Merge pull request wolfSSL#6976 from embhorn/gh6974

Fix build errors with dtls1.3 and no tls1.2
miyazakh · Dec 4, 2023 · 1857648 · 1857648
2 parents 195c14c + 7bbeadc
commit 1857648
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 72 deletions.
diff --git a/examples/sctp/sctp-client-dtls.c b/examples/sctp/sctp-client-dtls.c
@@ -27,7 +27,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 
-#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
 /* sctp */
 #include <sys/socket.h>
 #include <sys/types.h>
@@ -47,13 +47,13 @@ static int err_sys(const char* msg)
     perror(msg);
     exit(EXIT_FAILURE);
 }
-#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */
+#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS && !WOLFSSL_NO_TLS12 */
 
 int main(int argc, char **argv)
 {
     (void)argc;
     (void)argv;
-#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
     int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
 
     if (sd < 0)
@@ -126,7 +126,7 @@ int main(int argc, char **argv)
     wolfSSL_CTX_free(ctx);
 
     close(sd);
-#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */
+#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS && !WOLFSSL_NO_TLS12 */
 
     return 0;
 }
diff --git a/examples/sctp/sctp-server-dtls.c b/examples/sctp/sctp-server-dtls.c
@@ -26,7 +26,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
 
-#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
 /* sctp */
 #include <sys/socket.h>
 #include <sys/types.h>
@@ -47,13 +47,13 @@ static int err_sys(const char* msg)
     perror(msg);
     exit(EXIT_FAILURE);
 }
-#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */
+#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS && !WOLFSSL_NO_TLS12 */
 
 int main(int argc, char **argv)
 {
     (void)argc;
     (void)argv;
-#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
+#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
     int sd = socket(PF_INET, SOCK_STREAM, IPPROTO_SCTP);
 
     if (sd < 0)
@@ -125,6 +125,6 @@ int main(int argc, char **argv)
     wolfSSL_CTX_free(ctx);
 
     close(sd);
-#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS */
+#endif /* WOLFSSL_SCTP && WOLFSSL_DTLS && !WOLFSSL_NO_TLS12 */
     return 0;
 }
diff --git a/src/dtls.c b/src/dtls.c
@@ -868,6 +868,7 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13)
     else
 #endif
     {
+#if !defined(WOLFSSL_NO_TLS12)
         if (!ch->dtls12cookieSet) {
             ret = CreateDtls12Cookie(ssl, ch, ch->dtls12cookie);
             if (ret != 0)
@@ -876,6 +877,11 @@ static int SendStatelessReply(const WOLFSSL* ssl, WolfSSL_CH* ch, byte isTls13)
         }
         ret = SendHelloVerifyRequest((WOLFSSL*)ssl, ch->dtls12cookie,
                 DTLS_COOKIE_SZ);
+#else
+        WOLFSSL_MSG("DTLS1.2 disabled with WOLFSSL_NO_TLS12");
+        WOLFSSL_ERROR_VERBOSE(NOT_COMPILED_IN);
+        ret = NOT_COMPILED_IN;
+#endif
     }
     return ret;
 }

diff --git a/src/dtls13.c b/src/dtls13.c
@@ -372,8 +372,14 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl)
                 downgraded = 1;
         }
         else {
+#if !defined(WOLFSSL_NO_TLS12)
             ret = DoHandShakeMsgType(ssl, msg->fullMsg, &idx, msg->type,
                     msg->sz, msg->sz);
+#else
+            WOLFSSL_MSG("DTLS1.2 disabled with WOLFSSL_NO_TLS12");
+            WOLFSSL_ERROR_VERBOSE(NOT_COMPILED_IN);
+            ret = NOT_COMPILED_IN;
+#endif
         }
 
         /* processing certificate_request triggers a connect. The error came

diff --git a/src/tls.c b/src/tls.c
@@ -678,55 +678,6 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
     return ret;
 }
 
-int wolfSSL_GetHmacType_ex(CipherSpecs* specs)
-{
-    if (specs == NULL)
-        return BAD_FUNC_ARG;
-
-    switch (specs->mac_algorithm) {
-        #ifndef NO_MD5
-        case md5_mac:
-        {
-            return WC_MD5;
-        }
-        #endif
-        #ifndef NO_SHA256
-        case sha256_mac:
-        {
-            return WC_SHA256;
-        }
-        #endif
-        #ifdef WOLFSSL_SHA384
-        case sha384_mac:
-        {
-            return WC_SHA384;
-        }
-        #endif
-        #ifdef WOLFSSL_SM3
-        case sm3_mac:
-        {
-            return WC_SM3;
-        }
-        #endif
-        #ifndef NO_SHA
-        case sha_mac:
-        {
-            return WC_SHA;
-        }
-        #endif
-        #ifdef HAVE_BLAKE2
-        case blake2b_mac:
-        {
-            return BLAKE2B_ID;
-        }
-        #endif
-        default:
-        {
-            return WOLFSSL_FATAL_ERROR;
-        }
-    }
-}
-
 /* return HMAC digest type in wolfSSL format */
 int wolfSSL_GetHmacType(WOLFSSL* ssl)
 {
@@ -1279,6 +1230,55 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz,
 
 #endif /* !WOLFSSL_NO_TLS12 */
 
+int wolfSSL_GetHmacType_ex(CipherSpecs* specs)
+{
+    if (specs == NULL)
+        return BAD_FUNC_ARG;
+
+    switch (specs->mac_algorithm) {
+        #ifndef NO_MD5
+        case md5_mac:
+        {
+            return WC_MD5;
+        }
+        #endif
+        #ifndef NO_SHA256
+        case sha256_mac:
+        {
+            return WC_SHA256;
+        }
+        #endif
+        #ifdef WOLFSSL_SHA384
+        case sha384_mac:
+        {
+            return WC_SHA384;
+        }
+        #endif
+        #ifdef WOLFSSL_SM3
+        case sm3_mac:
+        {
+            return WC_SM3;
+        }
+        #endif
+        #ifndef NO_SHA
+        case sha_mac:
+        {
+            return WC_SHA;
+        }
+        #endif
+        #ifdef HAVE_BLAKE2
+        case blake2b_mac:
+        {
+            return BLAKE2B_ID;
+        }
+        #endif
+        default:
+        {
+            return WOLFSSL_FATAL_ERROR;
+        }
+    }
+}
+
 #ifdef HAVE_TLS_EXTENSIONS
 
 /**

diff --git a/tests/api.c b/tests/api.c
@@ -60499,7 +60499,8 @@ static int test_wolfSSL_dtls_set_mtu(void)
 {
     EXPECT_DECLS;
 #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
-    !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS)
+    !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS) && \
+    !defined(WOLFSSL_NO_TLS12)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL*     ssl = NULL;
     const char* testCertFile;
@@ -60537,7 +60538,7 @@ static int test_wolfSSL_dtls_set_mtu(void)
 }
 
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
-    defined(WOLFSSL_DTLS)
+    defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
 
 static WC_INLINE void generateDTLSMsg(byte* out, int outSz, word32 seq,
         enum HandShakeType hsType, word16 length)
@@ -60657,7 +60658,7 @@ static int test_wolfSSL_dtls_plaintext(void) {
 #endif
 
 #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
-    defined(WOLFSSL_DTLS)
+    defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
 
 static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl)
 {
@@ -60778,8 +60779,10 @@ static int test_wolfSSL_dtls_fragments(void)
         method_provider server_meth;
         ssl_callback spammer;
     } params[] = {
+#if !defined(WOLFSSL_NO_TLS12)
         {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
                 test_wolfSSL_dtls12_fragments_spammer},
+#endif
 #ifdef WOLFSSL_DTLS13
         {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
                 test_wolfSSL_dtls13_fragments_spammer},
@@ -60844,10 +60847,15 @@ static int _test_wolfSSL_ignore_alert_before_cookie(byte version12)
     XMEMSET(&server_cbs, 0, sizeof(server_cbs));
     client_cbs.doUdp = server_cbs.doUdp = 1;
     if (version12) {
+#if !defined(WOLFSSL_NO_TLS12)
         client_cbs.method = wolfDTLSv1_2_client_method;
         server_cbs.method = wolfDTLSv1_2_server_method;
+#else
+        return TEST_SKIPPED;
+#endif
     }
-    else {
+    else
+    {
 #ifdef WOLFSSL_DTLS13
         client_cbs.method = wolfDTLSv1_3_client_method;
         server_cbs.method = wolfDTLSv1_3_server_method;
@@ -60940,17 +60948,18 @@ static int _test_wolfSSL_dtls_bad_record(
 
 static int test_wolfSSL_dtls_bad_record(void)
 {
-    int ret;
+    int ret = TEST_SUCCESS;
+#if !defined(WOLFSSL_NO_TLS12)
     ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_2_client_method,
         wolfDTLSv1_2_server_method);
+#endif
 #ifdef WOLFSSL_DTLS13
-    if (ret != TEST_SUCCESS)
-        return ret;
-    return _test_wolfSSL_dtls_bad_record(wolfDTLSv1_3_client_method,
+    if (ret == TEST_SUCCESS) {
+        ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_3_client_method,
         wolfDTLSv1_3_server_method);
-#else
-    return ret;
+    }
 #endif /* WOLFSSL_DTLS13 */
+    return ret;
 
 }
 
@@ -61435,8 +61444,10 @@ static int test_wolfSSL_dtls_stateless(void)
         ssl_callback client_ssl_ready;
         ssl_callback server_ssl_ready;
     } test_params[] = {
+#if !defined(WOLFSSL_NO_TLS12)
         {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method,
                 test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_compare_stateless},
+#endif
 #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE)
         {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
                 test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_enable_hrrcookie},
@@ -61445,6 +61456,10 @@ static int test_wolfSSL_dtls_stateless(void)
 #endif
     };
 
+    if (0 == sizeof(test_params)){
+        return TEST_SKIPPED;
+    }
+
     for (i = 0; i < sizeof(test_params)/sizeof(*test_params); i++) {
         XMEMSET(&client_cbs, 0, sizeof(client_cbs));
         XMEMSET(&server_cbs, 0, sizeof(server_cbs));
@@ -66686,7 +66701,7 @@ static int test_dtls_msg_from_other_peer(void)
         *  !defined(SINGLE_THREADED) && !defined(NO_RSA) */
 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_IPV6) &&               \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) &&   \
-    defined(HAVE_IO_TESTS_DEPENDENCIES)
+    defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12)
 static int test_dtls_ipv6_check(void)
 {
     EXPECT_DECLS;
@@ -66836,7 +66851,8 @@ static int test_wolfSSL_configure_args(void)
 static int test_dtls_no_extensions(void)
 {
     EXPECT_DECLS;
-#if defined(WOLFSSL_DTLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
+#if defined(WOLFSSL_DTLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
+    !defined(WOLFSSL_NO_TLS12)
     WOLFSSL *ssl_s = NULL;
     WOLFSSL_CTX *ctx_s = NULL;
     struct test_memio_ctx test_ctx;
@@ -67317,7 +67333,9 @@ static int test_dtls_downgrade_scr(void)
 }
 #endif
 
-#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
+    && !defined(WOLFSSL_NO_TLS12)
+
 static int test_dtls_client_hello_timeout_downgrade_read_cb(WOLFSSL *ssl,
         char *data, int sz, void *ctx)
 {
@@ -67344,7 +67362,9 @@ static int test_dtls_client_hello_timeout_downgrade_read_cb(WOLFSSL *ssl,
 static int test_dtls_client_hello_timeout_downgrade(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
+    && !defined(WOLFSSL_NO_TLS12)
+
     WOLFSSL_CTX *ctx_c = NULL;
     WOLFSSL_CTX *ctx_s = NULL;
     WOLFSSL *ssl_c = NULL;
@@ -67552,7 +67572,9 @@ static int test_dtls_client_hello_timeout(void)
 static int test_dtls_dropped_ccs(void)
 {
     EXPECT_DECLS;
-#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS)
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
+    && !defined(WOLFSSL_NO_TLS12)
+
     WOLFSSL_CTX *ctx_c = NULL;
     WOLFSSL_CTX *ctx_s = NULL;
     WOLFSSL *ssl_c = NULL;