diff options
| -rw-r--r-- | crypto/engine/eng_all.c | 2 | ||||
| -rw-r--r-- | fuzz/asn1.c | 12 | ||||
| -rw-r--r-- | test/handshake_helper.c | 11 | ||||
| -rw-r--r-- | test/ssl_test.c | 4 | ||||
| -rw-r--r-- | test/ssl_test_ctx.c | 6 | ||||
| -rw-r--r-- | test/ssl_test_ctx.h | 2 | ||||
| -rw-r--r-- | test/ssl_test_ctx_test.c | 4 |
7 files changed, 39 insertions, 2 deletions
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 4600acb699..ebe0277370 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -18,7 +18,7 @@ void ENGINE_load_builtin_engines(void) OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } -#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED) void ENGINE_setup_bsd_cryptodev(void) { static int bsd_cryptodev_default_loaded = 0; diff --git a/fuzz/asn1.c b/fuzz/asn1.c index b4c20b51ab..d3f0bb36b3 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -29,9 +29,11 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(ACCESS_DESCRIPTION), +#ifndef OPENSSL_NO_RFC3779 ASN1_ITEM_ref(ASIdentifierChoice), ASN1_ITEM_ref(ASIdentifiers), ASN1_ITEM_ref(ASIdOrRange), +#endif ASN1_ITEM_ref(ASN1_ANY), ASN1_ITEM_ref(ASN1_BIT_STRING), ASN1_ITEM_ref(ASN1_BMPSTRING), @@ -58,17 +60,23 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(ASN1_UTCTIME), ASN1_ITEM_ref(ASN1_UTF8STRING), ASN1_ITEM_ref(ASN1_VISIBLESTRING), +#ifndef OPENSSL_NO_RFC3779 ASN1_ITEM_ref(ASRange), +#endif ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), ASN1_ITEM_ref(AUTHORITY_KEYID), ASN1_ITEM_ref(BASIC_CONSTRAINTS), ASN1_ITEM_ref(BIGNUM), ASN1_ITEM_ref(CBIGNUM), ASN1_ITEM_ref(CERTIFICATEPOLICIES), +#ifndef OPENSSL_NO_CMS ASN1_ITEM_ref(CMS_ContentInfo), ASN1_ITEM_ref(CMS_ReceiptRequest), ASN1_ITEM_ref(CRL_DIST_POINTS), +#endif +#ifndef OPENSSL_NO_DH ASN1_ITEM_ref(DHparams), +#endif ASN1_ITEM_ref(DIRECTORYSTRING), ASN1_ITEM_ref(DISPLAYTEXT), ASN1_ITEM_ref(DIST_POINT), @@ -82,10 +90,12 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(GENERAL_NAME), ASN1_ITEM_ref(GENERAL_NAMES), ASN1_ITEM_ref(GENERAL_SUBTREE), +#ifndef OPENSSL_NO_RFC3779 ASN1_ITEM_ref(IPAddressChoice), ASN1_ITEM_ref(IPAddressFamily), ASN1_ITEM_ref(IPAddressOrRange), ASN1_ITEM_ref(IPAddressRange), +#endif ASN1_ITEM_ref(ISSUING_DIST_POINT), ASN1_ITEM_ref(LONG), ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -93,6 +103,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(NETSCAPE_SPKAC), ASN1_ITEM_ref(NETSCAPE_SPKI), ASN1_ITEM_ref(NOTICEREF), +#ifndef OPENSSL_NO_OCSP ASN1_ITEM_ref(OCSP_BASICRESP), ASN1_ITEM_ref(OCSP_CERTID), ASN1_ITEM_ref(OCSP_CERTSTATUS), @@ -108,6 +119,7 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(OCSP_SERVICELOC), ASN1_ITEM_ref(OCSP_SIGNATURE), ASN1_ITEM_ref(OCSP_SINGLERESP), +#endif ASN1_ITEM_ref(OTHERNAME), ASN1_ITEM_ref(PBE2PARAM), ASN1_ITEM_ref(PBEPARAM), diff --git a/test/handshake_helper.c b/test/handshake_helper.c index eecc6f762c..c7023fe0f2 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -164,6 +164,7 @@ static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name, return 0; } +#ifndef OPENSSL_NO_NEXTPROTONEG /* Parse the comma-separated list into TLS format. */ static void parse_protos(const char *protos, unsigned char **out, size_t *outlen) { @@ -260,7 +261,7 @@ static int server_alpn_cb(SSL *s, const unsigned char **out, return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK; } - +#endif /* * Configure callbacks and other properties that can't be set directly @@ -315,6 +316,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) { SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb); } +#ifndef OPENSSL_NO_NEXTPROTONEG if (test_ctx->server_npn_protocols != NULL) { parse_protos(test_ctx->server_npn_protocols, &server_ctx_data->npn_protocols, @@ -360,6 +362,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, alpn_protos_len) == 0); OPENSSL_free(alpn_protos); } +#endif /* * Use fixed session ticket keys so that we can decrypt a ticket created with * one CTX in another CTX. Don't address server2 for the moment. @@ -496,6 +499,7 @@ static handshake_status_t handshake_status(peer_status_t last_status, return INTERNAL_ERROR; } +#ifndef OPENSSL_NO_NEXTPROTONEG /* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */ static char *dup_str(const unsigned char *in, size_t len) { @@ -510,6 +514,7 @@ static char *dup_str(const unsigned char *in, size_t len) OPENSSL_assert(ret != NULL); return ret; } +#endif static HANDSHAKE_RESULT *do_handshake_internal( SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, @@ -527,9 +532,11 @@ static HANDSHAKE_RESULT *do_handshake_internal( unsigned char* tick = NULL; size_t tick_len = 0; SSL_SESSION* sess = NULL; +#ifndef OPENSSL_NO_NEXTPROTONEG const unsigned char *proto = NULL; /* API dictates unsigned int rather than size_t. */ unsigned int proto_len = 0; +#endif memset(&server_ctx_data, 0, sizeof(server_ctx_data)); memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); @@ -644,6 +651,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->session_ticket = SSL_TEST_SESSION_TICKET_YES; ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call; +#ifndef OPENSSL_NO_NEXTPROTONEG SSL_get0_next_proto_negotiated(client, &proto, &proto_len); ret->client_npn_negotiated = dup_str(proto, proto_len); @@ -655,6 +663,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_get0_alpn_selected(server, &proto, &proto_len); ret->server_alpn_negotiated = dup_str(proto, proto_len); +#endif ret->client_resumed = SSL_session_reused(client); ret->server_resumed = SSL_session_reused(server); diff --git a/test/ssl_test.c b/test/ssl_test.c index b28d308d08..48846ae32e 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -150,6 +150,7 @@ static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx return 1; } +#ifndef OPENSSL_NO_NEXTPROTONEG static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { int ret = 1; @@ -173,6 +174,7 @@ static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) result->client_alpn_negotiated); return ret; } +#endif static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { @@ -204,8 +206,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) ret &= check_servername(result, test_ctx); ret &= check_session_ticket(result, test_ctx); ret &= (result->session_ticket_do_not_call == 0); +#ifndef OPENSSL_NO_NEXTPROTONEG ret &= check_npn(result, test_ctx); ret &= check_alpn(result, test_ctx); +#endif ret &= check_resumption(result, test_ctx); } return ret; diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 084cf15a85..24b11e5003 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -295,6 +295,7 @@ const char *ssl_test_method_name(ssl_test_method_t method) /* NPN and ALPN options */ /************************************/ +#ifndef OPENSSL_NO_NEXTPROTONEG IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_npn_protocols) IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_npn_protocols) IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_npn_protocols) @@ -303,6 +304,7 @@ IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_alpn_protocols) IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_alpn_protocols) IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_alpn_protocols) IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_alpn_protocol) +#endif /***********************/ /* Handshake mode */ @@ -372,6 +374,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ServerNameCallback", &parse_servername_callback }, { "SessionTicketExpected", &parse_session_ticket }, { "Method", &parse_test_method }, +#ifndef OPENSSL_NO_NEXTPROTONEG { "ClientNPNProtocols", &parse_client_npn_protocols }, { "ServerNPNProtocols", &parse_server_npn_protocols }, { "Server2NPNProtocols", &parse_server2_npn_protocols }, @@ -380,6 +383,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ServerALPNProtocols", &parse_server_alpn_protocols }, { "Server2ALPNProtocols", &parse_server2_alpn_protocols }, { "ExpectedALPNProtocol", &parse_expected_alpn_protocol }, +#endif { "HandshakeMode", &parse_handshake_mode }, { "ResumptionExpected", &parse_resumption_expected }, }; @@ -399,6 +403,7 @@ SSL_TEST_CTX *SSL_TEST_CTX_new() void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) { +#ifndef OPENSSL_NO_NEXTPROTONEG OPENSSL_free(ctx->client_npn_protocols); OPENSSL_free(ctx->server_npn_protocols); OPENSSL_free(ctx->server2_npn_protocols); @@ -407,6 +412,7 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) OPENSSL_free(ctx->server2_alpn_protocols); OPENSSL_free(ctx->expected_npn_protocol); OPENSSL_free(ctx->expected_alpn_protocol); +#endif OPENSSL_free(ctx); } diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index d3d86e7fee..83850e4dd8 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -92,6 +92,7 @@ typedef struct ssl_test_ctx { ssl_session_ticket_t session_ticket_expected; /* Whether the server/client CTX should use DTLS or TLS. */ ssl_test_method_t method; +#ifndef OPENSSL_NO_NEXTPROTONEG /* * NPN and ALPN protocols supported by the client, server, and second * (SNI) server. A comma-separated list. @@ -104,6 +105,7 @@ typedef struct ssl_test_ctx { char *server_alpn_protocols; char *server2_alpn_protocols; char *expected_alpn_protocol; +#endif /* Whether to test a resumed/renegotiated handshake. */ ssl_handshake_mode_t handshake_mode; /* Whether the second handshake is resumed or a full handshake (boolean). */ diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c index 6366e0ad59..52691f094a 100644 --- a/test/ssl_test_ctx_test.c +++ b/test/ssl_test_ctx_test.c @@ -89,6 +89,7 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) ssl_session_ticket_name(ctx2->session_ticket_expected)); return 0; } +#ifndef OPENSSL_NO_NEXTPROTONEG if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols, ctx2->client_npn_protocols)) return 0; @@ -120,6 +121,7 @@ static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol, ctx2->expected_alpn_protocol)) return 0; +#endif if (ctx->handshake_mode != ctx2->handshake_mode) { fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n", ssl_handshake_mode_name(ctx->handshake_mode), @@ -214,10 +216,12 @@ static int test_good_configuration() SSL_TEST_SERVERNAME_IGNORE_MISMATCH; fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS; +#ifndef OPENSSL_NO_NEXTPROTONEG fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar"); fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz"); OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL); OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL); +#endif fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; fixture.expected_ctx->resumption_expected = 1; EXECUTE_SSL_TEST_CTX_TEST(); |