From e057d3bf6b30bd950736eb0cf2cd6b1bf44e7d5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Wed, 20 May 2015 10:59:43 +0200
Subject: [PATCH] Relax some dependencies

- DTLS_HELLO_VERIFY no longer depends on SRV_C
- SSL_COOKIE_C no longer depends on DTLS_HELLO_VERIFY

Not that much work for us, and easier on users (esp. since it allows just
disabling SRV_C alone).
---
 include/mbedtls/check_config.h |  7 +----
 include/mbedtls/config.h       |  5 +---
 include/mbedtls/ssl.h          | 55 +++++++++++++++++-----------------
 library/ssl_tls.c              | 10 +++----
 4 files changed, 35 insertions(+), 42 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 08770f9c7..b8fc57143 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -392,12 +392,7 @@
 #error "Illegal protocol selection"
 #endif
 
-#if defined(MBEDTLS_SSL_COOKIE_C) && !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-#error "MBEDTLS_SSL_COOKIE_C  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) &&                              \
-    ( !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
 #error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif
 
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index aef4dfb03..6cd46e832 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1087,8 +1087,7 @@
  *
  * \warning Disabling this can ba a security risk! (see above)
  *
- * Requires: MBEDTLS_SSL_SRV_C
- *           MBEDTLS_SSL_PROTO_DTLS
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
  *
  * Comment this to disable support for HelloVerifyRequest.
  */
@@ -2085,8 +2084,6 @@
  *
  * Module:  library/ssl_cookie.c
  * Caller:
- *
- * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
  */
 #define MBEDTLS_SSL_COOKIE_C
 
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 06b8cb90f..af303f294 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -812,7 +812,7 @@ typedef struct
     void *p_psk;                    /*!< context for PSK callback           */
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
     /** Callback to create & write a cookie for ClientHello veirifcation    */
     int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
                            const unsigned char *, size_t );
@@ -1056,7 +1056,7 @@ struct mbedtls_ssl_context
     /*
      * Information for DTLS hello verify
      */
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
     unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
     size_t          cli_id_len;     /*!<  length of cli_id                  */
 #endif
@@ -1392,30 +1392,6 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
         void *p_ticket );
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
 
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-/**
- * \brief          Set client's transport-level identification info.
- *                 (Server only. DTLS only.)
- *
- *                 This is usually the IP address (and port), but could be
- *                 anything identify the client depending on the underlying
- *                 network stack. Used for HelloVerifyRequest with DTLS.
- *                 This is *not* used to route the actual packets.
- *
- * \param ssl      SSL context
- * \param info     Transport-level info identifying the client (eg IP + port)
- * \param ilen     Length of info in bytes
- *
- * \note           An internal copy is made, so the info buffer can be reused.
- *
- * \return         0 on success,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
- *                 MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
- */
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
-                                 const unsigned char *info,
-                                 size_t ilen );
-
 /**
  * \brief          Callback type: generate a cookie
  *
@@ -1451,6 +1427,7 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
                                 const unsigned char *cookie, size_t clen,
                                 const unsigned char *info, size_t ilen );
 
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
 /**
  * \brief           Register callbacks for DTLS cookies
  *                  (Server only. DTLS only.)
@@ -1474,7 +1451,31 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
                            mbedtls_ssl_cookie_write_t *f_cookie_write,
                            mbedtls_ssl_cookie_check_t *f_cookie_check,
                            void *p_cookie );
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+/**
+ * \brief          Set client's transport-level identification info.
+ *                 (Server only. DTLS only.)
+ *
+ *                 This is usually the IP address (and port), but could be
+ *                 anything identify the client depending on the underlying
+ *                 network stack. Used for HelloVerifyRequest with DTLS.
+ *                 This is *not* used to route the actual packets.
+ *
+ * \param ssl      SSL context
+ * \param info     Transport-level info identifying the client (eg IP + port)
+ * \param ilen     Length of info in bytes
+ *
+ * \note           An internal copy is made, so the info buffer can be reused.
+ *
+ * \return         0 on success,
+ *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+ *                 MBEDTLS_ERR_SSL_MALLOC_FAILED if out of memory.
+ */
+int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
+                                 const unsigned char *info,
+                                 size_t ilen );
+
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
 /**
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8b96a836d..79d1b938a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4950,7 +4950,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
 /* Dummy cookie callbacks for defaults */
 static int ssl_cookie_write_dummy( void *ctx,
                       unsigned char **p, unsigned char *end,
@@ -4977,7 +4977,7 @@ static int ssl_cookie_check_dummy( void *ctx,
 
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
 
 /*
  * Initialize an SSL context
@@ -5136,7 +5136,7 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
     ssl->alpn_chosen = NULL;
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
     mbedtls_free( ssl->cli_id );
     ssl->cli_id = NULL;
     ssl->cli_id_len = 0;
@@ -6572,7 +6572,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
     }
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
     mbedtls_free( ssl->cli_id );
 #endif
 
@@ -6654,7 +6654,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
     conf->curve_list = mbedtls_ecp_grp_id_list( );
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
     conf->f_cookie_write = ssl_cookie_write_dummy;
     conf->f_cookie_check = ssl_cookie_check_dummy;
 #endif