ssl: block out dtls code when OPENSSL_NO_DTLS defined

Signed-off-by: Yi Li <yi1.li@intel.com>
liyi77 · Mar 24, 2023 · a92f19c · a92f19c
1 parent 2b0a888
commit a92f19c
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 1 deletion.
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
@@ -62,8 +62,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
     RECORD_LAYER_reset_read_sequence(rl);
     RECORD_LAYER_reset_write_sequence(rl);
 
+#ifndef OPENSSL_NO_DTLS
     if (rl->d)
         DTLS_RECORD_LAYER_clear(rl);
+#endif
 }
 
 void RECORD_LAYER_release(RECORD_LAYER *rl)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
@@ -1557,6 +1557,7 @@ int SSL_has_pending(const SSL *s)
      * the records for some reason.
      */
 
+#ifndef OPENSSL_NO_DTLS
     /* Check buffered app data if any first */
     if (SSL_IS_DTLS(s)) {
         DTLS1_RECORD_DATA *rdata;
@@ -1569,6 +1570,7 @@ int SSL_has_pending(const SSL *s)
                 return 1;
         }
     }
+#endif
 
     if (RECORD_LAYER_processed_read_pending(&s->rlayer))
         return 1;

diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
@@ -579,10 +579,14 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
         case READ_STATE_HEADER:
             /* Get the state the peer wants to move to */
             if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_DTLS
                 /*
                  * In DTLS we get the whole message in one go - header and body
                  */
                 ret = dtls_get_message(s, &mt);
+#else
+                return SUB_STATE_ERROR;
+#endif
             } else {
                 ret = tls_get_message_header(s, &mt);
             }
@@ -626,11 +630,15 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
 
         case READ_STATE_BODY:
             if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_DTLS
                 /*
                  * Actually we already have the body, but we give DTLS the
                  * opportunity to do any further processing.
                  */
                 ret = dtls_get_message_body(s, &len);
+#else
+                return SUB_STATE_ERROR;
+#endif
             } else {
                 ret = tls_get_message_body(s, &len);
             }
@@ -656,7 +664,9 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
 
             case MSG_PROCESS_FINISHED_READING:
                 if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_DTLS
                     dtls1_stop_timer(s);
+#endif
                 }
                 return SUB_STATE_FINISHED;
 
@@ -688,7 +698,9 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
 
             case WORK_FINISHED_STOP:
                 if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_DTLS
                     dtls1_stop_timer(s);
+#endif
                 }
                 return SUB_STATE_FINISHED;
             }
@@ -711,9 +723,11 @@ static int statem_do_write(SSL *s)
 
     if (st->hand_state == TLS_ST_CW_CHANGE
         || st->hand_state == TLS_ST_SW_CHANGE) {
+#ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s))
             return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
         else
+#endif
             return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
     } else {
         return ssl_do_write(s);
@@ -879,7 +893,9 @@ static SUB_STATE_RETURN write_state_machine(SSL *s)
 
         case WRITE_STATE_SEND:
             if (SSL_IS_DTLS(s) && st->use_timer) {
+#ifndef OPENSSL_NO_DTLS
                 dtls1_start_timer(s);
+#endif
             }
             ret = statem_do_write(s);
             if (ret <= 0) {

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
@@ -813,6 +813,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
             return WORK_ERROR;
         }
 
+#ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s)) {
 #ifndef OPENSSL_NO_SCTP
             if (s->hit) {
@@ -827,6 +828,7 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
 
             dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
         }
+#endif
         break;
 
     case TLS_ST_CW_FINISHED:
@@ -891,9 +893,11 @@ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
         return 0;
 
     case TLS_ST_CW_CHANGE:
+#ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s))
             *confunc = dtls_construct_change_cipher_spec;
         else
+#endif
             *confunc = tls_construct_change_cipher_spec;
         *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
         break;
@@ -1026,8 +1030,10 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
     case TLS_ST_CR_SRVR_HELLO:
         return tls_process_server_hello(s, pkt);
 
+#ifndef OPENSSL_NO_DTLS
     case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
         return dtls_process_hello_verify(s, pkt);
+#endif
 
     case TLS_ST_CR_CERT:
         return tls_process_server_certificate(s, pkt);

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
@@ -762,18 +762,20 @@ MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
     }
 
     if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_DTLS
         dtls1_reset_seq_numbers(s, SSL3_CC_READ);
 
         if (s->version == DTLS1_BAD_VER)
             s->d1->handshake_read_seq++;
 
-#ifndef OPENSSL_NO_SCTP
+# ifndef OPENSSL_NO_SCTP
         /*
          * Remember that a CCS has been received, so that an old key of
          * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
          * SCTP is used
          */
         BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+# endif
 #endif
     }
 
@@ -1125,13 +1127,15 @@ WORK_STATE tls_finish_handshake(SSL *s, ossl_unused WORK_STATE wst,
                              &s->session_ctx->stats.sess_connect_good);
         }
 
+#ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s)) {
             /* done with handshaking */
             s->d1->handshake_read_seq = 0;
             s->d1->handshake_write_seq = 0;
             s->d1->next_handshake_write_seq = 0;
             dtls1_clear_received_buffer(s);
         }
+#endif
     }
 
     if (s->info_callback != NULL)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
@@ -690,17 +690,21 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
 
     case TLS_ST_SW_HELLO_REQ:
         s->shutdown = 0;
+#ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s))
             dtls1_clear_sent_buffer(s);
+#endif
         break;
 
     case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
         s->shutdown = 0;
+#ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s)) {
             dtls1_clear_sent_buffer(s);
             /* We don't buffer this message so don't use the timer */
             st->use_timer = 0;
         }
+#endif
         break;
 
     case TLS_ST_SW_SRVR_HELLO:
@@ -715,10 +719,12 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
 
     case TLS_ST_SW_SRVR_DONE:
 #ifndef OPENSSL_NO_SCTP
+# ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
             /* Calls SSLfatal() as required */
             return dtls_wait_for_dry(s);
         }
+# endif
 #endif
         return WORK_FINISHED_CONTINUE;
 
@@ -931,8 +937,10 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
             return WORK_ERROR;
         }
 
+#ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s))
             dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+#endif
         break;
 
     case TLS_ST_SW_SRVR_DONE:
@@ -1026,17 +1034,21 @@ int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
         return 0;
 
     case TLS_ST_SW_CHANGE:
+#ifndef OPENSSL_NO_DTLS
         if (SSL_IS_DTLS(s))
             *confunc = dtls_construct_change_cipher_spec;
         else
+#endif
             *confunc = tls_construct_change_cipher_spec;
         *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
         break;
 
+#ifndef OPENSSL_NO_DTLS
     case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
         *confunc = dtls_construct_hello_verify_request;
         *mt = DTLS1_MT_HELLO_VERIFY_REQUEST;
         break;
+#endif
 
     case TLS_ST_SW_HELLO_REQ:
         /* No construction function needed */