diff --git a/src/internal.c b/src/internal.c index a0a2e1500..93d10d3b0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14240,7 +14240,7 @@ static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) #endif -#if defined(HAVE_POLY1305) && defined(HAVE_CHACHA) +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD) /* Used for the older version of creating AEAD tags with Poly1305 */ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, byte* cipher, word16 sz, byte* tag) @@ -14630,7 +14630,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, return ret; } -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ +#endif /* HAVE_CHACHA && HAVE_POLY1305 && !NO_CHAPOL_AEAD*/ #endif /* HAVE_AEAD */ @@ -14814,7 +14814,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, break; #endif - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + !defined(NO_CHAPOL_AEAD) case wolfssl_chacha: ret = ChachaAEADEncrypt(ssl, out, input, sz); break; @@ -15085,7 +15086,8 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, break; #endif - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + !defined(NO_CHAPOL_AEAD) case wolfssl_chacha: ret = ChachaAEADDecrypt(ssl, plain, input, sz); break; @@ -20451,9 +20453,14 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) int i; word32 length; - next = XSTRSTR(next, ":"); - length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */ - : (word32)(next - current)); + next = XSTRSTR(next, ":"); + length = MAX_SUITE_NAME + 1; + if (next != NULL) { + word32 currLen = (word32)(next - current); + if (length > currLen) { + length = currLen; + } + } XSTRNCPY(name, current, length); name[(length == sizeof(name)) ? length - 1 : length] = 0; @@ -26572,8 +26579,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case ecdhe_psk_kea: /* Fall through to create temp ECC key */ #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */ - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448) + #if defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + !defined(NO_RSA))) case ecc_diffie_hellman_kea: { #ifdef HAVE_CURVE25519 @@ -26661,7 +26670,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case TLS_ASYNC_BUILD: { #if (!defined(NO_DH) && !defined(NO_RSA)) || (defined(HAVE_ECC) || \ - defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448))) word32 preSigSz, preSigIdx; #endif @@ -26918,8 +26928,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */ - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448) + #if defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + !defined(NO_RSA))) case ecc_diffie_hellman_kea: { enum wc_HashType hashType; @@ -26963,7 +26975,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->exportBuf, &args->exportSz) != 0) { ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); } - #endif + #endif } args->length += args->exportSz; diff --git a/src/keys.c b/src/keys.c index 67e65feea..2da340541 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2273,7 +2273,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif /* BUILD_ARC4 */ -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD) /* Check that the max implicit iv size is suffecient */ #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */ #error AEAD_MAX_IMP_SZ is too small for ChaCha20 diff --git a/src/ssl.c b/src/ssl.c index bcd259e12..5f320f0ba 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6762,8 +6762,10 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, long sz = 0; XFILE file; void* heapHint = wolfSSL_CTX_GetHeap(ctx, ssl); +#ifndef NO_CODING const char* header = NULL; const char* footer = NULL; +#endif (void)crl; (void)heapHint; @@ -6800,6 +6802,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, else { /* Try to detect type by parsing cert header and footer */ if (type == DETECT_CERT_TYPE) { +#ifndef NO_CODING if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 && (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) { type = CA_TYPE; @@ -6814,7 +6817,9 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) { type = CERT_TYPE; } - else { + else +#endif + { WOLFSSL_MSG("Failed to detect certificate type"); if (dynamic) XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE); diff --git a/tests/api.c b/tests/api.c index 5832e194a..96df5ad14 100644 --- a/tests/api.c +++ b/tests/api.c @@ -6708,7 +6708,7 @@ static void test_wolfSSL_PKCS8(void) XFILE f; int bytes; WOLFSSL_CTX* ctx; -#ifdef HAVE_ECC +#if defined(HAVE_ECC) && !defined(NO_CODING) int ret; ecc_key key; word32 x = 0; @@ -6725,6 +6725,8 @@ static void test_wolfSSL_PKCS8(void) int flag; #endif + (void)der; + printf(testingFmt, "wolfSSL_PKCS8()"); #ifndef NO_WOLFSSL_CLIENT @@ -6854,6 +6856,7 @@ static void test_wolfSSL_PKCS8(void) AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#ifndef NO_CODING /* decrypt PKCS8 PEM to key in DER format */ AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), 0); @@ -6863,6 +6866,7 @@ static void test_wolfSSL_PKCS8(void) wc_ecc_free(&key); } AssertIntEQ(ret, 0); +#endif /* Test PKCS8 DER ECC key no crypt */ f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb"); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 2abd53ecf..4f07d53a9 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -861,6 +861,13 @@ #endif #endif +#if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && \ + (defined(NO_DH) || !defined(HAVE_ANON)) && \ + defined(NO_RSA) && !defined(HAVE_ECC) && \ + !defined(HAVE_ED25519) && !defined(HAVE_ED448) + #error "No cipher suites avaialble with this build" +#endif + #ifdef WOLFSSL_MULTICAST #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) #define BUILD_WDM_WITH_NULL_SHA256 diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 76557b69c..8ea29ad77 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2322,7 +2322,7 @@ extern void uITRON4_free(void *p) ; #endif /* support for disabling PEM to DER */ -#if !defined(WOLFSSL_NO_PEM) +#if !defined(WOLFSSL_NO_PEM) && !defined(NO_CODING) #undef WOLFSSL_PEM_TO_DER #define WOLFSSL_PEM_TO_DER #endif