Merge pull request #1061 from SparkiDev/tls13_leantls

Fixes for LEANTLS and TLS13 builds

configure.ac

@@ -274,7 +274,11 @@ fi
 
 if test "$ENABLED_TLS13" = "yes"
 then
-    AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_FFDHE_2048 $AM_CFLAGS"
+    AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS $AM_CFLAGS"
+    if test "$ENABLED_DH" = "yes"
+    then
+        AM_CFLAGS="-DHAVE_FFDHE_2048 $AM_CFLAGS"
+    fi
 fi
 
 # check if TLS v1.3 was enabled for conditionally running tls13.test script
@@ -671,7 +675,8 @@ AC_ARG_ENABLE([aesgcm],
     )
 
 # leanpsk and leantls don't need gcm
-if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
+if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" &&
+                                        test "$ENABLED_TLS13" = "no")
 then
     ENABLED_AESGCM=no
 fi

examples/client/client.c

@@ -225,9 +225,14 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
     #endif
     #ifdef WOLFSSL_TLS13
         #ifdef HAVE_CURVE25519
-            else if (useX25519) {
+            #ifndef NO_SESSION_CACHE
+            if (benchResume) {
+            }
+            else
+            #endif
+            if (useX25519) {
                 if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519)
-                        != SSL_SUCCESS) {
+                                                               != SSL_SUCCESS) {
                     err_sys("unable to use curve x25519");
                 }
             }
@@ -1707,14 +1712,18 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             }
         #endif
         #ifdef HAVE_ECC
+            #if defined(HAVE_ECC256) || defined(HAVE_ALL_CURVES)
             if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1)
                     != SSL_SUCCESS) {
                 err_sys("unable to use curve secp256r1");
             }
+            #endif
+            #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
             if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP384R1)
                     != SSL_SUCCESS) {
                 err_sys("unable to use curve secp384r1");
             }
+            #endif
         #endif
         }
         if (onlyKeyShare == 0 || onlyKeyShare == 1) {

scripts/include.am

@@ -54,6 +54,10 @@ dist_noinst_SCRIPTS+= scripts/pkcallbacks.test
 scripts/pkcallbacks.log: scripts/resume.log
 endif
 
+if BUILD_TLS13
+dist_noinst_SCRIPTS+= scripts/tls13.test
+endif
+
 endif # end of BUILD_EXAMPLE_SERVERS
 
 if BUILD_EXAMPLE_CLIENTS
@@ -64,10 +68,6 @@ dist_noinst_SCRIPTS+= scripts/openssl.test
 endif
 endif
 
-if BUILD_TLS13
-dist_noinst_SCRIPTS+= scripts/tls13.test
-endif
-
 EXTRA_DIST +=  scripts/testsuite.pcap \
                scripts/ping.test
 

src/tls.c

@@ -5253,6 +5253,8 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
 
     return ret;
 #else
+    (void)ssl;
+    (void)keyShareEntry;
     return PEER_KEY_ERROR;
 #endif
 }

src/tls13.c

@@ -1503,6 +1503,7 @@ static INLINE void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv,
         nonce[i] ^= iv[i];
 }
 
+#ifdef HAVE_CHACHA
 /* Encrypt with ChaCha20 and create authenication tag with Poly1305.
  *
  * ssl     The SSL/TLS object.
@@ -1550,6 +1551,7 @@ static int ChaCha20Poly1305_Encrypt(WOLFSSL* ssl, byte* output,
 
     return ret;
 }
+#endif
 
 /* Encrypt data for TLS v1.3.
  *
@@ -1694,6 +1696,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
     return ret;
 }
 
+#ifdef HAVE_CHACHA
 /* Decrypt with ChaCha20 and check authenication tag with Poly1305.
  *
  * ssl     The SSL/TLS object.
@@ -1747,6 +1750,7 @@ static int ChaCha20Poly1305_Decrypt(WOLFSSL* ssl, byte* output,
 
     return ret;
 }
+#endif
 
 /* Decrypt data for TLS v1.3.
  *
@@ -3951,18 +3955,14 @@ static int CreateSigData(WOLFSSL* ssl, byte* sigData, word16* sigDataSz,
     XMEMSET(sigData, SIGNING_DATA_PREFIX_BYTE, SIGNING_DATA_PREFIX_SZ);
     idx = SIGNING_DATA_PREFIX_SZ;
 
-    #ifndef NO_WOLFSSL_SERVER
     if ((side == WOLFSSL_SERVER_END && check) ||
         (side == WOLFSSL_CLIENT_END && !check)) {
         XMEMCPY(&sigData[idx], clientCertVfyLabel, CERT_VFY_LABEL_SZ);
     }
-    #endif
-    #ifndef NO_WOLFSSL_CLIENT
     if ((side == WOLFSSL_CLIENT_END && check) ||
         (side == WOLFSSL_SERVER_END && !check)) {
         XMEMCPY(&sigData[idx], serverCertVfyLabel, CERT_VFY_LABEL_SZ);
     }
-    #endif
     idx += CERT_VFY_LABEL_SZ;
 
     ret = GetMsgHash(ssl, &sigData[idx]);
@@ -6849,6 +6849,7 @@ int wolfSSL_request_certificate(WOLFSSL* ssl)
 }
 #endif /* !NO_CERTS && WOLFSSL_POST_HANDSHAKE_AUTH */
 
+#ifndef NO_WOLFSSL_SERVER
 /* The server accepting a connection from a client.
  * The protocol version is expecting to be TLS v1.3.
  * If the client downgrades, and older versions of the protocol are compiled
@@ -7099,6 +7100,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
             return SSL_FATAL_ERROR;
     }
 }
+#endif
 
 #ifdef WOLFSSL_EARLY_DATA
 /* Sets the maximum amount of early data that can be seen by server when using