Browse Source

fix: add guards to compile w !HAVE_SUPPORTED_CURVES && NO_CERTS

This configuration can be used to build a static PSK only build
Marco Oliverio 9 months ago
parent
commit
e53453a7ed
2 changed files with 20 additions and 1 deletions
  1. 16 1
      src/dtls.c
  2. 4 0
      wolfssl/test.h

+ 16 - 1
src/dtls.c

@@ -573,6 +573,10 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
     XMEMSET(&pskInfo, 0, sizeof(pskInfo));
 #endif
 
+#ifndef HAVE_SUPPORTED_CURVES
+    (void)doKE;
+#endif /* !HAVE_SUPPORTED_CURVES */
+
     XMEMSET(&cs, 0, sizeof(cs));
 
     /* We need to echo the session ID sent by the client */
@@ -602,10 +606,13 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
     /* Set that this is a response extension */
     parsedExts->resp = 1;
 
+#if defined(HAVE_SUPPORTED_CURVES)
     ret = TLSX_SupportedCurve_Copy(ssl->extensions, &parsedExts, ssl->heap);
     if (ret != 0)
         goto dtls13_cleanup;
+#endif
 
+#if !defined(NO_CERTS)
     /* Signature algs */
     ret = FindExtByType(&tlsx, TLSX_SIGNATURE_ALGORITHMS,
                          ch->extension, &tlsxFound);
@@ -624,7 +631,9 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
         XMEMCPY(suites.hashSigAlgo, sigAlgs.elements, sigAlgs.size);
         haveSA = 1;
     }
+#endif /* !defined(NO_CERTS) */
 
+#ifdef HAVE_SUPPORTED_CURVES
     /* Supported groups */
     ret = FindExtByType(&tlsx, TLSX_SUPPORTED_GROUPS,
                          ch->extension, &tlsxFound);
@@ -650,6 +659,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
             goto dtls13_cleanup;
         haveKS = 1;
     }
+#endif /* HAVE_SUPPORTED_CURVES */
 
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
     /* Pre-shared key */
@@ -705,6 +715,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
             ERROR_OUT(INCOMPLETE_DATA, dtls13_cleanup);
         }
 
+#ifdef HAVE_SUPPORTED_CURVES
         if (doKE) {
             byte searched = 0;
             ret = TLSX_KeyShare_Choose(ssl, parsedExts, &cs.clientKSE,
@@ -714,9 +725,10 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
             if (cs.clientKSE == NULL && searched)
                 cs.doHelloRetry = 1;
         }
+#endif /* HAVE_SUPPORTED_CURVES */
     }
     else
-#endif
+#endif /* defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) */
     {
         /* https://datatracker.ietf.org/doc/html/rfc8446#section-9.2 */
         if (!haveKS || !haveSA || !haveSG) {
@@ -731,6 +743,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
             ERROR_OUT(INCOMPLETE_DATA, dtls13_cleanup);
         }
     }
+
+#ifdef HAVE_SUPPORTED_CURVES
     if (cs.doHelloRetry) {
         ret = TLSX_KeyShare_SetSupported(ssl, &parsedExts);
         if (ret != 0)
@@ -741,6 +755,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch)
          * and are not doing curve negotiation. */
         TLSX_Remove(&parsedExts, TLSX_KEY_SHARE, ssl->heap);
     }
+#endif /* HAVE_SUPPORTED_CURVES */
 
     /* This is required to correctly generate the hash */
     ret = GetCipherSpec(WOLFSSL_SERVER_END, cs.cipherSuite0,

+ 4 - 0
wolfssl/test.h

@@ -5430,9 +5430,11 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx,
         *ctx_c = wolfSSL_CTX_new(method_c());
         if (*ctx_c == NULL)
             return -1;
+#ifndef NO_CERTS
         ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
         if (ret != WOLFSSL_SUCCESS)
             return -1;
+#endif /* NO_CERTS */
         wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
         wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
         if (ctx->c_ciphers != NULL) {
@@ -5446,6 +5448,7 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx,
         *ctx_s = wolfSSL_CTX_new(method_s());
         if (*ctx_s == NULL)
             return -1;
+#ifndef NO_CERTS
         ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
             WOLFSSL_FILETYPE_PEM);
         if (ret != WOLFSSL_SUCCESS)
@@ -5454,6 +5457,7 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx,
                                                WOLFSSL_FILETYPE_PEM);
         if (ret != WOLFSSL_SUCCESS)
             return -1;
+#endif
         wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
         wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
         if (ctx->s_ciphers != NULL) {