diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-12-30 04:31:27 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-12-30 04:31:27 +0000 |
commit | 05e1cdf3f4d4cef6b2194ecab93ab2f4628be5cb (patch) | |
tree | 020c837ba65f52c3aec7d9c731c440aefc4f30da | |
parent | fb5035e58461cba9d22adc3c2b30e50358d8b307 (diff) | |
parent | 5735694983629143ef29eaf54472916ad1fb7805 (diff) | |
download | gnutls-05e1cdf3f4d4cef6b2194ecab93ab2f4628be5cb.tar.gz |
Merge branch 'fix-gost-bench' into 'master'
Fix gnutls-cli compilation with GOST disabled
See merge request gnutls/gnutls!1143
-rw-r--r-- | src/Makefile.am | 18 | ||||
-rw-r--r-- | src/benchmark-tls.c | 22 | ||||
-rw-r--r-- | src/cli.c | 30 | ||||
-rw-r--r-- | src/serv.c | 27 |
4 files changed, 84 insertions, 13 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 92762fa88a..94b701a512 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -82,16 +82,13 @@ else LIBOPTS = $(LIBOPTS_LDADD) endif -bin_PROGRAMS = psktool gnutls-cli-debug certtool +bin_PROGRAMS = psktool gnutls-cli-debug certtool gnutls-serv gnutls-cli if ENABLE_SRP bin_PROGRAMS += srptool endif if ENABLE_OCSP -bin_PROGRAMS += ocsptool gnutls-serv -if ENABLE_ANON -bin_PROGRAMS += gnutls-cli -endif +bin_PROGRAMS += ocsptool endif if ENABLE_DANE @@ -140,6 +137,8 @@ noinst_LTLIBRARIES += libcmd-ocsp.la libcmd_ocsp_la_SOURCES = ocsptool-args.def nodist_libcmd_ocsp_la_SOURCES = ocsptool-args.h ocsptool-args.c +endif + gnutls_serv_SOURCES = \ list.h serv.c \ udp-serv.c udp-serv.h \ @@ -153,13 +152,14 @@ noinst_LTLIBRARIES += libcmd-serv.la libcmd_serv_la_SOURCES = serv-args.def nodist_libcmd_serv_la_SOURCES = serv-args.c serv-args.h -if ENABLE_ANON - BENCHMARK_SRCS = benchmark-cipher.c benchmark.c benchmark.h benchmark-tls.c gnutls_cli_SOURCES = cli.c common.h common.c \ - socket.c socket.h ocsptool-common.c inline_cmds.h \ + socket.c socket.h inline_cmds.h \ $(BENCHMARK_SRCS) +if ENABLE_OCSP +gnutls_cli_SOURCES += ocsptool-common.c +endif gnutls_cli_LDADD = ../lib/libgnutls.la -lm if ENABLE_DANE gnutls_cli_LDADD += ../libdane/libgnutls-dane.la @@ -170,8 +170,6 @@ gnutls_cli_LDADD += $(LIBSOCKET) $(GETADDRINFO_LIB) $(LIB_CLOCK_GETTIME) \ noinst_LTLIBRARIES += libcmd-cli.la libcmd_cli_la_SOURCES = cli-args.def nodist_libcmd_cli_la_SOURCES = cli-args.c cli-args.h -endif -endif gnutls_cli_debug_SOURCES = cli-debug.c tests.h tests.c \ socket.c socket.h common.h common.c diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c index 14a3d190cc..2c062a6ee7 100644 --- a/src/benchmark-tls.c +++ b/src/benchmark-tls.c @@ -292,7 +292,9 @@ static void test_ciphersuite(const char *cipher_prio, int size) const char *name; /* Init server */ +#ifdef ENABLE_ANON gnutls_anon_allocate_server_credentials(&s_anoncred); +#endif gnutls_certificate_allocate_credentials(&s_certcred); gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert, @@ -313,7 +315,9 @@ static void test_ciphersuite(const char *cipher_prio, int size) fprintf(stderr, "Error in %s\n", str); exit(1); } +#ifdef ENABLE_ANON gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); +#endif gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -321,7 +325,9 @@ static void test_ciphersuite(const char *cipher_prio, int size) reset_buffers(); /* Init client */ +#ifdef ENABLE_ANON gnutls_anon_allocate_client_credentials(&c_anoncred); +#endif gnutls_certificate_allocate_credentials(&c_certcred); gnutls_init(&client, GNUTLS_CLIENT); @@ -330,7 +336,9 @@ static void test_ciphersuite(const char *cipher_prio, int size) fprintf(stderr, "Error in %s\n", str); exit(1); } +#ifdef ENABLE_ANON gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); +#endif gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); @@ -386,8 +394,10 @@ static void test_ciphersuite(const char *cipher_prio, int size) gnutls_deinit(client); gnutls_deinit(server); +#ifdef ENABLE_ANON gnutls_anon_free_client_credentials(c_anoncred); gnutls_anon_free_server_credentials(s_anoncred); +#endif } static @@ -448,7 +458,9 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) /* Init server */ gnutls_certificate_allocate_credentials(&s_certcred); +#ifdef ENABLE_ANON gnutls_anon_allocate_server_credentials(&s_anoncred); +#endif ret = 0; if (pk == GNUTLS_PK_RSA_PSS) @@ -474,10 +486,12 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ed25519_cert, &server_ed25519_key, GNUTLS_X509_FMT_PEM); +#ifdef ENABLE_GOST else if (pk == GNUTLS_PK_GOST_12_256) ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_gost12_256_cert, &server_gost12_256_key, GNUTLS_X509_FMT_PEM); +#endif if (ret < 0) { fprintf(stderr, "Error in %d: %s\n", __LINE__, gnutls_strerror(ret)); @@ -485,7 +499,9 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) } /* Init client */ +#ifdef ENABLE_ANON gnutls_anon_allocate_client_credentials(&c_anoncred); +#endif gnutls_certificate_allocate_credentials(&c_certcred); start_benchmark(&st); @@ -505,8 +521,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) fprintf(stderr, "Error in setting priority: %s\n", gnutls_strerror(ret)); exit(1); } +#ifdef ENABLE_ANON gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); +#endif gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred); gnutls_transport_set_push_function(server, server_push); @@ -523,8 +541,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) fprintf(stderr, "Error in setting priority: %s\n", gnutls_strerror(ret)); exit(1); } +#ifdef ENABLE_ANON gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); +#endif gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred); @@ -580,8 +600,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) printf(" - avg. handshake time: %.2f %s\n - standard deviation: %.2f %s\n\n", avg, scale, sqrt(svar), scale); +#ifdef ENABLE_ANON gnutls_anon_free_client_credentials(c_anoncred); gnutls_anon_free_server_credentials(s_anoncred); +#endif } void benchmark_tls(int debug_level, int ciphers) @@ -389,6 +389,11 @@ static int cert_verify_callback(gnutls_session_t session) try_save_cert(session); } +#ifndef ENABLE_OCSP + if (HAVE_OPT(SAVE_OCSP) || HAVE_OPT(OCSP)) { + fprintf(stderr, "OCSP is not supported!\n"); + } +#else rc = gnutls_ocsp_status_request_get(session, &oresp); if (rc < 0) { oresp.data = NULL; @@ -403,6 +408,7 @@ static int cert_verify_callback(gnutls_session_t session) fclose(fp); } } +#endif print_cert_info(session, verbose, print_cert); @@ -413,7 +419,9 @@ static int cert_verify_callback(gnutls_session_t session) (stdout, "*** PKI verification of server certificate failed...\n"); if (!insecure && !ssh) return -1; - } else if (ENABLED_OPT(OCSP) && gnutls_ocsp_status_request_is_checked(session, 0) == 0) { /* off-line verification succeeded. Try OCSP */ + } +#ifdef ENABLE_OCSP + else if (ENABLED_OPT(OCSP) && gnutls_ocsp_status_request_is_checked(session, 0) == 0) { /* off-line verification succeeded. Try OCSP */ rc = cert_verify_ocsp(session); if (rc == -1) { log_msg @@ -425,6 +433,7 @@ static int cert_verify_callback(gnutls_session_t session) else log_msg(stdout, "*** OCSP: verified %d certificate(s).\n", rc); } +#endif } if (dane) { /* try DANE auth */ @@ -677,10 +686,21 @@ gnutls_session_t init_tls_session(const char *host) host, strlen(host)); } - if (HAVE_OPT(DH_BITS)) + if (HAVE_OPT(DH_BITS)) { +#if defined(ENABLE_DHE) || defined(ENABLE_ANON) gnutls_dh_set_prime_bits(session, OPT_VALUE_DH_BITS); +#else + fprintf(stderr, "Setting DH parameters is not supported\n"); + exit(1); +#endif + } + if (HAVE_OPT(ALPN)) { +#ifndef ENABLE_ALPN + fprintf(stderr, "ALPN is not supported\n"); + exit(1); +#else unsigned proto_n = STACKCT_OPT(ALPN); char **protos = (void *) STACKLST_OPT(ALPN); @@ -696,6 +716,7 @@ gnutls_session_t init_tls_session(const char *host) p[i].size = strlen(protos[i]); } gnutls_alpn_set_protocols(session, p, proto_n, 0); +#endif } gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred); @@ -1135,6 +1156,7 @@ int do_inline_command_processing(char *buffer_ptr, size_t curr_bytes, static void print_other_info(gnutls_session_t session) { +#ifdef ENABLE_OCSP int ret; gnutls_datum_t oresp; @@ -1175,7 +1197,7 @@ print_other_info(gnutls_session_t session) gnutls_free(p.data); } } - +#endif } int main(int argc, char **argv) @@ -1961,6 +1983,7 @@ static void init_global_tls_stuff(void) * -1: certificate chain could not be checked fully * >=0: number of certificates verified ok */ +#ifdef ENABLE_OCSP static int cert_verify_ocsp(gnutls_session_t session) { gnutls_x509_crt_t cert, issuer; @@ -2057,3 +2080,4 @@ cleanup: return -1; return ok >= 1 ? (int) ok : -1; } +#endif diff --git a/src/serv.c b/src/serv.c index de5691261f..a4dd445da8 100644 --- a/src/serv.c +++ b/src/serv.c @@ -121,7 +121,9 @@ static void tcp_server(const char *name, int port); /* These are global */ gnutls_srp_server_credentials_t srp_cred = NULL; gnutls_psk_server_credentials_t psk_cred = NULL; +#ifdef ENABLE_ANON gnutls_anon_server_credentials_t dh_cred = NULL; +#endif gnutls_certificate_credentials_t cert_cred = NULL; const int ssl_session_cache = 2048; @@ -384,7 +386,9 @@ gnutls_session_t initialize_session(int dtls) int ret; unsigned i; const char *err; +#ifdef ENABLE_ALPN gnutls_datum_t alpn[MAX_ALPN_PROTOCOLS]; +#endif unsigned alpn_size; unsigned flags = GNUTLS_SERVER | GNUTLS_POST_HANDSHAKE_AUTH | GNUTLS_ENABLE_RAWPK; @@ -443,6 +447,12 @@ gnutls_session_t initialize_session(int dtls) } } +#ifndef ENABLE_ALPN + if (alpn_protos_size != 0) { + fprintf(stderr, "ALPN is not supported\n"); + exit(1); + } +#else alpn_size = MIN(MAX_ALPN_PROTOCOLS,alpn_protos_size); for (i=0;i<alpn_size;i++) { alpn[i].data = (void*)alpn_protos[i]; @@ -454,8 +464,11 @@ gnutls_session_t initialize_session(int dtls) fprintf(stderr, "Error setting ALPN protocols: %s\n", gnutls_strerror(ret)); exit(1); } +#endif +#ifdef ENABLE_ANON gnutls_credentials_set(session, GNUTLS_CRD_ANON, dh_cred); +#endif if (srp_cred != NULL) gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); @@ -705,11 +718,13 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, } #endif +#if defined(ENABLE_DHE) || defined(ENABLE_ANON) if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS) { snprintf(tmp_buffer, tmp_buffer_size, "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", gnutls_dh_get_prime_bits(session)); } +#endif tmp = gnutls_compression_get_name(gnutls_compression_get(session)); if (tmp == NULL) @@ -1256,6 +1271,12 @@ int main(int argc, char **argv) "Warning: no private key and certificate pairs were set.\n"); } +#ifndef ENABLE_OCSP + if (HAVE_OPT(IGNORE_OCSP_RESPONSE_ERRORS) || ocsp_responses_size != 0) { + fprintf(stderr, "OCSP is not supported!\n"); + exit(1); + } +#else /* OCSP status-request TLS extension */ if (HAVE_OPT(IGNORE_OCSP_RESPONSE_ERRORS)) gnutls_certificate_set_flags(cert_cred, GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); @@ -1271,13 +1292,19 @@ int main(int argc, char **argv) exit(1); } } +#endif if (use_static_dh_params) { +#if defined(ENABLE_DHE) || defined(ENABLE_ANON) ret = gnutls_certificate_set_known_dh_params(cert_cred, GNUTLS_SEC_PARAM_MEDIUM); if (ret < 0) { fprintf(stderr, "Error while setting DH parameters: %s\n", gnutls_strerror(ret)); exit(1); } +#else + fprintf(stderr, "Setting DH parameters is not supported\n"); + exit(1); +#endif } else { gnutls_certificate_set_params_function(cert_cred, get_params); } |