diff --git a/src/dtls.c b/src/dtls.c index 11de01541..d604b5a2f 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -573,6 +573,10 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) XMEMSET(&pskInfo, 0, sizeof(pskInfo)); #endif +#ifndef HAVE_SUPPORTED_CURVES + (void)doKE; +#endif /* !HAVE_SUPPORTED_CURVES */ + XMEMSET(&cs, 0, sizeof(cs)); /* We need to echo the session ID sent by the client */ @@ -602,10 +606,13 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) /* Set that this is a response extension */ parsedExts->resp = 1; +#if defined(HAVE_SUPPORTED_CURVES) ret = TLSX_SupportedCurve_Copy(ssl->extensions, &parsedExts, ssl->heap); if (ret != 0) goto dtls13_cleanup; +#endif +#if !defined(NO_CERTS) /* Signature algs */ ret = FindExtByType(&tlsx, TLSX_SIGNATURE_ALGORITHMS, ch->extension, &tlsxFound); @@ -624,7 +631,9 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) XMEMCPY(suites.hashSigAlgo, sigAlgs.elements, sigAlgs.size); haveSA = 1; } +#endif /* !defined(NO_CERTS) */ +#ifdef HAVE_SUPPORTED_CURVES /* Supported groups */ ret = FindExtByType(&tlsx, TLSX_SUPPORTED_GROUPS, ch->extension, &tlsxFound); @@ -650,6 +659,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) goto dtls13_cleanup; haveKS = 1; } +#endif /* HAVE_SUPPORTED_CURVES */ #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) /* Pre-shared key */ @@ -705,6 +715,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) ERROR_OUT(INCOMPLETE_DATA, dtls13_cleanup); } +#ifdef HAVE_SUPPORTED_CURVES if (doKE) { byte searched = 0; ret = TLSX_KeyShare_Choose(ssl, parsedExts, &cs.clientKSE, @@ -714,9 +725,10 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) if (cs.clientKSE == NULL && searched) cs.doHelloRetry = 1; } +#endif /* HAVE_SUPPORTED_CURVES */ } else -#endif +#endif /* defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) */ { /* https://datatracker.ietf.org/doc/html/rfc8446#section-9.2 */ if (!haveKS || !haveSA || !haveSG) { @@ -731,6 +743,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) ERROR_OUT(INCOMPLETE_DATA, dtls13_cleanup); } } + +#ifdef HAVE_SUPPORTED_CURVES if (cs.doHelloRetry) { ret = TLSX_KeyShare_SetSupported(ssl, &parsedExts); if (ret != 0) @@ -741,6 +755,7 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) * and are not doing curve negotiation. */ TLSX_Remove(&parsedExts, TLSX_KEY_SHARE, ssl->heap); } +#endif /* HAVE_SUPPORTED_CURVES */ /* This is required to correctly generate the hash */ ret = GetCipherSpec(WOLFSSL_SERVER_END, cs.cipherSuite0, diff --git a/wolfssl/test.h b/wolfssl/test.h index 49445bce6..fff636302 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -5430,9 +5430,11 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx, *ctx_c = wolfSSL_CTX_new(method_c()); if (*ctx_c == NULL) return -1; +#ifndef NO_CERTS ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); if (ret != WOLFSSL_SUCCESS) return -1; +#endif /* NO_CERTS */ wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); if (ctx->c_ciphers != NULL) { @@ -5446,6 +5448,7 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx, *ctx_s = wolfSSL_CTX_new(method_s()); if (*ctx_s == NULL) return -1; +#ifndef NO_CERTS ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) @@ -5454,6 +5457,7 @@ static WC_INLINE int test_memio_setup(struct test_memio_ctx *ctx, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) return -1; +#endif wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); if (ctx->s_ciphers != NULL) {