wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard

Published 20 hours ago verified publisher icon wolfSSL

Add settings.h check: DSA needs SHA1

Open gojimmypi opened this issue 1 year ago • 1 comments

Description

Adds a settings.h sanity check to ensure if DSA is enabled, that SHA1 is also enabled.

I started going down the road of gating out all the DSA code when not enabled, but the further I got, the more complex it became. I gave up when I found MakeAnyCert() that has a DSA parameter. It is certainly possible to code around this, and I can do so if desired. For now we have the sanity check,

Otherwise, without this change: when DSA is enabled and SHA1 is disabled (e.g. #define NO_SHA) , unintuitive compile time errors may occur such as this:

C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c: In function 'wc_DsaSign':
C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c:653:34: error: 'WC_SHA_DIGEST_SIZE' undeclared (first use in this function); did you mean 'WC_SHA384_DIGEST_SIZE'?
  653 |     return wc_DsaSign_ex(digest, WC_SHA_DIGEST_SIZE, out, key, rng);
      |                                  ^~~~~~~~~~~~~~~~~~
      |                                  WC_SHA384_DIGEST_SIZE
C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c:653:34: note: each undeclared identifier is reported only once for each function it appears in
C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c: In function 'wc_DsaVerify':
C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c:988:36: error: 'WC_SHA_DIGEST_SIZE' undeclared (first use in this function); did you mean 'WC_SHA384_DIGEST_SIZE'?
  988 |     return wc_DsaVerify_ex(digest, WC_SHA_DIGEST_SIZE, sig, key, answer);
      |                                    ^~~~~~~~~~~~~~~~~~
      |                                    WC_SHA384_DIGEST_SIZE
C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c: In function 'wc_DsaSign':
C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c:654:1: error: control reaches end of non-void function [-Werror=return-type]
  654 | }
      | ^
C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c: In function 'wc_DsaVerify':
C:/workspace/wolfssl-gojimmypi-pr/wolfcrypt/src/dsa.c:989:1: error: control reaches end of non-void function [-Werror=return-type]
  989 | }
      | ^

Fixes zd# n/a

Testing

Limited testing only with embedded target.

Checklist

  • [ ] added tests
  • [ ] updated/added doxygen
  • [ ] updated appropriate READMEs
  • [ ] Updated manual and documentation

gojimmypi avatar May 16 '24 23:05 gojimmypi

Jenkins retest this please

gojimmypi avatar May 20 '24 23:05 gojimmypi

Jenkins retest this please

gojimmypi avatar May 21 '24 10:05 gojimmypi

Retest this please

dgarske avatar May 21 '24 15:05 dgarske