[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Mon Mar 21 16:35:31 UTC 2016


The branch master has been updated
       via  f9e550341281b0d344f7a5e7ac2ace79f88a3184 (commit)
      from  168c3b737e898ce97348dfe77ef176e39ae9da0d (commit)


- Log -----------------------------------------------------------------
commit f9e550341281b0d344f7a5e7ac2ace79f88a3184
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Mar 21 15:32:40 2016 +0000

    Fix no-sock
    
    Misc fixes for no-sock
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/apps.c                           |  6 +++---
 apps/ocsp.c                           | 12 +++++++++++-
 apps/s_cb.c                           |  4 ++++
 apps/s_client.c                       |  4 ++++
 apps/s_server.c                       |  4 ++++
 apps/s_socket.c                       |  1 +
 apps/s_time.c                         |  5 +++++
 crypto/init.c                         |  2 ++
 include/openssl/ssl.h                 |  2 ++
 ssl/d1_lib.c                          |  3 ++-
 test/dtlsv1listentest.c               | 15 +++++++++++----
 test/recipes/70-test_sslcertstatus.t  |  3 +++
 test/recipes/70-test_sslextension.t   |  3 +++
 test/recipes/70-test_sslsessiontick.t |  3 +++
 test/recipes/70-test_sslskewith0p.t   |  3 +++
 test/recipes/70-test_sslvertol.t      |  3 +++
 test/recipes/70-test_tlsextms.t       |  3 +++
 test/recipes/80-test_ssl.t            |  4 ++--
 test/recipes/90-test_networking.t     |  3 +++
 test/ssltest.c                        | 21 +++++++++++++++++----
 20 files changed, 89 insertions(+), 15 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 694d090..b430742 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -640,7 +640,7 @@ static int load_pkcs12(BIO *in, const char *desc,
     return ret;
 }
 
-#ifndef OPENSSL_NO_OCSP
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
 static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
 {
     char *host = NULL, *port = NULL, *path = NULL;
@@ -695,7 +695,7 @@ X509 *load_cert(const char *file, int format, const char *cert_descrip)
     BIO *cert;
 
     if (format == FORMAT_HTTP) {
-#ifndef OPENSSL_NO_OCSP
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
         load_cert_crl_http(file, &x, NULL);
 #endif
         return x;
@@ -736,7 +736,7 @@ X509_CRL *load_crl(const char *infile, int format)
     BIO *in = NULL;
 
     if (format == FORMAT_HTTP) {
-#ifndef OPENSSL_NO_OCSP
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
         load_cert_crl_http(infile, NULL, &x);
 #endif
         return x;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index dc2a11f..574ed8c 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -117,10 +117,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
 static BIO *init_responder(const char *port);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+
+# ifndef OPENSSL_NO_SOCK
 static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
                                       const char *path,
                                       const STACK_OF(CONF_VALUE) *headers,
                                       OCSP_REQUEST *req, int req_timeout);
+# endif
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -244,7 +247,10 @@ int ocsp_main(int argc, char **argv)
     int noCAfile = 0, noCApath = 0;
     int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1;
     int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1;
-    int req_text = 0, resp_text = 0, req_timeout = -1, ret = 1;
+    int req_text = 0, resp_text = 0, ret = 1;
+#ifndef OPENSSL_NO_SOCK
+    int req_timeout = -1;
+#endif
     long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
     unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
     OPTION_CHOICE o;
@@ -275,7 +281,9 @@ int ocsp_main(int argc, char **argv)
             outfile = opt_arg();
             break;
         case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_SOCK
             req_timeout = atoi(opt_arg());
+#endif
             break;
         case OPT_URL:
             OPENSSL_free(thost);
@@ -1170,6 +1178,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
     return 1;
 }
 
+# ifndef OPENSSL_NO_SOCK
 static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
                                       const char *path,
                                       const STACK_OF(CONF_VALUE) *headers,
@@ -1300,5 +1309,6 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
     SSL_CTX_free(ctx);
     return resp;
 }
+# endif
 
 #endif
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 66b2a50..b75ff31 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -131,8 +131,10 @@ int verify_depth = 0;
 int verify_quiet = 0;
 int verify_error = X509_V_OK;
 int verify_return_error = 0;
+#ifndef OPENSSL_NO_SOCK
 static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
 static int cookie_initialized = 0;
+#endif
 
 static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
 {
@@ -741,6 +743,7 @@ void tlsext_cb(SSL *s, int client_server, int type,
     (void)BIO_flush(bio);
 }
 
+#ifndef OPENSSL_NO_SOCK
 int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
                              unsigned int *cookie_len)
 {
@@ -803,6 +806,7 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
 
     return 0;
 }
+#endif
 
 /*
  * Example of extended certificate handling. Where the standard support of
diff --git a/apps/s_client.c b/apps/s_client.c
index 6f22e6e..5b4cd48 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -141,6 +141,8 @@
 #include <errno.h>
 #include <openssl/e_os2.h>
 
+#ifndef OPENSSL_NO_SOCK
+
 /*
  * With IPv6, it looks like Digital has mixed up the proper order of
  * recursive header file inclusion, resulting in the compiler complaining
@@ -2757,3 +2759,5 @@ static int ocsp_resp_cb(SSL *s, void *arg)
     OCSP_RESPONSE_free(rsp);
     return 1;
 }
+
+#endif
diff --git a/apps/s_server.c b/apps/s_server.c
index e660eec..b33d768 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -147,6 +147,8 @@
 
 #include <openssl/e_os2.h>
 
+#ifndef OPENSSL_NO_SOCK
+
 /*
  * With IPv6, it looks like Digital has mixed up the proper order of
  * recursive header file inclusion, resulting in the compiler complaining
@@ -3363,3 +3365,5 @@ static void free_sessions(void)
     }
     first = NULL;
 }
+
+#endif
diff --git a/apps/s_socket.c b/apps/s_socket.c
index 00556bc..4653217 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -109,6 +109,7 @@
 #include <string.h>
 #include <errno.h>
 #include <signal.h>
+#include <openssl/opensslconf.h>
 
 /*
  * With IPv6, it looks like Digital has mixed up the proper order of
diff --git a/apps/s_time.c b/apps/s_time.c
index f68002a..6890bc1 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -66,6 +66,10 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_SOCK
+
 #define USE_SOCKETS
 #include "apps.h"
 #include <openssl/x509.h>
@@ -474,3 +478,4 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
 
     return serverCon;
 }
+#endif /* OPENSSL_NO_SOCK */
diff --git a/crypto/init.c b/crypto/init.c
index d316780..404d9c0 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -490,7 +490,9 @@ void OPENSSL_cleanup(void)
     ENGINE_cleanup();
 #endif
     CRYPTO_cleanup_all_ex_data();
+#ifndef OPENSSL_NO_SOCK
     BIO_sock_cleanup();
+#endif
     EVP_cleanup();
     OBJ_cleanup();
     base_inited = 0;
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 3d440b6..980cb62 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1892,7 +1892,9 @@ void SSL_trace(int write_p, int version, int content_type,
 __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
 # endif
 
+# ifndef OPENSSL_NO_SOCK
 int DTLSv1_listen(SSL *s, BIO_ADDR *client);
+# endif
 
 # ifndef OPENSSL_NO_CT
 
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 8f399d0..6d75225 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -458,7 +458,7 @@ static void get_current_time(struct timeval *t)
 #define LISTEN_SUCCESS              2
 #define LISTEN_SEND_VERIFY_REQUEST  1
 
-
+#ifndef OPENSSL_NO_SOCK
 int DTLSv1_listen(SSL *s, BIO_ADDR *client)
 {
     int next, n, ret = 0, clearpkt = 0;
@@ -866,6 +866,7 @@ end:
     }
     return ret;
 }
+#endif
 
 static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
 {
diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c
index 6eef1b5..6eb2e5c 100644
--- a/test/dtlsv1listentest.c
+++ b/test/dtlsv1listentest.c
@@ -65,6 +65,8 @@
 #endif
 #include "e_os.h"
 
+#ifndef OPENSSL_NO_SOCK
+
 /* Just a ClientHello without a cookie */
 static const unsigned char clienthello_nocookie[] = {
     0x16, /* Handshake */
@@ -339,7 +341,7 @@ static struct {
     }
 };
 
-#define COOKIE_LEN  20
+# define COOKIE_LEN  20
 
 static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
 {
@@ -368,9 +370,11 @@ static int cookie_verify(SSL *ssl, const unsigned char *cookie,
 
     return 1;
 }
+#endif
 
 int main(void)
 {
+#ifndef OPENSSL_NO_SOCK
     SSL_CTX *ctx = NULL;
     SSL *ssl = NULL;
     BIO *outbio = NULL;
@@ -459,9 +463,12 @@ int main(void)
     SSL_CTX_free(ctx);
     BIO_free(inbio);
     OPENSSL_free(peer);
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
     CRYPTO_mem_leaks_fp(stderr);
-#endif
+# endif
     return success ? 0 : 1;
+#else
+    printf("DTLSv1_listen() is not supported by this build - skipping\n");
+    return 0;
+#endif
 }
-
diff --git a/test/recipes/70-test_sslcertstatus.t b/test/recipes/70-test_sslcertstatus.t
index 37265ed..48014e2 100755
--- a/test/recipes/70-test_sslcertstatus.t
+++ b/test/recipes/70-test_sslcertstatus.t
@@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
     if disabled("engine") || disabled("dynamic-engine");
 
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 my $proxy = TLSProxy::Proxy->new(
     \&certstatus_filter,
diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t
index 1641daa..92c6762 100755
--- a/test/recipes/70-test_sslextension.t
+++ b/test/recipes/70-test_sslextension.t
@@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
     if disabled("engine") || disabled("dynamic-engine");
 
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 my $proxy = TLSProxy::Proxy->new(
     \&extension_filter,
diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t
index caab777..7045738 100755
--- a/test/recipes/70-test_sslsessiontick.t
+++ b/test/recipes/70-test_sslsessiontick.t
@@ -67,6 +67,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
     if disabled("engine") || disabled("dynamic-engine");
 
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 
 sub checkmessages($$$$$$);
diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t
index b0cc9ff..0bed4bf 100755
--- a/test/recipes/70-test_sslskewith0p.t
+++ b/test/recipes/70-test_sslskewith0p.t
@@ -69,6 +69,9 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
 plan skip_all => "dh is not supported by this OpenSSL build"
     if disabled("dh");
 
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 my $proxy = TLSProxy::Proxy->new(
     \&ske_0_p_filter,
diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t
index 0795733..a3285a6 100755
--- a/test/recipes/70-test_sslvertol.t
+++ b/test/recipes/70-test_sslvertol.t
@@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
     if disabled("engine") || disabled("dynamic-engine");
 
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 my $proxy = TLSProxy::Proxy->new(
     \&vers_tolerance_filter,
diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t
index bc3b787..5c41a90 100644
--- a/test/recipes/70-test_tlsextms.t
+++ b/test/recipes/70-test_tlsextms.t
@@ -67,6 +67,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
     if disabled("engine") || disabled("dynamic-engine");
 
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 
 sub checkmessages($$$$$);
diff --git a/test/recipes/80-test_ssl.t b/test/recipes/80-test_ssl.t
index da32fac..f1ffe9a 100644
--- a/test/recipes/80-test_ssl.t
+++ b/test/recipes/80-test_ssl.t
@@ -435,14 +435,14 @@ sub testssl {
 
         SKIP: {
             skip "No IPv4 available on this machine", 1
-                unless have_IPv4();
+                unless !disabled("sock") && have_IPv4();
             ok(run(test([@ssltest, "-ipv4", @extra])),
                'test TLS via IPv4');
           }
           
         SKIP: {
             skip "No IPv6 available on this machine", 1
-                unless have_IPv6();
+                unless !disabled("sock") && have_IPv6();
             ok(run(test([@ssltest, "-ipv6", @extra])),
                'test TLS via IPv6');
           }
diff --git a/test/recipes/90-test_networking.t b/test/recipes/90-test_networking.t
index 5d876ca..408d89a 100644
--- a/test/recipes/90-test_networking.t
+++ b/test/recipes/90-test_networking.t
@@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
     if disabled("engine") || disabled("dynamic-engine");
 
+plan skip_all => "$test_name needs the sock feature enabled"
+    if disabled("sock");
+
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
 
 my $proxy = TLSProxy::Proxy->new(
diff --git a/test/ssltest.c b/test/ssltest.c
index cf9f060..a2dd445 100644
--- a/test/ssltest.c
+++ b/test/ssltest.c
@@ -1234,11 +1234,15 @@ int main(int argc, char *argv[])
             CAfile = *(++argv);
         } else if (strcmp(*argv, "-bio_pair") == 0) {
             bio_type = BIO_PAIR;
-        } else if (strcmp(*argv, "-ipv4") == 0) {
+        }
+#ifndef OPENSSL_NO_SOCK
+        else if (strcmp(*argv, "-ipv4") == 0) {
             bio_type = BIO_IPV4;
         } else if (strcmp(*argv, "-ipv6") == 0) {
             bio_type = BIO_IPV6;
-        } else if (strcmp(*argv, "-f") == 0) {
+        }
+#endif
+        else if (strcmp(*argv, "-f") == 0) {
             force = 1;
         } else if (strcmp(*argv, "-time") == 0) {
             print_time = 1;
@@ -1857,6 +1861,7 @@ int main(int argc, char *argv[])
         case BIO_PAIR:
             ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
             break;
+#ifndef OPENSSL_NO_SOCK
         case BIO_IPV4:
             ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
                                  bytes, &s_time, &c_time);
@@ -1865,6 +1870,12 @@ int main(int argc, char *argv[])
             ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
                                  bytes, &s_time, &c_time);
             break;
+#else
+        case BIO_IPV4:
+        case BIO_IPV6:
+            ret = 1;
+            goto err;
+#endif
         }
         if (ret)  break;
     }
@@ -1931,6 +1942,7 @@ int main(int argc, char *argv[])
     EXIT(ret);
 }
 
+#ifndef OPENSSL_NO_SOCK
 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
                    clock_t *s_time, clock_t *c_time)
 {
@@ -2170,12 +2182,12 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
 
     if (verbose)
         print_details(c_ssl, "DONE via TCP connect: ");
-#ifndef OPENSSL_NO_NEXTPROTONEG
+# ifndef OPENSSL_NO_NEXTPROTONEG
     if (verify_npn(c_ssl, s_ssl) < 0) {
         ret = 1;
         goto end;
     }
-#endif
+# endif
     if (verify_serverinfo() < 0) {
         fprintf(stderr, "Server info verify error\n");
         ret = 1;
@@ -2215,6 +2227,7 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
 
     return ret;
 }
+#endif
 
 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
                  clock_t *s_time, clock_t *c_time)


More information about the openssl-commits mailing list