diff --git a/src/internal.c b/src/internal.c index 52380753b..174eda1af 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2463,8 +2463,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #endif /* !NO_CERTS */ #ifdef HAVE_TLS_EXTENSIONS +#if !defined(NO_TLS) TLSX_FreeAll(ctx->extensions, ctx->heap); - +#endif /* !NO_TLS */ #ifndef NO_WOLFSSL_SERVER #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) @@ -7422,8 +7423,9 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif /* NO_RSA */ #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_TLS_EXTENSIONS +#if !defined(NO_TLS) TLSX_FreeAll(ssl->extensions, ssl->heap); - +#endif /* !NO_TLS */ #ifdef HAVE_ALPN if (ssl->alpn_client_list != NULL) { XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN); @@ -7735,7 +7737,7 @@ void FreeHandshakeResources(WOLFSSL* ssl) #endif /* HAVE_PK_CALLBACKS */ #if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && \ - !defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH) +!defined(NO_TLS) && !defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH) /* Some extensions need to be kept for post-handshake querying. */ TLSX_FreeAll(ssl->extensions, ssl->heap); ssl->extensions = NULL; @@ -12812,9 +12814,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, listSz -= extSz + OPAQUE16_LEN; WOLFSSL_MSG_EX("\tParsing %d bytes of cert extensions", args->exts[args->totalCerts].length); + #if !defined(NO_TLS) ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer, (word16)args->exts[args->totalCerts].length, certificate, NULL); + #endif /* !NO_TLS */ if (ret < 0) { WOLFSSL_ERROR_VERBOSE(ret); ERROR_OUT(ret, exit_ppc); @@ -19814,7 +19818,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, (void)epochOrder; #ifndef NO_TLS -#ifdef WOLFSSL_NO_TLS12 +#if defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13) return BuildTls13Message(ssl, output, outSz, input, inSz, type, hashOutput, sizeOnly, asyncOkay); #else diff --git a/src/ssl.c b/src/ssl.c index ee964d834..c15a1e936 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2867,8 +2867,11 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name) return BAD_FUNC_ARG; ssl->options.userCurves = 1; - +#if defined(NO_TLS) + return WOLFSSL_FAILURE; +#else return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); +#endif /* NO_TLS */ } @@ -2878,8 +2881,11 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name) return BAD_FUNC_ARG; ctx->userCurves = 1; - +#if defined(NO_TLS) + return WOLFSSL_FAILURE; +#else return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap); +#endif /* NO_TLS */ } #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) @@ -3079,7 +3085,9 @@ int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list) int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl) { int ret = BAD_FUNC_ARG; - +#if defined(NO_TLS) + (void)ssl; +#else if (ssl) ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap); @@ -3089,7 +3097,7 @@ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl) if (extension) ssl->secure_renegotiation = (SecureRenegotiation*)extension->data; } - +#endif /* !NO_TLS */ return ret; } @@ -4669,12 +4677,12 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) ssl->version = MakeTLSv1_2(); break; #endif -#endif -#ifdef WOLFSSL_TLS13 + + #ifdef WOLFSSL_TLS13 case WOLFSSL_TLSV1_3: ssl->version = MakeTLSv1_3(); break; - + #endif /* WOLFSSL_TLS13 */ #endif default: diff --git a/src/tls13.c b/src/tls13.c index cf770b950..2d3fb8d50 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -10356,11 +10356,14 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group) } } #endif - +#if defined(NO_TLS) + (void)ret; + (void)group; +#else ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL); if (ret != 0) return ret; - +#endif /* NO_TLS */ return WOLFSSL_SUCCESS; } @@ -10377,11 +10380,13 @@ int wolfSSL_NoKeyShares(WOLFSSL* ssl) return BAD_FUNC_ARG; if (ssl->options.side == WOLFSSL_SERVER_END) return SIDE_ERROR; - +#if defined(NO_TLS) + (void)ret; +#else ret = TLSX_KeyShare_Empty(ssl); if (ret != 0) return ret; - +#endif /* NO_TLS */ return WOLFSSL_SUCCESS; } #endif @@ -10647,13 +10652,17 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count) return BAD_FUNC_ARG; ctx->numGroups = 0; + #if !defined(NO_TLS) TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap); + #endif /* !NO_TLS */ for (i = 0; i < count; i++) { /* Call to wolfSSL_CTX_UseSupportedCurve also checks if input groups * are valid */ if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)groups[i])) != WOLFSSL_SUCCESS) { + #if !defined(NO_TLS) TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap); + #endif /* !NO_TLS */ return ret; } ctx->group[i] = (word16)groups[i]; @@ -10682,13 +10691,17 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count) return BAD_FUNC_ARG; ssl->numGroups = 0; + #if !defined(NO_TLS) TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap); + #endif /* !NO_TLS */ for (i = 0; i < count; i++) { /* Call to wolfSSL_UseSupportedCurve also checks if input groups * are valid */ if ((ret = wolfSSL_UseSupportedCurve(ssl, (word16)groups[i])) != WOLFSSL_SUCCESS) { + #if !defined(NO_TLS) TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap); + #endif /* !NO_TLS */ return ret; } ssl->group[i] = (word16)groups[i]; diff --git a/tests/api.c b/tests/api.c index b54b8dc27..6b4cad62e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1412,18 +1412,22 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void) const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; ret = test_cm_load_ca_file(ca_cert); -#ifdef NO_RSA +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); +#elif defined(NO_RSA) AssertIntEQ(ret, ASN_UNKNOWN_OID_E); #else AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif ret = test_cm_load_ca_file(ca_expired_cert); -#ifdef NO_RSA +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); + if (ret == WOLFSSL_FATAL_ERROR) +#elif defined(NO_RSA) AssertIntEQ(ret, ASN_UNKNOWN_OID_E); if (ret == ASN_UNKNOWN_OID_E) -#else -#if !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ +#elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ !defined(OPENSSL_COMPATIBLE_DEFAULTS) AssertIntEQ(ret, ASN_AFTER_DATE_E); if (ret == ASN_AFTER_DATE_E) @@ -1431,7 +1435,6 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void) AssertIntEQ(ret, WOLFSSL_SUCCESS); if (ret == WOLFSSL_SUCCESS) #endif -#endif #endif { ret = 0; @@ -1510,8 +1513,11 @@ static int test_wolfSSL_CertManagerSetVerify(void) wolfSSL_CertManagerSetVerify(cm, myVerify); ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL); + #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + AssertIntEQ(ret, -1); + #else AssertIntEQ(ret, WOLFSSL_SUCCESS); - + #endif /* Use the test CB that always accepts certs */ myVerifyAction = VERIFY_OVERRIDE_ERROR; @@ -2440,6 +2446,7 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ defined(USE_CERT_BUFFERS_2048) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx; const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der"; byte ca_expired_cert[TWOK_BUF]; @@ -2485,7 +2492,7 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void) WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); - +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return 0; @@ -2494,7 +2501,8 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void) static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) + defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX* ctx; #ifndef NO_WOLFSSL_CLIENT @@ -2517,7 +2525,7 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) static int test_wolfSSL_CTX_add1_chain_cert(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \ - defined(KEEP_OUR_CERT) && !defined(NO_RSA) + defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX* ctx; WOLFSSL* ssl; const char *certChain[] = { @@ -2562,11 +2570,15 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) { int ret = 0; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) const char* server_chain_der = "./certs/server-cert-chain.der"; const char* client_single_pem = "./certs/client-cert.pem"; WOLFSSL_CTX* ctx; + (void)server_chain_der; + (void)client_single_pem; + (void)ctx; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); @@ -2587,9 +2599,10 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) static int test_wolfSSL_CTX_SetTmpDH_file(void) { -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx; - + (void)ctx; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else @@ -2603,6 +2616,7 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void) /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, NULL, WOLFSSL_FILETYPE_PEM)); + AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, bogusFile, WOLFSSL_FILETYPE_PEM)); @@ -2618,9 +2632,10 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void) static int test_wolfSSL_CTX_SetTmpDH_buffer(void) { -#if !defined(NO_CERTS) && !defined(NO_DH) +#if !defined(NO_CERTS) && !defined(NO_DH) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx; - + (void)ctx; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else @@ -2634,6 +2649,7 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void) /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); + AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); @@ -2649,9 +2665,10 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void) static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) { -#if !defined(NO_CERTS) && !defined(NO_DH) +#if !defined(NO_CERTS) && !defined(NO_DH) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx; - + (void)ctx; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); @@ -2688,7 +2705,8 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) static int test_wolfSSL_CTX_der_load_verify_locations(void) { -#ifdef WOLFSSL_DER_LOAD +#if defined(WOLFSSL_DER_LOAD) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX* ctx = NULL; const char* derCert = "./certs/server-cert.der"; const char* nullPath = NULL; @@ -2767,7 +2785,7 @@ static int test_wolfSSL_CTX_enable_disable(void) #elif !defined(NO_WOLFSSL_SERVER) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else - return; + return 0; #endif #ifdef HAVE_CRL @@ -2844,8 +2862,8 @@ static int test_wolfSSL_set_minmax_proto_version(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); - -#else +#endif +#ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE); @@ -5177,6 +5195,7 @@ typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); static int test_client_nofail(void* args, cbType cb) { +#if !defined(NO_WOLFSSL_CLIENT) SOCKET_T sockfd = 0; callback_functions* cbf; @@ -5374,12 +5393,16 @@ done: wc_ecc_fp_free(); /* free per thread cache */ #endif +#else + (void)args; + (void)cb; +#endif /* !NO_WOLFSSL_CLIENT */ return 0; } -#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) -static void test_client_reuse_WOLFSSLobj(void* args, void *cb, - void* server_args) +#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ + !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) +static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args) { SOCKET_T sockfd = 0; callback_functions* cbf; @@ -5595,7 +5618,8 @@ done: return; } -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && + !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) */ static int test_client_verifyDepth(void* args) @@ -6310,7 +6334,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient(void) static int test_client_get_finished(void* args, cbType cb) { -#ifdef WOLFSSL_HAVE_TLS_UNIQUE +#if defined(WOLFSSL_HAVE_TLS_UNIQUE) && !defined(NO_WOLFSSL_CLIENT) SOCKET_T sockfd = 0; callback_functions* cbf; @@ -6454,7 +6478,7 @@ done: #else (void)args; (void)cb; -#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ +#endif /* WOLFSSL_HAVE_TLS_UNIQUE && !NO_WOLFSSL_CLIENT */ return 0; } @@ -7421,6 +7445,7 @@ static void test_wolfSSL_client_server(callback_functions* client_callbacks, #ifdef HAVE_SNI static int test_wolfSSL_UseSNI_params(void) { +#if !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); @@ -7442,6 +7467,7 @@ static int test_wolfSSL_UseSNI_params(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT */ return 0; } @@ -7551,6 +7577,7 @@ static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl) static int test_wolfSSL_UseSNI_connection(void) { +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) callback_functions client_cb; callback_functions server_cb; @@ -7610,6 +7637,7 @@ static int test_wolfSSL_UseSNI_connection(void) client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching; test_wolfSSL_client_server(&client_cb, &server_cb); +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ return 0; } @@ -7765,6 +7793,7 @@ static int test_wolfSSL_UseTrustedCA(void) { #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; WOLFSSL *ssl; byte id[20]; @@ -7806,6 +7835,7 @@ static int test_wolfSSL_UseTrustedCA(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* HAVE_TRUSTED_CA */ return 0; @@ -7815,6 +7845,8 @@ static int test_wolfSSL_UseMaxFragment(void) { #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) + +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #else @@ -7887,6 +7919,7 @@ static int test_wolfSSL_UseMaxFragment(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return 0; @@ -7896,6 +7929,7 @@ static int test_wolfSSL_UseTruncatedHMAC(void) { #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #else @@ -7923,6 +7957,7 @@ static int test_wolfSSL_UseTruncatedHMAC(void) wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return 0; @@ -8095,6 +8130,7 @@ static void verify_ALPN_client_list(WOLFSSL* ssl) static int test_wolfSSL_UseALPN_connection(void) { +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) callback_functions client_cb; callback_functions server_cb; @@ -8145,7 +8181,7 @@ static int test_wolfSSL_UseALPN_connection(void) client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client; test_wolfSSL_client_server(&client_cb, &server_cb); - +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ return 0; } @@ -8299,6 +8335,7 @@ static void verify_alpn_matching_http1(WOLFSSL* ssl) static int test_wolfSSL_set_alpn_protos(void) { +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) callback_functions client_cb; callback_functions server_cb; @@ -8319,6 +8356,7 @@ static int test_wolfSSL_set_alpn_protos(void) server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3; test_wolfSSL_client_server(&client_cb, &server_cb); +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ return 0; } @@ -8557,6 +8595,7 @@ static int test_wolfSSL_PKCS12(void) || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else @@ -8577,7 +8616,7 @@ static int test_wolfSSL_PKCS12(void) SSL_free(ssl); SSL_CTX_free(ctx); #endif - +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ /* should be 2 other certs on stack */ tmp = sk_X509_pop(ca); AssertNotNull(tmp); @@ -8668,6 +8707,7 @@ static int test_wolfSSL_PKCS12(void) /* check use of pkey after parse */ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else @@ -8675,6 +8715,7 @@ static int test_wolfSSL_PKCS12(void) #endif AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); SSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif AssertNotNull(pkey); @@ -8920,6 +8961,7 @@ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata) static int test_wolfSSL_PKCS8(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) byte buff[FOURK_BUF]; byte der[FOURK_BUF]; #ifndef NO_RSA @@ -9111,6 +9153,7 @@ static int test_wolfSSL_PKCS8(void) wolfSSL_CTX_free(ctx); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */ return 0; @@ -9136,6 +9179,7 @@ static int test_wolfSSL_PKCS8_ED25519(void) XMEMSET(der, 0, sizeof(der)); AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, (word32)sizeof(der), password)), 0); +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else @@ -9145,6 +9189,7 @@ static int test_wolfSSL_PKCS8_ED25519(void) WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return 0; @@ -9170,6 +9215,7 @@ static int test_wolfSSL_PKCS8_ED448(void) XMEMSET(der, 0, sizeof(der)); AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, (word32)sizeof(der), password)), 0); +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else @@ -9179,6 +9225,7 @@ static int test_wolfSSL_PKCS8_ED448(void) WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return 0; @@ -31601,6 +31648,7 @@ static int test_wolfSSL_private_keys(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL* ssl; WOLFSSL_CTX* ctx; EVP_PKEY* pkey = NULL; @@ -31808,6 +31856,7 @@ static int test_wolfSSL_private_keys(void) (void)pkey; printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ return 0; @@ -32556,6 +32605,7 @@ static int test_wolfSSL_tmp_dh(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) byte buff[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; @@ -32617,6 +32667,7 @@ static int test_wolfSSL_tmp_dh(void) SSL_CTX_free(ctx); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return 0; @@ -33348,6 +33399,7 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) char caFile[] = "./certs/client-ca.pem"; char clientFile[] = "./certs/client-cert.pem"; SSL_CTX* ctx; @@ -33440,6 +33492,7 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void) sk_X509_pop_free(chain2, X509_free); SSL_CTX_free(ctx); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */ @@ -34177,6 +34230,7 @@ static int test_wolfSSL_X509_STORE_CTX_set_time(void) static int test_wolfSSL_CTX_get0_set1_param(void) { #if defined(OPENSSL_EXTRA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) int ret; SSL_CTX* ctx; WOLFSSL_X509_VERIFY_PARAM* pParam; @@ -34222,6 +34276,7 @@ static int test_wolfSSL_CTX_get0_set1_param(void) XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/ return 0; @@ -34230,6 +34285,7 @@ static int test_wolfSSL_CTX_get0_set1_param(void) static int test_wolfSSL_get0_param(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL_CTX* ctx; SSL* ssl; WOLFSSL_X509_VERIFY_PARAM* pParam; @@ -34252,6 +34308,7 @@ static int test_wolfSSL_get0_param(void) SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/ return 0; @@ -34642,7 +34699,8 @@ static void keyLog_callback(const WOLFSSL* ssl, const char* line ) #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ static int test_wolfSSL_CTX_set_keylog_callback(void) { -#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \ + !defined(NO_WOLFSSL_CLIENT) SSL_CTX* ctx; printf( testingFmt, "wolfSSL_CTX_set_keylog_callback()"); @@ -34652,13 +34710,14 @@ static int test_wolfSSL_CTX_set_keylog_callback(void) SSL_CTX_set_keylog_callback(NULL, NULL); printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */ return 0; } static int test_wolfSSL_CTX_get_keylog_callback(void) { -#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \ + !defined(NO_WOLFSSL_CLIENT) SSL_CTX* ctx; printf( testingFmt, "wolfSSL_CTX_get_keylog_callback()"); @@ -34671,7 +34730,7 @@ static int test_wolfSSL_CTX_get_keylog_callback(void) SSL_CTX_free(ctx); printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */ return 0; } @@ -35097,7 +35156,8 @@ static int test_wolfSSL_X509_NID(void) static int test_wolfSSL_CTX_set_srp_username(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ - && !defined(NO_SHA256) && !defined(WC_NO_RNG) + && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx; WOLFSSL* ssl; const char *username = "TESTUSER"; @@ -35128,7 +35188,7 @@ static int test_wolfSSL_CTX_set_srp_username(void) printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ - /* && !NO_SHA256 && !WC_NO_RNG */ + /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */ return 0; } @@ -35136,7 +35196,7 @@ static int test_wolfSSL_CTX_set_srp_username(void) static int test_wolfSSL_CTX_set_srp_password(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ - && !defined(NO_SHA256) && !defined(WC_NO_RNG) + && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX* ctx; const char *username = "TESTUSER"; const char *password = "TESTPASSWORD"; @@ -35159,7 +35219,7 @@ static int test_wolfSSL_CTX_set_srp_password(void) printf(resultFmt, passed); #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ - /* && !NO_SHA256 && !WC_NO_RNG */ + /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */ return 0; } @@ -35222,6 +35282,7 @@ static int test_wolfSSL_X509_STORE(void) #ifndef WOLFCRYPT_ONLY { + #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL_CTX* ctx; SSL* ssl; int i; @@ -35251,6 +35312,7 @@ static int test_wolfSSL_X509_STORE(void) SSL_free(ssl); SSL_CTX_free(ctx); } + #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ } #endif printf(resultFmt, passed); @@ -35919,6 +35981,7 @@ static int test_generate_cookie(void) static int test_wolfSSL_set_options(void) { #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL* ssl; WOLFSSL_CTX* ctx; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -36043,6 +36106,7 @@ static int test_wolfSSL_set_options(void) wolfSSL_CTX_free(ctx); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ return 0; @@ -36052,6 +36116,7 @@ static int test_wolfSSL_sk_SSL_CIPHER(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL* ssl; SSL_CTX* ctx; STACK_OF(SSL_CIPHER) *sk, *dupSk; @@ -36080,6 +36145,7 @@ static int test_wolfSSL_sk_SSL_CIPHER(void) SSL_CTX_free(ctx); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ @@ -36089,6 +36155,7 @@ static int test_wolfSSL_sk_SSL_CIPHER(void) static int test_wolfSSL_set1_curves_list(void) { #if defined(OPENSSL_EXTRA) && defined(HAVE_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL* ssl = NULL; SSL_CTX* ctx = NULL; @@ -36114,6 +36181,7 @@ static int test_wolfSSL_set1_curves_list(void) SSL_CTX_free(ctx); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return 0; @@ -36122,6 +36190,7 @@ static int test_wolfSSL_set1_curves_list(void) static int test_wolfSSL_set1_sigalgs_list(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL* ssl; SSL_CTX* ctx; @@ -36238,6 +36307,7 @@ static int test_wolfSSL_set1_sigalgs_list(void) SSL_CTX_free(ctx); printf(resultFmt, passed); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return 0; @@ -40002,7 +40072,8 @@ static int test_wolfSSL_BIO_should_retry(void) static int test_wolfSSL_BIO_connect(void) { -#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT) +#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + defined(HAVE_HTTP_CLIENT) && !defined(NO_WOLFSSL_CLIENT) tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; @@ -49667,10 +49738,15 @@ static int test_wolfSSL_SMIME_write_PKCS7(void) if (cert_buf) free(cert_buf); - +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + if (ret == WOLFSSL_FATAL_ERROR) { + ret = 0; + } +#else if (ret == ASN_SIG_CONFIRM_E) { ret = 0; } +#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ return ret; } @@ -49700,9 +49776,15 @@ static int test_wolfSSL_SMIME_write_PKCS7(void) #ifdef FP_ECC wc_ecc_fp_free(); #endif +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + if (ret == WOLFSSL_FATAL_ERROR) { + ret = 0; + } +#else if (ret == ASN_SIG_CONFIRM_E) { ret = 0; } +#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ return ret; } @@ -49758,7 +49840,9 @@ static int test_tls13_apis(void) WOLFSSL_ECC_SECP256R1 #endif }; +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) int bad_groups[2] = { 0xDEAD, 0xBEEF }; +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ int numGroups = 2; #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) @@ -54723,9 +54807,11 @@ static int test_various_pathlen_chains(void) printf("cert manager new failed\n"); return -1; } - +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + AssertIntEQ(test_chainG(cm), -1); +#else AssertIntEQ(test_chainG(cm), 0); - +#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ ret = wolfSSL_CertManagerUnloadCAs(cm); if (ret != WOLFSSL_SUCCESS) return -1; @@ -54758,8 +54844,11 @@ static int test_various_pathlen_chains(void) printf("cert manager new failed\n"); return -1; } +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + AssertIntEQ(test_chainI(cm), -1); +#else AssertIntEQ(test_chainI(cm), 0); - +#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); if ((cm = wolfSSL_CertManagerNew()) == NULL) {