Merge pull request #5583 from SparkiDev/psk_only_tls_fix

PSK only TLS: fix ENCRYPT_LEN

examples/client/client.c

@@ -3093,8 +3093,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 ;
         #elif defined(HAVE_NULL_CIPHER)
                 defaultCipherList = "PSK-NULL-SHA256";
-        #else
+        #elif !defined(NO_AES_CBC)
                 defaultCipherList = "PSK-AES128-CBC-SHA256";
+        #else
+                defaultCipherList = "PSK-AES128-GCM-SHA256";
         #endif
             if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList)
                                                             !=WOLFSSL_SUCCESS) {

examples/server/server.c

@@ -2720,8 +2720,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 ;
         #elif defined(HAVE_NULL_CIPHER)
                 defaultCipherList = "PSK-NULL-SHA256";
-        #else
+        #elif !defined(NO_AES_CBC)
                 defaultCipherList = "PSK-AES128-CBC-SHA256";
+        #else
+                defaultCipherList = "PSK-AES128-GCM-SHA256";
         #endif
             if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
                 != WOLFSSL_SUCCESS)

wolfssl/internal.h

@@ -1165,7 +1165,8 @@ enum {
     #define MAX_EARLY_DATA_SZ  4096
 #endif
 
-#ifndef WOLFSSL_MAX_RSA_BITS
+#ifndef NO_RSA
+    #ifndef WOLFSSL_MAX_RSA_BITS
         #ifdef USE_FAST_MATH
             /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
             #define WOLFSSL_MAX_RSA_BITS    (FP_MAX_BITS / 2)
@@ -1176,14 +1177,16 @@ enum {
             /* Integer maths is dynamic but we only go up to 4096 bits. */
             #define WOLFSSL_MAX_RSA_BITS 4096
         #endif
-#endif
+    #endif
-#if (WOLFSSL_MAX_RSA_BITS % 8)
+    #if (WOLFSSL_MAX_RSA_BITS % 8)
         #error RSA maximum bit size must be multiple of 8
+    #endif
 #endif
 
 
-/* MySQL wants to be able to use 8192-bit numbers. */
+#if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)
-#if defined(USE_FAST_MATH) && defined(FP_MAX_BITS)
+    /* MySQL wants to be able to use 8192-bit numbers. */
+    #if defined(USE_FAST_MATH) && defined(FP_MAX_BITS)
         /* Use the FP size up to 8192-bit and down to a min of 1024-bit. */
         #if FP_MAX_BITS >= 16384
             #define ENCRYPT_BASE_BITS  8192
@@ -1210,7 +1213,7 @@ enum {
         #if WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS
             #error "FP_MAX_BITS too small for WOLFSSL_MAX_RSA_BITS"
         #endif
-#elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
+    #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
         /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */
         #if SP_INT_BITS >= 8192
             #define ENCRYPT_BASE_BITS  8192
@@ -1237,9 +1240,13 @@ enum {
         #if !defined(NO_RSA) && WOLFSSL_MAX_RSA_BITS > SP_INT_BITS
             #error "SP_INT_BITS too small for WOLFSSL_MAX_RSA_BITS"
         #endif
-#else
+    #else
         /* Integer/heap maths - support 4096-bit. */
         #define ENCRYPT_BASE_BITS  4096
+    #endif
+#else
+    /* No secret from public key operation but PSK key plus length used. */
+    #define ENCRYPT_BASE_BITS  ((MAX_PSK_ID_LEN + 2) * 8)
 #endif
 
 #ifdef WOLFSSL_DTLS_CID