wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for building with ./configure --enable-tls13 --disable-rsa --disable-ecc --enable-psk. Fix to properly detect if missing a asymmetric key algorithm (required by TLS v1.3).

Browse Source
This commit is contained in:
David Garske
2020-06-04 16:31:19 -07:00
parent 1d01b87741
commit 7879e83ae0
3 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@@ -3137,8 +3137,8 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE"
fi fi
# TLS 1.3 Requires either ECC, CURVE25519, CURVE448 or DH # TLS 1.3 Requires either ECC, CURVE25519, CURVE448 or RSA
if test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno" && test "x$ENABLED_DH" = "xno" if test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno" && test "x$ENABLED_RSA" = "xno"
then then
# disable TLS 1.3 # disable TLS 1.3
ENABLED_TLS13=no ENABLED_TLS13=no

9
src/tls13.c
View File

@@ -5036,6 +5036,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
return ret; return ret;
} }
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
defined(HAVE_ED448)
typedef struct Scv13Args { typedef struct Scv13Args {
byte* output; /* not allocated */ byte* output; /* not allocated */
byte* verify; /* not allocated */ byte* verify; /* not allocated */
@@ -5420,6 +5422,7 @@ exit_scv:
return ret; return ret;
} }
#endif
/* handle processing TLS v1.3 certificate (11) */ /* handle processing TLS v1.3 certificate (11) */
/* Parse and handle a TLS v1.3 Certificate message. /* Parse and handle a TLS v1.3 Certificate message.
@@ -7497,7 +7500,8 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
FALL_THROUGH; FALL_THROUGH;
case FIRST_REPLY_THIRD: case FIRST_REPLY_THIRD:
#ifndef NO_CERTS #if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
defined(HAVE_ED25519) || defined(HAVE_ED448))
if (!ssl->options.resuming && ssl->options.sendVerify) { if (!ssl->options.resuming && ssl->options.sendVerify) {
ssl->error = SendTls13CertificateVerify(ssl); ssl->error = SendTls13CertificateVerify(ssl);
if (ssl->error != 0) { if (ssl->error != 0) {
@@ -8221,7 +8225,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
FALL_THROUGH; FALL_THROUGH;
case TLS13_CERT_SENT : case TLS13_CERT_SENT :
#ifndef NO_CERTS #if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
defined(HAVE_ED25519) || defined(HAVE_ED448))
if (!ssl->options.resuming && ssl->options.sendVerify) { if (!ssl->options.resuming && ssl->options.sendVerify) {
if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) { if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error); WOLFSSL_ERROR(ssl->error);

6
tests/suites.c
View File

@@ -467,14 +467,16 @@ static int execute_test_case(int svr_argc, char** svr_argv,
/* verify results */ /* verify results */
if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) || if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) ||
(cliArgs.return_code == 0 && cliTestShouldFail != 0)) { (cliArgs.return_code == 0 && cliTestShouldFail != 0)) {
printf("client_test failed\n"); printf("client_test failed %d %s\n", cliArgs.return_code,
cliTestShouldFail ? "(should fail)" : "");
XEXIT(EXIT_FAILURE); XEXIT(EXIT_FAILURE);
} }
join_thread(serverThread); join_thread(serverThread);
if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) || if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) ||
(svrArgs.return_code == 0 && svrTestShouldFail != 0)) { (svrArgs.return_code == 0 && svrTestShouldFail != 0)) {
printf("server_test failed\n"); printf("server_test failed %d %s\n", svrArgs.return_code,
svrTestShouldFail ? "(should fail)" : "");
XEXIT(EXIT_FAILURE); XEXIT(EXIT_FAILURE);
} }