From: Matt Caswell Date: Mon, 21 May 2018 11:20:18 +0000 (+0100) Subject: Fix no-ec in combination with no-dh X-Git-Tag: OpenSSL_1_1_1-pre7~25 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1aac20f5095fca8691ef4495c3e7438c935a33dc;p=oweals%2Fopenssl.git Fix no-ec in combination with no-dh Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6321) --- diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 65b9d3b3d4..7c756c03a0 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -721,6 +721,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { +#ifndef OPENSSL_NO_TLS1_3 unsigned int format, version, key_share, group_id; EVP_MD_CTX *hctx; EVP_PKEY *pkey; @@ -936,6 +937,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->hello_retry_request = 1; s->ext.cookieok = 1; +#endif return 1; } @@ -1694,14 +1696,16 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, /* SSLfatal() already called */ return EXT_RETURN_FAIL; } -#endif - return EXT_RETURN_SENT; +#else + return EXT_RETURN_FAIL; +#endif } EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { +#ifndef OPENSSL_NO_TLS1_3 unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie; unsigned char *hmac, *hmac2; size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen; @@ -1826,6 +1830,9 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); return ret; +#else + return EXT_RETURN_FAIL; +#endif } EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, diff --git a/test/dtlstest.c b/test/dtlstest.c index 859ec6bee2..c41aac8319 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -116,7 +116,16 @@ static int test_dtls_unprocessed(int testidx) #define CLI_TO_SRV_EPOCH_0_RECS 3 #define CLI_TO_SRV_EPOCH_1_RECS 1 -#define SRV_TO_CLI_EPOCH_0_RECS 12 +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) +# define SRV_TO_CLI_EPOCH_0_RECS 12 +#else +/* + * In this case we have no ServerKeyExchange message, because we don't have + * ECDHE or DHE. When it is present it gets fragmented into 3 records in this + * test. + */ +# define SRV_TO_CLI_EPOCH_0_RECS 9 +#endif #define SRV_TO_CLI_EPOCH_1_RECS 1 #define TOTAL_FULL_HAND_RECORDS \ (CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \ diff --git a/test/sslapitest.c b/test/sslapitest.c index fe1c1e6ff3..f2978aa078 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4473,7 +4473,9 @@ static int test_info_callback(int tst) int tlsvers; if (tst < 2) { -#ifndef OPENSSL_NO_TLS1_2 +/* We need either ECDHE or DHE for the TLSv1.2 test to work */ +#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \ + || !defined(OPENSSL_NO_DH)) tlsvers = TLS1_2_VERSION; #else return 1;