + #ifndef NO_DES3 start = XSTRNSTR(line, "DES", min(lineSz, PEM_LINE_LEN)); + #endif + #ifndef NO_AES if (start == NULL) { start = XSTRNSTR(line, "AES", min(lineSz, PEM_LINE_LEN)); } + #endif + (void)lineSz; if (start == NULL) return WOLFSSL_BAD_FILE; if (info == NULL) return WOLFSSL_BAD_FILE; @@ -16097,20 +16104,29 @@ const char* wolfSSL_get_version(WOLFSSL* ssl) WOLFSSL_ENTER("SSL_get_version"); if (ssl->version.major == SSLv3_MAJOR) { switch (ssl->version.minor) { + #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 case SSLv3_MINOR : return "SSLv3"; + #endif + #ifdef WOLFSSL_ALLOW_TLSV10 case TLSv1_MINOR : return "TLSv1"; + #endif case TLSv1_1_MINOR : return "TLSv1.1"; + #endif case TLSv1_2_MINOR : return "TLSv1.2"; + #ifdef WOLFSSL_TLS13 case TLSv1_3_MINOR : return "TLSv1.3"; + #endif default: return "unknown"; } } +#ifdef WOLFSSL_DTLS else if (ssl->version.major == DTLS_MAJOR) { switch (ssl->version.minor) { case DTLS_MINOR : @@ -16121,6 +16137,7 @@ const char* wolfSSL_get_version(WOLFSSL* ssl) return "unknown"; } } +#endif /* WOLFSSL_DTLS */ return "unknown"; } @@ -29433,6 +29450,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) type = oidBlkType; break; + #ifndef NO_DES3 case NID_des: id = DESb; sName = "DES-CBC"; @@ -29444,6 +29462,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) sName = "DES3-CBC"; type = oidBlkType; break; + #endif /* !NO_DES3 */ #ifdef HAVE_OCSP case NID_id_pkix_OCSP_basic: diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5c3152afc..d81f8d4b3 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4460,7 +4460,7 @@ static int GetName(DecodedCert* cert, int nameType) if (dName->cnLen != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/CN=", 4); + XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4); idx += 4; XMEMCPY(&dName->fullName[idx], &cert->source[dName->cnIdx], dName->cnLen); @@ -4469,7 +4469,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (dName->snLen != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/SN=", 4); + XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4); idx += 4; XMEMCPY(&dName->fullName[idx], &cert->source[dName->snIdx], dName->snLen); @@ -4478,7 +4478,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (dName->cLen != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/C=", 3); + XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3); idx += 3; XMEMCPY(&dName->fullName[idx], &cert->source[dName->cIdx], dName->cLen); @@ -4487,7 +4487,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (dName->lLen != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/L=", 3); + XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3); idx += 3; XMEMCPY(&dName->fullName[idx], &cert->source[dName->lIdx], dName->lLen); @@ -4496,7 +4496,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (dName->stLen != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/ST=", 4); + XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4); idx += 4; XMEMCPY(&dName->fullName[idx], &cert->source[dName->stIdx], dName->stLen); @@ -4505,7 +4505,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (dName->oLen != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/O=", 3); + XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3); idx += 3; XMEMCPY(&dName->fullName[idx], &cert->source[dName->oIdx], dName->oLen); @@ -4514,7 +4514,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (dName->ouLen != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/OU=", 4); + XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4); idx += 4; XMEMCPY(&dName->fullName[idx], &cert->source[dName->ouIdx], dName->ouLen); @@ -4533,7 +4533,7 @@ static int GetName(DecodedCert* cert, int nameType) for (i = 0;i < dName->dcNum;i++){ if (dName->dcLen[i] != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/DC=", 4); + XMEMCPY(&dName->fullName[idx], WOLFSSL_DOMAIN_COMPONENT, 4); idx += 4; XMEMCPY(&dName->fullName[idx], &cert->source[dName->dcIdx[i]], dName->dcLen[i]); @@ -4552,7 +4552,7 @@ static int GetName(DecodedCert* cert, int nameType) } if (dName->serialLen != 0) { dName->entryCount++; - XMEMCPY(&dName->fullName[idx], "/serialNumber=", 14); + XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14); idx += 14; XMEMCPY(&dName->fullName[idx], &cert->source[dName->serialIdx], dName->serialLen); @@ -7293,8 +7293,10 @@ const char* const END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; const char* const BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; const char* const END_EC_PRIV = "-----END EC PRIVATE KEY-----"; #endif -const char* const BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; -const char* const END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || !defined(NO_DSA) + const char* const BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; + const char* const END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; +#endif const char* const BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; const char* const END_PUB_KEY = "-----END PUBLIC KEY-----"; #ifdef HAVE_ED25519 diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 9649aa20a..e76aff46b 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -116,15 +116,15 @@ enum DN_Tags { }; /* DN Tag Strings */ -#define WOLFSSL_COMMON_NAME "/CN" -#define WOLFSSL_SUR_NAME "/SN" -#define WOLFSSL_SERIAL_NUMBER "/serialNumber=" -#define WOLFSSL_COUNTRY_NAME "/C" -#define WOLFSSL_LOCALITY_NAME "/L" -#define WOLFSSL_STATE_NAME "/ST" -#define WOLFSSL_ORG_NAME "/O" -#define WOLFSSL_ORGUNIT_NAME "/OU" -#define WOLFSSL_DOMAIN_COMPONENT "/DC" +#define WOLFSSL_COMMON_NAME "/CN=" +#define WOLFSSL_SUR_NAME "/SN=" +#define WOLFSSL_SERIAL_NUMBER "/serialNumber=" +#define WOLFSSL_COUNTRY_NAME "/C=" +#define WOLFSSL_LOCALITY_NAME "/L=" +#define WOLFSSL_STATE_NAME "/ST=" +#define WOLFSSL_ORG_NAME "/O=" +#define WOLFSSL_ORGUNIT_NAME "/OU=" +#define WOLFSSL_DOMAIN_COMPONENT "/DC=" enum PBES { PBE_MD5_DES = 0,