wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2163 from ejohnstown/config-fixes

Browse Source 
Configuration Fixes
This commit is contained in:
David Garske
2019-03-14 15:21:41 -07:00
committed by GitHub
parent b1ea7c035f 3e3f746f3b
commit 6ff2039b1f
6 changed files with 94 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -194,7 +194,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=6144"
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192"
fi
AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"])

3
examples/server/server.c
View File

@@ -1889,6 +1889,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
}
#endif
#ifndef NO_RSA
/* All the OSCP Stapling test certs are RSA. */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS)
@@ -1900,6 +1902,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
#endif
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)

5
scripts/include.am
View File

@@ -15,6 +15,9 @@ dist_noinst_SCRIPTS+= scripts/resume.test
EXTRA_DIST+= scripts/benchmark.test
EXTRA_DIST+= scripts/memtest.sh
# The CRL and OCSP tests use RSA certificates.
if BUILD_RSA
if BUILD_CRL
# make revoked test rely on completion of resume test
dist_noinst_SCRIPTS+= scripts/crl-revoked.test
@@ -46,6 +49,8 @@ endif
endif
endif
if BUILD_PSK
dist_noinst_SCRIPTS+= scripts/psk.test
endif

40
src/ssl.c
View File

@@ -26559,6 +26559,8 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
#ifndef NO_RSA
/* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO
*
* bio the WOLFSSL_BIO to write to
@@ -26639,6 +26641,8 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key,
return ret;
}
#endif /* NO_RSA */
int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
const WOLFSSL_EVP_CIPHER* cipher,
@@ -26666,9 +26670,11 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
keyDer = (byte*)key->pkey.ptr;
switch (key->type) {
#ifndef NO_RSA
case EVP_PKEY_RSA:
type = PRIVATEKEY_TYPE;
break;
#endif
#ifndef NO_DSA
case EVP_PKEY_DSA:
@@ -29920,8 +29926,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
/* needed SetName function from asn.c is wrapped by NO_RSA */
#if defined(WOLFSSL_CERT_GEN)
/* helper function for CopyX509NameToCertName()
*
* returns WOLFSSL_SUCCESS on success
@@ -35598,6 +35603,8 @@ int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x)
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_ALL)
#ifndef NO_RSA
int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
{
if (pkey == NULL || key == NULL)
@@ -35609,6 +35616,7 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
return WOLFSSL_SUCCESS;
}
#endif
int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
{
@@ -36189,12 +36197,16 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
Cert cert;
byte der[2048];
int derSz = sizeof(der);
void* key;
int type;
void* key = NULL;
int type = -1;
int sigType;
int hashType;
#ifndef NO_RSA
RsaKey rsa;
#endif
#ifdef HAVE_ECC
ecc_key ecc;
#endif
WC_RNG rng;
word32 idx = 0;
@@ -36257,6 +36269,7 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
return WOLFSSL_FAILURE;
/* Create a public key object from requests public key. */
#ifndef NO_RSA
if (req->pubKeyOID == RSAk) {
type = RSA_TYPE;
ret = wc_InitRsaKey(&rsa, req->heap);
@@ -36270,7 +36283,9 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
}
key = (void*)&rsa;
}
else {
#endif
#ifdef HAVE_ECC
if (req->pubKeyOID == ECDSAk) {
type = ECC_TYPE;
ret = wc_ecc_init(&ecc);
if (ret != 0)
@@ -36283,6 +36298,9 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
}
key = (void*)&ecc;
}
#endif
if (key == NULL)
return WOLFSSL_FAILURE;
/* Make the body of the certificate request. */
ret = wc_MakeCertReq_ex(&cert, der, derSz, type, key);
@@ -36290,21 +36308,29 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
return WOLFSSL_FAILURE;
/* Dispose of the public key object. */
#ifndef NO_RSA
if (req->pubKeyOID == RSAk)
wc_FreeRsaKey(&rsa);
else
#endif
#ifdef HAVE_ECC
if (req->pubKeyOID == ECDSAk)
wc_ecc_free(&ecc);
#endif
idx = 0;
/* Get the private key object and type from pkey. */
#ifndef NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
type = RSA_TYPE;
key = pkey->rsa->internal;
}
else {
#endif
#ifdef HAVE_ECC
if (pkey->type == EVP_PKEY_EC) {
type = ECC_TYPE;
key = pkey->ecc->internal;
}
#endif
/* Sign the certificate request body. */
ret = wc_InitRng(&rng);

70
tests/api.c
View File

@@ -744,7 +744,7 @@ static void test_wolfSSL_CTX_use_certificate_file(void)
#endif
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
static int test_wolfSSL_CTX_use_certificate_ASN1(void)
{
#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
@@ -765,7 +765,7 @@ static int test_wolfSSL_CTX_use_certificate_ASN1(void)
return WOLFSSL_SUCCESS;
#endif
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
#endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
* context using buffer.
@@ -880,10 +880,12 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
#ifndef NO_RSA
WOLFSSL_CERT_MANAGER* cm;
#ifdef PERSIST_CERT_CACHE
int cacheSz;
#endif
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
const char* load_certs_path = "./certs/external";
const char* load_no_certs_path = "./examples";
@@ -908,9 +910,8 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
/* load ca cert */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E);
#else
#else /* Skip the following test without RSA certs. */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
#endif
#ifdef PERSIST_CERT_CACHE
/* Get cert cache size */
@@ -925,11 +926,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
#endif
/* load ca cert again */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
#endif
/* Test getting CERT_MANAGER */
AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
@@ -941,6 +938,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
/* Verify no certs (result is less than cacheSz) */
AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
/* Test loading CA certificates using a path */
@@ -1067,7 +1065,8 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
static void test_wolfSSL_CertManagerCRL(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL)
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
!defined(NO_RSA)
const char* ca_cert = "./certs/ca-cert.pem";
const char* crl1 = "./certs/crl/crl.pem";
@@ -1097,7 +1096,7 @@ static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
{
#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \
defined(USE_CERT_BUFFERS_2048) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN)
defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
WOLFSSL_CTX* ctx;
@@ -1246,9 +1245,11 @@ static void test_wolfSSL_CTX_der_load_verify_locations(void)
/* Case 5 filePath empty */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
#ifndef NO_RSA
/* Case 6 success case */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CTX_free(ctx);
#endif
@@ -16354,7 +16355,11 @@ static void test_wc_PKCS7_Degenerate(void)
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#endif
wc_PKCS7_Free(pkcs7);
/* test with turning off degenerate cases */
@@ -16589,7 +16594,11 @@ static void test_wc_PKCS7_BER(void)
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#endif
wc_PKCS7_Free(pkcs7);
#ifndef NO_DES3
@@ -16599,7 +16608,11 @@ static void test_wc_PKCS7_BER(void)
derSz = (word32)ret;
XFCLOSE(f);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
#endif
AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
@@ -16607,8 +16620,13 @@ static void test_wc_PKCS7_BER(void)
XFCLOSE(f);
pkcs7->privateKey = der;
pkcs7->privateKeySz = derSz;
#ifndef NO_RSA
AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
sizeof(berContent), decoded, sizeof(decoded)), 0);
#else
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
#endif
wc_PKCS7_Free(pkcs7);
#endif /* !NO_DES3 */
@@ -17671,7 +17689,8 @@ static void test_wolfSSL_PEM_PrivateKey(void)
#endif
/* key is DES encrypted */
#if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_FILESYSTEM)
#if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
!defined(NO_RSA) && !defined(NO_FILESYSTEM)
{
pem_password_cb* passwd_cb;
void* passwd_cb_userdata;
@@ -18766,7 +18785,7 @@ static void test_wolfSSL_CTX_set_srp_password(void)
static void test_wolfSSL_X509_STORE(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_RSA)
X509_STORE *store;
X509_CRL *crl;
X509 *x509;
@@ -19243,7 +19262,8 @@ static void test_wolfSSL_set_options(void)
* PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
*/
static void test_wolfSSL_set_tlsext_status_type(void){
#if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
#if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
!defined(NO_RSA)
SSL* ssl;
SSL_CTX* ctx;
@@ -19257,7 +19277,7 @@ static void test_wolfSSL_set_tlsext_status_type(void){
== SSL_SUCCESS);
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST */
#endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */
}
static void test_wolfSSL_PEM_read_bio(void)
@@ -20546,12 +20566,14 @@ static void test_wolfSSL_d2i_PUBKEY(void)
#endif
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
static void test_wolfSSL_d2i_PrivateKeys_bio(void)
{
BIO* bio = NULL;
EVP_PKEY* pkey = NULL;
#ifndef NO_RSA
RSA* rsa = NULL;
#endif
WOLFSSL_CTX* ctx;
#if defined(WOLFSSL_KEY_GEN)
@@ -20624,13 +20646,14 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#ifndef NO_RSA
/* Tests bad parameters */
AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
/* RSA not set yet, expecting to fail*/
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
#if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
/* set RSA using bio*/
AssertIntGT(BIO_write(bio, client_key_der_2048,
sizeof_client_key_der_2048), 0);
@@ -20642,13 +20665,13 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
RSA_free(rsa);
#endif
#endif /* NO_RSA */
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio);
bio = NULL;
(void)rsa;
printf(resultFmt, passed);
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
@@ -21849,7 +21872,7 @@ static void test_wc_GetPkcs8TraditionalOffset(void)
static void test_wc_SetSubjectRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
WOLFSSL_X509* x509;
int peerCertSz;
@@ -21891,7 +21914,7 @@ static void test_wc_GetSubjectRaw(void)
static void test_wc_SetIssuerRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
WOLFSSL_X509* x509;
int peerCertSz;
@@ -21917,7 +21940,7 @@ static void test_wc_SetIssuerRaw(void)
static void test_wc_SetIssueBuffer(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
WOLFSSL_X509* x509;
int peerCertSz;
@@ -23253,7 +23276,8 @@ static void test_wolfSSL_X509_CRL(void)
static void test_wolfSSL_PEM_read_X509(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
X509 *x509 = NULL;
XFILE fp;
@@ -23870,7 +23894,7 @@ void ApiTest(void)
test_wolfSSL_DES_ncbc();
test_wolfSSL_AES_cbc_encrypt();
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);
test_wolfSSL_d2i_PrivateKeys_bio();
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */

7
wolfcrypt/test/test.c
View File

@@ -8685,7 +8685,10 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
#endif
#ifdef WOLFSSL_CERT_GEN
static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der";
#ifndef NO_RSA
/* eccKeyPubFile is used in a test that requires RSA. */
static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der";
#endif
static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
#ifdef ENABLE_ECC384_CERT_GEN_TEST
@@ -8836,7 +8839,7 @@ static const CertName certDefaultName = {
static const char certKeyUsage[] =
"digitalSignature,nonRepudiation";
#endif
#if defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)
#if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA)
static const char certKeyUsage2[] =
"digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
#endif