add --enable-asn, build, and checks for rsa / psk w/o asn

configure.ac

@@ -485,6 +485,24 @@ then
 fi
 
 
+# PSK 
+AC_ARG_ENABLE([psk],
+    [  --enable-psk            Enable PSK (default: disabled)],
+    [ ENABLED_PSK=$enableval ],
+    [ ENABLED_PSK=no ]
+    )
+
+if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
+fi
+
+if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "yes"
+then
+    ENABLED_PSK=yes
+fi
+
+
 # RSA 
 AC_ARG_ENABLE([rsa],
     [  --enable-rsa            Enable RSA (default: enabled)],
@@ -507,6 +525,39 @@ fi
 AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
 
 
+# ASN
+# can't use certs, rsa, dh if leaving out asn
+AC_ARG_ENABLE([asn],
+    [  --enable-asn            Enable ASN (default: enabled)],
+    [ ENABLED_ASN=$enableval ],
+    [ ENABLED_ASN=yes ]
+    )
+
+if test "$ENABLED_ASN" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_DH"
+else
+    # turn off ASN if leanpsk on
+    if test "$ENABLED_LEANPSK" = "yes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_DH"
+        ENABLED_ASN=no
+    fi
+fi
+
+if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no"
+then
+    AC_MSG_ERROR([please disable rsa if disabling asn.])
+fi
+
+if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no"
+then
+    AC_MSG_ERROR([please enable psk if disabling asn.])
+fi
+
+AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"])
+
+
 # AES
 AC_ARG_ENABLE([aes],
     [  --enable-aes            Enable AES (default: enabled)],
@@ -702,19 +753,6 @@ fi
 AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
 
 
-# PSK 
-AC_ARG_ENABLE([psk],
-    [  --enable-psk            Enable PSK (default: disabled)],
-    [ ENABLED_PSK=$enableval ],
-    [ ENABLED_PSK=no ]
-    )
-
-if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
-fi
-
-
 # Web Server Build 
 AC_ARG_ENABLE([webServer],
     [  --enable-webServer      Enable Web Server (default: disabled)],
@@ -1069,6 +1107,7 @@ echo "   * PSK:                       $ENABLED_PSK"
 echo "   * LEANPSK:                   $ENABLED_LEANPSK"
 echo "   * RSA:                       $ENABLED_RSA"
 echo "   * ECC:                       $ENABLED_ECC"
+echo "   * ASN:                       $ENABLED_ASN"
 echo "   * OCSP:                      $ENABLED_OCSP"
 echo "   * CRL:                       $ENABLED_CRL"
 echo "   * CRL-MONITOR:               $ENABLED_CRL_MONITOR"

src/include.am

@@ -21,7 +21,6 @@ src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
 
 if !BUILD_LEANPSK
 src_libcyassl_la_SOURCES += ctaocrypt/src/coding.c \
-                            ctaocrypt/src/asn.c \
                             ctaocrypt/src/dh.c \
                             ctaocrypt/src/memory.c
 endif
@@ -30,6 +29,10 @@ if BUILD_RSA
 src_libcyassl_la_SOURCES += ctaocrypt/src/rsa.c
 endif
 
+if BUILD_ASN
+src_libcyassl_la_SOURCES += ctaocrypt/src/asn.c
+endif
+
 if BUILD_AES
 src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c
 endif

src/internal.c

@@ -94,6 +94,9 @@ typedef enum {
 static void Hmac(CYASSL* ssl, byte* digest, const byte* buffer, word32 sz,
                  int content, int verify);
 
+#endif
+
+#ifndef NO_CERTS
 static void BuildCertHashes(CYASSL* ssl, Hashes* hashes);
 #endif
 
@@ -4599,7 +4602,7 @@ static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
     }
 }
 
-
+#ifndef NO_CERTS
 static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest)
 {
     byte md5_result[MD5_DIGEST_SIZE];
@@ -4634,7 +4637,8 @@ static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest)
 
     ShaFinal(&ssl->hashSha, digest);
 }
-#endif
+#endif /* NO_CERTS */
+#endif /* NO_OLD_TLS */
 
 
 #ifndef NO_CERTS

src/ssl.c

@@ -2865,6 +2865,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl)
         #ifndef NO_PSK
             havePSK = ssl->options.havePSK;
         #endif
+        (void)havePSK;
 
         if (ssl->options.side != SERVER_END) {
             CYASSL_ERROR(ssl->error = SIDE_ERROR);