diff --git a/commit-tests.sh b/commit-tests.sh index 1c0a1fa8f..dce1a728c 100755 --- a/commit-tests.sh +++ b/commit-tests.sh @@ -23,7 +23,7 @@ RESULT=$? # make sure full config is ok echo -e "\n\nTesting full config as well...\n\n" -./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia; +./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512; RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1 diff --git a/configure.ac b/configure.ac index c1cc99230..ba66ef66d 100644 --- a/configure.ac +++ b/configure.ac @@ -289,7 +289,7 @@ fi if test "$ENABLED_AESGCM" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512" + AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM" fi AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"]) @@ -304,7 +304,7 @@ AC_ARG_ENABLE([aesccm], if test "$ENABLED_AESCCM" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM -DCYASSL_SHA384 -DCYASSL_SHA512" + AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM" fi AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"]) @@ -424,16 +424,6 @@ then ENABLED_SHA512="yes" fi -if test "$ENABLED_AESGCM" = "yes" -then - ENABLED_SHA512="yes" -fi - -if test "$ENABLED_AESCCM" = "yes" -then - ENABLED_SHA512="yes" -fi - AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"]) diff --git a/ctaocrypt/src/arc4.c b/ctaocrypt/src/arc4.c index 7c3c2f07a..9c77f7fc5 100644 --- a/ctaocrypt/src/arc4.c +++ b/ctaocrypt/src/arc4.c @@ -23,6 +23,8 @@ #include #endif +#ifndef NO_RC4 + #include @@ -170,3 +172,6 @@ static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, } #endif /* HAVE_CAVIUM */ + +#endif /* NO_ARC4 */ + diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 72dee4f9f..4986fb02b 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1436,9 +1436,7 @@ static int GetKey(DecodedCert* cert) /* process NAME, either issuer or subject */ static int GetName(DecodedCert* cert, int nameType) { -#ifndef NO_SHA - Sha sha; -#endif + Sha sha; /* MUST have SHA-1 hash for cert names */ int length; /* length of all distinguished names */ int dummy; char* full = (nameType == ISSUER) ? cert->issuer : cert->subject; @@ -1463,14 +1461,12 @@ static int GetName(DecodedCert* cert, int nameType) if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) return ASN_PARSE_E; -#ifndef NO_SHA InitSha(&sha); ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx); if (nameType == ISSUER) ShaFinal(&sha, cert->issuerHash); else ShaFinal(&sha, cert->subjectHash); -#endif length += cert->srcIdx; idx = 0; diff --git a/cyassl/internal.h b/cyassl/internal.h index 00cafab24..80bf98913 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -171,7 +171,9 @@ void c32to24(word32 in, word24 out); #endif #if defined (HAVE_AESGCM) #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 + #if defined (CYASSL_SHA384) + #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 + #endif #endif #if defined (HAVE_AESCCM) #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 @@ -259,27 +261,29 @@ void c32to24(word32 in, word24 out); #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 #if defined (HAVE_AESGCM) #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + #if defined (CYASSL_SHA384) + #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + #endif #endif #endif #endif #if defined(HAVE_ECC) && !defined(NO_TLS) #if !defined(NO_AES) - #if !defined(NO_SHA) - #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - #endif - - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - + #if !defined(NO_SHA) + #if !defined(NO_RSA) + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #endif + + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #endif /* NO_SHA */ #ifndef NO_SHA256 #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 @@ -302,21 +306,25 @@ void c32to24(word32 in, word24 out); #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #if defined(CYASSL_SHA384) + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #endif #endif #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + + #if defined(CYASS_SHA384) + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + #endif #endif #if defined (HAVE_AESCCM) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 #endif - #endif + #endif /* NO_AES */ #if !defined(NO_RC4) #if !defined(NO_SHA) #if !defined(NO_RSA) @@ -337,7 +345,6 @@ void c32to24(word32 in, word24 out); #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA #endif - #endif #endif diff --git a/src/internal.c b/src/internal.c index 801f189a3..1e61e3a54 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4154,6 +4154,9 @@ static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type) ssl->alert_history.last_rx.code = code; ssl->alert_history.last_rx.level = level; *type = code; + if (level == alert_fatal) { + ssl->options.isClosed = 1; /* Don't send close_notify */ + } CYASSL_MSG("Got alert"); if (*type == close_notify) { @@ -5180,7 +5183,6 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek) CYASSL_ERROR(ssl->error); if (ssl->error == ZERO_RETURN) { CYASSL_MSG("Zero return, no more data coming"); - ssl->options.isClosed = 1; /* Don't send close_notify */ return 0; /* no more data coming */ } if (ssl->error == SOCKET_ERROR_E) { @@ -5248,6 +5250,9 @@ int SendAlert(CYASSL* ssl, int severity, int type) input[1] = (byte)type; ssl->alert_history.last_tx.code = type; ssl->alert_history.last_tx.level = severity; + if (severity == alert_fatal) { + ssl->options.isClosed = 1; /* Don't send close_notify */ + } /* only send encrypted alert if handshake actually complete, otherwise other side may not be able to handle it */ @@ -8459,12 +8464,6 @@ int SetCipherList(Suites* s, const char* list) return 1; break; - case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : - case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : if (requirement == REQUIRES_RSA) @@ -8473,12 +8472,6 @@ int SetCipherList(Suites* s, const char* list) return 1; break; - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : - if (requirement == REQUIRES_ECC_DSA) - return 1; - break; - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : if (requirement == REQUIRES_RSA_SIG) @@ -8486,6 +8479,19 @@ int SetCipherList(Suites* s, const char* list) if (requirement == REQUIRES_ECC_STATIC) return 1; break; +#endif + + case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : + case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; + + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : + if (requirement == REQUIRES_ECC_DSA) + return 1; + break; case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : @@ -8494,7 +8500,6 @@ int SetCipherList(Suites* s, const char* list) if (requirement == REQUIRES_ECC_STATIC) return 1; break; -#endif default: CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC");