src/wolfio.c: fix stack allocations for cookie digests on NO_SHA builds;
configure.ac: fix dependencies for enable_dsa vs enable_sha in enable-all, enable-all-crypto, and ENABLED_DSA setup.
This commit is contained in:
parent
eaa66dc117
commit
263973bde9
14
configure.ac
14
configure.ac
@ -805,7 +805,7 @@ then
|
||||
# sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
|
||||
if test "$ENABLED_SP_MATH" = "no"
|
||||
then
|
||||
test "$enable_dsa" = "" && enable_dsa=yes
|
||||
test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
|
||||
test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
|
||||
test "$enable_brainpool" = "" && enable_brainpool=yes
|
||||
test "$enable_srp" = "" && enable_srp=yes
|
||||
@ -974,7 +974,7 @@ then
|
||||
|
||||
if test "$ENABLED_SP_MATH" = "no"
|
||||
then
|
||||
test "$enable_dsa" = "" && enable_dsa=yes
|
||||
test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
|
||||
test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
|
||||
test "$enable_brainpool" = "" && enable_brainpool=yes
|
||||
test "$enable_srp" = "" && enable_srp=yes
|
||||
@ -3585,7 +3585,7 @@ AC_ARG_ENABLE([dsa],
|
||||
[ ENABLED_DSA=no ]
|
||||
)
|
||||
|
||||
if test "$enable_dsa" = ""
|
||||
if test "$enable_dsa" = "" && test "$enable_sha" != "no"
|
||||
then
|
||||
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
|
||||
then
|
||||
@ -9725,8 +9725,11 @@ echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
|
||||
echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV"
|
||||
echo " * Keying Material Exporter: $ENABLED_KEYING_MATERIAL"
|
||||
echo " * All TLS Extensions: $ENABLED_TLSX"
|
||||
echo " * PKCS#7: $ENABLED_PKCS7"
|
||||
echo " * S/MIME: $ENABLED_SMIME"
|
||||
echo " * PKCS#7: $ENABLED_PKCS7"
|
||||
echo " * PKCS#8: $ENABLED_PKCS8"
|
||||
echo " * PKCS#11: $ENABLED_PKCS11"
|
||||
echo " * PKCS#12: $ENABLED_PKCS12"
|
||||
echo " * wolfSSH: $ENABLED_WOLFSSH"
|
||||
echo " * wolfEngine: $ENABLED_WOLFENGINE"
|
||||
echo " * wolfTPM: $ENABLED_WOLFTPM"
|
||||
@ -9745,9 +9748,6 @@ echo " * User Crypto: $ENABLED_USER_CRYPTO"
|
||||
echo " * Fast RSA: $ENABLED_FAST_RSA"
|
||||
echo " * Asynchronous Crypto: $ENABLED_ASYNCCRYPT"
|
||||
echo " * Asynchronous Crypto (sim): $ENABLED_ASYNCCRYPT_SW"
|
||||
echo " * PKCS#8: $ENABLED_PKCS8"
|
||||
echo " * PKCS#11: $ENABLED_PKCS11"
|
||||
echo " * PKCS#12: $ENABLED_PKCS12"
|
||||
echo " * Cavium Nitrox: $ENABLED_CAVIUM"
|
||||
echo " * Cavium Octeon (Sync): $ENABLED_OCTEON_SYNC"
|
||||
echo " * Intel Quick Assist: $ENABLED_INTEL_QA"
|
||||
|
39
src/wolfio.c
39
src/wolfio.c
@ -2489,11 +2489,18 @@ int MicriumSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
|
||||
/* Micrium DTLS Generate Cookie callback
|
||||
* return : number of bytes copied into buf, or error
|
||||
*/
|
||||
#if defined(NO_SHA) && !defined(NO_SHA256)
|
||||
#define MICRIUM_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
|
||||
#elif !defined(NO_SHA)
|
||||
#define MICRIUM_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE
|
||||
#else
|
||||
#error Must enable either SHA-1 or SHA256 (or both) for Micrium.
|
||||
#endif
|
||||
int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
|
||||
{
|
||||
NET_SOCK_ADDR peer;
|
||||
NET_SOCK_ADDR_LEN peerSz = sizeof(peer);
|
||||
byte digest[WC_SHA_DIGEST_SIZE];
|
||||
byte digest[MICRIUM_COOKIE_DIGEST_SIZE];
|
||||
int ret = 0;
|
||||
|
||||
(void)ctx;
|
||||
@ -2513,8 +2520,8 @@ int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if (sz > WC_SHA_DIGEST_SIZE)
|
||||
sz = WC_SHA_DIGEST_SIZE;
|
||||
if (sz > MICRIUM_COOKIE_DIGEST_SIZE)
|
||||
sz = MICRIUM_COOKIE_DIGEST_SIZE;
|
||||
XMEMCPY(buf, digest, sz);
|
||||
|
||||
return sz;
|
||||
@ -2808,11 +2815,18 @@ int uIPReceive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
|
||||
/* uIP DTLS Generate Cookie callback
|
||||
* return : number of bytes copied into buf, or error
|
||||
*/
|
||||
#if defined(NO_SHA) && !defined(NO_SHA256)
|
||||
#define UIP_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
|
||||
#elif !defined(NO_SHA)
|
||||
#define UIP_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE
|
||||
#else
|
||||
#error Must enable either SHA-1 or SHA256 (or both) for uIP.
|
||||
#endif
|
||||
int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
|
||||
{
|
||||
uip_wolfssl_ctx *ctx = (uip_wolfssl_ctx *)_ctx;
|
||||
byte token[32];
|
||||
byte digest[WC_SHA_DIGEST_SIZE];
|
||||
byte digest[UIP_COOKIE_DIGEST_SIZE];
|
||||
int ret = 0;
|
||||
XMEMSET(token, 0, sizeof(token));
|
||||
XMEMCPY(token, &ctx->peer_addr, sizeof(uip_ipaddr_t));
|
||||
@ -2824,8 +2838,8 @@ int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
|
||||
#endif
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
if (sz > WC_SHA_DIGEST_SIZE)
|
||||
sz = WC_SHA_DIGEST_SIZE;
|
||||
if (sz > UIP_COOKIE_DIGEST_SIZE)
|
||||
sz = UIP_COOKIE_DIGEST_SIZE;
|
||||
XMEMCPY(buf, digest, sz);
|
||||
return sz;
|
||||
}
|
||||
@ -2889,13 +2903,20 @@ int GNRC_ReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
|
||||
* return : number of bytes copied into buf, or error
|
||||
*/
|
||||
#define GNRC_MAX_TOKEN_SIZE (32)
|
||||
#if defined(NO_SHA) && !defined(NO_SHA256)
|
||||
#define GNRC_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
|
||||
#elif !defined(NO_SHA)
|
||||
#define GNRC_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE
|
||||
#else
|
||||
#error Must enable either SHA-1 or SHA256 (or both) for GNRC.
|
||||
#endif
|
||||
int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
|
||||
{
|
||||
sock_tls_t *ctx = (sock_tls_t *)_ctx;
|
||||
if (!ctx)
|
||||
return WOLFSSL_CBIO_ERR_GENERAL;
|
||||
byte token[GNRC_MAX_TOKEN_SIZE];
|
||||
byte digest[WC_SHA_DIGEST_SIZE];
|
||||
byte digest[GNRC_COOKIE_DIGEST_SIZE];
|
||||
int ret = 0;
|
||||
size_t token_size = sizeof(sock_udp_ep_t);
|
||||
(void)ssl;
|
||||
@ -2910,8 +2931,8 @@ int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
|
||||
#endif
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
if (sz > WC_SHA_DIGEST_SIZE)
|
||||
sz = WC_SHA_DIGEST_SIZE;
|
||||
if (sz > GNRC_COOKIE_DIGEST_SIZE)
|
||||
sz = GNRC_COOKIE_DIGEST_SIZE;
|
||||
XMEMCPY(buf, digest, sz);
|
||||
return sz;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user