diff options
-rw-r--r-- | CHANGES | 5 | ||||
-rwxr-xr-x | Configure | 2 | ||||
-rw-r--r-- | apps/ciphers.c | 4 | ||||
-rw-r--r-- | apps/s_client.c | 4 | ||||
-rw-r--r-- | apps/s_server.c | 4 | ||||
-rw-r--r-- | apps/s_time.c | 4 | ||||
-rw-r--r-- | ssl/s23_clnt.c | 10 | ||||
-rw-r--r-- | ssl/s23_lib.c | 12 | ||||
-rw-r--r-- | ssl/s23_srvr.c | 7 | ||||
-rw-r--r-- | ssl/s2_clnt.c | 6 | ||||
-rw-r--r-- | ssl/s2_enc.c | 9 | ||||
-rw-r--r-- | ssl/s2_lib.c | 6 | ||||
-rw-r--r-- | ssl/s2_meth.c | 6 | ||||
-rw-r--r-- | ssl/s2_pkt.c | 10 | ||||
-rw-r--r-- | ssl/s2_srvr.c | 6 | ||||
-rw-r--r-- | ssl/ssl.h | 4 | ||||
-rw-r--r-- | ssl/ssltest.c | 4 |
17 files changed, 66 insertions, 37 deletions
@@ -4,6 +4,11 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Add missing #ifndefs that caused missing symbols when building libssl + as a shared library without RSA. Use #ifndef NO_SSL2 instead of + NO_RSA in ssl/s2*.c. + [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller] + *) Precautions against using the PRNG uninitialized: RAND_bytes() now has a return value which indicates the quality of the random data (1 = ok, 0 = not seeded). Also an error is recorded on the thread's @@ -102,7 +102,7 @@ my %table=( "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", "debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", -"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -pedantic -Wall -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm", +"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::$x86_gcc_des $x86_gcc_opts:$x86_elf_asm", "dist", "cc:-O::(unknown):::::", # Basic configs that should work on any box diff --git a/apps/ciphers.c b/apps/ciphers.c index 08e47be4f7..3c76782b7e 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -66,10 +66,6 @@ #include <openssl/err.h> #include <openssl/ssl.h> -#if defined(NO_RSA) && !defined(NO_SSL2) -#define NO_SSL2 -#endif - #undef PROG #define PROG ciphers_main diff --git a/apps/s_client.c b/apps/s_client.c index f09fae5f67..84a475d7b8 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -91,10 +91,6 @@ typedef unsigned int u_int; #undef FIONBIO #endif -#if defined(NO_RSA) && !defined(NO_SSL2) -#define NO_SSL2 -#endif - #undef PROG #define PROG s_client_main diff --git a/apps/s_server.c b/apps/s_server.c index a33e0ff147..ff0354acc8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -94,10 +94,6 @@ typedef unsigned int u_int; #undef FIONBIO #endif -#if defined(NO_RSA) && !defined(NO_SSL2) -#define NO_SSL2 -#endif - #ifndef NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif diff --git a/apps/s_time.c b/apps/s_time.c index a43df6bb92..1653195b3f 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -67,10 +67,6 @@ #include <stdlib.h> #include <string.h> -#if defined(NO_RSA) && !defined(NO_SSL2) -#define NO_SSL2 -#endif - #ifdef NO_STDIO #define APPS_WIN16 #endif diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 6db98e92f5..067216b1a2 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -68,8 +68,10 @@ static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); static SSL_METHOD *ssl23_get_client_method(int ver) { +#ifndef NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_client_method()); +#endif if (ver == SSL3_VERSION) return(SSLv3_client_method()); else if (ver == TLS1_VERSION) @@ -307,7 +309,7 @@ static int ssl23_get_server_hello(SSL *s) { char buf[8]; unsigned char *p; - int i,ch_len; + int i; int n; n=ssl23_read_bytes(s,7); @@ -320,9 +322,14 @@ static int ssl23_get_server_hello(SSL *s) if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && (p[5] == 0x00) && (p[6] == 0x02)) { +#ifdef NO_SSL2 + SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; +#else /* we are talking sslv2 */ /* we need to clean up the SSLv3 setup and put in the * sslv2 stuff. */ + int ch_len; if (s->options & SSL_OP_NO_SSLv2) { @@ -375,6 +382,7 @@ static int ssl23_get_server_hello(SSL *s) s->method=SSLv2_client_method(); s->handshake_func=s->method->ssl_connect; +#endif } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c index 822a395837..e2c3bb47da 100644 --- a/ssl/s23_lib.c +++ b/ssl/s23_lib.c @@ -106,7 +106,11 @@ SSL_METHOD *sslv23_base_method(void) static int ssl23_num_ciphers(void) { - return(ssl3_num_ciphers()+ssl2_num_ciphers()); + return(ssl3_num_ciphers() +#ifndef NO_SSL2 + + ssl2_num_ciphers() +#endif + ); } static SSL_CIPHER *ssl23_get_cipher(unsigned int u) @@ -116,7 +120,11 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u) if (u < uu) return(ssl3_get_cipher(u)); else +#ifndef NO_SSL2 return(ssl2_get_cipher(u-uu)); +#else + return(NULL); +#endif } /* This function needs to check if the ciphers required are actually @@ -132,8 +140,10 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; c.id=id; cp=ssl3_get_cipher_by_char(p); +#ifndef NO_SSL2 if (cp == NULL) cp=ssl2_get_cipher_by_char(p); +#endif return(cp); } diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 371789715d..968bf7c1f6 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -67,8 +67,10 @@ static SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); static SSL_METHOD *ssl23_get_server_method(int ver) { +#ifndef NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_server_method()); +#endif if (ver == SSL3_VERSION) return(SSLv3_server_method()); else if (ver == TLS1_VERSION) @@ -450,6 +452,10 @@ next_bit: if (type == 1) { +#ifdef NO_SSL2 + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); + goto err; +#else /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */ @@ -488,6 +494,7 @@ next_bit: s->method=SSLv2_server_method(); s->handshake_func=s->method->ssl_accept; +#endif } if ((type == 2) || (type == 3)) diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 01ef9a7f76..f05b76a66a 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -56,12 +56,12 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RSA +#include "ssl_locl.h" +#ifndef NO_SSL2 #include <stdio.h> #include <openssl/rand.h> #include <openssl/buffer.h> #include <openssl/objects.h> -#include "ssl_locl.h" #include <openssl/evp.h> static SSL_METHOD *ssl2_get_client_method(int ver); @@ -974,7 +974,7 @@ end: EVP_PKEY_free(pkey); return(i); } -#else /* !NO_RSA */ +#else /* !NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 09835008a9..a9458e7fa7 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -56,8 +56,9 @@ * [including the GNU Public Licence.] */ -#include <stdio.h> #include "ssl_locl.h" +#ifndef NO_SSL2 +#include <stdio.h> int ssl2_enc_init(SSL *s, int client) { @@ -177,4 +178,10 @@ void ssl2_mac(SSL *s, unsigned char *md, int send) EVP_DigestFinal(&c,md,NULL); /* some would say I should zero the md context */ } +#else /* !NO_SSL2 */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif +#endif diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index f473b459f2..e727b14406 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -56,12 +56,12 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RSA +#include "ssl_locl.h" +#ifndef NO_SSL2 #include <stdio.h> #include <openssl/rsa.h> #include <openssl/objects.h> #include <openssl/md5.h> -#include "ssl_locl.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -421,7 +421,7 @@ int ssl2_shutdown(SSL *s) s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return(1); } -#else /* !NO_RSA */ +#else /* !NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index 54ff252d9a..deb9e1d6f3 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RSA +#include "ssl_locl.h" +#ifndef NO_SSL2 #include <stdio.h> #include <openssl/objects.h> -#include "ssl_locl.h" static SSL_METHOD *ssl2_get_method(int ver); static SSL_METHOD *ssl2_get_method(int ver) @@ -86,7 +86,7 @@ SSL_METHOD *SSLv2_method(void) } return(&SSLv2_data); } -#else /* !NO_RSA */ +#else /* !NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index a1bb5bca4b..56662f29fa 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ +#include "ssl_locl.h" +#ifndef NO_SSL2 #include <stdio.h> #include <errno.h> #define USE_SOCKETS -#include "ssl_locl.h" static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len); @@ -638,3 +639,10 @@ static int ssl_mt_error(int n) } return(ret); } +#else /* !NO_SSL2 */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + +#endif diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index cfc0ba0343..811daa2e2c 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -56,12 +56,12 @@ * [including the GNU Public Licence.] */ -#ifndef NO_RSA +#include "ssl_locl.h" +#ifndef NO_SSL2 #include <stdio.h> #include <openssl/bio.h> #include <openssl/rand.h> #include <openssl/objects.h> -#include "ssl_locl.h" #include <openssl/evp.h> static SSL_METHOD *ssl2_get_server_method(int ver); @@ -966,7 +966,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); return(i); } -#else /* !NO_RSA */ +#else /* !NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; @@ -151,6 +151,10 @@ extern "C" { #include <openssl/pem.h> #include <openssl/x509.h> +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 #define SSL_FILETYPE_PEM X509_FILETYPE_PEM diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 28140b3fdf..292c758507 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -75,10 +75,6 @@ #include "../crypto/bio/bss_file.c" #endif -#if defined(NO_RSA) && !defined(NO_SSL2) -#define NO_SSL2 -#endif - #ifdef VMS # define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM" # define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM" |