fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples

ctaocrypt/benchmark/benchmark.c

@@ -155,7 +155,9 @@ int main(int argc, char** argv)
 #ifndef NO_MD5
     bench_md5();
 #endif
+#ifndef NO_SHA
     bench_sha();
+#endif
 #ifndef NO_SHA256
     bench_sha256();
 #endif
@@ -498,6 +500,7 @@ void bench_md5(void)
 #endif /* NO_MD5 */
 
 
+#ifndef NO_SHA
 void bench_sha(void)
 {
     Sha    hash;
@@ -523,6 +526,7 @@ void bench_sha(void)
     printf("SHA      %d %s took %5.3f seconds, %6.2f MB/s\n", numBlocks,
                                               blockType, total, persec);
 }
+#endif /* NO_SHA */
 
 
 #ifndef NO_SHA256

ctaocrypt/test/test.c

@@ -198,10 +198,12 @@ void ctaocrypt_test(void* args)
         printf( "MD4      test passed!\n");
 #endif
 
+#ifndef NO_SHA
     if ( (ret = sha_test()) ) 
         err_sys("SHA      test failed!\n", ret);
     else
         printf( "SHA      test passed!\n");
+#endif
 
 #ifndef NO_SHA256
     if ( (ret = sha256_test()) ) 
@@ -239,10 +241,12 @@ void ctaocrypt_test(void* args)
             printf( "HMAC-MD5 test passed!\n");
     #endif
 
+    #ifndef NO_SHA
     if ( (ret = hmac_sha_test()) ) 
         err_sys("HMAC-SHA test failed!\n", ret);
     else
         printf( "HMAC-SHA test passed!\n");
+    #endif
 
     #ifndef NO_SHA256
         if ( (ret = hmac_sha256_test()) ) 
@@ -643,6 +647,8 @@ int md4_test(void)
 
 #endif /* NO_MD4 */
 
+#ifndef NO_SHA
+
 int sha_test(void)
 {
     Sha  sha;
@@ -697,6 +703,7 @@ int sha_test(void)
     return 0;
 }
 
+#endif /* NO_SHA */
 
 #ifdef CYASSL_RIPEMD
 int ripemd_test(void)

cyassl/crl.h

@@ -23,6 +23,9 @@
 #ifndef CYASSL_CRL_H
 #define CYASSL_CRL_H
 
+
+#ifdef HAVE_CRL
+
 #include <cyassl/ssl.h>
 #include <cyassl/ctaocrypt/asn.h>
 
@@ -44,4 +47,5 @@ CYASSL_LOCAL int  CheckCertCRL(CYASSL_CRL*, DecodedCert*);
     }  /* extern "C" */
 #endif
 
+#endif /* HAVE_CRL */
 #endif /* CYASSL_CRL_H */

cyassl/internal.h

@@ -938,9 +938,14 @@ CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
 typedef struct OCSP_Entry OCSP_Entry;
 
 #ifdef SHA_DIGEST_SIZE
-#define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
+    #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
 #else
-#define OCSP_DIGEST_SIZE 160
+    #define OCSP_DIGEST_SIZE 160
+#endif
+
+#ifdef NO_ASN 
+    /* no_asn won't have */
+    typedef struct CertStatus CertStatus;
 #endif
 
 struct OCSP_Entry {
@@ -971,9 +976,13 @@ struct CYASSL_OCSP {
 typedef struct CRL_Entry CRL_Entry;
 
 #ifdef SHA_DIGEST_SIZE
-#define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
+    #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
 #else
-#define CRL_DIGEST_SIZE 160
+    #define CRL_DIGEST_SIZE 160
+#endif
+
+#ifdef NO_ASN 
+    typedef struct RevokedCert RevokedCert;
 #endif
 
 /* Complete CRL */
@@ -1000,6 +1009,10 @@ struct CRL_Monitor {
 };
 
 
+#ifndef HAVE_CRL
+    typedef struct CYASSL_CRL CYASSL_CRL;
+#endif
+
 /* CyaSSL CRL controller */
 struct CYASSL_CRL {
     CYASSL_CERT_MANAGER* cm;            /* pointer back to cert manager */
@@ -1012,6 +1025,11 @@ struct CYASSL_CRL {
 };
 
 
+#ifdef NO_ASN 
+    typedef struct Signer Signer;
+#endif
+
+
 /* CyaSSL Certificate Manager */
 struct CYASSL_CERT_MANAGER {
     Signer*         caList;             /* the CA signer list */
@@ -1472,7 +1490,11 @@ struct CYASSL_X509_NAME {
 };
 
 #ifndef EXTERNAL_SERIAL_SIZE
-#define EXTERNAL_SERIAL_SIZE 32
+    #define EXTERNAL_SERIAL_SIZE 32
+#endif
+
+#ifdef NO_ASN 
+    typedef struct DNS_entry DNS_entry;
 #endif
 
 struct CYASSL_X509 {

cyassl/ocsp.h

@@ -25,6 +25,7 @@
 #ifndef CYASSL_OCSP_H
 #define CYASSL_OCSP_H
 
+#ifdef HAVE_OCSP
 
 #include <cyassl/ssl.h>
 #include <cyassl/ctaocrypt/asn.h>
@@ -47,6 +48,7 @@ CYASSL_LOCAL int  CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP*, DecodedCert*);
 #endif
 
 
+#endif /* HAVE_OCSP */
 #endif /* CYASSL_OCSP_H */
 
 

examples/client/client.c

@@ -154,6 +154,9 @@ void client_test(void* args)
     ourCert    = (char*)cliEccCert;
     ourKey     = (char*)cliEccKey;
 #endif
+    (void)resumeSz;
+    (void)session;
+    (void)sslResume;
 
     while ((ch = mygetopt(argc, argv, "?gdusmNrh:p:v:l:A:c:k:b:")) != -1) {
         switch (ch) {
@@ -342,7 +345,7 @@ void client_test(void* args)
 #ifdef VERIFY_CALLBACK
     CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
 #endif
-#ifndef NO_FILESYSTEM   
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     if (!usePsk){
         if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
                                      != SSL_SUCCESS)
@@ -351,8 +354,8 @@ void client_test(void* args)
 
         if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
                                          != SSL_SUCCESS)
-            err_sys("can't load client private key file, check file and run from"
+            err_sys("can't load client private key file, check file and run "
-                    " CyaSSL home dir");    
+                    "from CyaSSL home dir");    
 
         if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
                 err_sys("can't load ca file, Please run from CyaSSL home dir");
@@ -471,6 +474,7 @@ void client_test(void* args)
             err_sys("CyaSSL_read failed");
     }
 
+#ifndef NO_SESSION_CACHE
     if (resumeSession) {
         if (doDTLS) {
             strncpy(msg, "break", 6);
@@ -481,12 +485,14 @@ void client_test(void* args)
         session   = CyaSSL_get_session(ssl);
         sslResume = CyaSSL_new(ctx);
     }
+#endif
 
     if (doDTLS == 0)            /* don't send alert after "break" command */
         CyaSSL_shutdown(ssl);  /* echoserver will interpret as new conn */
     CyaSSL_free(ssl);
     CloseSocket(sockfd);
 
+#ifndef NO_SESSION_CACHE
     if (resumeSession) {
         if (doDTLS) {
             SOCKADDR_IN_T addr;
@@ -550,6 +556,7 @@ void client_test(void* args)
         CyaSSL_free(sslResume);
         CloseSocket(sockfd);
     }
+#endif /* NO_SESSION_CACHE */
 
     CyaSSL_CTX_free(ctx);
 

examples/echoserver/echoserver.c

@@ -133,6 +133,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                 != SSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from CyaSSL home dir");
+    #elif defined(NO_CERTS)
+        /* do nothing, just don't load cert files */
     #else
         /* normal */
         if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)

examples/server/server.c

@@ -274,7 +274,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     usePsk = 1;
 #endif
 
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     if (!usePsk) {
         if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
                                          != SSL_SUCCESS)
@@ -292,7 +292,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     }
 #endif
 
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     if (!useNtruKey && !usePsk) {
         if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
                                          != SSL_SUCCESS)
@@ -318,7 +318,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #endif
     }
 
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     /* if not using PSK, verify peer with certs */
     if (doCliCertCheck && usePsk == 0) {
         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |

src/internal.c

@@ -4637,7 +4637,7 @@ static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest)
 #endif
 
 
-#ifndef CYASSL_LEANPSK
+#ifndef NO_CERTS
 
 static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
 {

tests/api.c

@@ -35,7 +35,7 @@ static int test_CyaSSL_Init(void);
 static int test_CyaSSL_Cleanup(void);
 static int test_CyaSSL_Method_Allocators(void);
 static int test_CyaSSL_CTX_new(CYASSL_METHOD *method);
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
 static int test_CyaSSL_CTX_use_certificate_file(void);
 static int test_CyaSSL_CTX_use_PrivateKey_file(void);
 static int test_CyaSSL_CTX_load_verify_locations(void);
@@ -51,7 +51,7 @@ static int test_method(CYASSL_METHOD *method, const char *name);
 #ifdef OPENSSL_EXTRA
 static int test_method2(CYASSL_METHOD *method, const char *name);
 #endif
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
 static int test_ucf(CYASSL_CTX *ctx, const char* file, int type,
     int cond, const char* name);
 static int test_upkf(CYASSL_CTX *ctx, const char* file, int type,
@@ -79,7 +79,7 @@ int ApiTest(void)
     test_CyaSSL_Init();
     test_CyaSSL_Method_Allocators();
     test_CyaSSL_CTX_new(CyaSSLv23_server_method());
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
     test_CyaSSL_CTX_use_certificate_file();
     test_CyaSSL_CTX_use_PrivateKey_file();
     test_CyaSSL_CTX_load_verify_locations();
@@ -209,7 +209,7 @@ int test_CyaSSL_CTX_new(CYASSL_METHOD *method)
     return TEST_SUCCESS;
 }
 
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
 /* Helper for testing CyaSSL_CTX_use_certificate_file() */
 int test_ucf(CYASSL_CTX *ctx, const char* file, int type, int cond,
     const char* name)

tests/hash.c

@@ -76,11 +76,13 @@ int HashTest(void)
         printf( "   MD5      test passed!\n");
 #endif
     
+#ifndef NO_SHA
     if ( (ret = sha_test()) ) {
         printf( "   SHA      test failed!\n");
         return ret; 
     } else
         printf( "   SHA      test passed!\n");
+#endif
     
 #ifndef NO_SHA256
     if ( (ret = sha256_test()) ) {
@@ -290,6 +292,7 @@ int md5_test(void)
 
 #endif /* NO_MD5 */
 
+#ifndef NO_SHA
 int sha_test(void)
 {
     Sha  sha;
@@ -343,6 +346,7 @@ int sha_test(void)
 
     return 0;
 }
+#endif /* NO_SHA */
 
 #ifndef NO_SHA256
 int sha256_test(void)

testsuite/testsuite.c

@@ -25,7 +25,7 @@
 
 #include <cyassl/openssl/ssl.h>
 #include <cyassl/test.h>
-#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/sha256.h>
 
 #include "ctaocrypt/test/test.h"
 
@@ -138,8 +138,8 @@ int main(int argc, char** argv)
 
     /* validate output equals input */
     {
-        byte input[SHA_DIGEST_SIZE];
+        byte input[SHA256_DIGEST_SIZE];
-        byte output[SHA_DIGEST_SIZE];
+        byte output[SHA256_DIGEST_SIZE];
 
         file_test("input",  input);
         file_test("output", output);
@@ -220,22 +220,22 @@ void file_test(const char* file, byte* check)
 {
     FILE* f;
     int   i = 0, j;
-    Sha   sha;
+    Sha256   sha256;
     byte  buf[1024];
-    byte  shasum[SHA_DIGEST_SIZE];
+    byte  shasum[SHA256_DIGEST_SIZE];
    
-    InitSha(&sha); 
+    InitSha256(&sha256); 
     if( !( f = fopen( file, "rb" ) )) {
         printf("Can't open %s\n", file);
         return;
     }
     while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 )
-        ShaUpdate(&sha, buf, i);
+        Sha256Update(&sha256, buf, i);
     
-    ShaFinal(&sha, shasum);
+    Sha256Final(&sha256, shasum);
     memcpy(check, shasum, sizeof(shasum));
 
-    for(j = 0; j < SHA_DIGEST_SIZE; ++j ) 
+    for(j = 0; j < SHA256_DIGEST_SIZE; ++j ) 
         printf( "%02x", shasum[j] );
    
     printf("  %s\n", file);