fix NO_SHA256 build problem, and NO_SHA256 trying to use TLS 1.2 bug

2011-08-05 13:09:54 -07:00 · 2011-08-05 13:09:54 -07:00 · 5f59e469d2
parent 2900012054
commit 5f59e469d2
2 changed files with 26 additions and 1 deletions
--- a/ctaocrypt/src/pwdbased.c
+++ b/ctaocrypt/src/pwdbased.c
@ -108,9 +108,11 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
    else if (hashType == SHA) {
        hLen = SHA_DIGEST_SIZE;
    }
+#ifndef NO_SHA256
    else if (hashType == SHA256) {
        hLen = SHA256_DIGEST_SIZE;
    }
+#endif
 #ifdef CYASSL_SHA512
    else if (hashType == SHA512) {
        hLen = SHA512_DIGEST_SIZE;
@ -164,9 +166,12 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
 #ifdef CYASSL_SHA512
    byte   Ai[SHA512_DIGEST_SIZE];
    byte   B[SHA512_BLOCK_SIZE];
-#else
+#elif !defined(NO_SHA256)
    byte   Ai[SHA256_DIGEST_SIZE];
    byte   B[SHA256_BLOCK_SIZE];
+#else
+    byte   Ai[SHA_DIGEST_SIZE];
+    byte   B[SHA_BLOCK_SIZE];
 #endif

    if (!iterations)
@ -180,10 +185,12 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
        v = SHA_BLOCK_SIZE;
        u = SHA_DIGEST_SIZE;
    }
+#ifndef NO_SHA256
    else if (hashType == SHA256) {
        v = SHA256_BLOCK_SIZE;
        u = SHA256_DIGEST_SIZE;
    }
+#endif
 #ifdef CYASSL_SHA512
    else if (hashType == SHA512) {
        v = SHA512_BLOCK_SIZE;
@ -239,8 +246,10 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
                ShaFinal(&sha, Ai);
            }
        }
+#ifndef NO_SHA256
        else if (hashType == SHA256) {
        }
+#endif
 #ifdef CYASSL_SHA512
        else if (hashType == SHA512) {
        }
--- a/src/tls.c
+++ b/src/tls.c
@ -346,6 +346,8 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
    }


+#ifndef NO_SHA256   /* can't use without SHA256 */
+
    SSL_METHOD* TLSv1_2_client_method(void)
    {
        SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
@ -355,13 +357,19 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
        return method;
    }

+#endif
+

    SSL_METHOD* SSLv23_client_method(void)
    {
        SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
                                                   DYNAMIC_TYPE_METHOD);
        if (method) {
+#ifndef NO_SHA256         /* 1.2 requires SHA256 */
            InitSSL_Method(method, MakeTLSv1_2());
+#else
+            InitSSL_Method(method, MakeTLSv1_1());
+#endif
            method->downgrade = 1;
        }
        return method;
@ -398,6 +406,8 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
    }


+#ifndef NO_SHA256   /* can't use without SHA256 */
+
    SSL_METHOD* TLSv1_2_server_method(void)
    {
        SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
@ -409,13 +419,19 @@ void TLS_hmac(SSL* ssl, byte* digest, const byte* in, word32 sz,
        return method;
    }

+#endif
+

    SSL_METHOD *SSLv23_server_method(void)
    {
        SSL_METHOD* method = (SSL_METHOD*) XMALLOC(sizeof(SSL_METHOD), 0,
                                                   DYNAMIC_TYPE_METHOD);
        if (method) {
+#ifndef NO_SHA256         /* 1.2 requires SHA256 */
            InitSSL_Method(method, MakeTLSv1_2());
+#else
+            InitSSL_Method(method, MakeTLSv1_1());
+#endif
            method->side      = SERVER_END;
            method->downgrade = 1;
        }