Skip to content

Commit

Permalink
Merge pull request #8273 from dgarske/no_tls
Browse files Browse the repository at this point in the history
Enable support for no TLS while allowing certificate manager
  • Loading branch information
douzzer authored Dec 17, 2024
2 parents fcbea85 + 356889a commit 60afdb5
Show file tree
Hide file tree
Showing 18 changed files with 445 additions and 261 deletions.
52 changes: 44 additions & 8 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -917,6 +917,50 @@ then
ENABLED_SP_MATH_ALL="no"
fi

# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])

AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])

# TLS
AC_ARG_ENABLE([tls],
[AS_HELP_STRING([--enable-tls],[Enable TLS support (default: enabled)])],
[ ENABLED_TLS=$enableval ],
[ ENABLED_TLS=yes ]
)

if test "$ENABLED_CRYPTONLY" = "yes"
then
ENABLED_TLS=no
fi
if test "$ENABLED_TLS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_TLS"
test "$enable_tls13" = "" && enable_tls13=no
test "$enable_tlsv12" = "" && enable_tlsv12=no
test "$enable_tlsv10" = "" && enable_tlsv10=no
test "$enable_dtls" = "" && enable_dtls=no
test "$enable_dtls13" = "" && enable_dtls13=no
test "$enable_mcast" = "" && enable_mcast=no
test "$enable_srtp" = "" && enable_srtp=no
test "$enable_ocsp" = "" && enable_ocsp=no
test "$enable_tlsx" = "" && enable_tlsx=no
test "$enable_sni" = "" && enable_sni=no
test "$enable_sni" = "" && enable_sni=no
test "$enable_crl_monitor" = "" && enable_crl_monitor=no
test "$enable_alpn" = "" && enable_alpn=no
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=no
test "$enable_quic" = "" && enable_quic=no
test "$enable_ech" = "" && enable_ech=no
test "$enable_ocspstapling" = "" && enable_ocspstapling=no

# Disable all open source compatibility enables that might get set with all
test "$enable_all_osp" = "" && enable_all_osp=no
fi


# All features, except conflicting or experimental:
AC_ARG_ENABLE([all],
Expand Down Expand Up @@ -1751,14 +1795,6 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_RWLOCK"
fi

# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])

AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])

# ECH
AC_ARG_ENABLE([ech],
[AS_HELP_STRING([--enable-ech],[Enable ECH (default: disabled)])],
Expand Down
7 changes: 4 additions & 3 deletions examples/benchmark/tls_bench.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,8 @@ Or
#endif

/* PTHREAD requires server and client enabled */
#if defined(NO_WOLFSSL_CLIENT) || defined(NO_WOLFSSL_SERVER)
#if !defined(NO_TLS) && \
(defined(NO_WOLFSSL_CLIENT) || defined(NO_WOLFSSL_SERVER))
#if !defined(SINGLE_THREADED)
#ifdef __GNUC__ /* GCC compiler */
#pragma message "PTHREAD requires server and client enabled."
Expand Down Expand Up @@ -140,7 +141,7 @@ platform supports it"
#define SHOW_VERBOSE 0 /* Default output is tab delimited format */

#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
!defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
!defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && defined(USE_WOLFSSL_IO)

/* shutdown message - nice signal to server, we are done */
static const char* kShutdown = "shutdown";
Expand Down Expand Up @@ -2337,7 +2338,7 @@ int main(int argc, char** argv)
args.return_code = 0;

#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
!defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
!defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && defined(USE_WOLFSSL_IO)
bench_tls(&args);
#endif

Expand Down
7 changes: 4 additions & 3 deletions examples/client/client.c
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,8 @@ static const char *wolfsentry_config_path = NULL;
#include <examples/client/client.h>
#include <wolfssl/error-ssl.h>

#ifndef NO_WOLFSSL_CLIENT
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)


#ifdef NO_FILESYSTEM
#ifdef NO_RSA
Expand Down Expand Up @@ -4810,7 +4811,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
WOLFSSL_RETURN_FROM_THREAD(0);
}

#endif /* !NO_WOLFSSL_CLIENT */
#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */


/* so overall tests can pull in test function */
Expand All @@ -4836,7 +4837,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_Init();
ChangeToWolfRoot();

#ifndef NO_WOLFSSL_CLIENT
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, client_test);
#else
Expand Down
6 changes: 3 additions & 3 deletions examples/echoclient/echoclient.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@

#include <examples/echoclient/echoclient.h>

#ifndef NO_WOLFSSL_CLIENT
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)


#ifdef NO_FILESYSTEM
Expand Down Expand Up @@ -381,7 +381,7 @@ void echoclient_test(void* args)
((func_args*)args)->return_code = 0;
}

#endif /* !NO_WOLFSSL_CLIENT */
#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */

/* so overall tests can pull in test function */
#ifndef NO_MAIN_DRIVER
Expand All @@ -408,7 +408,7 @@ void echoclient_test(void* args)
#ifndef WOLFSSL_TIRTOS
ChangeToWolfRoot();
#endif
#ifndef NO_WOLFSSL_CLIENT
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
echoclient_test(&args);
#endif

Expand Down
6 changes: 3 additions & 3 deletions examples/echoserver/echoserver.c
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@

#include "examples/echoserver/echoserver.h"

#ifndef NO_WOLFSSL_SERVER
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)

#ifdef NO_FILESYSTEM
#ifdef NO_RSA
Expand Down Expand Up @@ -536,7 +536,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
WOLFSSL_RETURN_FROM_THREAD(0);
}

#endif /* !NO_WOLFSSL_SERVER */
#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */


/* so overall tests can pull in test function */
Expand All @@ -562,7 +562,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
wolfSSL_Debugging_ON();
#endif
ChangeToWolfRoot();
#ifndef NO_WOLFSSL_SERVER
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
echoserver_test(&args);
#endif
wolfSSL_Cleanup();
Expand Down
6 changes: 3 additions & 3 deletions examples/server/server.c
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ static const char *wolfsentry_config_path = NULL;

#include "examples/server/server.h"

#ifndef NO_WOLFSSL_SERVER
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)

#if defined(WOLFSSL_TLS13) && ( \
defined(HAVE_ECC) \
Expand Down Expand Up @@ -3986,7 +3986,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
WOLFSSL_RETURN_FROM_THREAD(0);
}

#endif /* !NO_WOLFSSL_SERVER */
#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */


/* so overall tests can pull in test function */
Expand Down Expand Up @@ -4017,7 +4017,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif
ChangeToWolfRoot();

#ifndef NO_WOLFSSL_SERVER
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, server_test);
#else
Expand Down
10 changes: 8 additions & 2 deletions scripts/crl-revoked.test
Original file line number Diff line number Diff line change
Expand Up @@ -217,8 +217,14 @@ else
exit_hash_dir_code=0
fi

# run the test
run_test
# Check that server is enabled
./examples/server/server -? 2>&1 | grep -- 'Create Ready file'
if [ $? -eq 0 ]; then
# run the test
run_test
else
exit_code=0
fi

# If we get to this exit, exit_code will be a 1 signaling failure
echo "exiting with $exit_code certificate was not revoked"
Expand Down
16 changes: 10 additions & 6 deletions src/bio.c
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,7 @@ int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b)
}

#ifndef WOLFCRYPT_ONLY
#ifndef NO_TLS
/* Helper function to read from WOLFSSL_BIO_SSL type
*
* returns the number of bytes read on success
Expand Down Expand Up @@ -231,6 +232,7 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf,

return ret;
}
#endif /* !NO_TLS */

static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
{
Expand All @@ -249,7 +251,7 @@ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
}
return sz;
}
#endif /* WOLFCRYPT_ONLY */
#endif /* !WOLFCRYPT_ONLY */


/* Used to read data from a WOLFSSL_BIO structure
Expand Down Expand Up @@ -331,7 +333,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
#endif /* !NO_FILESYSTEM */
break;
case WOLFSSL_BIO_SSL:
#ifndef WOLFCRYPT_ONLY
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
ret = wolfSSL_BIO_SSL_read(bio, buf, len, front);
#else
WOLFSSL_MSG("WOLFSSL_BIO_SSL used with WOLFCRYPT_ONLY");
Expand Down Expand Up @@ -500,7 +502,7 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data,
}
#endif /* WOLFSSL_BASE64_ENCODE */

#ifndef WOLFCRYPT_ONLY
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
/* Helper function for writing to a WOLFSSL_BIO_SSL type
*
* returns the amount written in bytes on success
Expand Down Expand Up @@ -531,7 +533,7 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data,
}
return ret;
}
#endif /* WOLFCRYPT_ONLY */
#endif /* !WOLFCRYPT_ONLY && !NO_TLS */

/* Writes to a WOLFSSL_BIO_BIO type.
*
Expand Down Expand Up @@ -746,7 +748,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
#endif /* !NO_FILESYSTEM */
break;
case WOLFSSL_BIO_SSL:
#ifndef WOLFCRYPT_ONLY
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
/* already got eof, again is error */
if (front->eof) {
ret = WOLFSSL_FATAL_ERROR;
Expand Down Expand Up @@ -823,7 +825,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
bio = bio->next;
}

#ifndef WOLFCRYPT_ONLY
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS)
exit_chain:
#endif

Expand Down Expand Up @@ -2560,6 +2562,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
return ret;
}

#ifndef NO_TLS
long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b)
{
WOLFSSL_ENTER("wolfSSL_BIO_do_handshake");
Expand Down Expand Up @@ -2605,6 +2608,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
WOLFSSL_MSG("BIO has no SSL pointer set.");
}
}
#endif

long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
{
Expand Down
Loading

0 comments on commit 60afdb5

Please sign in to comment.