diff options
author | Matt Caswell <matt@openssl.org> | 2020-09-02 16:15:06 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-09-13 11:09:45 +0100 |
commit | 6ac1cd10ba8a1d92d3858e53a7aea2cf444adf26 (patch) | |
tree | 9b2ccdb7ea5335deb20cfb4d98ee23b8ae10e299 /ssl | |
parent | 08073700cc50bcd0df5c0ee68c100e300a320d03 (diff) | |
download | openssl-6ac1cd10ba8a1d92d3858e53a7aea2cf444adf26.tar.gz |
Fix safestack issues in ssl.h
We fix 3 problems with safestack:
- Including an openssl header file without linking against libcrypto
can cause compilation failures (even if the app does not otherwise need
to link against libcrypto). See issue #8102
- Recent changes means that applications in no-deprecated builds will need
to include additional macro calls in the source code for all stacks that
they need to use - which is an API break. This changes avoids that
necessity.
- It is not possible to write code using stacks that works in both a
no-deprecated and a normal build of OpenSSL. See issue #12707.
Fixes #12707
Contains a partial fix for #8102. A similar PR will be needed for hash to
fully fix.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_srtp.c | 2 | ||||
-rw-r--r-- | ssl/s3_lib.c | 1 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 3 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
-rw-r--r-- | ssl/statem/extensions_clnt.c | 2 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 1 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 1 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 | ||||
-rw-r--r-- | ssl/t1_lib.c | 1 |
10 files changed, 0 insertions, 17 deletions
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 66c1b54eeb..87fb4a243d 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -19,8 +19,6 @@ #ifndef OPENSSL_NO_SRTP -DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) - static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { { "SRTP_AES128_CM_SHA1_80", diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8f5aaaf942..c49f2118ca 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -22,7 +22,6 @@ DEFINE_STACK_OF(X509_NAME) DEFINE_STACK_OF(X509) -DEFINE_STACK_OF_CONST(SSL_CIPHER) #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 64d773acbd..05add36d47 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -25,9 +25,6 @@ #include "internal/thread_once.h" #include "internal/cryptlib.h" -DEFINE_STACK_OF(SSL_COMP) -DEFINE_STACK_OF_CONST(SSL_CIPHER) - /* NB: make sure indices in these tables match values above */ typedef struct { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a036ac29e9..139fd628af 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -30,10 +30,8 @@ DEFINE_STACK_OF(X509) DEFINE_STACK_OF(X509_NAME) -DEFINE_STACK_OF_CONST(SSL_CIPHER) DEFINE_STACK_OF(X509_EXTENSION) DEFINE_STACK_OF(OCSP_RESPID) -DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) DEFINE_STACK_OF(SCT) static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t, diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index abff069ec9..f8ae0612e3 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -12,8 +12,6 @@ #include "internal/cryptlib.h" #include "statem_local.h" -DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) -DEFINE_STACK_OF_CONST(SSL_CIPHER) DEFINE_STACK_OF(OCSP_RESPID) EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index b5cd34b646..c686d00f0e 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -12,7 +12,6 @@ #include "statem_local.h" #include "internal/cryptlib.h" -DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) DEFINE_STACK_OF(OCSP_RESPID) DEFINE_STACK_OF(X509_EXTENSION) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 0780e5fc9a..f8a3d25c08 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -29,8 +29,6 @@ #include <internal/cryptlib.h> DEFINE_STACK_OF(X509) -DEFINE_STACK_OF(SSL_COMP) -DEFINE_STACK_OF_CONST(SSL_CIPHER) static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt); static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index e0ff00d1b8..79195b2aa2 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -23,7 +23,6 @@ DEFINE_STACK_OF(X509) DEFINE_STACK_OF(X509_NAME) -DEFINE_STACK_OF_CONST(SSL_CIPHER) /* * Map error codes to TLS/SSL alart types. diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c46254c858..f42e7865eb 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -27,8 +27,6 @@ #include <openssl/asn1t.h> DEFINE_STACK_OF(X509) -DEFINE_STACK_OF(SSL_COMP) -DEFINE_STACK_OF_CONST(SSL_CIPHER) #define TICKET_NONCE_SIZE 8 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index bf955bf3ec..702622487f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -28,7 +28,6 @@ #include "ssl_local.h" #include <openssl/ct.h> -DEFINE_STACK_OF_CONST(SSL_CIPHER) DEFINE_STACK_OF(X509) DEFINE_STACK_OF(X509_NAME) |