wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix build errors with dtls1.3 and no tls1.2

Browse Source
This commit is contained in:
Eric Blankenhorn
2023-11-15 10:37:09 -06:00
parent 8f7adb2c16
commit 7bbeadcf97
6 changed files with 106 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
examples/sctp/sctp-client-dtls.c
View File

@ -27,7 +27,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
/* sctp */ /* sctp */
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/types.h> #include <sys/types.h>
@ -47,13 +47,13 @@ static int err_sys(const char* msg)
perror(msg); perror(msg);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */ #endif /* WOLFSSL_SCTP && WOLFSSL_DTLS && !WOLFSSL_NO_TLS12 */
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
(void)argc; (void)argc;
(void)argv; (void)argv;
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP); int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0) if (sd < 0)
@ -126,7 +126,7 @@ int main(int argc, char **argv)
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
close(sd); close(sd);
#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */ #endif /* WOLFSSL_SCTP && WOLFSSL_DTLS && !WOLFSSL_NO_TLS12 */
return 0; return 0;
} }

8
examples/sctp/sctp-server-dtls.c
View File

@ -26,7 +26,7 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
/* sctp */ /* sctp */
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/types.h> #include <sys/types.h>
@ -47,13 +47,13 @@ static int err_sys(const char* msg)
perror(msg); perror(msg);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */ #endif /* WOLFSSL_SCTP && WOLFSSL_DTLS && !WOLFSSL_NO_TLS12 */
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
(void)argc; (void)argc;
(void)argv; (void)argv;
#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP); int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
if (sd < 0) if (sd < 0)
@ -125,6 +125,6 @@ int main(int argc, char **argv)
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
close(sd); close(sd);
#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */ #endif /* WOLFSSL_SCTP && WOLFSSL_DTLS && !WOLFSSL_NO_TLS12 */
return 0; return 0;
} }

6
src/dtls.c
View File

@ -868,6 +868,7 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13)
else else
#endif #endif
{ {
#if !defined(WOLFSSL_NO_TLS12)
if (!ch->dtls12cookieSet) { if (!ch->dtls12cookieSet) {
ret = CreateDtls12Cookie(ssl, ch, ch->dtls12cookie); ret = CreateDtls12Cookie(ssl, ch, ch->dtls12cookie);
if (ret != 0) if (ret != 0)
@ -876,6 +877,11 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13)
} }
ret = SendHelloVerifyRequest((WOLFSSL*)ssl, ch->dtls12cookie, ret = SendHelloVerifyRequest((WOLFSSL*)ssl, ch->dtls12cookie,
DTLS_COOKIE_SZ); DTLS_COOKIE_SZ);
#else
WOLFSSL_MSG("DTLS1.2 disabled with WOLFSSL_NO_TLS12");
WOLFSSL_ERROR_VERBOSE(NOT_COMPILED_IN);
ret = NOT_COMPILED_IN;
#endif
} }
return ret; return ret;
} }

6
src/dtls13.c
View File

@ -372,8 +372,14 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
downgraded = 1; downgraded = 1;
} }
else { else {
#if !defined(WOLFSSL_NO_TLS12)
ret = DoHandShakeMsgType(ssl, msg->fullMsg, &idx, msg->type, ret = DoHandShakeMsgType(ssl, msg->fullMsg, &idx, msg->type,
msg->sz, msg->sz); msg->sz, msg->sz);
#else
WOLFSSL_MSG("DTLS1.2 disabled with WOLFSSL_NO_TLS12");
WOLFSSL_ERROR_VERBOSE(NOT_COMPILED_IN);
ret = NOT_COMPILED_IN;
#endif
} }
/* processing certificate_request triggers a connect. The error came /* processing certificate_request triggers a connect. The error came

98
src/tls.c
View File

@ -678,55 +678,6 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
return ret; return ret;
} }
int wolfSSL_GetHmacType_ex(CipherSpecs* specs)
{
if (specs == NULL)
return BAD_FUNC_ARG;
switch (specs->mac_algorithm) {
#ifndef NO_MD5
case md5_mac:
{
return WC_MD5;
}
#endif
#ifndef NO_SHA256
case sha256_mac:
{
return WC_SHA256;
}
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac:
{
return WC_SHA384;
}
#endif
#ifdef WOLFSSL_SM3
case sm3_mac:
{
return WC_SM3;
}
#endif
#ifndef NO_SHA
case sha_mac:
{
return WC_SHA;
}
#endif
#ifdef HAVE_BLAKE2
case blake2b_mac:
{
return BLAKE2B_ID;
}
#endif
default:
{
return WOLFSSL_FATAL_ERROR;
}
}
}
/* return HMAC digest type in wolfSSL format */ /* return HMAC digest type in wolfSSL format */
int wolfSSL_GetHmacType(WOLFSSL* ssl) int wolfSSL_GetHmacType(WOLFSSL* ssl)
{ {
@ -1277,6 +1228,55 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
#endif /* !WOLFSSL_NO_TLS12 */ #endif /* !WOLFSSL_NO_TLS12 */
int wolfSSL_GetHmacType_ex(CipherSpecs* specs)
{
if (specs == NULL)
return BAD_FUNC_ARG;
switch (specs->mac_algorithm) {
#ifndef NO_MD5
case md5_mac:
{
return WC_MD5;
}
#endif
#ifndef NO_SHA256
case sha256_mac:
{
return WC_SHA256;
}
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac:
{
return WC_SHA384;
}
#endif
#ifdef WOLFSSL_SM3
case sm3_mac:
{
return WC_SM3;
}
#endif
#ifndef NO_SHA
case sha_mac:
{
return WC_SHA;
}
#endif
#ifdef HAVE_BLAKE2
case blake2b_mac:
{
return BLAKE2B_ID;
}
#endif
default:
{
return WOLFSSL_FATAL_ERROR;
}
}
}
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
/** /**

52
tests/api.c
View File

@ -59684,7 +59684,8 @@ static int test_wolfSSL_dtls_set_mtu(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
#if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \ #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
!defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS) !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS) && \
!defined(WOLFSSL_NO_TLS12)
WOLFSSL_CTX* ctx = NULL; WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL; WOLFSSL* ssl = NULL;
const char* testCertFile; const char* testCertFile;
@ -59722,7 +59723,7 @@ static int test_wolfSSL_dtls_set_mtu(void)
} }
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
defined(WOLFSSL_DTLS) defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
static WC_INLINE void generateDTLSMsg(byte* out, int outSz, word32 seq, static WC_INLINE void generateDTLSMsg(byte* out, int outSz, word32 seq,
enum HandShakeType hsType, word16 length) enum HandShakeType hsType, word16 length)
@ -59842,7 +59843,7 @@ static int test_wolfSSL_dtls_plaintext(void) {
#endif #endif
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
defined(WOLFSSL_DTLS) defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl) static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl)
{ {
@ -59963,8 +59964,10 @@ static int test_wolfSSL_dtls_fragments(void)
method_provider server_meth; method_provider server_meth;
ssl_callback spammer; ssl_callback spammer;
} params[] = { } params[] = {
#if !defined(WOLFSSL_NO_TLS12)
{wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
test_wolfSSL_dtls12_fragments_spammer}, test_wolfSSL_dtls12_fragments_spammer},
#endif
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
{wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
test_wolfSSL_dtls13_fragments_spammer}, test_wolfSSL_dtls13_fragments_spammer},
@ -60029,10 +60032,15 @@ static int _test_wolfSSL_ignore_alert_before_cookie(byte version12)
XMEMSET(&server_cbs, 0, sizeof(server_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs));
client_cbs.doUdp = server_cbs.doUdp = 1; client_cbs.doUdp = server_cbs.doUdp = 1;
if (version12) { if (version12) {
#if !defined(WOLFSSL_NO_TLS12)
client_cbs.method = wolfDTLSv1_2_client_method; client_cbs.method = wolfDTLSv1_2_client_method;
server_cbs.method = wolfDTLSv1_2_server_method; server_cbs.method = wolfDTLSv1_2_server_method;
#else
return TEST_SKIPPED;
#endif
} }
else { else
{
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
client_cbs.method = wolfDTLSv1_3_client_method; client_cbs.method = wolfDTLSv1_3_client_method;
server_cbs.method = wolfDTLSv1_3_server_method; server_cbs.method = wolfDTLSv1_3_server_method;
@ -60125,17 +60133,18 @@ static int _test_wolfSSL_dtls_bad_record(
static int test_wolfSSL_dtls_bad_record(void) static int test_wolfSSL_dtls_bad_record(void)
{ {
int ret; int ret = TEST_SUCCESS;
#if !defined(WOLFSSL_NO_TLS12)
ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_2_client_method, ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_2_client_method,
wolfDTLSv1_2_server_method); wolfDTLSv1_2_server_method);
#endif
#ifdef WOLFSSL_DTLS13 #ifdef WOLFSSL_DTLS13
if (ret != TEST_SUCCESS) if (ret == TEST_SUCCESS) {
return ret; ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_3_client_method,
return _test_wolfSSL_dtls_bad_record(wolfDTLSv1_3_client_method,
wolfDTLSv1_3_server_method); wolfDTLSv1_3_server_method);
#else }
return ret;
#endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS13 */
return ret;
} }
@ -60620,8 +60629,10 @@ static int test_wolfSSL_dtls_stateless(void)
ssl_callback client_ssl_ready; ssl_callback client_ssl_ready;
ssl_callback server_ssl_ready; ssl_callback server_ssl_ready;
} test_params[] = { } test_params[] = {
#if !defined(WOLFSSL_NO_TLS12)
{wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_compare_stateless}, test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_compare_stateless},
#endif
#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
{wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_enable_hrrcookie}, test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_enable_hrrcookie},
@ -60630,6 +60641,10 @@ static int test_wolfSSL_dtls_stateless(void)
#endif #endif
}; };
if (0 == sizeof(test_params)){
return TEST_SKIPPED;
}
for (i = 0; i < sizeof(test_params)/sizeof(*test_params); i++) { for (i = 0; i < sizeof(test_params)/sizeof(*test_params); i++) {
XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&client_cbs, 0, sizeof(client_cbs));
XMEMSET(&server_cbs, 0, sizeof(server_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs));
@ -65867,7 +65882,7 @@ static int test_dtls_msg_from_other_peer(void)
* !defined(SINGLE_THREADED) && !defined(NO_RSA) */ * !defined(SINGLE_THREADED) && !defined(NO_RSA) */
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_IPV6) && \ #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_IPV6) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
static int test_dtls_ipv6_check(void) static int test_dtls_ipv6_check(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
@ -66017,7 +66032,8 @@ static int test_wolfSSL_configure_args(void)
static int test_dtls_no_extensions(void) static int test_dtls_no_extensions(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
#if defined(WOLFSSL_DTLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) #if defined(WOLFSSL_DTLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_NO_TLS12)
WOLFSSL *ssl_s = NULL; WOLFSSL *ssl_s = NULL;
WOLFSSL_CTX *ctx_s = NULL; WOLFSSL_CTX *ctx_s = NULL;
struct test_memio_ctx test_ctx; struct test_memio_ctx test_ctx;
@ -66498,7 +66514,9 @@ static int test_dtls_downgrade_scr(void)
} }
#endif #endif
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
&& !defined(WOLFSSL_NO_TLS12)
static int test_dtls_client_hello_timeout_downgrade_read_cb(WOLFSSL *ssl, static int test_dtls_client_hello_timeout_downgrade_read_cb(WOLFSSL *ssl,
char *data, int sz, void *ctx) char *data, int sz, void *ctx)
{ {
@ -66525,7 +66543,9 @@ static int test_dtls_client_hello_timeout_downgrade_read_cb(WOLFSSL *ssl,
static int test_dtls_client_hello_timeout_downgrade(void) static int test_dtls_client_hello_timeout_downgrade(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
&& !defined(WOLFSSL_NO_TLS12)
WOLFSSL_CTX *ctx_c = NULL; WOLFSSL_CTX *ctx_c = NULL;
WOLFSSL_CTX *ctx_s = NULL; WOLFSSL_CTX *ctx_s = NULL;
WOLFSSL *ssl_c = NULL; WOLFSSL *ssl_c = NULL;
@ -66733,7 +66753,9 @@ static int test_dtls_client_hello_timeout(void)
static int test_dtls_dropped_ccs(void) static int test_dtls_dropped_ccs(void)
{ {
EXPECT_DECLS; EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
&& !defined(WOLFSSL_NO_TLS12)
WOLFSSL_CTX *ctx_c = NULL; WOLFSSL_CTX *ctx_c = NULL;
WOLFSSL_CTX *ctx_s = NULL; WOLFSSL_CTX *ctx_s = NULL;
WOLFSSL *ssl_c = NULL; WOLFSSL *ssl_c = NULL;