[openssl-commits] [openssl] master update

Ben Laurie ben at openssl.org
Mon Aug 1 10:31:28 UTC 2016


The branch master has been updated
       via  68e71e9d000b72d964eb8b4106a1d879a0da4908 (commit)
       via  3260adf1901ff3a842676ec7fa8c53dbfc66c4bd (commit)
       via  620c6ad3125d7631f08c37033d1cb4302aef819a (commit)
      from  087d3e89932e00eede95353fbd988e2752bc2468 (commit)


- Log -----------------------------------------------------------------
commit 68e71e9d000b72d964eb8b4106a1d879a0da4908
Author: Ben Laurie <ben at links.org>
Date:   Mon Aug 1 03:44:42 2016 +0100

    Include what we use.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 3260adf1901ff3a842676ec7fa8c53dbfc66c4bd
Author: Ben Laurie <ben at links.org>
Date:   Sun Jul 31 15:48:24 2016 +0100

    peer_tmp doesn't exist if no-ec no-dh.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 620c6ad3125d7631f08c37033d1cb4302aef819a
Author: Ben Laurie <ben at links.org>
Date:   Sun Jul 31 11:42:04 2016 +0100

    Fix various no-*s.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/engine/eng_all.c  |  2 +-
 fuzz/asn1.c              | 14 ++++++++++++++
 ssl/statem/statem_clnt.c |  2 ++
 test/handshake_helper.c  | 11 ++++++++++-
 test/ssl_test.c          |  4 ++++
 test/ssl_test_ctx.c      |  6 ++++++
 test/ssl_test_ctx.h      |  2 ++
 test/ssl_test_ctx_test.c |  4 ++++
 8 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
index 4600acb..ebe0277 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@@ -18,7 +18,7 @@ void ENGINE_load_builtin_engines(void)
     OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
 }
 
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED)
 void ENGINE_setup_bsd_cryptodev(void)
 {
     static int bsd_cryptodev_default_loaded = 0;
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index b4c20b5..5125f36 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -19,9 +19,11 @@
 #include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include <openssl/dh.h>
 #include <openssl/ec.h>
 #include <openssl/ocsp.h>
 #include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
 #include <openssl/ts.h>
 #include <openssl/x509v3.h>
 #include <openssl/cms.h>
@@ -29,9 +31,11 @@
 
 static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
     ASN1_ITEM_ref(ASIdentifierChoice),
     ASN1_ITEM_ref(ASIdentifiers),
     ASN1_ITEM_ref(ASIdOrRange),
+#endif
     ASN1_ITEM_ref(ASN1_ANY),
     ASN1_ITEM_ref(ASN1_BIT_STRING),
     ASN1_ITEM_ref(ASN1_BMPSTRING),
@@ -58,17 +62,23 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(ASN1_UTCTIME),
     ASN1_ITEM_ref(ASN1_UTF8STRING),
     ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
     ASN1_ITEM_ref(ASRange),
+#endif
     ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
     ASN1_ITEM_ref(AUTHORITY_KEYID),
     ASN1_ITEM_ref(BASIC_CONSTRAINTS),
     ASN1_ITEM_ref(BIGNUM),
     ASN1_ITEM_ref(CBIGNUM),
     ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
     ASN1_ITEM_ref(CMS_ContentInfo),
     ASN1_ITEM_ref(CMS_ReceiptRequest),
     ASN1_ITEM_ref(CRL_DIST_POINTS),
+#endif
+#ifndef OPENSSL_NO_DH
     ASN1_ITEM_ref(DHparams),
+#endif
     ASN1_ITEM_ref(DIRECTORYSTRING),
     ASN1_ITEM_ref(DISPLAYTEXT),
     ASN1_ITEM_ref(DIST_POINT),
@@ -82,10 +92,12 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(GENERAL_NAME),
     ASN1_ITEM_ref(GENERAL_NAMES),
     ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
     ASN1_ITEM_ref(IPAddressChoice),
     ASN1_ITEM_ref(IPAddressFamily),
     ASN1_ITEM_ref(IPAddressOrRange),
     ASN1_ITEM_ref(IPAddressRange),
+#endif
     ASN1_ITEM_ref(ISSUING_DIST_POINT),
     ASN1_ITEM_ref(LONG),
     ASN1_ITEM_ref(NAME_CONSTRAINTS),
@@ -93,6 +105,7 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(NETSCAPE_SPKAC),
     ASN1_ITEM_ref(NETSCAPE_SPKI),
     ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
     ASN1_ITEM_ref(OCSP_BASICRESP),
     ASN1_ITEM_ref(OCSP_CERTID),
     ASN1_ITEM_ref(OCSP_CERTSTATUS),
@@ -108,6 +121,7 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(OCSP_SERVICELOC),
     ASN1_ITEM_ref(OCSP_SIGNATURE),
     ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
     ASN1_ITEM_ref(OTHERNAME),
     ASN1_ITEM_ref(PBE2PARAM),
     ASN1_ITEM_ref(PBEPARAM),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5fb0080..9d4af3a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1583,8 +1583,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
 
     save_param_start = *pkt;
 
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
     EVP_PKEY_free(s->s3->peer_tmp);
     s->s3->peer_tmp = NULL;
+#endif
 
     if (alg_k & SSL_PSK) {
         if (!tls_process_ske_psk_preamble(s, pkt, &al))
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index eecc6f7..c7023fe 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -164,6 +164,7 @@ static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
     return 0;
 }
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
 /* Parse the comma-separated list into TLS format. */
 static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
 {
@@ -260,7 +261,7 @@ static int server_alpn_cb(SSL *s, const unsigned char **out,
     return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
         : SSL_TLSEXT_ERR_NOACK;
 }
-
+#endif
 
 /*
  * Configure callbacks and other properties that can't be set directly
@@ -315,6 +316,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
     if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {
         SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
     }
+#ifndef OPENSSL_NO_NEXTPROTONEG
     if (test_ctx->server_npn_protocols != NULL) {
         parse_protos(test_ctx->server_npn_protocols,
                      &server_ctx_data->npn_protocols,
@@ -360,6 +362,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
                                                alpn_protos_len) == 0);
         OPENSSL_free(alpn_protos);
     }
+#endif
     /*
      * Use fixed session ticket keys so that we can decrypt a ticket created with
      * one CTX in another CTX. Don't address server2 for the moment.
@@ -496,6 +499,7 @@ static handshake_status_t handshake_status(peer_status_t last_status,
     return INTERNAL_ERROR;
 }
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
 /* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
 static char *dup_str(const unsigned char *in, size_t len)
 {
@@ -510,6 +514,7 @@ static char *dup_str(const unsigned char *in, size_t len)
     OPENSSL_assert(ret != NULL);
     return ret;
 }
+#endif
 
 static HANDSHAKE_RESULT *do_handshake_internal(
     SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
@@ -527,9 +532,11 @@ static HANDSHAKE_RESULT *do_handshake_internal(
     unsigned char* tick = NULL;
     size_t tick_len = 0;
     SSL_SESSION* sess = NULL;
+#ifndef OPENSSL_NO_NEXTPROTONEG
     const unsigned char *proto = NULL;
     /* API dictates unsigned int rather than size_t. */
     unsigned int proto_len = 0;
+#endif
 
     memset(&server_ctx_data, 0, sizeof(server_ctx_data));
     memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
@@ -644,6 +651,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
         ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
     ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
     SSL_get0_next_proto_negotiated(client, &proto, &proto_len);
     ret->client_npn_negotiated = dup_str(proto, proto_len);
 
@@ -655,6 +663,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
 
     SSL_get0_alpn_selected(server, &proto, &proto_len);
     ret->server_alpn_negotiated = dup_str(proto, proto_len);
+#endif
 
     ret->client_resumed = SSL_session_reused(client);
     ret->server_resumed = SSL_session_reused(server);
diff --git a/test/ssl_test.c b/test/ssl_test.c
index b28d308..48846ae 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -150,6 +150,7 @@ static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx
     return 1;
 }
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
 static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
     int ret = 1;
@@ -173,6 +174,7 @@ static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
                          result->client_alpn_negotiated);
     return ret;
 }
+#endif
 
 static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
@@ -204,8 +206,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
         ret &= check_servername(result, test_ctx);
         ret &= check_session_ticket(result, test_ctx);
         ret &= (result->session_ticket_do_not_call == 0);
+#ifndef OPENSSL_NO_NEXTPROTONEG
         ret &= check_npn(result, test_ctx);
         ret &= check_alpn(result, test_ctx);
+#endif
         ret &= check_resumption(result, test_ctx);
     }
     return ret;
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 084cf15..24b11e5 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -295,6 +295,7 @@ const char *ssl_test_method_name(ssl_test_method_t method)
 /* NPN and ALPN options             */
 /************************************/
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
 IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_npn_protocols)
 IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_npn_protocols)
 IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_npn_protocols)
@@ -303,6 +304,7 @@ IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_alpn_protocols)
 IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_alpn_protocols)
 IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_alpn_protocols)
 IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_alpn_protocol)
+#endif
 
 /***********************/
 /* Handshake mode      */
@@ -372,6 +374,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
     { "ServerNameCallback", &parse_servername_callback },
     { "SessionTicketExpected", &parse_session_ticket },
     { "Method", &parse_test_method },
+#ifndef OPENSSL_NO_NEXTPROTONEG
     { "ClientNPNProtocols", &parse_client_npn_protocols },
     { "ServerNPNProtocols", &parse_server_npn_protocols },
     { "Server2NPNProtocols", &parse_server2_npn_protocols },
@@ -380,6 +383,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
     { "ServerALPNProtocols", &parse_server_alpn_protocols },
     { "Server2ALPNProtocols", &parse_server2_alpn_protocols },
     { "ExpectedALPNProtocol", &parse_expected_alpn_protocol },
+#endif
     { "HandshakeMode", &parse_handshake_mode },
     { "ResumptionExpected", &parse_resumption_expected },
 };
@@ -399,6 +403,7 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
 void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
 {
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
     OPENSSL_free(ctx->client_npn_protocols);
     OPENSSL_free(ctx->server_npn_protocols);
     OPENSSL_free(ctx->server2_npn_protocols);
@@ -407,6 +412,7 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
     OPENSSL_free(ctx->server2_alpn_protocols);
     OPENSSL_free(ctx->expected_npn_protocol);
     OPENSSL_free(ctx->expected_alpn_protocol);
+#endif
     OPENSSL_free(ctx);
 }
 
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
index d3d86e7..83850e4 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -92,6 +92,7 @@ typedef struct ssl_test_ctx {
     ssl_session_ticket_t session_ticket_expected;
     /* Whether the server/client CTX should use DTLS or TLS. */
     ssl_test_method_t method;
+#ifndef OPENSSL_NO_NEXTPROTONEG
     /*
      * NPN and ALPN protocols supported by the client, server, and second
      * (SNI) server. A comma-separated list.
@@ -104,6 +105,7 @@ typedef struct ssl_test_ctx {
     char *server_alpn_protocols;
     char *server2_alpn_protocols;
     char *expected_alpn_protocol;
+#endif
     /* Whether to test a resumed/renegotiated handshake. */
     ssl_handshake_mode_t handshake_mode;
     /* Whether the second handshake is resumed or a full handshake (boolean). */
diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c
index 6366e0a..52691f0 100644
--- a/test/ssl_test_ctx_test.c
+++ b/test/ssl_test_ctx_test.c
@@ -89,6 +89,7 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
                 ssl_session_ticket_name(ctx2->session_ticket_expected));
         return 0;
     }
+#ifndef OPENSSL_NO_NEXTPROTONEG
     if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols,
                        ctx2->client_npn_protocols))
         return 0;
@@ -120,6 +121,7 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
     if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
                        ctx2->expected_alpn_protocol))
         return 0;
+#endif
     if (ctx->handshake_mode != ctx2->handshake_mode) {
         fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
                 ssl_handshake_mode_name(ctx->handshake_mode),
@@ -214,10 +216,12 @@ static int test_good_configuration()
         SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
     fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
     fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
+#ifndef OPENSSL_NO_NEXTPROTONEG
     fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar");
     fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz");
     OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL);
     OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL);
+#endif
     fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
     fixture.expected_ctx->resumption_expected = 1;
     EXECUTE_SSL_TEST_CTX_TEST();


More information about the openssl-commits mailing list