From aa8df1af789280caa32ab4076f9a77834649ea78 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 15 Jun 2022 10:12:51 -0700 Subject: [PATCH] Fixes for building without DTLS v1.2 and TLS v1.2. Fixes for explicit cast warnings. --- examples/benchmark/tls_bench.c | 20 ++++++++++++++++---- examples/echoclient/echoclient.c | 4 ++++ examples/echoserver/echoserver.c | 4 ++++ src/dtls13.c | 19 +++++++++++-------- src/internal.c | 32 +++++++++++++++++++++++++++++--- src/tls.c | 4 +++- src/tls13.c | 6 +++--- 7 files changed, 70 insertions(+), 19 deletions(-) diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index ba5ca2fb2..b9b7d8265 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -905,9 +905,15 @@ static int bench_tls_client(info_t* info) #ifdef WOLFSSL_DTLS if (info->doDTLS) { if (tls13) { - return WOLFSSL_SUCCESS; + #ifdef WOLFSSL_DTLS13 + cli_ctx = wolfSSL_CTX_new(wolfDTLSv1_3_client_method()); + #endif + } + else { + #ifndef WOLFSSL_NO_TLS12 + cli_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()); + #endif } - cli_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()); } else #endif @@ -1348,9 +1354,15 @@ static int bench_tls_server(info_t* info) #ifdef WOLFSSL_DTLS if (info->doDTLS) { if (tls13) { - return WOLFSSL_SUCCESS; + #ifdef WOLFSSL_DTLS13 + srv_ctx = wolfSSL_CTX_new(wolfDTLSv1_3_server_method()); + #endif + } + else { + #ifndef WOLFSSL_NO_TLS12 + srv_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); + #endif } - srv_ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); } else #endif diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 08fcaa459..48b11ed91 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -138,7 +138,11 @@ void echoclient_test(void* args) #endif #if defined(CYASSL_DTLS) + #ifdef WOLFSSL_DTLS13 + method = wolfDTLSv1_3_client_method(); + #elif !defined(WOLFSSL_NO_TLS12) method = DTLSv1_2_client_method(); + #endif #elif !defined(NO_TLS) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER) method = CyaTLSv1_2_client_method(); diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 9f9f104b1..2df45d994 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -145,7 +145,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) tcp_listen(&sockfd, &port, useAnyAddr, doDTLS, 0); #if defined(CYASSL_DTLS) + #ifdef WOLFSSL_DTLS13 + method = wolfDTLSv1_3_server_method(); + #elif !defined(WOLFSSL_NO_TLS12) method = CyaDTLSv1_2_server_method(); + #endif #elif !defined(NO_TLS) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER) method = CyaTLSv1_2_server_method(); diff --git a/src/dtls13.c b/src/dtls13.c index a08812826..2f30c98db 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -372,7 +372,7 @@ static int Dtls13ProcessBufferedMessages(WOLFSSL* ssl) if (ret != 0) break; - Dtls13MsgWasProcessed(ssl, msg->type); + Dtls13MsgWasProcessed(ssl, (enum HandShakeType)msg->type); ssl->dtls_rx_msg_list = msg->next; DtlsMsgDelete(msg, ssl->heap); @@ -814,7 +814,8 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl) byte* output; int ret; - isEncrypted = Dtls13TypeIsEncrypted(ssl->dtls13FragHandshakeType); + isEncrypted = Dtls13TypeIsEncrypted( + (enum HandShakeType)ssl->dtls13FragHandshakeType); rlHeaderLength = Dtls13GetRlHeaderLength(isEncrypted); maxFragment = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); @@ -840,8 +841,8 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl) ssl->buffers.outputBuffer.buffer + ssl->buffers.outputBuffer.length; ret = Dtls13HandshakeAddHeaderFrag(ssl, output + rlHeaderLength, - ssl->dtls13FragHandshakeType, ssl->dtls13FragOffset, fragLength, - ssl->dtls13MessageLength); + (enum HandShakeType)ssl->dtls13FragHandshakeType, + ssl->dtls13FragOffset, fragLength, ssl->dtls13MessageLength); if (ret != 0) { Dtls13FreeFragmentsBuffer(ssl); return ret; @@ -851,7 +852,8 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl) ssl->dtls13FragmentsBuffer.buffer + ssl->dtls13FragOffset, fragLength); - ret = Dtls13SendOneFragmentRtx(ssl, ssl->dtls13FragHandshakeType, + ret = Dtls13SendOneFragmentRtx(ssl, + (enum HandShakeType)ssl->dtls13FragHandshakeType, recordLength + MAX_MSG_EXTRA, output, recordLength, 0); if (ret == WANT_WRITE) { ssl->dtls13FragOffset += fragLength; @@ -1321,7 +1323,8 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl) seq = ssl->dtls13EncryptEpoch->nextSeqNumber; ret = Dtls13SendFragment(ssl, output, sendSz, r->length + headerLength, - r->handshakeType, 0, isLast || !ssl->options.groupMessages); + (enum HandShakeType)r->handshakeType, 0, + isLast || !ssl->options.groupMessages); if (ret != 0 && ret != WANT_WRITE) return ret; @@ -1385,7 +1388,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, if (frag_off + frag_length > message_length) return BUFFER_ERROR; - ret = Dtls13RtxMsgRecvd(ssl, handshake_type, frag_off); + ret = Dtls13RtxMsgRecvd(ssl, (enum HandShakeType)handshake_type, frag_off); if (ret != 0) return ret; @@ -1430,7 +1433,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, if (ret != 0) return ret; - Dtls13MsgWasProcessed(ssl, handshake_type); + Dtls13MsgWasProcessed(ssl, (enum HandShakeType)handshake_type); *processedSize = idx; diff --git a/src/internal.c b/src/internal.c index cc0451c04..17aa0a964 100644 --- a/src/internal.c +++ b/src/internal.c @@ -541,6 +541,7 @@ int IsDtlsNotSctpMode(WOLFSSL* ssl) #endif } +#ifndef WOLFSSL_NO_TLS12 /* Secure Real-time Transport Protocol */ /* If SRTP is not enabled returns the state of the dtls option. * If SRTP is enabled returns dtls && !dtlsSrtpProfiles. */ @@ -552,6 +553,7 @@ static WC_INLINE int IsDtlsNotSrtpMode(WOLFSSL* ssl) return ssl->options.dtls; #endif } +#endif /* !WOLFSSL_NO_TLS12 */ #endif /* WOLFSSL_DTLS */ @@ -2907,6 +2909,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, int dtls = 0; int haveRSAsig = 1; +#ifdef WOLFSSL_DTLS + /* If DTLS v1.2 or later than set tls1_2 flag */ + if (pv.major == DTLS_MAJOR && pv.minor <= DTLSv1_2_MINOR) { + tls1_2 = 1; + } +#endif + (void)tls; /* shut up compiler */ (void)tls1_2; (void)dtls; @@ -15382,8 +15391,15 @@ int DtlsMsgDrain(WOLFSSL* ssl) item->fragSz == item->sz && ret == 0) { word32 idx = 0; - if ((ret = DoHandShakeMsgType(ssl, item->msg, &idx, item->type, - item->sz, item->sz)) == 0) { + + #ifdef WOLFSSL_NO_TLS12 + ret = DoTls13HandShakeMsgType(ssl, item->msg, &idx, item->type, + item->sz, item->sz); + #else + ret = DoHandShakeMsgType(ssl, item->msg, &idx, item->type, + item->sz, item->sz); + #endif + if (ret == 0) { DtlsTxMsgListClean(ssl); } #ifdef WOLFSSL_ASYNC_CRYPT @@ -15520,8 +15536,13 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx = totalSz; } else { + #ifdef WOLFSSL_NO_TLS12 + ret = DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size, + totalSz); + #else ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); + #endif } } } @@ -15623,7 +15644,12 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif ret = DtlsMsgDrain(ssl); #else + #ifdef WOLFSSL_NO_TLS12 + ret = DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size, + totalSz); + #else ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); + #endif if (ret == 0) { DtlsTxMsgListClean(ssl); if (ssl->dtls_rx_msg_list != NULL) { @@ -15636,7 +15662,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret); return ret; } -#endif +#endif /* WOLFSSL_DTLS13 */ #ifndef WOLFSSL_NO_TLS12 diff --git a/src/tls.c b/src/tls.c index 346d731b9..3f3ead852 100644 --- a/src/tls.c +++ b/src/tls.c @@ -12510,7 +12510,9 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, (void)heap; WOLFSSL_ENTER("DTLS_client_method_ex"); if (method) { - #if !defined(WOLFSSL_NO_TLS12) + #if defined(WOLFSSL_DTLS13) + InitSSL_Method(method, MakeDTLSv1_3()); + #elif !defined(WOLFSSL_NO_TLS12) InitSSL_Method(method, MakeDTLSv1_2()); #elif !defined(NO_OLD_TLS) InitSSL_Method(method, MakeDTLSv1()); diff --git a/src/tls13.c b/src/tls13.c index e2732cd5e..1f095c400 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1653,7 +1653,7 @@ static void AddTls13HandShakeHeader(byte* output, word32 length, when computing the hash transcript, we can avoid to use the DTLS handshake header. */ if (ssl->options.dtls && type != message_hash) { - Dtls13HandshakeAddHeader(ssl, output, type, length); + Dtls13HandshakeAddHeader(ssl, output, (enum HandShakeType)type, length); return; } #endif /* WOLFSSL_DTLS13 */ @@ -1680,7 +1680,7 @@ static void AddTls13Headers(byte* output, word32 length, byte type, #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { - Dtls13AddHeaders(output, length, type, ssl); + Dtls13AddHeaders(output, length, (enum HandShakeType)type, ssl); return; } #endif /* WOLFSSL_DTLS13 */ @@ -1711,7 +1711,7 @@ static void AddTls13FragHeaders(byte* output, word32 fragSz, word32 fragOffset, /* we ignore fragmentation fields here because fragmentation logic for DTLS1.3 is inside dtls13_handshake_send(). */ if (ssl->options.dtls) { - Dtls13AddHeaders(output, length, type, ssl); + Dtls13AddHeaders(output, length, (enum HandShakeType)type, ssl); return; } #endif /* WOLFSSL_DTLS13 */