From f9e550341281b0d344f7a5e7ac2ace79f88a3184 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 21 Mar 2016 15:32:40 +0000 Subject: [PATCH] Fix no-sock Misc fixes for no-sock Reviewed-by: Richard Levitte --- apps/apps.c | 6 +++--- apps/ocsp.c | 12 +++++++++++- apps/s_cb.c | 4 ++++ apps/s_client.c | 4 ++++ apps/s_server.c | 4 ++++ apps/s_socket.c | 1 + apps/s_time.c | 5 +++++ crypto/init.c | 2 ++ include/openssl/ssl.h | 2 ++ ssl/d1_lib.c | 3 ++- test/dtlsv1listentest.c | 15 +++++++++++---- test/recipes/70-test_sslcertstatus.t | 3 +++ test/recipes/70-test_sslextension.t | 3 +++ test/recipes/70-test_sslsessiontick.t | 3 +++ test/recipes/70-test_sslskewith0p.t | 3 +++ test/recipes/70-test_sslvertol.t | 3 +++ test/recipes/70-test_tlsextms.t | 3 +++ test/recipes/80-test_ssl.t | 4 ++-- test/recipes/90-test_networking.t | 3 +++ test/ssltest.c | 21 +++++++++++++++++---- 20 files changed, 89 insertions(+), 15 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 694d090158..b4307427a5 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -640,7 +640,7 @@ static int load_pkcs12(BIO *in, const char *desc, return ret; } -#ifndef OPENSSL_NO_OCSP +#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK) static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) { char *host = NULL, *port = NULL, *path = NULL; @@ -695,7 +695,7 @@ X509 *load_cert(const char *file, int format, const char *cert_descrip) BIO *cert; if (format == FORMAT_HTTP) { -#ifndef OPENSSL_NO_OCSP +#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK) load_cert_crl_http(file, &x, NULL); #endif return x; @@ -736,7 +736,7 @@ X509_CRL *load_crl(const char *infile, int format) BIO *in = NULL; if (format == FORMAT_HTTP) { -#ifndef OPENSSL_NO_OCSP +#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK) load_cert_crl_http(infile, NULL, &x); #endif return x; diff --git a/apps/ocsp.c b/apps/ocsp.c index dc2a11f26e..574ed8c67f 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -117,10 +117,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(const char *port); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); + +# ifndef OPENSSL_NO_SOCK static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, const STACK_OF(CONF_VALUE) *headers, OCSP_REQUEST *req, int req_timeout); +# endif typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -244,7 +247,10 @@ int ocsp_main(int argc, char **argv) int noCAfile = 0, noCApath = 0; int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1; int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1; - int req_text = 0, resp_text = 0, req_timeout = -1, ret = 1; + int req_text = 0, resp_text = 0, ret = 1; +#ifndef OPENSSL_NO_SOCK + int req_timeout = -1; +#endif long nsec = MAX_VALIDITY_PERIOD, maxage = -1; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; OPTION_CHOICE o; @@ -275,7 +281,9 @@ int ocsp_main(int argc, char **argv) outfile = opt_arg(); break; case OPT_TIMEOUT: +#ifndef OPENSSL_NO_SOCK req_timeout = atoi(opt_arg()); +#endif break; case OPT_URL: OPENSSL_free(thost); @@ -1170,6 +1178,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) return 1; } +# ifndef OPENSSL_NO_SOCK static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, const STACK_OF(CONF_VALUE) *headers, @@ -1300,5 +1309,6 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, SSL_CTX_free(ctx); return resp; } +# endif #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index 66b2a50dde..b75ff31025 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -131,8 +131,10 @@ int verify_depth = 0; int verify_quiet = 0; int verify_error = X509_V_OK; int verify_return_error = 0; +#ifndef OPENSSL_NO_SOCK static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; static int cookie_initialized = 0; +#endif static const char *lookup(int val, const STRINT_PAIR* list, const char* def) { @@ -741,6 +743,7 @@ void tlsext_cb(SSL *s, int client_server, int type, (void)BIO_flush(bio); } +#ifndef OPENSSL_NO_SOCK int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { @@ -803,6 +806,7 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, return 0; } +#endif /* * Example of extended certificate handling. Where the standard support of diff --git a/apps/s_client.c b/apps/s_client.c index 6f22e6e336..5b4cd4839f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -141,6 +141,8 @@ #include #include +#ifndef OPENSSL_NO_SOCK + /* * With IPv6, it looks like Digital has mixed up the proper order of * recursive header file inclusion, resulting in the compiler complaining @@ -2757,3 +2759,5 @@ static int ocsp_resp_cb(SSL *s, void *arg) OCSP_RESPONSE_free(rsp); return 1; } + +#endif diff --git a/apps/s_server.c b/apps/s_server.c index e660eecaa1..b33d76860c 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -147,6 +147,8 @@ #include +#ifndef OPENSSL_NO_SOCK + /* * With IPv6, it looks like Digital has mixed up the proper order of * recursive header file inclusion, resulting in the compiler complaining @@ -3363,3 +3365,5 @@ static void free_sessions(void) } first = NULL; } + +#endif diff --git a/apps/s_socket.c b/apps/s_socket.c index 00556bccb0..465321754c 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -109,6 +109,7 @@ #include #include #include +#include /* * With IPv6, it looks like Digital has mixed up the proper order of diff --git a/apps/s_time.c b/apps/s_time.c index f68002a224..6890bc1be0 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -66,6 +66,10 @@ #include #include +#include + +#ifndef OPENSSL_NO_SOCK + #define USE_SOCKETS #include "apps.h" #include @@ -474,3 +478,4 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) return serverCon; } +#endif /* OPENSSL_NO_SOCK */ diff --git a/crypto/init.c b/crypto/init.c index d3167804d9..404d9c0e95 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -490,7 +490,9 @@ void OPENSSL_cleanup(void) ENGINE_cleanup(); #endif CRYPTO_cleanup_all_ex_data(); +#ifndef OPENSSL_NO_SOCK BIO_sock_cleanup(); +#endif EVP_cleanup(); OBJ_cleanup(); base_inited = 0; diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 3d440b68cb..980cb6226f 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1892,7 +1892,9 @@ void SSL_trace(int write_p, int version, int content_type, __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); # endif +# ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client); +# endif # ifndef OPENSSL_NO_CT diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 8f399d07e9..6d75225cce 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -458,7 +458,7 @@ static void get_current_time(struct timeval *t) #define LISTEN_SUCCESS 2 #define LISTEN_SEND_VERIFY_REQUEST 1 - +#ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client) { int next, n, ret = 0, clearpkt = 0; @@ -866,6 +866,7 @@ end: } return ret; } +#endif static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c index 6eef1b5e4e..6eb2e5ccfb 100644 --- a/test/dtlsv1listentest.c +++ b/test/dtlsv1listentest.c @@ -65,6 +65,8 @@ #endif #include "e_os.h" +#ifndef OPENSSL_NO_SOCK + /* Just a ClientHello without a cookie */ static const unsigned char clienthello_nocookie[] = { 0x16, /* Handshake */ @@ -339,7 +341,7 @@ static struct { } }; -#define COOKIE_LEN 20 +# define COOKIE_LEN 20 static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { @@ -368,9 +370,11 @@ static int cookie_verify(SSL *ssl, const unsigned char *cookie, return 1; } +#endif int main(void) { +#ifndef OPENSSL_NO_SOCK SSL_CTX *ctx = NULL; SSL *ssl = NULL; BIO *outbio = NULL; @@ -459,9 +463,12 @@ int main(void) SSL_CTX_free(ctx); BIO_free(inbio); OPENSSL_free(peer); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# ifndef OPENSSL_NO_CRYPTO_MDEBUG CRYPTO_mem_leaks_fp(stderr); -#endif +# endif return success ? 0 : 1; +#else + printf("DTLSv1_listen() is not supported by this build - skipping\n"); + return 0; +#endif } - diff --git a/test/recipes/70-test_sslcertstatus.t b/test/recipes/70-test_sslcertstatus.t index 37265ed07a..48014e2af3 100755 --- a/test/recipes/70-test_sslcertstatus.t +++ b/test/recipes/70-test_sslcertstatus.t @@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O" plan skip_all => "$test_name needs the dynamic engine feature enabled" if disabled("engine") || disabled("dynamic-engine"); +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&certstatus_filter, diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t index 1641daa344..92c6762ffc 100755 --- a/test/recipes/70-test_sslextension.t +++ b/test/recipes/70-test_sslextension.t @@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O" plan skip_all => "$test_name needs the dynamic engine feature enabled" if disabled("engine") || disabled("dynamic-engine"); +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&extension_filter, diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t index caab77745e..704573881c 100755 --- a/test/recipes/70-test_sslsessiontick.t +++ b/test/recipes/70-test_sslsessiontick.t @@ -67,6 +67,9 @@ plan skip_all => "TLSProxy isn't usable on $^O" plan skip_all => "$test_name needs the dynamic engine feature enabled" if disabled("engine") || disabled("dynamic-engine"); +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; sub checkmessages($$$$$$); diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t index b0cc9ffb59..0bed4bffbb 100755 --- a/test/recipes/70-test_sslskewith0p.t +++ b/test/recipes/70-test_sslskewith0p.t @@ -69,6 +69,9 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "dh is not supported by this OpenSSL build" if disabled("dh"); +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&ske_0_p_filter, diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t index 0795733fb9..a3285a67dd 100755 --- a/test/recipes/70-test_sslvertol.t +++ b/test/recipes/70-test_sslvertol.t @@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O" plan skip_all => "$test_name needs the dynamic engine feature enabled" if disabled("engine") || disabled("dynamic-engine"); +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&vers_tolerance_filter, diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t index bc3b787800..5c41a908a2 100644 --- a/test/recipes/70-test_tlsextms.t +++ b/test/recipes/70-test_tlsextms.t @@ -67,6 +67,9 @@ plan skip_all => "TLSProxy isn't usable on $^O" plan skip_all => "$test_name needs the dynamic engine feature enabled" if disabled("engine") || disabled("dynamic-engine"); +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; sub checkmessages($$$$$); diff --git a/test/recipes/80-test_ssl.t b/test/recipes/80-test_ssl.t index da32fac6c7..f1ffe9a01c 100644 --- a/test/recipes/80-test_ssl.t +++ b/test/recipes/80-test_ssl.t @@ -435,14 +435,14 @@ sub testssl { SKIP: { skip "No IPv4 available on this machine", 1 - unless have_IPv4(); + unless !disabled("sock") && have_IPv4(); ok(run(test([@ssltest, "-ipv4", @extra])), 'test TLS via IPv4'); } SKIP: { skip "No IPv6 available on this machine", 1 - unless have_IPv6(); + unless !disabled("sock") && have_IPv6(); ok(run(test([@ssltest, "-ipv6", @extra])), 'test TLS via IPv6'); } diff --git a/test/recipes/90-test_networking.t b/test/recipes/90-test_networking.t index 5d876ca51c..408d89af6a 100644 --- a/test/recipes/90-test_networking.t +++ b/test/recipes/90-test_networking.t @@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O" plan skip_all => "$test_name needs the dynamic engine feature enabled" if disabled("engine") || disabled("dynamic-engine"); +plan skip_all => "$test_name needs the sock feature enabled" + if disabled("sock"); + $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( diff --git a/test/ssltest.c b/test/ssltest.c index cf9f060086..a2dd4454ad 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1234,11 +1234,15 @@ int main(int argc, char *argv[]) CAfile = *(++argv); } else if (strcmp(*argv, "-bio_pair") == 0) { bio_type = BIO_PAIR; - } else if (strcmp(*argv, "-ipv4") == 0) { + } +#ifndef OPENSSL_NO_SOCK + else if (strcmp(*argv, "-ipv4") == 0) { bio_type = BIO_IPV4; } else if (strcmp(*argv, "-ipv6") == 0) { bio_type = BIO_IPV6; - } else if (strcmp(*argv, "-f") == 0) { + } +#endif + else if (strcmp(*argv, "-f") == 0) { force = 1; } else if (strcmp(*argv, "-time") == 0) { print_time = 1; @@ -1857,6 +1861,7 @@ int main(int argc, char *argv[]) case BIO_PAIR: ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time); break; +#ifndef OPENSSL_NO_SOCK case BIO_IPV4: ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4, bytes, &s_time, &c_time); @@ -1865,6 +1870,12 @@ int main(int argc, char *argv[]) ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6, bytes, &s_time, &c_time); break; +#else + case BIO_IPV4: + case BIO_IPV6: + ret = 1; + goto err; +#endif } if (ret) break; } @@ -1931,6 +1942,7 @@ int main(int argc, char *argv[]) EXIT(ret); } +#ifndef OPENSSL_NO_SOCK int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, clock_t *s_time, clock_t *c_time) { @@ -2170,12 +2182,12 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (verbose) print_details(c_ssl, "DONE via TCP connect: "); -#ifndef OPENSSL_NO_NEXTPROTONEG +# ifndef OPENSSL_NO_NEXTPROTONEG if (verify_npn(c_ssl, s_ssl) < 0) { ret = 1; goto end; } -#endif +# endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); ret = 1; @@ -2215,6 +2227,7 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, return ret; } +#endif int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time, clock_t *c_time) -- 2.25.1