diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index e21b31a47e..a44121fdf2 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -23,9 +23,9 @@ jobs: no-dtls, no-ec, no-ec2m, + no-http, no-siv, no-legacy, - no-rfc3779, no-sock, no-srp, no-srtp, diff --git a/Configure b/Configure index a6c9af9398..e62fbc99a8 100755 --- a/Configure +++ b/Configure @@ -459,6 +459,7 @@ my @disablables = ( "fuzz-afl", "fuzz-libfuzzer", "gost", + "http", "idea", "ktls", "legacy", @@ -672,7 +673,9 @@ my @disable_cascades = ( "blake2" => [ "argon2" ], - "deprecated-3.0" => [ "engine", "srp" ] + "deprecated-3.0" => [ "engine", "srp" ], + + "http" => [ "ocsp" ] ); # Avoid protocol support holes. Also disable all versions below N, if version diff --git a/apps/cmp.c b/apps/cmp.c index fa2f49585f..72acabcb6f 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -68,7 +68,7 @@ typedef enum { } cmp_cmd_t; /* message transfer */ -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) static char *opt_server = NULL; static char *opt_proxy = NULL; static char *opt_no_proxy = NULL; @@ -141,7 +141,7 @@ static int opt_keyform = FORMAT_UNDEF; static char *opt_otherpass = NULL; static char *opt_engine = NULL; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) /* TLS connection */ static int opt_tls_used = 0; static char *opt_tls_cert = NULL; @@ -164,7 +164,7 @@ static char *opt_rspout = NULL; static int opt_use_mock_srv = 0; /* mock server */ -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) static char *opt_port = NULL; static int opt_max_msgs = 0; #endif @@ -213,7 +213,7 @@ typedef enum OPTION_choice { OPT_OLDCERT, OPT_REVREASON, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) OPT_SERVER, OPT_PROXY, OPT_NO_PROXY, #endif OPT_RECIPIENT, OPT_PATH, @@ -236,7 +236,7 @@ typedef enum OPTION_choice { OPT_PROV_ENUM, OPT_R_ENUM, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY, OPT_TLS_KEYPASS, OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST, @@ -246,7 +246,7 @@ typedef enum OPTION_choice { OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT, OPT_USE_MOCK_SRV, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) OPT_PORT, OPT_MAX_MSGS, #endif OPT_SRV_REF, OPT_SRV_SECRET, @@ -346,9 +346,9 @@ const OPTIONS cmp_options[] = { "0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"}, OPT_SECTION("Message transfer"), -#ifdef OPENSSL_NO_SOCK +#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP) {OPT_MORE_STR, 0, 0, - "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"}, + "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock/no-http build"}, #else {"server", OPT_SERVER, 's', "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."}, @@ -441,9 +441,9 @@ const OPTIONS cmp_options[] = { OPT_R_OPTIONS, OPT_SECTION("TLS connection"), -#ifdef OPENSSL_NO_SOCK +#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP) {OPT_MORE_STR, 0, 0, - "NOTE: -tls_used and all other TLS options not supported due to no-sock build"}, + "NOTE: -tls_used and all other TLS options not supported due to no-sock/no-http build"}, #else {"tls_used", OPT_TLS_USED, '-', "Enable using TLS (also when other TLS options are not set)"}, @@ -482,9 +482,9 @@ const OPTIONS cmp_options[] = { "Use internal mock server at API level, bypassing socket-based HTTP"}, OPT_SECTION("Mock server"), -#ifdef OPENSSL_NO_SOCK +#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP) {OPT_MORE_STR, 0, 0, - "NOTE: -port and -max_msgs not supported due to no-sock build"}, + "NOTE: -port and -max_msgs not supported due to no-sock/no-http build"}, #else {"port", OPT_PORT, 's', "Act as HTTP-based mock server listening on given port"}, @@ -571,7 +571,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {&opt_oldcert}, {(char **)&opt_revreason}, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) {&opt_server}, {&opt_proxy}, {&opt_no_proxy}, #endif {&opt_recipient}, {&opt_path}, {(char **)&opt_keep_alive}, @@ -593,7 +593,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {&opt_engine}, #endif -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) {(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key}, {&opt_tls_keypass}, {&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host}, @@ -604,7 +604,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */ {&opt_reqout}, {&opt_rspin}, {&opt_rspout}, {(char **)&opt_use_mock_srv}, -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) {&opt_port}, {(char **)&opt_max_msgs}, #endif {&opt_srv_ref}, {&opt_srv_secret}, @@ -807,7 +807,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, CMP_warn("too few -rspin filename arguments; resorting to using mock server"); res = OSSL_CMP_CTX_server_perform(ctx, actual_req); } else { -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL) { CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments"); goto err; @@ -816,7 +816,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, CMP_warn("too few -rspin filename arguments; resorting to contacting server"); res = OSSL_CMP_MSG_http_perform(ctx, actual_req); #else - CMP_err("-server not supported on no-sock build; missing -use_mock_srv option or too few -rspin filename arguments"); + CMP_err("-server not supported on no-sock/no-http build; missing -use_mock_srv option or too few -rspin filename arguments"); #endif } rspin_in_use = 0; @@ -1232,7 +1232,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) return 1; } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) /* * set up ssl_ctx for the OSSL_CMP_CTX based on options from config file/CLI. * Returns pointer on success, NULL on error @@ -1854,7 +1854,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) { int ret = 0; char *host = NULL, *port = NULL, *path = NULL, *used_path = opt_path; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) int portnum, use_ssl; static char server_port[32] = { '\0' }; const char *proxy_host = NULL; @@ -1863,7 +1863,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) char proxy_buf[200] = ""; if (!opt_use_mock_srv && opt_rspin == NULL) { /* note: -port is not given */ -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL) { CMP_err("missing -server or -use_mock_srv or -rspin option"); goto err; @@ -1873,7 +1873,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) goto err; #endif } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server == NULL) { if (opt_proxy != NULL) CMP_warn("ignoring -proxy option since -server is not given"); @@ -1967,7 +1967,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) || opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv) (void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp); -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_tls_used) { APP_HTTP_TLS_INFO *info; @@ -2404,7 +2404,7 @@ static int get_opts(int argc, char **argv) if (!set_verbosity(opt_int_arg())) goto opthelp; break; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) case OPT_SERVER: opt_server = opt_str(); break; @@ -2434,7 +2434,7 @@ static int get_opts(int argc, char **argv) case OPT_TOTAL_TIMEOUT: opt_total_timeout = opt_int_arg(); break; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) case OPT_TLS_USED: opt_tls_used = 1; break; @@ -2650,7 +2650,7 @@ static int get_opts(int argc, char **argv) opt_use_mock_srv = 1; break; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) case OPT_PORT: opt_port = opt_str(); break; @@ -2739,7 +2739,7 @@ static int get_opts(int argc, char **argv) return 1; } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) { BIO *acbio; @@ -2827,7 +2827,7 @@ static void print_status(void) OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN); const char *from = "", *server = ""; -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_server != NULL) { from = " from "; server = opt_server; @@ -3006,7 +3006,7 @@ int cmp_main(int argc, char **argv) goto err; } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_tls_cert == NULL && opt_tls_key == NULL && opt_tls_keypass == NULL && opt_tls_extra == NULL && opt_tls_trusted == NULL && opt_tls_host == NULL) { @@ -3040,7 +3040,7 @@ int cmp_main(int argc, char **argv) #endif if (opt_use_mock_srv -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) || opt_port != NULL #endif ) { @@ -3057,7 +3057,7 @@ int cmp_main(int argc, char **argv) OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity); } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (opt_tls_used && (opt_use_mock_srv || opt_server == NULL)) { CMP_warn("ignoring -tls_used option since -use_mock_srv is given or -server is not given"); opt_tls_used = 0; @@ -3145,7 +3145,7 @@ int cmp_main(int argc, char **argv) cleanse(opt_keypass); cleanse(opt_newkeypass); cleanse(opt_otherpass); -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) cleanse(opt_tls_keypass); #endif cleanse(opt_secret); @@ -3156,7 +3156,7 @@ int cmp_main(int argc, char **argv) OSSL_CMP_CTX_print_errors(cmp_ctx); if (cmp_ctx != NULL) { -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx); (void)OSSL_CMP_CTX_set_http_cb_arg(cmp_ctx, NULL); @@ -3165,7 +3165,7 @@ int cmp_main(int argc, char **argv) X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); /* cannot free info already here, as it may be used indirectly by: */ OSSL_CMP_CTX_free(cmp_ctx); -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) if (info != NULL) { OPENSSL_free((char *)info->server); OPENSSL_free((char *)info->port); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 4f92016ee2..b8beef0556 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2499,7 +2499,7 @@ void store_setup_crl_download(X509_STORE *st) X509_STORE_set_lookup_crls_cb(st, crls_http_cb); } -#ifndef OPENSSL_NO_SOCK +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) static const char *tls_error_hint(void) { unsigned long err = ERR_peek_error(); diff --git a/apps/s_client.c b/apps/s_client.c index fa45197070..56497a9f2b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1654,6 +1654,7 @@ int s_client_main(int argc, char **argv) } if (proxystr != NULL) { +#ifndef OPENSSL_NO_HTTP int res; char *tmp_host = host, *tmp_port = port; @@ -1688,8 +1689,14 @@ int s_client_main(int argc, char **argv) "%s: -proxy argument malformed or ambiguous\n", prog); goto end; } +#else + BIO_printf(bio_err, + "%s: -proxy not supported in no-http build\n", prog); + goto end; +#endif } + if (bindstr != NULL) { int res; res = BIO_parse_hostserv(bindstr, &bindhost, &bindport, @@ -2341,12 +2348,14 @@ int s_client_main(int argc, char **argv) sbuf_len = 0; sbuf_off = 0; +#ifndef OPENSSL_NO_HTTP if (proxystr != NULL) { /* Here we must use the connect string target host & port */ if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass, 0 /* no timeout */, bio_err, prog)) goto shut; } +#endif switch ((PROTOCOL_CHOICE) starttls_proto) { case PROTO_OFF: diff --git a/crypto/cmp/build.info b/crypto/cmp/build.info index ad67c434cc..907d78d25f 100644 --- a/crypto/cmp/build.info +++ b/crypto/cmp/build.info @@ -1,4 +1,11 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]= cmp_asn.c cmp_ctx.c cmp_err.c cmp_util.c \ +$OPENSSLSRC=\ + cmp_asn.c cmp_ctx.c cmp_err.c cmp_util.c \ cmp_status.c cmp_hdr.c cmp_protect.c cmp_msg.c cmp_vfy.c \ - cmp_server.c cmp_client.c cmp_genm.c cmp_http.c + cmp_server.c cmp_client.c cmp_genm.c + +IF[{- !$disabled{'http'} -}] + $OPENSSLSRC=$OPENSSLSRC cmp_http.c +ENDIF + +SOURCE[../../libcrypto]=$OPENSSLSRC diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 62f3738247..071c02b187 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -134,8 +134,10 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, int time_left; OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb; +#ifndef OPENSSL_NO_HTTP if (transfer_cb == NULL) transfer_cb = OSSL_CMP_MSG_http_perform; +#endif *rep = NULL; if (ctx->total_timeout != 0 /* not waiting indefinitely */) { diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index ed15f45489..2b8bd2bd2e 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -163,11 +163,13 @@ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx) return 0; } +#ifndef OPENSSL_NO_HTTP if (ctx->http_ctx != NULL) { (void)OSSL_HTTP_close(ctx->http_ctx, 1); ossl_cmp_debug(ctx, "disconnected from CMP server"); ctx->http_ctx = NULL; } +#endif ctx->status = OSSL_CMP_PKISTATUS_unspecified; ctx->failInfoCode = -1; @@ -191,10 +193,12 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) if (ctx == NULL) return; +#ifndef OPENSSL_NO_HTTP if (ctx->http_ctx != NULL) { (void)OSSL_HTTP_close(ctx->http_ctx, 1); ossl_cmp_debug(ctx, "disconnected from CMP server"); } +#endif OPENSSL_free(ctx->propq); OPENSSL_free(ctx->serverPath); OPENSSL_free(ctx->server); @@ -813,6 +817,7 @@ DEFINE_OSSL_CMP_CTX_set1(server, char) /* Set the server exclusion list of the HTTP proxy server */ DEFINE_OSSL_CMP_CTX_set1(no_proxy, char) +#ifndef OPENSSL_NO_HTTP /* Set the http connect/disconnect callback function to be used for HTTP(S) */ DEFINE_OSSL_set(OSSL_CMP_CTX, http_cb, OSSL_HTTP_bio_cb_t) @@ -824,6 +829,7 @@ DEFINE_OSSL_set(OSSL_CMP_CTX, http_cb_arg, void *) * Returns callback argument set previously (NULL if not set or on error) */ DEFINE_OSSL_get(OSSL_CMP_CTX, http_cb_arg, void *, NULL) +#endif /* Set callback function for sending CMP request and receiving response */ DEFINE_OSSL_set(OSSL_CMP_CTX, transfer_cb, OSSL_CMP_transfer_cb_t) diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 1a27d39abf..b8168af06f 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -51,8 +51,10 @@ struct ossl_cmp_ctx_st { int total_timeout; /* max number of seconds an enrollment may take, incl. */ /* attempts polling for a response if a 'waiting' PKIStatus is received */ time_t end_time; /* session start time + totaltimeout */ +# ifndef OPENSSL_NO_HTTP OSSL_HTTP_bio_cb_t http_cb; void *http_cb_arg; /* allows to store optional argument to cb */ +# endif /* server authentication */ /* diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 55aa2b8dbd..bbb7eda6d5 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -85,7 +85,9 @@ int ossl_err_load_crypto_strings(void) # ifndef OPENSSL_NO_ENGINE || ossl_err_load_ENGINE_strings() == 0 # endif +# ifndef OPENSSL_NO_HTTP || ossl_err_load_HTTP_strings() == 0 +# endif # ifndef OPENSSL_NO_OCSP || ossl_err_load_OCSP_strings() == 0 # endif diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index e4c5c16f76..09a1034a53 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -98,6 +98,7 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, int timeout, const ASN1_ITEM *it) { +#ifndef OPENSSL_NO_HTTP BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */, bio, rbio, NULL /* cb */, NULL /* arg */, 1024 /* buf_size */, NULL /* headers */, @@ -107,6 +108,9 @@ static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, BIO_free(mem); return res; +#else + return 0; +#endif } X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index c986674be2..7fb74f4560 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -308,9 +308,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); +# ifndef OPENSSL_NO_HTTP int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); +# endif typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); @@ -408,8 +410,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *trusted_store, X509 *cert); /* from cmp_http.c */ +# ifndef OPENSSL_NO_HTTP OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req); +# endif /* from cmp_server.c */ typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; diff --git a/include/openssl/http.h b/include/openssl/http.h index f7ab214265..aa4dac1c1d 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -33,6 +33,8 @@ extern "C" { # define OPENSSL_HTTP_PROXY "HTTP_PROXY" # define OPENSSL_HTTPS_PROXY "HTTPS_PROXY" +# ifndef OPENSSL_NO_HTTP + #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) @@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, const char *server, int use_ssl); + +# endif /* !defined(OPENSSL_NO_HTTP) */ # ifdef __cplusplus } # endif diff --git a/test/build.info b/test/build.info index f6f19d6407..13f81226ba 100644 --- a/test/build.info +++ b/test/build.info @@ -57,7 +57,7 @@ IF[{- !$disabled{tests} -}] x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ recordlentest drbgtest rand_status_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ - http_test servername_test ocspapitest fatalerrtest tls13ccstest \ + servername_test ocspapitest fatalerrtest tls13ccstest \ sysdefaulttest errtest ssl_ctx_test build_wincrypt_test \ context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ keymgmt_internal_test hexstr_test provider_status_test defltfips_test \ @@ -515,12 +515,14 @@ IF[{- !$disabled{tests} -}] DEPEND[ocspapitest]=../libcrypto libtestutil.a IF[{- !$disabled{sock} -}] - PROGRAMS{noinst}=http_test - ENDIF + IF[{- !$disabled{http} -}] + PROGRAMS{noinst}=http_test - SOURCE[http_test]=http_test.c - INCLUDE[http_test]=../include ../apps/include - DEPEND[http_test]=../libcrypto libtestutil.a + SOURCE[http_test]=http_test.c + INCLUDE[http_test]=../include ../apps/include + DEPEND[http_test]=../libcrypto libtestutil.a + ENDIF + ENDIF SOURCE[dtlstest]=dtlstest.c helpers/ssltestlib.c INCLUDE[dtlstest]=../include ../apps/include @@ -590,10 +592,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[ciphername_test]=../include ../apps/include DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a - SOURCE[http_test]=http_test.c - INCLUDE[http_test]=../include ../apps/include - DEPEND[http_test]=../libcrypto libtestutil.a - SOURCE[servername_test]=servername_test.c helpers/ssltestlib.c INCLUDE[servername_test]=../include ../apps/include DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index d85acae58b..485e0e47f1 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -318,10 +318,12 @@ static int test_cmp_ctx_log_cb(void) return result; } +#ifndef OPENSSL_NO_HTTP static BIO *test_http_cb(BIO *bio, void *arg, int use_ssl, int detail) { return NULL; } +#endif static OSSL_CMP_MSG *test_transfer_cb(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req) @@ -560,7 +562,9 @@ static X509_STORE *X509_STORE_new_1(void) STACK_OF(TYPE)*, NULL, IS_0, \ sk_##TYPE##_new_null(), sk_##TYPE##_free) +#ifndef OPENSSL_NO_HTTP typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t; +#endif #define DEFINE_SET_CB_TEST(FIELD) \ static OSSL_CMP_##FIELD##_t OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \ { \ @@ -746,8 +750,10 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, server, char) DEFINE_SET_INT_TEST(serverPort) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, proxy, char) DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, no_proxy, char) +#ifndef OPENSSL_NO_HTTP DEFINE_SET_CB_TEST(http_cb) DEFINE_SET_GET_P_VOID_TEST(http_cb_arg) +#endif DEFINE_SET_CB_TEST(transfer_cb) DEFINE_SET_GET_P_VOID_TEST(transfer_cb_arg) @@ -837,8 +843,10 @@ int setup_tests(void) ADD_TEST(test_CTX_set_get_serverPort); ADD_TEST(test_CTX_set1_get0_proxy); ADD_TEST(test_CTX_set1_get0_no_proxy); +#ifndef OPENSSL_NO_HTTP ADD_TEST(test_CTX_set_get_http_cb); ADD_TEST(test_CTX_set_get_http_cb_arg); +#endif ADD_TEST(test_CTX_set_get_transfer_cb); ADD_TEST(test_CTX_set_get_transfer_cb_arg); /* server authentication: */ diff --git a/test/recipes/79-test_http.t b/test/recipes/79-test_http.t index b3ac70fdeb..ecf6eb23a2 100644 --- a/test/recipes/79-test_http.t +++ b/test/recipes/79-test_http.t @@ -12,11 +12,16 @@ use OpenSSL::Test::Utils; setup("test_http"); +plan skip_all => "HTTP protocol is not supported by this OpenSSL build" + if disabled('http'); +plan skip_all => "not supported by no-sock build" if disabled('sock'); + plan tests => 2; SKIP: { skip "sockets disabled", 1 if disabled("sock"); skip "OCSP disabled", 1 if disabled("ocsp"); + skip "HTTP disabled", 1 if disabled("http"); my $cmd = [qw{openssl ocsp -index any -port 0}]; my @output = run(app($cmd), capture => 1); $output[0] =~ s/\r\n/\n/g; diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index 5fbdb930c9..4fd03e8b2d 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -30,6 +30,8 @@ plan skip_all => "These tests are not supported in a no-ec build" if disabled("ec"); plan skip_all => "These tests are not supported in a no-sock build" if disabled("sock"); +plan skip_all => "These tests are not supported in a no-http build" + if disabled("http"); plan skip_all => "Tests involving local HTTP server not available on Windows or VMS" if $^O =~ /^(VMS|MSWin32|msys)$/; diff --git a/util/libcrypto.num b/util/libcrypto.num index aedb8789bc..0b8beaa411 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -133,7 +133,7 @@ d2i_OCSP_BASICRESP 134 3_0_0 EXIST::FUNCTION:OCSP X509v3_add_ext 135 3_0_0 EXIST::FUNCTION: X509v3_addr_subset 136 3_0_0 EXIST::FUNCTION:RFC3779 CRYPTO_strndup 137 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_free 138 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_free 138 3_0_0 EXIST::FUNCTION:HTTP X509_STORE_new 140 3_0_0 EXIST::FUNCTION: ASN1_TYPE_free 141 3_0_0 EXIST::FUNCTION: PKCS12_BAGS_new 142 3_0_0 EXIST::FUNCTION: @@ -266,7 +266,7 @@ WHIRLPOOL_Init 271 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 EVP_OpenInit 272 3_0_0 EXIST::FUNCTION: OCSP_response_get1_basic 273 3_0_0 EXIST::FUNCTION:OCSP CRYPTO_gcm128_tag 274 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_parse_url 275 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_parse_url 275 3_0_0 EXIST::FUNCTION:HTTP UI_get0_test_string 276 3_0_0 EXIST::FUNCTION: CRYPTO_secure_free 277 3_0_0 EXIST::FUNCTION: DSA_print_fp 278 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO @@ -614,7 +614,7 @@ UI_get0_result_string 629 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_add_policy 630 3_0_0 EXIST::FUNCTION:TS X509_REQ_dup 631 3_0_0 EXIST::FUNCTION: d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO -OSSL_HTTP_REQ_CTX_exchange 634 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_exchange 634 3_0_0 EXIST::FUNCTION:HTTP d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION: @@ -1114,7 +1114,7 @@ PEM_write_bio_PKCS7 1141 3_0_0 EXIST::FUNCTION: MDC2_Final 1142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 SMIME_crlf_copy 1143 3_0_0 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 1144 3_0_0 EXIST::FUNCTION:OCSP -OSSL_HTTP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION:HTTP X509_load_cert_crl_file 1146 3_0_0 EXIST::FUNCTION: EVP_PKEY_new_mac_key 1147 3_0_0 EXIST::FUNCTION: DIST_POINT_new 1148 3_0_0 EXIST::FUNCTION: @@ -1378,7 +1378,7 @@ BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION: SHA512 1412 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION: EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION:HTTP EVP_MD_CTX_reset 1416 3_0_0 EXIST::FUNCTION: X509_NAME_new 1417 3_0_0 EXIST::FUNCTION: ASN1_item_pack 1418 3_0_0 EXIST::FUNCTION: @@ -1576,7 +1576,7 @@ BIO_ADDRINFO_address 1613 3_0_0 EXIST::FUNCTION:SOCK ASN1_STRING_print_ex 1614 3_0_0 EXIST::FUNCTION: i2d_CMS_ReceiptRequest 1615 3_0_0 EXIST::FUNCTION:CMS d2i_TS_REQ_fp 1616 3_0_0 EXIST::FUNCTION:STDIO,TS -OSSL_HTTP_REQ_CTX_set1_req 1617 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_set1_req 1617 3_0_0 EXIST::FUNCTION:HTTP EVP_PKEY_get_default_digest_nid 1618 3_0_0 EXIST::FUNCTION: ASIdOrRange_new 1619 3_0_0 EXIST::FUNCTION:RFC3779 ASN1_SCTX_new 1620 3_0_0 EXIST::FUNCTION: @@ -1592,7 +1592,7 @@ CRYPTO_ocb128_cleanup 1629 3_0_0 EXIST::FUNCTION:OCB EVP_des_ede_cbc 1630 3_0_0 EXIST::FUNCTION:DES i2d_ASN1_TIME 1631 3_0_0 EXIST::FUNCTION: ENGINE_register_all_pkey_asn1_meths 1632 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -OSSL_HTTP_REQ_CTX_set_max_response_length 1633 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_set_max_response_length 1633 3_0_0 EXIST::FUNCTION:HTTP d2i_ISSUING_DIST_POINT 1634 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_set0_key 1635 3_0_0 EXIST::FUNCTION:CMS NCONF_new 1636 3_0_0 EXIST::FUNCTION: @@ -1849,7 +1849,7 @@ OCSP_ONEREQ_add_ext 1892 3_0_0 EXIST::FUNCTION:OCSP CMS_uncompress 1893 3_0_0 EXIST::FUNCTION:CMS CRYPTO_mem_debug_pop 1895 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 EVP_aes_192_cfb128 1896 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION:HTTP EVP_CIPHER_CTX_copy 1898 3_0_0 EXIST::FUNCTION: CRYPTO_secure_allocated 1899 3_0_0 EXIST::FUNCTION: UI_UTIL_read_pw_string 1900 3_0_0 EXIST::FUNCTION: @@ -2415,7 +2415,7 @@ Camellia_decrypt 2466 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPR X509_signature_print 2467 3_0_0 EXIST::FUNCTION: EVP_camellia_128_ecb 2468 3_0_0 EXIST::FUNCTION:CAMELLIA MD2_Final 2469 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 -OSSL_HTTP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:HTTP NETSCAPE_SPKAC_it 2471 3_0_0 EXIST::FUNCTION: ASIdOrRange_free 2472 3_0_0 EXIST::FUNCTION:RFC3779 EC_POINT_get_Jprojective_coordinates_GFp 2473 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC @@ -3612,7 +3612,7 @@ EVP_CIPHER_CTX_is_encrypting 3694 3_0_0 EXIST::FUNCTION: EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_nbio_d2i 3698 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_nbio_d2i 3698 3_0_0 EXIST::FUNCTION:HTTP PKCS8_encrypt 3699 3_0_0 EXIST::FUNCTION: i2d_PKCS7_fp 3700 3_0_0 EXIST::FUNCTION:STDIO i2d_X509_REQ 3701 3_0_0 EXIST::FUNCTION: @@ -3759,7 +3759,7 @@ i2d_PrivateKey_bio 3843 3_0_0 EXIST::FUNCTION: RSA_padding_add_PKCS1_type_1 3844 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_re_X509_tbs 3845 3_0_0 EXIST::FUNCTION: EVP_CIPHER_get_iv_length 3846 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION:HTTP i2d_PKCS8PrivateKeyInfo_bio 3848 3_0_0 EXIST::FUNCTION: d2i_OCSP_CERTID 3849 3_0_0 EXIST::FUNCTION:OCSP EVP_CIPHER_meth_set_init 3850 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -4725,9 +4725,9 @@ OSSL_CMP_CTX_set1_server 4852 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set_serverPort 4853 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_proxy 4854 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set1_no_proxy 4855 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_http_cb 4856 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_http_cb_arg 4857 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get_http_cb_arg 4858 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_http_cb 4856 3_0_0 EXIST::FUNCTION:CMP,HTTP +OSSL_CMP_CTX_set_http_cb_arg 4857 3_0_0 EXIST::FUNCTION:CMP,HTTP +OSSL_CMP_CTX_get_http_cb_arg 4858 3_0_0 EXIST::FUNCTION:CMP,HTTP OSSL_CMP_CTX_set_transfer_cb 4859 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_set_transfer_cb_arg 4860 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_CTX_get_transfer_cb_arg 4861 3_0_0 EXIST::FUNCTION:CMP @@ -4882,18 +4882,18 @@ ASN1_item_verify_ex 5009 3_0_0 EXIST::FUNCTION: BIO_socket_wait 5010 3_0_0 EXIST::FUNCTION:SOCK BIO_wait 5011 3_0_0 EXIST::FUNCTION: BIO_do_connect_retry 5012 3_0_0 EXIST::FUNCTION: -OSSL_parse_url 5013 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_adapt_proxy 5014 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_get_resp_len 5015 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_set_expected 5016 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_is_alive 5017 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_open 5018 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_proxy_connect 5019 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_set1_request 5020 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_exchange 5021 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_get 5022 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_transfer 5023 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_close 5024 3_0_0 EXIST::FUNCTION: +OSSL_parse_url 5013 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_adapt_proxy 5014 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_REQ_CTX_get_resp_len 5015 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_REQ_CTX_set_expected 5016 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_is_alive 5017 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_open 5018 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_proxy_connect 5019 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_set1_request 5020 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_exchange 5021 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_get 5022 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_transfer 5023 3_0_0 EXIST::FUNCTION:HTTP +OSSL_HTTP_close 5024 3_0_0 EXIST::FUNCTION:HTTP ASN1_item_i2d_mem_bio 5025 3_0_0 EXIST::FUNCTION: ERR_add_error_txt 5026 3_0_0 EXIST::FUNCTION: ERR_add_error_mem_bio 5027 3_0_0 EXIST::FUNCTION: @@ -4953,7 +4953,7 @@ OSSL_CMP_try_certreq 5080 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_certConf_cb 5081 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_exec_RR_ses 5082 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_exec_GENM_ses 5083 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_http_perform 5084 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_http_perform 5084 3_0_0 EXIST::FUNCTION:CMP,HTTP OSSL_CMP_MSG_read 5085 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_MSG_write 5086 3_0_0 EXIST::FUNCTION:CMP EVP_PKEY_Q_keygen 5087 3_0_0 EXIST::FUNCTION: