Skip to content

DTLS 1.3 client-only minimum: WOLFSSL_DTLS_ONLY + autoconf cascade#10353

Open
julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
julek-wolfssl:dtls-13-client-only
Open

DTLS 1.3 client-only minimum: WOLFSSL_DTLS_ONLY + autoconf cascade#10353
julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
julek-wolfssl:dtls-13-client-only

Conversation

@julek-wolfssl
Copy link
Copy Markdown
Member

@julek-wolfssl julek-wolfssl commented Apr 29, 2026

  • configure.ac: --enable-dtls13 auto-enables --enable-dtls and TLS 1.3,
    with a targeted error if either is explicitly --disabled.
  • src/internal.c, src/wolfio.c, wolfssl/wolfio.h: new WOLFSSL_DTLS_ONLY
    compile-time flag elides EmbedReceive / EmbedSend default callbacks
    and the GetSEQIncrement helper.
  • wolfcrypt/src/aes.c: add HAVE_AES_DECRYPT to the inv_col_mul
    definition gate to match its only caller; without it the function is
    emitted dead under WOLFSSL_AES_DIRECT && NO_AES_DECRYPT and
    -Werror=unused-function fails the build.
  • .github/workflows/os-check.yml: matrix entry for a minimal DTLS 1.3
    client-only build.

@julek-wolfssl
DTLS 1.3 client-only minimum: WOLFSSL_DTLS_ONLY + autoconf cascade
93ab49b 
* configure.ac: --enable-dtls13 auto-enables --enable-dtls and TLS 1.3,
  with a targeted error if either is explicitly --disabled.
* src/internal.c, src/wolfio.c, wolfssl/wolfio.h: new WOLFSSL_DTLS_ONLY
  compile-time flag elides EmbedReceive / EmbedSend default callbacks
  and the GetSEQIncrement helper.
* wolfcrypt/src/aes.c: add HAVE_AES_DECRYPT to the inv_col_mul
  definition gate to match its only caller; without it the function is
  emitted dead under WOLFSSL_AES_DIRECT && NO_AES_DECRYPT and
  -Werror=unused-function fails the build.
* .github/workflows/os-check.yml: matrix entry for a minimal DTLS 1.3
  client-only build.
Copilot AI review requested due to automatic review settings April 29, 2026 21:03
@julek-wolfssl julek-wolfssl self-assigned this Apr 29, 2026
@dgarske dgarske self-requested a review April 29, 2026 21:05
Copilot AI reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR targets a minimal DTLS 1.3 “client-only” build configuration by improving autotools option cascading, trimming default stream-IO callbacks under a new WOLFSSL_DTLS_ONLY compile-time flag, and adding CI coverage for that minimal configuration.

Changes:

  • Autoconf: --enable-dtls13 now cascades to enable DTLS and TLS 1.3 (unless explicitly disabled) with clearer error messages.
  • WOLFSSL_DTLS_ONLY: compile-time elision of default EmbedReceive/EmbedSend callbacks and GetSEQIncrement() helper.
  • Build/CI fixes: avoid -Werror=unused-function in AES, and add an OS-check matrix entry for the minimal DTLS 1.3 client-only build.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
configure.ac Makes --enable-dtls13 cascade-enable DTLS and TLS 1.3 with targeted errors/notices.
src/internal.c Adds WOLFSSL_DTLS_ONLY gates to skip default stream callbacks and TLS sequence helper paths.
src/wolfio.c Removes default stream EmbedReceive/EmbedSend definitions when WOLFSSL_DTLS_ONLY is set.
wolfssl/wolfio.h Removes EmbedReceive/EmbedSend declarations/mappings when WOLFSSL_DTLS_ONLY is set.
wolfcrypt/src/aes.c Gates inv_col_mul() on HAVE_AES_DECRYPT to match its actual usage and avoid unused-function builds failing.
.github/workflows/os-check.yml Adds a CI matrix entry for a minimal DTLS 1.3 client-only configuration.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/internal.c
Comment on lines +2715 to 2719
#ifndef WOLFSSL_DTLS_ONLY
if (method->version.major == DTLS_MAJOR)
#endif
{
ctx->CBIORecv = EmbedReceiveFrom;
Comment thread src/internal.c
Comment on lines +9540 to 9544
#ifdef WOLFSSL_DTLS_ONLY
DtlsGetSEQ(ssl, verifyOrder, seq);
#else
if (!ssl->options.dtls) {
GetSEQIncrement(ssl, verifyOrder, seq);
Comment thread configure.ac
Comment on lines +5745 to +5749
if test "x$ENABLED_TLS13" != "xyes"
then
AC_MSG_NOTICE([DTLSv1.3 is enabled, enabling TLS 1.3])
ENABLED_TLS13=yes
fi
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

MemBrowse Memory Report

No memory changes detected for:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dgarske dgarske Awaiting requested review from dgarske

At least 1 approving review is required to merge this pull request.

Assignees

@julek-wolfssl julek-wolfssl

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@julek-wolfssl