From 5f59e469d2e2d00a34b3fa7be07562b4c47c9583 Mon Sep 17 00:00:00 2001
From: Todd A Ouska <todd@yassl.com>
Date: Fri, 5 Aug 2011 13:09:54 -0700
Subject: [PATCH] fix NO_SHA256 build problem, and NO_SHA256 trying to use TLS
 1.2 bug

---
 ctaocrypt/src/pwdbased.c | 11 ++++++++++-
 src/tls.c                | 16 ++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c
index af4f985b4..af9cf5208 100644
--- a/ctaocrypt/src/pwdbased.c
+++ b/ctaocrypt/src/pwdbased.c
@@ -108,9 +108,11 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
     else if (hashType == SHA) {
         hLen = SHA_DIGEST_SIZE;
     }
+#ifndef NO_SHA256
     else if (hashType == SHA256) {
         hLen = SHA256_DIGEST_SIZE;
     }
+#endif
 #ifdef CYASSL_SHA512
     else if (hashType == SHA512) {
         hLen = SHA512_DIGEST_SIZE;
@@ -164,9 +166,12 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
 #ifdef CYASSL_SHA512
     byte   Ai[SHA512_DIGEST_SIZE];
     byte   B[SHA512_BLOCK_SIZE];
-#else
+#elif !defined(NO_SHA256)
     byte   Ai[SHA256_DIGEST_SIZE];
     byte   B[SHA256_BLOCK_SIZE];
+#else
+    byte   Ai[SHA_DIGEST_SIZE];
+    byte   B[SHA_BLOCK_SIZE];
 #endif
 
     if (!iterations)
@@ -180,10 +185,12 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
         v = SHA_BLOCK_SIZE;
         u = SHA_DIGEST_SIZE;
     }
+#ifndef NO_SHA256
     else if (hashType == SHA256) {
         v = SHA256_BLOCK_SIZE;
         u = SHA256_DIGEST_SIZE;
     }
+#endif
 #ifdef CYASSL_SHA512
     else if (hashType == SHA512) {
         v = SHA512_BLOCK_SIZE;
@@ -239,8 +246,10 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
                 ShaFinal(&sha, Ai);
             }
         }
+#ifndef NO_SHA256
         else if (hashType == SHA256) {
         }
+#endif
 #ifdef CYASSL_SHA512
         else if (hashType == SHA512) {
         }
diff --git a/src/tls.c b/src/tls.c
index 706bb0def..2dced68f9 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -346,6 +346,8 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
     }
 
 
+#ifndef NO_SHA256   /* can't use without SHA256 */
+
     SSL_METHOD* TLSv1_2_client_method(void)
     {
         SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
@@ -355,13 +357,19 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
         return method;
     }
 
+#endif
+
 
     SSL_METHOD* SSLv23_client_method(void)
     {
         SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
                                                    DYNAMIC_TYPE_METHOD);
         if (method) {
+#ifndef NO_SHA256         /* 1.2 requires SHA256 */
             InitSSL_Method(method, MakeTLSv1_2());
+#else
+            InitSSL_Method(method, MakeTLSv1_1());
+#endif
             method->downgrade = 1;
         }
         return method;
@@ -398,6 +406,8 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
     }
 
 
+#ifndef NO_SHA256   /* can't use without SHA256 */
+
     SSL_METHOD* TLSv1_2_server_method(void)
     {
         SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
@@ -409,13 +419,19 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
         return method;
     }
 
+#endif
+
 
     SSL_METHOD *SSLv23_server_method(void)
     {
         SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
                                                    DYNAMIC_TYPE_METHOD);
         if (method) {
+#ifndef NO_SHA256         /* 1.2 requires SHA256 */
             InitSSL_Method(method, MakeTLSv1_2());
+#else
+            InitSSL_Method(method, MakeTLSv1_1());
+#endif
             method->side      = SERVER_END;
             method->downgrade = 1;
         }