WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: add guards to compile w !HAVE_SUPPORTED_CURVES && NO_CERTS 

This configuration can be used to build a static PSK only build
pull/6475/head
Marco Oliverio 2023-06-05 16:13:11 +00:00
parent ccd404e13d
commit e53453a7ed
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/dtls.c
View File

@ -573,6 +573,10 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
XMEMSET(&pskInfo, 0, sizeof(pskInfo));
#endif
#ifndef HAVE_SUPPORTED_CURVES
(void)doKE;
#endif /* !HAVE_SUPPORTED_CURVES */
XMEMSET(&cs, 0, sizeof(cs));
/* We need to echo the session ID sent by the client */
@ -602,10 +606,13 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
/* Set that this is a response extension */
parsedExts->resp = 1;
#if defined(HAVE_SUPPORTED_CURVES)
ret = TLSX_SupportedCurve_Copy(ssl->extensions, &parsedExts, ssl->heap);
if (ret != 0)
goto dtls13_cleanup;
#endif
#if !defined(NO_CERTS)
/* Signature algs */
ret = FindExtByType(&tlsx, TLSX_SIGNATURE_ALGORITHMS,
ch->extension, &tlsxFound);
@ -624,7 +631,9 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
XMEMCPY(suites.hashSigAlgo, sigAlgs.elements, sigAlgs.size);
haveSA = 1;
}
#endif /* !defined(NO_CERTS) */
#ifdef HAVE_SUPPORTED_CURVES
/* Supported groups */
ret = FindExtByType(&tlsx, TLSX_SUPPORTED_GROUPS,
ch->extension, &tlsxFound);
@ -650,6 +659,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
goto dtls13_cleanup;
haveKS = 1;
}
#endif /* HAVE_SUPPORTED_CURVES */
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* Pre-shared key */
@ -705,6 +715,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
ERROR_OUT(INCOMPLETE_DATA, dtls13_cleanup);
}
#ifdef HAVE_SUPPORTED_CURVES
if (doKE) {
byte searched = 0;
ret = TLSX_KeyShare_Choose(ssl, parsedExts, &cs.clientKSE,
@ -714,9 +725,10 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
if (cs.clientKSE == NULL && searched)
cs.doHelloRetry = 1;
}
#endif /* HAVE_SUPPORTED_CURVES */
}
else
#endif
#endif /* defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) */
{
/* https://datatracker.ietf.org/doc/html/rfc8446#section-9.2 */
if (!haveKS || !haveSA || !haveSG) {
@ -731,6 +743,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
ERROR_OUT(INCOMPLETE_DATA, dtls13_cleanup);
}
}
#ifdef HAVE_SUPPORTED_CURVES
if (cs.doHelloRetry) {
ret = TLSX_KeyShare_SetSupported(ssl, &parsedExts);
if (ret != 0)
@ -741,6 +755,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
* and are not doing curve negotiation. */
TLSX_Remove(&parsedExts, TLSX_KEY_SHARE, ssl->heap);
}
#endif /* HAVE_SUPPORTED_CURVES */
/* This is required to correctly generate the hash */
ret = GetCipherSpec(WOLFSSL_SERVER_END, cs.cipherSuite0,

4
wolfssl/test.h
View File

@ -5430,9 +5430,11 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx,
*ctx_c = wolfSSL_CTX_new(method_c());
if (*ctx_c == NULL)
return -1;
#ifndef NO_CERTS
ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
if (ret != WOLFSSL_SUCCESS)
return -1;
#endif /* NO_CERTS */
wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
if (ctx->c_ciphers != NULL) {
@ -5446,6 +5448,7 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx,
*ctx_s = wolfSSL_CTX_new(method_s());
if (*ctx_s == NULL)
return -1;
#ifndef NO_CERTS
ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
WOLFSSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS)
@ -5454,6 +5457,7 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx,
WOLFSSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS)
return -1;
#endif
wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
if (ctx->s_ciphers != NULL) {