From 017c4e7a413399c91f6c319aabb9bafa918131a6 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 11 Aug 2022 14:54:33 -0500 Subject: [PATCH] fix gating and unused-variable warnings in src/quic.c wolfSSL_quic_aead_is_{gcm,ccm,chacha20}(); fix TLS version gating in tests/quic.c; fix gating in src/ssl.c for wolfSSLv2_client_method() and wolfSSLv2_server_method(); reorganize prototypes in wolfssl/ssl.h for wolf*_method*() to group systematically by protocol version and gate correctly on support for that version in the build. --- src/quic.c | 11 ++- src/ssl.c | 4 +- tests/quic.c | 12 +++- wolfssl/ssl.h | 195 +++++++++++++++++++++++++++++++++----------------- 4 files changed, 149 insertions(+), 73 deletions(-) diff --git a/src/quic.c b/src/quic.c index 1ff468f74..5920bcbbf 100644 --- a/src/quic.c +++ b/src/quic.c @@ -634,8 +634,6 @@ int wolfSSL_process_quic_post_handshake(WOLFSSL* ssl) if (ssl->options.handShakeState != HANDSHAKE_DONE) { WOLFSSL_MSG("WOLFSSL_QUIC_POST_HS handshake is not done yet"); - fprintf(stderr, "WOLFSSL_QUIC_POST_HS, handShakeState is %d\n", - ssl->options.handShakeState); ret = WOLFSSL_FAILURE; goto cleanup; } @@ -1044,6 +1042,8 @@ int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER* aead_cipher) ) { return 1; } +#else + (void)aead_cipher; #endif return 0; } @@ -1054,13 +1054,20 @@ int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER* aead_cipher) if (evp_cipher_eq(aead_cipher, wolfSSL_EVP_aes_128_ctr())) { return 1; } +#else + (void)aead_cipher; #endif return 0; } int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER* aead_cipher) { +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) return evp_cipher_eq(aead_cipher, wolfSSL_EVP_chacha20_poly1305()); +#else + (void)aead_cipher; + return 0; +#endif } const WOLFSSL_EVP_MD* wolfSSL_quic_get_md(WOLFSSL* ssl) diff --git a/src/ssl.c b/src/ssl.c index cec932855..ce8ceeef2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11807,7 +11807,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, /* client only parts */ #ifndef NO_WOLFSSL_CLIENT - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS) WOLFSSL_METHOD* wolfSSLv2_client_method(void) { WOLFSSL_STUB("wolfSSLv2_client_method"); @@ -12284,7 +12284,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, /* server only parts */ #ifndef NO_WOLFSSL_SERVER - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS) WOLFSSL_METHOD* wolfSSLv2_server_method(void) { WOLFSSL_STUB("wolfSSLv2_server_method"); diff --git a/tests/quic.c b/tests/quic.c index d47f1f63e..745c7d8de 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -104,17 +104,25 @@ static int test_set_quic_method(void) { const uint8_t *data; size_t data_len; ctx_setups valids[] = { +#ifdef WOLFSSL_TLS13 { "TLSv1.3 server", wolfTLSv1_3_server_method(), 1}, { "TLSv1.3 client", wolfTLSv1_3_client_method(), 0}, +#endif + { NULL, NULL, 0} }; ctx_setups invalids[] = { +#ifndef WOLFSSL_NO_TLS12 { "TLSv1.2 server", wolfTLSv1_2_server_method(), 1}, { "TLSv1.2 client", wolfTLSv1_2_client_method(), 0}, +#endif +#ifndef NO_OLD_TLS { "TLSv1.1 server", wolfTLSv1_1_server_method(), 1}, { "TLSv1.1 client", wolfTLSv1_1_client_method(), 0}, +#endif + { NULL, NULL, 0} }; - for (i = 0; i < (int)(sizeof(valids)/sizeof(valids[0])); ++i) { + for (i = 0; valids[i].name != NULL; ++i) { AssertNotNull(ctx = wolfSSL_CTX_new(valids[i].method)); if (valids[i].is_server) { AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, @@ -166,7 +174,7 @@ static int test_set_quic_method(void) { wolfSSL_CTX_free(ctx); } - for (i = 0; i < (int)(sizeof(invalids)/sizeof(invalids[0])); ++i) { + for (i = 0; invalids[i].name != NULL; ++i) { AssertNotNull(ctx = wolfSSL_CTX_new(invalids[i].method)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b1e67c104..a26257c46 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -831,89 +831,155 @@ enum Tls13Secret { typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap); -/* CTX Method EX Constructor Functions */ -WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap); +/* CTX Method Constructor Functions */ + +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void); +#endif +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap); +WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); +#endif + +#ifndef NO_OLD_TLS + +#ifdef OPENSSL_EXTRA +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void); +#endif +#endif /* OPENSSL_EXTRA */ + +#ifdef WOLFSSL_ALLOW_SSLV3 + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); +#endif +#endif /* WOLFSSL_ALLOW_SSLV3 */ + +#ifdef WOLFSSL_ALLOW_TLSV10 + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); +#endif +#endif /* WOLFSSL_ALLOW_TLSV10 */ + + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); +#endif + +#endif /* NO_OLD_TLS */ + +#ifndef WOLFSSL_NO_TLS12 + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); +#endif +#endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap); -#endif - -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); - -#ifdef WOLFSSL_DTLS - WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap); - -#ifdef WOLFSSL_DTLS13 - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_client_method_ex(void* heap); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method_ex(void* heap); - WOLFSSL_API int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl); -#endif - -#endif - -/* CTX Method Constructor Functions */ -WOLFSSL_API WOLFSSL_METHOD *wolfTLS_client_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLS_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); -#ifdef WOLFSSL_TLS13 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void); - WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap); WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); #endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); +#endif +#endif /* WOLFSSL_TLS13 */ #ifdef WOLFSSL_DTLS + + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void); +#endif + +#ifndef NO_OLD_TLS + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void); +#endif +#endif /* !NO_OLD_TLS */ + +#ifndef WOLFSSL_NO_TLS12 + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void); +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); +#endif +#endif /* !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_DTLS13 +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_client_method(void); +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void); #endif + WOLFSSL_API int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl); +#endif /* WOLFSSL_DTLS13 */ -#endif +#endif /* WOLFSSL_DTLS */ #ifdef HAVE_POLY1305 WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL* ssl, int value); @@ -1565,10 +1631,6 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, int* ssl); -WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void); -WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void); -WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void); - #ifndef NO_BIO #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(const WOLFSSL_BIO_METHOD* method); @@ -2591,7 +2653,6 @@ WOLFSSL_API void wolfSSL_ERR_clear_error(void); WOLFSSL_API int wolfSSL_RAND_status(void); WOLFSSL_API int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num); WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num); -WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt); WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt);