Fixes for building with ./configure --enable-tls13 --disable-rsa --disable-ecc --enable-psk. Fix to properly detect if missing a asymmetric key algorithm (required by TLS v1.3).

2025-08-01 03:34:39 +02:00 · 2020-06-04 16:31:19 -07:00
parent 1d01b87741
commit 7879e83ae0
3 changed files with 13 additions and 6 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -3137,8 +3137,8 @@ then
    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE"
 fi

-# TLS 1.3 Requires either ECC, CURVE25519, CURVE448 or DH
-if test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno" && test "x$ENABLED_DH" = "xno"
+# TLS 1.3 Requires either ECC, CURVE25519, CURVE448 or RSA
+if test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno" && test "x$ENABLED_RSA" = "xno"
 then
    # disable TLS 1.3
    ENABLED_TLS13=no
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5036,6 +5036,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
    return ret;
 }

+#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
+     defined(HAVE_ED448)
 typedef struct Scv13Args {
    byte*  output; /* not allocated */
    byte*  verify; /* not allocated */
@@ -5420,6 +5422,7 @@ exit_scv:

    return ret;
 }
+#endif

 /* handle processing TLS v1.3 certificate (11) */
 /* Parse and handle a TLS v1.3 Certificate message.
@@ -7497,7 +7500,8 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
            FALL_THROUGH;

        case FIRST_REPLY_THIRD:
-        #ifndef NO_CERTS
+        #if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
+             defined(HAVE_ED25519) || defined(HAVE_ED448))
            if (!ssl->options.resuming && ssl->options.sendVerify) {
                ssl->error = SendTls13CertificateVerify(ssl);
                if (ssl->error != 0) {
@@ -8221,7 +8225,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
            FALL_THROUGH;

        case TLS13_CERT_SENT :
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
+     defined(HAVE_ED25519) || defined(HAVE_ED448))
            if (!ssl->options.resuming && ssl->options.sendVerify) {
                if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
                    WOLFSSL_ERROR(ssl->error);
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -467,14 +467,16 @@ static int execute_test_case(int svr_argc, char** svr_argv,
    /* verify results */
    if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) ||
        (cliArgs.return_code == 0 && cliTestShouldFail != 0)) {
-        printf("client_test failed\n");
+        printf("client_test failed %d %s\n", cliArgs.return_code, 
+            cliTestShouldFail ? "(should fail)" : "");
        XEXIT(EXIT_FAILURE);
    }

    join_thread(serverThread);
    if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) ||
        (svrArgs.return_code == 0 && svrTestShouldFail != 0)) {
-        printf("server_test failed\n");
+        printf("server_test failed %d %s\n", svrArgs.return_code,
+            svrTestShouldFail ? "(should fail)" : "");
        XEXIT(EXIT_FAILURE);
    }