Relax some dependencies

- DTLS_HELLO_VERIFY no longer depends on SRV_C - SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY Not that much work for us, and easier on users (esp. since it allows just disabling SRV_C alone).
2024-11-26 04:35:44 +01:00 · 2015-05-20 10:59:43 +02:00 · 2015-05-20 10:59:43 +02:00 · e057d3bf6b
commit e057d3bf6b
parent b596abfdc0
4 changed files with 35 additions and 42 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -392,12 +392,7 @@
 #error "Illegal protocol selection"
 #endif

-#if defined(MBEDTLS_SSL_COOKIE_C) && !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-#error "MBEDTLS_SSL_COOKIE_C  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) &&                              \
-    ( !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
 #error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif

--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1087,8 +1087,7 @@
 *
 * \warning Disabling this can ba a security risk! (see above)
 *
- * Requires: MBEDTLS_SSL_SRV_C
- *           MBEDTLS_SSL_PROTO_DTLS
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
 *
 * Comment this to disable support for HelloVerifyRequest.
 */
@ -2085,8 +2084,6 @@
 *
 * Module:  library/ssl_cookie.c
 * Caller:
- *
- * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
 */
 #define MBEDTLS_SSL_COOKIE_C

--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -812,7 +812,7 @@ typedef struct
    void *p_psk;                    /*!< context for PSK callback           */
 #endif

-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
    /** Callback to create & write a cookie for ClientHello veirifcation    */
    int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
                           const unsigned char *, size_t );
@ -1056,7 +1056,7 @@ struct mbedtls_ssl_context
    /*
     * Information for DTLS hello verify
     */
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
    unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
    size_t          cli_id_len;     /*!<  length of cli_id                  */
 #endif
@ -1392,30 +1392,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
        void *p_ticket );
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */

-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-/**
- * \brief          Set client's transport-level identification info.
- *                 (Server only. DTLS only.)
- *
- *                 This is usually the IP address (and port), but could be
- *                 anything identify the client depending on the underlying
- *                 network stack. Used for HelloVerifyRequest with DTLS.
- *                 This is *not* used to route the actual packets.
- *
- * \param ssl      SSL context
- * \param info     Transport-level info identifying the client (eg IP + port)
- * \param ilen     Length of info in bytes
- *
- * \note           An internal copy is made, so the info buffer can be reused.
- *
- * \return         0 on success,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
- *                 MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
- */
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
-                                 const unsigned char *info,
-                                 size_t ilen );
-
 /**
 * \brief          Callback type: generate a cookie
 *
@ -1451,6 +1427,7 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
                                const unsigned char *cookie, size_t clen,
                                const unsigned char *info, size_t ilen );

+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
 /**
 * \brief           Register callbacks for DTLS cookies
 *                  (Server only. DTLS only.)
@ -1474,7 +1451,31 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
                           mbedtls_ssl_cookie_write_t *f_cookie_write,
                           mbedtls_ssl_cookie_check_t *f_cookie_check,
                           void *p_cookie );
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+/**
+ * \brief          Set client's transport-level identification info.
+ *                 (Server only. DTLS only.)
+ *
+ *                 This is usually the IP address (and port), but could be
+ *                 anything identify the client depending on the underlying
+ *                 network stack. Used for HelloVerifyRequest with DTLS.
+ *                 This is *not* used to route the actual packets.
+ *
+ * \param ssl      SSL context
+ * \param info     Transport-level info identifying the client (eg IP + port)
+ * \param ilen     Length of info in bytes
+ *
+ * \note           An internal copy is made, so the info buffer can be reused.
+ *
+ * \return         0 on success,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+ *                 MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
+ */
+int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
+                                 const unsigned char *info,
+                                 size_t ilen );
+
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */

 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
 /**
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4950,7 +4950,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
    return( 0 );
 }

-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
 /* Dummy cookie callbacks for defaults */
 static int ssl_cookie_write_dummy( void *ctx,
                      unsigned char **p, unsigned char *end,
@ -4977,7 +4977,7 @@ static int ssl_cookie_check_dummy( void *ctx,

    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */

 /*
 * Initialize an SSL context
@ -5136,7 +5136,7 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
    ssl->alpn_chosen = NULL;
 #endif

-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
    mbedtls_free( ssl->cli_id );
    ssl->cli_id = NULL;
    ssl->cli_id_len = 0;
@ -6572,7 +6572,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
    }
 #endif

-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
    mbedtls_free( ssl->cli_id );
 #endif

@ -6654,7 +6654,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
    conf->curve_list = mbedtls_ecp_grp_id_list( );
 #endif

-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
    conf->f_cookie_write = ssl_cookie_write_dummy;
    conf->f_cookie_check = ssl_cookie_check_dummy;
 #endif