generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix no-sock

Browse Source 
Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
2016-03-21 15:32:40 +00:00
parent 168c3b737e
commit f9e5503412
20 changed files with 89 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/apps.c
View File

@@ -640,7 +640,7 @@ static int load_pkcs12(BIO *in, const char *desc,
return ret; return ret;
} }
#ifndef OPENSSL_NO_OCSP #if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
{ {
char *host = NULL, *port = NULL, *path = NULL; char *host = NULL, *port = NULL, *path = NULL;
@@ -695,7 +695,7 @@ X509 *load_cert(const char *file, int format, const char *cert_descrip)
BIO *cert; BIO *cert;
if (format == FORMAT_HTTP) { if (format == FORMAT_HTTP) {
#ifndef OPENSSL_NO_OCSP #if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
load_cert_crl_http(file, &x, NULL); load_cert_crl_http(file, &x, NULL);
#endif #endif
return x; return x;
@@ -736,7 +736,7 @@ X509_CRL *load_crl(const char *infile, int format)
BIO *in = NULL; BIO *in = NULL;
if (format == FORMAT_HTTP) { if (format == FORMAT_HTTP) {
#ifndef OPENSSL_NO_OCSP #if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
load_cert_crl_http(infile, NULL, &x); load_cert_crl_http(infile, NULL, &x);
#endif #endif
return x; return x;

12
apps/ocsp.c
View File

@@ -117,10 +117,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(const char *port); static BIO *init_responder(const char *port);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
# ifndef OPENSSL_NO_SOCK
static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
const char *path, const char *path,
const STACK_OF(CONF_VALUE) *headers, const STACK_OF(CONF_VALUE) *headers,
OCSP_REQUEST *req, int req_timeout); OCSP_REQUEST *req, int req_timeout);
# endif
typedef enum OPTION_choice { typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -244,7 +247,10 @@ int ocsp_main(int argc, char **argv)
int noCAfile = 0, noCApath = 0; int noCAfile = 0, noCApath = 0;
int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1; int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1;
int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1; int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1;
int req_text = 0, resp_text = 0, req_timeout = -1, ret = 1; int req_text = 0, resp_text = 0, ret = 1;
#ifndef OPENSSL_NO_SOCK
int req_timeout = -1;
#endif
long nsec = MAX_VALIDITY_PERIOD, maxage = -1; long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
OPTION_CHOICE o; OPTION_CHOICE o;
@@ -275,7 +281,9 @@ int ocsp_main(int argc, char **argv)
outfile = opt_arg(); outfile = opt_arg();
break; break;
case OPT_TIMEOUT: case OPT_TIMEOUT:
#ifndef OPENSSL_NO_SOCK
req_timeout = atoi(opt_arg()); req_timeout = atoi(opt_arg());
#endif
break; break;
case OPT_URL: case OPT_URL:
OPENSSL_free(thost); OPENSSL_free(thost);
@@ -1170,6 +1178,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
return 1; return 1;
} }
# ifndef OPENSSL_NO_SOCK
static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
const char *path, const char *path,
const STACK_OF(CONF_VALUE) *headers, const STACK_OF(CONF_VALUE) *headers,
@@ -1300,5 +1309,6 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
return resp; return resp;
} }
# endif
#endif #endif

4
apps/s_cb.c
View File

@@ -131,8 +131,10 @@ int verify_depth = 0;
int verify_quiet = 0; int verify_quiet = 0;
int verify_error = X509_V_OK; int verify_error = X509_V_OK;
int verify_return_error = 0; int verify_return_error = 0;
#ifndef OPENSSL_NO_SOCK
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
static int cookie_initialized = 0; static int cookie_initialized = 0;
#endif
static const char *lookup(int val, const STRINT_PAIR* list, const char* def) static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
{ {
@@ -741,6 +743,7 @@ void tlsext_cb(SSL *s, int client_server, int type,
(void)BIO_flush(bio); (void)BIO_flush(bio);
} }
#ifndef OPENSSL_NO_SOCK
int generate_cookie_callback(SSL *ssl, unsigned char *cookie, int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len) unsigned int *cookie_len)
{ {
@@ -803,6 +806,7 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
return 0; return 0;
} }
#endif
/* /*
* Example of extended certificate handling. Where the standard support of * Example of extended certificate handling. Where the standard support of

4
apps/s_client.c
View File

@@ -141,6 +141,8 @@
#include <errno.h> #include <errno.h>
#include <openssl/e_os2.h> #include <openssl/e_os2.h>
#ifndef OPENSSL_NO_SOCK
/* /*
* With IPv6, it looks like Digital has mixed up the proper order of * With IPv6, it looks like Digital has mixed up the proper order of
* recursive header file inclusion, resulting in the compiler complaining * recursive header file inclusion, resulting in the compiler complaining
@@ -2757,3 +2759,5 @@ static int ocsp_resp_cb(SSL *s, void *arg)
OCSP_RESPONSE_free(rsp); OCSP_RESPONSE_free(rsp);
return 1; return 1;
} }
#endif

4
apps/s_server.c
View File

@@ -147,6 +147,8 @@
#include <openssl/e_os2.h> #include <openssl/e_os2.h>
#ifndef OPENSSL_NO_SOCK
/* /*
* With IPv6, it looks like Digital has mixed up the proper order of * With IPv6, it looks like Digital has mixed up the proper order of
* recursive header file inclusion, resulting in the compiler complaining * recursive header file inclusion, resulting in the compiler complaining
@@ -3363,3 +3365,5 @@ static void free_sessions(void)
} }
first = NULL; first = NULL;
} }
#endif

1
apps/s_socket.c
View File

@@ -109,6 +109,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <signal.h> #include <signal.h>
#include <openssl/opensslconf.h>
/* /*
* With IPv6, it looks like Digital has mixed up the proper order of * With IPv6, it looks like Digital has mixed up the proper order of

5
apps/s_time.c
View File

@@ -66,6 +66,10 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_SOCK
#define USE_SOCKETS #define USE_SOCKETS
#include "apps.h" #include "apps.h"
#include <openssl/x509.h> #include <openssl/x509.h>
@@ -474,3 +478,4 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
return serverCon; return serverCon;
} }
#endif /* OPENSSL_NO_SOCK */

2
crypto/init.c
View File

@@ -490,7 +490,9 @@ void OPENSSL_cleanup(void)
ENGINE_cleanup(); ENGINE_cleanup();
#endif #endif
CRYPTO_cleanup_all_ex_data(); CRYPTO_cleanup_all_ex_data();
#ifndef OPENSSL_NO_SOCK
BIO_sock_cleanup(); BIO_sock_cleanup();
#endif
EVP_cleanup(); EVP_cleanup();
OBJ_cleanup(); OBJ_cleanup();
base_inited = 0; base_inited = 0;

2
include/openssl/ssl.h
View File

@@ -1892,7 +1892,9 @@ void SSL_trace(int write_p, int version, int content_type,
__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
# endif # endif
# ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client); int DTLSv1_listen(SSL *s, BIO_ADDR *client);
# endif
# ifndef OPENSSL_NO_CT # ifndef OPENSSL_NO_CT

3
ssl/d1_lib.c
View File

@@ -458,7 +458,7 @@ static void get_current_time(struct timeval *t)
#define LISTEN_SUCCESS 2 #define LISTEN_SUCCESS 2
#define LISTEN_SEND_VERIFY_REQUEST 1 #define LISTEN_SEND_VERIFY_REQUEST 1
#ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client) int DTLSv1_listen(SSL *s, BIO_ADDR *client)
{ {
int next, n, ret = 0, clearpkt = 0; int next, n, ret = 0, clearpkt = 0;
@@ -866,6 +866,7 @@ end:
} }
return ret; return ret;
} }
#endif
static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len)
{ {

15
test/dtlsv1listentest.c
View File

@@ -65,6 +65,8 @@
#endif #endif
#include "e_os.h" #include "e_os.h"
#ifndef OPENSSL_NO_SOCK
/* Just a ClientHello without a cookie */ /* Just a ClientHello without a cookie */
static const unsigned char clienthello_nocookie[] = { static const unsigned char clienthello_nocookie[] = {
0x16, /* Handshake */ 0x16, /* Handshake */
@@ -339,7 +341,7 @@ static struct {
} }
}; };
#define COOKIE_LEN 20 # define COOKIE_LEN 20
static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
{ {
@@ -368,9 +370,11 @@ static int cookie_verify(SSL *ssl, const unsigned char *cookie,
return 1; return 1;
} }
#endif
int main(void) int main(void)
{ {
#ifndef OPENSSL_NO_SOCK
SSL_CTX *ctx = NULL; SSL_CTX *ctx = NULL;
SSL *ssl = NULL; SSL *ssl = NULL;
BIO *outbio = NULL; BIO *outbio = NULL;
@@ -459,9 +463,12 @@ int main(void)
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
BIO_free(inbio); BIO_free(inbio);
OPENSSL_free(peer); OPENSSL_free(peer);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG # ifndef OPENSSL_NO_CRYPTO_MDEBUG
CRYPTO_mem_leaks_fp(stderr); CRYPTO_mem_leaks_fp(stderr);
#endif # endif
return success ? 0 : 1; return success ? 0 : 1;
#else
printf("DTLSv1_listen() is not supported by this build - skipping\n");
return 0;
#endif
} }

3
test/recipes/70-test_sslcertstatus.t
View File

@@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the dynamic engine feature enabled"
if disabled("engine") || disabled("dynamic-engine"); if disabled("engine") || disabled("dynamic-engine");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new( my $proxy = TLSProxy::Proxy->new(
\&certstatus_filter, \&certstatus_filter,

3
test/recipes/70-test_sslextension.t
View File

@@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the dynamic engine feature enabled"
if disabled("engine") || disabled("dynamic-engine"); if disabled("engine") || disabled("dynamic-engine");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new( my $proxy = TLSProxy::Proxy->new(
\&extension_filter, \&extension_filter,

3
test/recipes/70-test_sslsessiontick.t
View File

@@ -67,6 +67,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the dynamic engine feature enabled"
if disabled("engine") || disabled("dynamic-engine"); if disabled("engine") || disabled("dynamic-engine");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
sub checkmessages($$$$$$); sub checkmessages($$$$$$);

3
test/recipes/70-test_sslskewith0p.t
View File

@@ -69,6 +69,9 @@ plan skip_all => "$test_name needs the dynamic engine feature enabled"
plan skip_all => "dh is not supported by this OpenSSL build" plan skip_all => "dh is not supported by this OpenSSL build"
if disabled("dh"); if disabled("dh");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new( my $proxy = TLSProxy::Proxy->new(
\&ske_0_p_filter, \&ske_0_p_filter,

3
test/recipes/70-test_sslvertol.t
View File

@@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the dynamic engine feature enabled"
if disabled("engine") || disabled("dynamic-engine"); if disabled("engine") || disabled("dynamic-engine");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new( my $proxy = TLSProxy::Proxy->new(
\&vers_tolerance_filter, \&vers_tolerance_filter,

3
test/recipes/70-test_tlsextms.t
View File

@@ -67,6 +67,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the dynamic engine feature enabled"
if disabled("engine") || disabled("dynamic-engine"); if disabled("engine") || disabled("dynamic-engine");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
sub checkmessages($$$$$); sub checkmessages($$$$$);

4
test/recipes/80-test_ssl.t
View File

@@ -435,14 +435,14 @@ sub testssl {
SKIP: { SKIP: {
skip "No IPv4 available on this machine", 1 skip "No IPv4 available on this machine", 1
unless have_IPv4(); unless !disabled("sock") && have_IPv4();
ok(run(test([@ssltest, "-ipv4", @extra])), ok(run(test([@ssltest, "-ipv4", @extra])),
'test TLS via IPv4'); 'test TLS via IPv4');
} }
SKIP: { SKIP: {
skip "No IPv6 available on this machine", 1 skip "No IPv6 available on this machine", 1
unless have_IPv6(); unless !disabled("sock") && have_IPv6();
ok(run(test([@ssltest, "-ipv6", @extra])), ok(run(test([@ssltest, "-ipv6", @extra])),
'test TLS via IPv6'); 'test TLS via IPv6');
} }

3
test/recipes/90-test_networking.t
View File

@@ -66,6 +66,9 @@ plan skip_all => "TLSProxy isn't usable on $^O"
plan skip_all => "$test_name needs the dynamic engine feature enabled" plan skip_all => "$test_name needs the dynamic engine feature enabled"
if disabled("engine") || disabled("dynamic-engine"); if disabled("engine") || disabled("dynamic-engine");
plan skip_all => "$test_name needs the sock feature enabled"
if disabled("sock");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new( my $proxy = TLSProxy::Proxy->new(

21
test/ssltest.c
View File

@@ -1234,11 +1234,15 @@ int main(int argc, char *argv[])
CAfile = *(++argv); CAfile = *(++argv);
} else if (strcmp(*argv, "-bio_pair") == 0) { } else if (strcmp(*argv, "-bio_pair") == 0) {
bio_type = BIO_PAIR; bio_type = BIO_PAIR;
} else if (strcmp(*argv, "-ipv4") == 0) { }
#ifndef OPENSSL_NO_SOCK
else if (strcmp(*argv, "-ipv4") == 0) {
bio_type = BIO_IPV4; bio_type = BIO_IPV4;
} else if (strcmp(*argv, "-ipv6") == 0) { } else if (strcmp(*argv, "-ipv6") == 0) {
bio_type = BIO_IPV6; bio_type = BIO_IPV6;
} else if (strcmp(*argv, "-f") == 0) { }
#endif
else if (strcmp(*argv, "-f") == 0) {
force = 1; force = 1;
} else if (strcmp(*argv, "-time") == 0) { } else if (strcmp(*argv, "-time") == 0) {
print_time = 1; print_time = 1;
@@ -1857,6 +1861,7 @@ int main(int argc, char *argv[])
case BIO_PAIR: case BIO_PAIR:
ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time); ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
break; break;
#ifndef OPENSSL_NO_SOCK
case BIO_IPV4: case BIO_IPV4:
ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4, ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
bytes, &s_time, &c_time); bytes, &s_time, &c_time);
@@ -1865,6 +1870,12 @@ int main(int argc, char *argv[])
ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6, ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
bytes, &s_time, &c_time); bytes, &s_time, &c_time);
break; break;
#else
case BIO_IPV4:
case BIO_IPV6:
ret = 1;
goto err;
#endif
} }
if (ret) break; if (ret) break;
} }
@@ -1931,6 +1942,7 @@ int main(int argc, char *argv[])
EXIT(ret); EXIT(ret);
} }
#ifndef OPENSSL_NO_SOCK
int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
clock_t *s_time, clock_t *c_time) clock_t *s_time, clock_t *c_time)
{ {
@@ -2170,12 +2182,12 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
if (verbose) if (verbose)
print_details(c_ssl, "DONE via TCP connect: "); print_details(c_ssl, "DONE via TCP connect: ");
#ifndef OPENSSL_NO_NEXTPROTONEG # ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0) { if (verify_npn(c_ssl, s_ssl) < 0) {
ret = 1; ret = 1;
goto end; goto end;
} }
#endif # endif
if (verify_serverinfo() < 0) { if (verify_serverinfo() < 0) {
fprintf(stderr, "Server info verify error\n"); fprintf(stderr, "Server info verify error\n");
ret = 1; ret = 1;
@@ -2215,6 +2227,7 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
return ret; return ret;
} }
#endif
int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
clock_t *s_time, clock_t *c_time) clock_t *s_time, clock_t *c_time)