[openssl-commits] [openssl] master update
Ben Laurie
ben at openssl.org
Mon Aug 1 10:31:28 UTC 2016
The branch master has been updated
via 68e71e9d000b72d964eb8b4106a1d879a0da4908 (commit)
via 3260adf1901ff3a842676ec7fa8c53dbfc66c4bd (commit)
via 620c6ad3125d7631f08c37033d1cb4302aef819a (commit)
from 087d3e89932e00eede95353fbd988e2752bc2468 (commit)
- Log -----------------------------------------------------------------
commit 68e71e9d000b72d964eb8b4106a1d879a0da4908
Author: Ben Laurie <ben at links.org>
Date: Mon Aug 1 03:44:42 2016 +0100
Include what we use.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 3260adf1901ff3a842676ec7fa8c53dbfc66c4bd
Author: Ben Laurie <ben at links.org>
Date: Sun Jul 31 15:48:24 2016 +0100
peer_tmp doesn't exist if no-ec no-dh.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 620c6ad3125d7631f08c37033d1cb4302aef819a
Author: Ben Laurie <ben at links.org>
Date: Sun Jul 31 11:42:04 2016 +0100
Fix various no-*s.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/engine/eng_all.c | 2 +-
fuzz/asn1.c | 14 ++++++++++++++
ssl/statem/statem_clnt.c | 2 ++
test/handshake_helper.c | 11 ++++++++++-
test/ssl_test.c | 4 ++++
test/ssl_test_ctx.c | 6 ++++++
test/ssl_test_ctx.h | 2 ++
test/ssl_test_ctx_test.c | 4 ++++
8 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
index 4600acb..ebe0277 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@@ -18,7 +18,7 @@ void ENGINE_load_builtin_engines(void)
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
}
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED)
void ENGINE_setup_bsd_cryptodev(void)
{
static int bsd_cryptodev_default_loaded = 0;
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index b4c20b5..5125f36 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -19,9 +19,11 @@
#include <string.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
+#include <openssl/dh.h>
#include <openssl/ec.h>
#include <openssl/ocsp.h>
#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
#include <openssl/ts.h>
#include <openssl/x509v3.h>
#include <openssl/cms.h>
@@ -29,9 +31,11 @@
static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
ASN1_ITEM_ref(ASIdentifierChoice),
ASN1_ITEM_ref(ASIdentifiers),
ASN1_ITEM_ref(ASIdOrRange),
+#endif
ASN1_ITEM_ref(ASN1_ANY),
ASN1_ITEM_ref(ASN1_BIT_STRING),
ASN1_ITEM_ref(ASN1_BMPSTRING),
@@ -58,17 +62,23 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(ASN1_UTCTIME),
ASN1_ITEM_ref(ASN1_UTF8STRING),
ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
ASN1_ITEM_ref(ASRange),
+#endif
ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
ASN1_ITEM_ref(AUTHORITY_KEYID),
ASN1_ITEM_ref(BASIC_CONSTRAINTS),
ASN1_ITEM_ref(BIGNUM),
ASN1_ITEM_ref(CBIGNUM),
ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
ASN1_ITEM_ref(CMS_ContentInfo),
ASN1_ITEM_ref(CMS_ReceiptRequest),
ASN1_ITEM_ref(CRL_DIST_POINTS),
+#endif
+#ifndef OPENSSL_NO_DH
ASN1_ITEM_ref(DHparams),
+#endif
ASN1_ITEM_ref(DIRECTORYSTRING),
ASN1_ITEM_ref(DISPLAYTEXT),
ASN1_ITEM_ref(DIST_POINT),
@@ -82,10 +92,12 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(GENERAL_NAME),
ASN1_ITEM_ref(GENERAL_NAMES),
ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
ASN1_ITEM_ref(IPAddressChoice),
ASN1_ITEM_ref(IPAddressFamily),
ASN1_ITEM_ref(IPAddressOrRange),
ASN1_ITEM_ref(IPAddressRange),
+#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
ASN1_ITEM_ref(LONG),
ASN1_ITEM_ref(NAME_CONSTRAINTS),
@@ -93,6 +105,7 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(NETSCAPE_SPKAC),
ASN1_ITEM_ref(NETSCAPE_SPKI),
ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
ASN1_ITEM_ref(OCSP_BASICRESP),
ASN1_ITEM_ref(OCSP_CERTID),
ASN1_ITEM_ref(OCSP_CERTSTATUS),
@@ -108,6 +121,7 @@ static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(OCSP_SERVICELOC),
ASN1_ITEM_ref(OCSP_SIGNATURE),
ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
ASN1_ITEM_ref(OTHERNAME),
ASN1_ITEM_ref(PBE2PARAM),
ASN1_ITEM_ref(PBEPARAM),
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5fb0080..9d4af3a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1583,8 +1583,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
save_param_start = *pkt;
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->peer_tmp);
s->s3->peer_tmp = NULL;
+#endif
if (alg_k & SSL_PSK) {
if (!tls_process_ske_psk_preamble(s, pkt, &al))
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index eecc6f7..c7023fe 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -164,6 +164,7 @@ static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
return 0;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* Parse the comma-separated list into TLS format. */
static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
{
@@ -260,7 +261,7 @@ static int server_alpn_cb(SSL *s, const unsigned char **out,
return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
: SSL_TLSEXT_ERR_NOACK;
}
-
+#endif
/*
* Configure callbacks and other properties that can't be set directly
@@ -315,6 +316,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {
SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (test_ctx->server_npn_protocols != NULL) {
parse_protos(test_ctx->server_npn_protocols,
&server_ctx_data->npn_protocols,
@@ -360,6 +362,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
alpn_protos_len) == 0);
OPENSSL_free(alpn_protos);
}
+#endif
/*
* Use fixed session ticket keys so that we can decrypt a ticket created with
* one CTX in another CTX. Don't address server2 for the moment.
@@ -496,6 +499,7 @@ static handshake_status_t handshake_status(peer_status_t last_status,
return INTERNAL_ERROR;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
static char *dup_str(const unsigned char *in, size_t len)
{
@@ -510,6 +514,7 @@ static char *dup_str(const unsigned char *in, size_t len)
OPENSSL_assert(ret != NULL);
return ret;
}
+#endif
static HANDSHAKE_RESULT *do_handshake_internal(
SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
@@ -527,9 +532,11 @@ static HANDSHAKE_RESULT *do_handshake_internal(
unsigned char* tick = NULL;
size_t tick_len = 0;
SSL_SESSION* sess = NULL;
+#ifndef OPENSSL_NO_NEXTPROTONEG
const unsigned char *proto = NULL;
/* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0;
+#endif
memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
@@ -644,6 +651,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
+#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(client, &proto, &proto_len);
ret->client_npn_negotiated = dup_str(proto, proto_len);
@@ -655,6 +663,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
SSL_get0_alpn_selected(server, &proto, &proto_len);
ret->server_alpn_negotiated = dup_str(proto, proto_len);
+#endif
ret->client_resumed = SSL_session_reused(client);
ret->server_resumed = SSL_session_reused(server);
diff --git a/test/ssl_test.c b/test/ssl_test.c
index b28d308..48846ae 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -150,6 +150,7 @@ static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx
return 1;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
int ret = 1;
@@ -173,6 +174,7 @@ static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
result->client_alpn_negotiated);
return ret;
}
+#endif
static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
@@ -204,8 +206,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
ret &= check_servername(result, test_ctx);
ret &= check_session_ticket(result, test_ctx);
ret &= (result->session_ticket_do_not_call == 0);
+#ifndef OPENSSL_NO_NEXTPROTONEG
ret &= check_npn(result, test_ctx);
ret &= check_alpn(result, test_ctx);
+#endif
ret &= check_resumption(result, test_ctx);
}
return ret;
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 084cf15..24b11e5 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -295,6 +295,7 @@ const char *ssl_test_method_name(ssl_test_method_t method)
/* NPN and ALPN options */
/************************************/
+#ifndef OPENSSL_NO_NEXTPROTONEG
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_npn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_npn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_npn_protocols)
@@ -303,6 +304,7 @@ IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_alpn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_alpn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_alpn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_alpn_protocol)
+#endif
/***********************/
/* Handshake mode */
@@ -372,6 +374,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
{ "ServerNameCallback", &parse_servername_callback },
{ "SessionTicketExpected", &parse_session_ticket },
{ "Method", &parse_test_method },
+#ifndef OPENSSL_NO_NEXTPROTONEG
{ "ClientNPNProtocols", &parse_client_npn_protocols },
{ "ServerNPNProtocols", &parse_server_npn_protocols },
{ "Server2NPNProtocols", &parse_server2_npn_protocols },
@@ -380,6 +383,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
{ "ServerALPNProtocols", &parse_server_alpn_protocols },
{ "Server2ALPNProtocols", &parse_server2_alpn_protocols },
{ "ExpectedALPNProtocol", &parse_expected_alpn_protocol },
+#endif
{ "HandshakeMode", &parse_handshake_mode },
{ "ResumptionExpected", &parse_resumption_expected },
};
@@ -399,6 +403,7 @@ SSL_TEST_CTX *SSL_TEST_CTX_new()
void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
{
+#ifndef OPENSSL_NO_NEXTPROTONEG
OPENSSL_free(ctx->client_npn_protocols);
OPENSSL_free(ctx->server_npn_protocols);
OPENSSL_free(ctx->server2_npn_protocols);
@@ -407,6 +412,7 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
OPENSSL_free(ctx->server2_alpn_protocols);
OPENSSL_free(ctx->expected_npn_protocol);
OPENSSL_free(ctx->expected_alpn_protocol);
+#endif
OPENSSL_free(ctx);
}
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
index d3d86e7..83850e4 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -92,6 +92,7 @@ typedef struct ssl_test_ctx {
ssl_session_ticket_t session_ticket_expected;
/* Whether the server/client CTX should use DTLS or TLS. */
ssl_test_method_t method;
+#ifndef OPENSSL_NO_NEXTPROTONEG
/*
* NPN and ALPN protocols supported by the client, server, and second
* (SNI) server. A comma-separated list.
@@ -104,6 +105,7 @@ typedef struct ssl_test_ctx {
char *server_alpn_protocols;
char *server2_alpn_protocols;
char *expected_alpn_protocol;
+#endif
/* Whether to test a resumed/renegotiated handshake. */
ssl_handshake_mode_t handshake_mode;
/* Whether the second handshake is resumed or a full handshake (boolean). */
diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c
index 6366e0a..52691f0 100644
--- a/test/ssl_test_ctx_test.c
+++ b/test/ssl_test_ctx_test.c
@@ -89,6 +89,7 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
ssl_session_ticket_name(ctx2->session_ticket_expected));
return 0;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols,
ctx2->client_npn_protocols))
return 0;
@@ -120,6 +121,7 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
ctx2->expected_alpn_protocol))
return 0;
+#endif
if (ctx->handshake_mode != ctx2->handshake_mode) {
fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
ssl_handshake_mode_name(ctx->handshake_mode),
@@ -214,10 +216,12 @@ static int test_good_configuration()
SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
+#ifndef OPENSSL_NO_NEXTPROTONEG
fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar");
fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz");
OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL);
OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL);
+#endif
fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
fixture.expected_ctx->resumption_expected = 1;
EXECUTE_SSL_TEST_CTX_TEST();
More information about the openssl-commits
mailing list