feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3108 from SparkiDev/openssl_interop

Browse Source 
Update OpenSSL interopability testing
This commit is contained in:
JacobBarthelmeh
2020-08-11 09:42:43 -06:00
committed by GitHub
parent 4f30e37094 93cdfd7132
commit 8b7f588aaf
9 changed files with 990 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@@ -3136,7 +3136,7 @@ AC_ARG_ENABLE([supportedcurves],
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes" if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
then then
AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno"], AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno"],
[ENABLED_SUPPORTED_CURVES=no], [ENABLED_SUPPORTED_CURVES=no],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"]) [AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
fi fi
@@ -3236,7 +3236,7 @@ then
ENABLED_ENCRYPT_THEN_MAC=yes ENABLED_ENCRYPT_THEN_MAC=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA" AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA"
# Check the ECC supported curves prereq # Check the ECC supported curves prereq
AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_TLS13" = "xyes"], AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"],
[ENABLED_SUPPORTED_CURVES=yes [ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
fi fi

1076
scripts/openssl.test
View File

File diff suppressed because it is too large Load Diff

32
src/internal.c
View File

@@ -21001,14 +21001,14 @@ exit_dpk:
/* Persistable DoServerKeyExchange arguments */ /* Persistable DoServerKeyExchange arguments */
typedef struct DskeArgs { typedef struct DskeArgs {
byte* output; /* not allocated */ byte* output; /* not allocated */
#if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_ED448) defined(HAVE_CURVE448)
byte* verifySig; byte* verifySig;
#endif #endif
word32 idx; word32 idx;
word32 begin; word32 begin;
#if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_ED448) defined(HAVE_CURVE448)
word16 verifySigSz; word16 verifySigSz;
#endif #endif
word16 sigSz; word16 sigSz;
@@ -21026,8 +21026,8 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs)
(void)ssl; (void)ssl;
(void)args; (void)args;
#if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_ED448) defined(HAVE_CURVE448)
if (args->verifySig) { if (args->verifySig) {
XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
args->verifySig = NULL; args->verifySig = NULL;
@@ -21664,8 +21664,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
case diffie_hellman_kea: case diffie_hellman_kea:
case ecc_diffie_hellman_kea: case ecc_diffie_hellman_kea:
{ {
#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) \ #if defined(NO_DH) && !defined(HAVE_ECC) && \
&& !defined(HAVE_ED448) !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)
ERROR_OUT(NOT_COMPILED_IN, exit_dske); ERROR_OUT(NOT_COMPILED_IN, exit_dske);
#else #else
enum wc_HashType hashType; enum wc_HashType hashType;
@@ -21837,8 +21837,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
case diffie_hellman_kea: case diffie_hellman_kea:
case ecc_diffie_hellman_kea: case ecc_diffie_hellman_kea:
{ {
#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) \ #if defined(NO_DH) && !defined(HAVE_ECC) && \
&& !defined(HAVE_ED448) !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)
ERROR_OUT(NOT_COMPILED_IN, exit_dske); ERROR_OUT(NOT_COMPILED_IN, exit_dske);
#else #else
if (ssl->options.usingAnon_cipher) { if (ssl->options.usingAnon_cipher) {
@@ -22011,8 +22011,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
case diffie_hellman_kea: case diffie_hellman_kea:
case ecc_diffie_hellman_kea: case ecc_diffie_hellman_kea:
{ {
#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) \ #if defined(NO_DH) && !defined(HAVE_ECC) && \
&& !defined(HAVE_ED448) !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)
ERROR_OUT(NOT_COMPILED_IN, exit_dske); ERROR_OUT(NOT_COMPILED_IN, exit_dske);
#else #else
if (ssl->options.usingAnon_cipher) { if (ssl->options.usingAnon_cipher) {
@@ -24856,7 +24856,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
typedef struct SskeArgs { typedef struct SskeArgs {
byte* output; /* not allocated */ byte* output; /* not allocated */
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
(!defined(NO_DH) && !defined(NO_RSA)) !defined(NO_RSA)
byte* sigDataBuf; byte* sigDataBuf;
#endif #endif
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
@@ -24871,7 +24871,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word32 length; word32 length;
word32 sigSz; word32 sigSz;
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
(!defined(NO_DH) && !defined(NO_RSA)) !defined(NO_RSA)
word32 sigDataSz; word32 sigDataSz;
#endif #endif
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
@@ -26015,8 +26015,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
break; break;
} }
#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */ #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_ED448) defined(HAVE_CURVE448)
case ecc_diffie_hellman_kea: case ecc_diffie_hellman_kea:
{ {
/* Sign hash to create signature */ /* Sign hash to create signature */

2
src/ssl.c
View File

@@ -52,7 +52,7 @@
#if !defined(WOLFSSL_ALLOW_NO_SUITES) && !defined(WOLFCRYPT_ONLY) #if !defined(WOLFSSL_ALLOW_NO_SUITES) && !defined(WOLFCRYPT_ONLY)
#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \ #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
&& !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \ && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \
&& !defined(HAVE_ED25519) && !defined(HAVE_ED448) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)
#error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README" #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README"
#endif #endif
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN

34
src/tls.c
View File

@@ -4288,7 +4288,11 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
TLSX* extension = NULL; TLSX* extension = NULL;
SupportedCurve* curve = NULL; SupportedCurve* curve = NULL;
word32 oid = 0; word32 oid = 0;
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \
defined(HAVE_CURVE448) || defined(HAVE_ED448) || \
(!defined(NO_RSA) && defined(WOLFSSL_STATIC_DH))
word32 pkOid = 0; word32 pkOid = 0;
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || (!NO_RSA && STATIC_DH) */
word32 defOid = 0; word32 defOid = 0;
word32 defSz = 80; /* Maximum known curve size is 66. */ word32 defSz = 80; /* Maximum known curve size is 66. */
word32 nextOid = 0; word32 nextOid = 0;
@@ -4300,7 +4304,21 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
int key = 0; /* validate key */ int key = 0; /* validate key */
(void)oid; (void)oid;
(void)pkOid;
if (first == CHACHA_BYTE) {
switch (second) {
case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256:
case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
return 1; /* no suite restriction */
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256:
case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256:
break;
}
}
if (first == ECC_BYTE || first == CHACHA_BYTE) if (first == ECC_BYTE || first == CHACHA_BYTE)
extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
if (!extension) if (!extension)
@@ -4379,7 +4397,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
#endif /* !NO_ECC_SECP */ #endif /* !NO_ECC_SECP */
#endif /* !NO_ECC256 || HAVE_ALL_CURVES */ #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
#endif #endif
#ifdef HAVE_CURVE25519 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
case WOLFSSL_ECC_X25519: case WOLFSSL_ECC_X25519:
oid = ECC_X25519_OID; oid = ECC_X25519_OID;
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
@@ -4406,7 +4424,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
#endif /* HAVE_ECC_BRAINPOOL */ #endif /* HAVE_ECC_BRAINPOOL */
#endif #endif
#endif #endif
#ifdef HAVE_CURVE448 #if defined(HAVE_CURVE448) || defined(HAVE_ED448)
case WOLFSSL_ECC_X448: case WOLFSSL_ECC_X448:
oid = ECC_X448_OID; oid = ECC_X448_OID;
#ifdef HAVE_ED448 #ifdef HAVE_ED448
@@ -4482,6 +4500,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
if (first == ECC_BYTE) { if (first == ECC_BYTE) {
switch (second) { switch (second) {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
/* ECDHE_ECDSA */ /* ECDHE_ECDSA */
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
@@ -4498,7 +4517,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
ephmSuite = 1; ephmSuite = 1;
break; break;
#ifdef WOLFSSL_STATIC_DH #ifdef WOLFSSL_STATIC_DH
/* ECDH_ECDSA */ /* ECDH_ECDSA */
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
@@ -4519,7 +4538,8 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
sig |= ssl->pkCurveOID == pkOid; sig |= ssl->pkCurveOID == pkOid;
key |= ssl->pkCurveOID == oid; key |= ssl->pkCurveOID == oid;
break; break;
#endif /* WOLFSSL_STATIC_DH */ #endif /* WOLFSSL_STATIC_DH */
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
#ifndef NO_RSA #ifndef NO_RSA
/* ECDHE_RSA */ /* ECDHE_RSA */
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
@@ -4535,7 +4555,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
ephmSuite = 1; ephmSuite = 1;
break; break;
#ifdef WOLFSSL_STATIC_DH #ifdef WOLFSSL_STATIC_DH
/* ECDH_RSA */ /* ECDH_RSA */
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
@@ -4556,7 +4576,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
sig = 1; sig = 1;
key |= ssl->pkCurveOID == pkOid; key |= ssl->pkCurveOID == pkOid;
break; break;
#endif /* WOLFSSL_STATIC_DH */ #endif /* WOLFSSL_STATIC_DH */
#endif #endif
default: default:
if (oid == ECC_X25519_OID && defOid == oid) { if (oid == ECC_X25519_OID && defOid == oid) {
@@ -4578,6 +4598,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
/* ChaCha20-Poly1305 ECC cipher suites */ /* ChaCha20-Poly1305 ECC cipher suites */
if (first == CHACHA_BYTE) { if (first == CHACHA_BYTE) {
switch (second) { switch (second) {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
/* ECDHE_ECDSA */ /* ECDHE_ECDSA */
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
@@ -4585,6 +4606,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
key |= ssl->ecdhCurveOID == oid; key |= ssl->ecdhCurveOID == oid;
ephmSuite = 1; ephmSuite = 1;
break; break;
#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
#ifndef NO_RSA #ifndef NO_RSA
/* ECDHE_RSA */ /* ECDHE_RSA */
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :

3
tests/test-ed25519.conf
View File

@@ -3,6 +3,7 @@
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ed25519/server-ed25519.pem -c ./certs/ed25519/server-ed25519.pem
-k ./certs/ed25519/server-ed25519-key.pem -k ./certs/ed25519/server-ed25519-key.pem
-d
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
@@ -15,6 +16,7 @@
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ed25519/server-ed25519.pem -c ./certs/ed25519/server-ed25519.pem
-k ./certs/ed25519/server-ed25519-priv.pem -k ./certs/ed25519/server-ed25519-priv.pem
-d
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
@@ -44,6 +46,7 @@
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-c ./certs/ed25519/server-ed25519.pem -c ./certs/ed25519/server-ed25519.pem
-k ./certs/ed25519/server-ed25519-key.pem -k ./certs/ed25519/server-ed25519-key.pem
-d
# client TLSv1.3 TLS13-AES128-GCM-SHA256 # client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4

2
tests/test-ed448.conf
View File

@@ -3,6 +3,7 @@
-l ECDHE-ECDSA-AES128-GCM-SHA256 -l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ed448/server-ed448.pem -c ./certs/ed448/server-ed448.pem
-k ./certs/ed448/server-ed448-priv.pem -k ./certs/ed448/server-ed448-priv.pem
-d
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3 -v 3
@@ -32,6 +33,7 @@
-l TLS13-AES128-GCM-SHA256 -l TLS13-AES128-GCM-SHA256
-c ./certs/ed448/server-ed448.pem -c ./certs/ed448/server-ed448.pem
-k ./certs/ed448/server-ed448-priv.pem -k ./certs/ed448/server-ed448-priv.pem
-d
# client TLSv1.3 TLS13-AES128-GCM-SHA256 # client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4 -v 4

5
wolfssl/internal.h
View File

@@ -861,11 +861,13 @@
#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \
@@ -1168,7 +1170,8 @@ enum {
#ifndef MAX_PSK_ID_LEN #ifndef MAX_PSK_ID_LEN
/* max psk identity/hint supported */ /* max psk identity/hint supported */
#if defined(WOLFSSL_TLS13) #if defined(WOLFSSL_TLS13)
#define MAX_PSK_ID_LEN 256 /* OpenSSL has a 1472 byte sessiont ticket */
#define MAX_PSK_ID_LEN 1536
#else #else
#define MAX_PSK_ID_LEN 128 #define MAX_PSK_ID_LEN 128
#endif #endif

4
wolfssl/test.h
View File

@@ -1961,7 +1961,7 @@ static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
int ret, i, used; int ret, i, used;
void* status; void* status;
unsigned char* myStack = NULL; unsigned char* myStack = NULL;
int stackSize = 1024*152; int stackSize = 1024*176;
pthread_attr_t myAttr; pthread_attr_t myAttr;
pthread_t threadId; pthread_t threadId;
@@ -2915,7 +2915,7 @@ static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
ret = wc_ed448_import_public(key, keySz, &myKey); ret = wc_ed448_import_public(key, keySz, &myKey);
if (ret == 0) { if (ret == 0) {
ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey, ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey,
NULL, 0); NULL, 0);
} }
wc_ed448_free(&myKey); wc_ed448_free(&myKey);
} }