From 9a1b32d830a3bba0ccecdfb595e7e3ab79e0a3cb Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Tue, 12 Mar 2013 12:48:41 -0700
Subject: [PATCH] add --enable-asn, build, and checks for rsa / psk w/o asn

---
 configure.ac   | 65 ++++++++++++++++++++++++++++++++++++++++----------
 src/include.am |  5 +++-
 src/internal.c |  8 +++++--
 src/ssl.c      |  1 +
 4 files changed, 63 insertions(+), 16 deletions(-)

diff --git a/configure.ac b/configure.ac
index a1cb2af8f..34f8a0103 100644
--- a/configure.ac
+++ b/configure.ac
@@ -485,6 +485,24 @@ then
 fi
 
 
+# PSK 
+AC_ARG_ENABLE([psk],
+    [  --enable-psk            Enable PSK (default: disabled)],
+    [ ENABLED_PSK=$enableval ],
+    [ ENABLED_PSK=no ]
+    )
+
+if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
+fi
+
+if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "yes"
+then
+    ENABLED_PSK=yes
+fi
+
+
 # RSA 
 AC_ARG_ENABLE([rsa],
     [  --enable-rsa            Enable RSA (default: enabled)],
@@ -507,6 +525,39 @@ fi
 AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
 
 
+# ASN
+# can't use certs, rsa, dh if leaving out asn
+AC_ARG_ENABLE([asn],
+    [  --enable-asn            Enable ASN (default: enabled)],
+    [ ENABLED_ASN=$enableval ],
+    [ ENABLED_ASN=yes ]
+    )
+
+if test "$ENABLED_ASN" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_DH"
+else
+    # turn off ASN if leanpsk on
+    if test "$ENABLED_LEANPSK" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_DH"
+        ENABLED_ASN=no
+    fi
+fi
+
+if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no"
+then
+    AC_MSG_ERROR([please disable rsa if disabling asn.])
+fi
+
+if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no"
+then
+    AC_MSG_ERROR([please enable psk if disabling asn.])
+fi
+
+AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"])
+
+
 # AES
 AC_ARG_ENABLE([aes],
     [  --enable-aes            Enable AES (default: enabled)],
@@ -702,19 +753,6 @@ fi
 AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
 
 
-# PSK 
-AC_ARG_ENABLE([psk],
-    [  --enable-psk            Enable PSK (default: disabled)],
-    [ ENABLED_PSK=$enableval ],
-    [ ENABLED_PSK=no ]
-    )
-
-if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
-fi
-
-
 # Web Server Build 
 AC_ARG_ENABLE([webServer],
     [  --enable-webServer      Enable Web Server (default: disabled)],
@@ -1069,6 +1107,7 @@ echo "   * PSK:                       $ENABLED_PSK"
 echo "   * LEANPSK:                   $ENABLED_LEANPSK"
 echo "   * RSA:                       $ENABLED_RSA"
 echo "   * ECC:                       $ENABLED_ECC"
+echo "   * ASN:                       $ENABLED_ASN"
 echo "   * OCSP:                      $ENABLED_OCSP"
 echo "   * CRL:                       $ENABLED_CRL"
 echo "   * CRL-MONITOR:               $ENABLED_CRL_MONITOR"
diff --git a/src/include.am b/src/include.am
index 31183532b..80b87c7a6 100644
--- a/src/include.am
+++ b/src/include.am
@@ -21,7 +21,6 @@ src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
 
 if !BUILD_LEANPSK
 src_libcyassl_la_SOURCES += ctaocrypt/src/coding.c \
-                            ctaocrypt/src/asn.c \
                             ctaocrypt/src/dh.c \
                             ctaocrypt/src/memory.c
 endif
@@ -30,6 +29,10 @@ if BUILD_RSA
 src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c
 endif
 
+if BUILD_ASN
+src_libcyassl_la_SOURCES += ctaocrypt/src/asn.c
+endif
+
 if BUILD_AES
 src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c
 endif
diff --git a/src/internal.c b/src/internal.c
index c88c00047..939709a38 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -94,6 +94,9 @@ typedef enum {
 static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz,
                  int content, int verify);
 
+#endif
+
+#ifndef NO_CERTS
 static void BuildCertHashes(CYASSL* ssl, Hashes* hashes);
 #endif
 
@@ -4599,7 +4602,7 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
     }
 }
 
-
+#ifndef NO_CERTS
 static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest)
 {
     byte md5_result[MD5_DIGEST_SIZE];
@@ -4634,7 +4637,8 @@ static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest)
 
     ShaFinal(&ssl->hashSha, digest);
 }
-#endif
+#endif /* NO_CERTS */
+#endif /* NO_OLD_TLS */
 
 
 #ifndef NO_CERTS
diff --git a/src/ssl.c b/src/ssl.c
index 4217dd4c5..a9700be6b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2865,6 +2865,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
         #ifndef NO_PSK
             havePSK = ssl->options.havePSK;
         #endif
+        (void)havePSK;
 
         if (ssl->options.side != SERVER_END) {
             CYASSL_ERROR(ssl->error = SIDE_ERROR);