Fix no-ec in combination with no-dh
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6321)
This commit is contained in:
parent
d61e6040a0
commit
1aac20f509
3 changed files with 22 additions and 4 deletions
|
@ -721,6 +721,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
||||
size_t chainidx)
|
||||
{
|
||||
#ifndef OPENSSL_NO_TLS1_3
|
||||
unsigned int format, version, key_share, group_id;
|
||||
EVP_MD_CTX *hctx;
|
||||
EVP_PKEY *pkey;
|
||||
|
@ -936,6 +937,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|||
s->hello_retry_request = 1;
|
||||
|
||||
s->ext.cookieok = 1;
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -1694,14 +1696,16 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
|
|||
/* SSLfatal() already called */
|
||||
return EXT_RETURN_FAIL;
|
||||
}
|
||||
#endif
|
||||
|
||||
return EXT_RETURN_SENT;
|
||||
#else
|
||||
return EXT_RETURN_FAIL;
|
||||
#endif
|
||||
}
|
||||
|
||||
EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
|
||||
X509 *x, size_t chainidx)
|
||||
{
|
||||
#ifndef OPENSSL_NO_TLS1_3
|
||||
unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie;
|
||||
unsigned char *hmac, *hmac2;
|
||||
size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen;
|
||||
|
@ -1826,6 +1830,9 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
|
|||
EVP_MD_CTX_free(hctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
return ret;
|
||||
#else
|
||||
return EXT_RETURN_FAIL;
|
||||
#endif
|
||||
}
|
||||
|
||||
EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
|
||||
|
|
|
@ -116,7 +116,16 @@ static int test_dtls_unprocessed(int testidx)
|
|||
|
||||
#define CLI_TO_SRV_EPOCH_0_RECS 3
|
||||
#define CLI_TO_SRV_EPOCH_1_RECS 1
|
||||
#define SRV_TO_CLI_EPOCH_0_RECS 12
|
||||
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
|
||||
# define SRV_TO_CLI_EPOCH_0_RECS 12
|
||||
#else
|
||||
/*
|
||||
* In this case we have no ServerKeyExchange message, because we don't have
|
||||
* ECDHE or DHE. When it is present it gets fragmented into 3 records in this
|
||||
* test.
|
||||
*/
|
||||
# define SRV_TO_CLI_EPOCH_0_RECS 9
|
||||
#endif
|
||||
#define SRV_TO_CLI_EPOCH_1_RECS 1
|
||||
#define TOTAL_FULL_HAND_RECORDS \
|
||||
(CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \
|
||||
|
|
|
@ -4473,7 +4473,9 @@ static int test_info_callback(int tst)
|
|||
int tlsvers;
|
||||
|
||||
if (tst < 2) {
|
||||
#ifndef OPENSSL_NO_TLS1_2
|
||||
/* We need either ECDHE or DHE for the TLSv1.2 test to work */
|
||||
#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \
|
||||
|| !defined(OPENSSL_NO_DH))
|
||||
tlsvers = TLS1_2_VERSION;
|
||||
#else
|
||||
return 1;
|
||||
|
|
Loading…
Reference in a new issue