diff --git a/configure.ac b/configure.ac index b50f3123a..aed27d36d 100644 --- a/configure.ac +++ b/configure.ac @@ -805,7 +805,7 @@ then # sp-math is incompatible with opensslextra, ECC custom curves, and DSA. if test "$ENABLED_SP_MATH" = "no" then - test "$enable_dsa" = "" && enable_dsa=yes + test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes test "$enable_brainpool" = "" && enable_brainpool=yes test "$enable_srp" = "" && enable_srp=yes @@ -974,7 +974,7 @@ then if test "$ENABLED_SP_MATH" = "no" then - test "$enable_dsa" = "" && enable_dsa=yes + test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes test "$enable_brainpool" = "" && enable_brainpool=yes test "$enable_srp" = "" && enable_srp=yes @@ -3585,7 +3585,7 @@ AC_ARG_ENABLE([dsa], [ ENABLED_DSA=no ] ) -if test "$enable_dsa" = "" +if test "$enable_dsa" = "" && test "$enable_sha" != "no" then if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes" then @@ -9725,8 +9725,11 @@ echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION" echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV" echo " * Keying Material Exporter: $ENABLED_KEYING_MATERIAL" echo " * All TLS Extensions: $ENABLED_TLSX" -echo " * PKCS#7: $ENABLED_PKCS7" echo " * S/MIME: $ENABLED_SMIME" +echo " * PKCS#7: $ENABLED_PKCS7" +echo " * PKCS#8: $ENABLED_PKCS8" +echo " * PKCS#11: $ENABLED_PKCS11" +echo " * PKCS#12: $ENABLED_PKCS12" echo " * wolfSSH: $ENABLED_WOLFSSH" echo " * wolfEngine: $ENABLED_WOLFENGINE" echo " * wolfTPM: $ENABLED_WOLFTPM" @@ -9745,9 +9748,6 @@ echo " * User Crypto: $ENABLED_USER_CRYPTO" echo " * Fast RSA: $ENABLED_FAST_RSA" echo " * Asynchronous Crypto: $ENABLED_ASYNCCRYPT" echo " * Asynchronous Crypto (sim): $ENABLED_ASYNCCRYPT_SW" -echo " * PKCS#8: $ENABLED_PKCS8" -echo " * PKCS#11: $ENABLED_PKCS11" -echo " * PKCS#12: $ENABLED_PKCS12" echo " * Cavium Nitrox: $ENABLED_CAVIUM" echo " * Cavium Octeon (Sync): $ENABLED_OCTEON_SYNC" echo " * Intel Quick Assist: $ENABLED_INTEL_QA" diff --git a/src/wolfio.c b/src/wolfio.c index d77ce394f..4fee95835 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -2489,11 +2489,18 @@ int MicriumSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) /* Micrium DTLS Generate Cookie callback * return : number of bytes copied into buf, or error */ +#if defined(NO_SHA) && !defined(NO_SHA256) + #define MICRIUM_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#elif !defined(NO_SHA) + #define MICRIUM_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE +#else + #error Must enable either SHA-1 or SHA256 (or both) for Micrium. +#endif int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx) { NET_SOCK_ADDR peer; NET_SOCK_ADDR_LEN peerSz = sizeof(peer); - byte digest[WC_SHA_DIGEST_SIZE]; + byte digest[MICRIUM_COOKIE_DIGEST_SIZE]; int ret = 0; (void)ctx; @@ -2513,8 +2520,8 @@ int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx) if (ret != 0) return ret; - if (sz > WC_SHA_DIGEST_SIZE) - sz = WC_SHA_DIGEST_SIZE; + if (sz > MICRIUM_COOKIE_DIGEST_SIZE) + sz = MICRIUM_COOKIE_DIGEST_SIZE; XMEMCPY(buf, digest, sz); return sz; @@ -2808,11 +2815,18 @@ int uIPReceive(WOLFSSL *ssl, char *buf, int sz, void *_ctx) /* uIP DTLS Generate Cookie callback * return : number of bytes copied into buf, or error */ +#if defined(NO_SHA) && !defined(NO_SHA256) + #define UIP_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#elif !defined(NO_SHA) + #define UIP_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE +#else + #error Must enable either SHA-1 or SHA256 (or both) for uIP. +#endif int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx) { uip_wolfssl_ctx *ctx = (uip_wolfssl_ctx *)_ctx; byte token[32]; - byte digest[WC_SHA_DIGEST_SIZE]; + byte digest[UIP_COOKIE_DIGEST_SIZE]; int ret = 0; XMEMSET(token, 0, sizeof(token)); XMEMCPY(token, &ctx->peer_addr, sizeof(uip_ipaddr_t)); @@ -2824,8 +2838,8 @@ int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx) #endif if (ret != 0) return ret; - if (sz > WC_SHA_DIGEST_SIZE) - sz = WC_SHA_DIGEST_SIZE; + if (sz > UIP_COOKIE_DIGEST_SIZE) + sz = UIP_COOKIE_DIGEST_SIZE; XMEMCPY(buf, digest, sz); return sz; } @@ -2889,13 +2903,20 @@ int GNRC_ReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *_ctx) * return : number of bytes copied into buf, or error */ #define GNRC_MAX_TOKEN_SIZE (32) +#if defined(NO_SHA) && !defined(NO_SHA256) + #define GNRC_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#elif !defined(NO_SHA) + #define GNRC_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE +#else + #error Must enable either SHA-1 or SHA256 (or both) for GNRC. +#endif int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx) { sock_tls_t *ctx = (sock_tls_t *)_ctx; if (!ctx) return WOLFSSL_CBIO_ERR_GENERAL; byte token[GNRC_MAX_TOKEN_SIZE]; - byte digest[WC_SHA_DIGEST_SIZE]; + byte digest[GNRC_COOKIE_DIGEST_SIZE]; int ret = 0; size_t token_size = sizeof(sock_udp_ep_t); (void)ssl; @@ -2910,8 +2931,8 @@ int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx) #endif if (ret != 0) return ret; - if (sz > WC_SHA_DIGEST_SIZE) - sz = WC_SHA_DIGEST_SIZE; + if (sz > GNRC_COOKIE_DIGEST_SIZE) + sz = GNRC_COOKIE_DIGEST_SIZE; XMEMCPY(buf, digest, sz); return sz; }