PSK only TLS: fix ENCRYPT_LEN

Allow no PK algorithms and TLS to build and test. Use PSK cipher suite with GCM if AES-CBC not available.
2022-09-12 11:21:01 +10:00 · 2022-09-12 11:21:01 +10:00 · 005f77180b
parent fa6bc79f8b
commit 005f77180b
3 changed files with 82 additions and 71 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -3093,8 +3093,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                ;
        #elif defined(HAVE_NULL_CIPHER)
                defaultCipherList = "PSK-NULL-SHA256";
-        #else
+        #elif !defined(NO_AES_CBC)
                defaultCipherList = "PSK-AES128-CBC-SHA256";
+        #else
+                defaultCipherList = "PSK-AES128-GCM-SHA256";
        #endif
            if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList)
                                                            !=WOLFSSL_SUCCESS) {
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -2720,8 +2720,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                ;
        #elif defined(HAVE_NULL_CIPHER)
                defaultCipherList = "PSK-NULL-SHA256";
-        #else
+        #elif !defined(NO_AES_CBC)
                defaultCipherList = "PSK-AES128-CBC-SHA256";
+        #else
+                defaultCipherList = "PSK-AES128-GCM-SHA256";
        #endif
            if (SSL_CTX_set_cipher_list(ctx, defaultCipherList)
                != WOLFSSL_SUCCESS)
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -1165,6 +1165,7 @@ enum {
    #define MAX_EARLY_DATA_SZ  4096
 #endif

+#ifndef NO_RSA
    #ifndef WOLFSSL_MAX_RSA_BITS
        #ifdef USE_FAST_MATH
            /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
@ -1180,8 +1181,10 @@ enum {
    #if (WOLFSSL_MAX_RSA_BITS % 8)
        #error RSA maximum bit size must be multiple of 8
    #endif
+#endif


+#if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)
    /* MySQL wants to be able to use 8192-bit numbers. */
    #if defined(USE_FAST_MATH) && defined(FP_MAX_BITS)
        /* Use the FP size up to 8192-bit and down to a min of 1024-bit. */
@ -1241,6 +1244,10 @@ enum {
        /* Integer/heap maths - support 4096-bit. */
        #define ENCRYPT_BASE_BITS  4096
    #endif
+#else
+    /* No secret from public key operation but PSK key plus length used. */
+    #define ENCRYPT_BASE_BITS  ((MAX_PSK_ID_LEN + 2) * 8)
+#endif

 #ifdef WOLFSSL_DTLS_CID
 #ifndef DTLS_CID_MAX_SIZE