diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8d9ed9828..232ab4ea5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -162,6 +162,103 @@ void tls1_clear(SSL *s) s->version=TLS1_VERSION; } +#ifndef OPENSSL_NO_EC +static int nid_list[] = + { + NID_sect163k1, /* sect163k1 (1) */ + NID_sect163r1, /* sect163r1 (2) */ + NID_sect163r2, /* sect163r2 (3) */ + NID_sect193r1, /* sect193r1 (4) */ + NID_sect193r2, /* sect193r2 (5) */ + NID_sect233k1, /* sect233k1 (6) */ + NID_sect233r1, /* sect233r1 (7) */ + NID_sect239k1, /* sect239k1 (8) */ + NID_sect283k1, /* sect283k1 (9) */ + NID_sect283r1, /* sect283r1 (10) */ + NID_sect409k1, /* sect409k1 (11) */ + NID_sect409r1, /* sect409r1 (12) */ + NID_sect571k1, /* sect571k1 (13) */ + NID_sect571r1, /* sect571r1 (14) */ + NID_secp160k1, /* secp160k1 (15) */ + NID_secp160r1, /* secp160r1 (16) */ + NID_secp160r2, /* secp160r2 (17) */ + NID_secp192k1, /* secp192k1 (18) */ + NID_X9_62_prime192v1, /* secp192r1 (19) */ + NID_secp224k1, /* secp224k1 (20) */ + NID_secp224r1, /* secp224r1 (21) */ + NID_secp256k1, /* secp256k1 (22) */ + NID_X9_62_prime256v1, /* secp256r1 (23) */ + NID_secp384r1, /* secp384r1 (24) */ + NID_secp521r1 /* secp521r1 (25) */ + }; + +int tls1_ec_curve_id2nid(int curve_id) + { + /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ + if ((curve_id < 1) || (curve_id > sizeof(nid_list)/sizeof(nid_list[0]))) return 0; + return nid_list[curve_id-1]; + } + +int tls1_ec_nid2curve_id(int nid) + { + /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ + switch (nid) + { + case NID_sect163k1: /* sect163k1 (1) */ + return 1; + case NID_sect163r1: /* sect163r1 (2) */ + return 2; + case NID_sect163r2: /* sect163r2 (3) */ + return 3; + case NID_sect193r1: /* sect193r1 (4) */ + return 4; + case NID_sect193r2: /* sect193r2 (5) */ + return 5; + case NID_sect233k1: /* sect233k1 (6) */ + return 6; + case NID_sect233r1: /* sect233r1 (7) */ + return 7; + case NID_sect239k1: /* sect239k1 (8) */ + return 8; + case NID_sect283k1: /* sect283k1 (9) */ + return 9; + case NID_sect283r1: /* sect283r1 (10) */ + return 10; + case NID_sect409k1: /* sect409k1 (11) */ + return 11; + case NID_sect409r1: /* sect409r1 (12) */ + return 12; + case NID_sect571k1: /* sect571k1 (13) */ + return 13; + case NID_sect571r1: /* sect571r1 (14) */ + return 14; + case NID_secp160k1: /* secp160k1 (15) */ + return 15; + case NID_secp160r1: /* secp160r1 (16) */ + return 16; + case NID_secp160r2: /* secp160r2 (17) */ + return 17; + case NID_secp192k1: /* secp192k1 (18) */ + return 18; + case NID_X9_62_prime192v1: /* secp192r1 (19) */ + return 19; + case NID_secp224k1: /* secp224k1 (20) */ + return 20; + case NID_secp224r1: /* secp224r1 (21) */ + return 21; + case NID_secp256k1: /* secp256k1 (22) */ + return 22; + case NID_X9_62_prime256v1: /* secp256r1 (23) */ + return 23; + case NID_secp384r1: /* secp384r1 (24) */ + return 24; + case NID_secp521r1: /* secp521r1 (25) */ + return 25; + default: + return 0; + } + } +#endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) @@ -951,100 +1048,3 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, } #endif -#ifndef OPENSSL_NO_EC -static int nid_list[] = - { - NID_sect163k1, /* sect163k1 (1) */ - NID_sect163r1, /* sect163r1 (2) */ - NID_sect163r2, /* sect163r2 (3) */ - NID_sect193r1, /* sect193r1 (4) */ - NID_sect193r2, /* sect193r2 (5) */ - NID_sect233k1, /* sect233k1 (6) */ - NID_sect233r1, /* sect233r1 (7) */ - NID_sect239k1, /* sect239k1 (8) */ - NID_sect283k1, /* sect283k1 (9) */ - NID_sect283r1, /* sect283r1 (10) */ - NID_sect409k1, /* sect409k1 (11) */ - NID_sect409r1, /* sect409r1 (12) */ - NID_sect571k1, /* sect571k1 (13) */ - NID_sect571r1, /* sect571r1 (14) */ - NID_secp160k1, /* secp160k1 (15) */ - NID_secp160r1, /* secp160r1 (16) */ - NID_secp160r2, /* secp160r2 (17) */ - NID_secp192k1, /* secp192k1 (18) */ - NID_X9_62_prime192v1, /* secp192r1 (19) */ - NID_secp224k1, /* secp224k1 (20) */ - NID_secp224r1, /* secp224r1 (21) */ - NID_secp256k1, /* secp256k1 (22) */ - NID_X9_62_prime256v1, /* secp256r1 (23) */ - NID_secp384r1, /* secp384r1 (24) */ - NID_secp521r1 /* secp521r1 (25) */ - }; - -int tls1_ec_curve_id2nid(int curve_id) - { - /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ - if ((curve_id < 1) || (curve_id > sizeof(nid_list)/sizeof(nid_list[0]))) return 0; - return nid_list[curve_id-1]; - } - -int tls1_ec_nid2curve_id(int nid) - { - /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ - switch (nid) - { - case NID_sect163k1: /* sect163k1 (1) */ - return 1; - case NID_sect163r1: /* sect163r1 (2) */ - return 2; - case NID_sect163r2: /* sect163r2 (3) */ - return 3; - case NID_sect193r1: /* sect193r1 (4) */ - return 4; - case NID_sect193r2: /* sect193r2 (5) */ - return 5; - case NID_sect233k1: /* sect233k1 (6) */ - return 6; - case NID_sect233r1: /* sect233r1 (7) */ - return 7; - case NID_sect239k1: /* sect239k1 (8) */ - return 8; - case NID_sect283k1: /* sect283k1 (9) */ - return 9; - case NID_sect283r1: /* sect283r1 (10) */ - return 10; - case NID_sect409k1: /* sect409k1 (11) */ - return 11; - case NID_sect409r1: /* sect409r1 (12) */ - return 12; - case NID_sect571k1: /* sect571k1 (13) */ - return 13; - case NID_sect571r1: /* sect571r1 (14) */ - return 14; - case NID_secp160k1: /* secp160k1 (15) */ - return 15; - case NID_secp160r1: /* secp160r1 (16) */ - return 16; - case NID_secp160r2: /* secp160r2 (17) */ - return 17; - case NID_secp192k1: /* secp192k1 (18) */ - return 18; - case NID_X9_62_prime192v1: /* secp192r1 (19) */ - return 19; - case NID_secp224k1: /* secp224k1 (20) */ - return 20; - case NID_secp224r1: /* secp224r1 (21) */ - return 21; - case NID_secp256k1: /* secp256k1 (22) */ - return 22; - case NID_X9_62_prime256v1: /* secp256r1 (23) */ - return 23; - case NID_secp384r1: /* secp384r1 (24) */ - return 24; - case NID_secp521r1: /* secp521r1 (25) */ - return 25; - default: - return 0; - } - } -#endif /* OPENSSL_NO_EC */ diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 5fb32624f..15579363f 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -221,6 +221,7 @@ $cflags.=" -DOPENSSL_NO_WHIRLPOOL" if $no_whirlpool; $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; +$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; @@ -1020,6 +1021,7 @@ sub read_options "gaswin" => \$gaswin, "no-ssl2" => \$no_ssl2, "no-ssl3" => \$no_ssl3, + "no-tlsext" => \$no_tlsext, "no-err" => \$no_err, "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, diff --git a/util/mkdef.pl b/util/mkdef.pl index fb74fab9b..70ed218a5 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -198,6 +198,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } elsif (/^no-rfc3779$/) { $no_rfc3779=1; } + elsif (/^no-tlsext$/) { $no_tlsext=1; } } diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 0a08673cd..004398303 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -285,7 +285,7 @@ sub do_lib_rule } $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;2\n\n"; + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; } $ret.="\n"; return($ret); @@ -301,7 +301,7 @@ sub do_link_rule $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;1\n\n"; + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; return($ret); } diff --git a/util/ssleay.num b/util/ssleay.num index 3c0bf8827..8f7548bbd 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -239,17 +239,17 @@ SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION: SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION: SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION: SSL_set_SSL_CTX 290 EXIST::FUNCTION: -SSL_CTX_use_psk_identity_hint 291 EXIST::FUNCTION:PSK -SSL_CTX_set_psk_client_callback 292 EXIST::FUNCTION:PSK -SSL_get_psk_identity_hint 293 EXIST::FUNCTION:PSK -SSL_set_psk_server_callback 294 EXIST::FUNCTION:PSK -SSL_use_psk_identity_hint 295 EXIST::FUNCTION:PSK -SSL_set_psk_client_callback 296 EXIST::FUNCTION:PSK -SSL_get_servername 297 EXIST::FUNCTION:TLSEXT -SSL_get_servername_type 298 EXIST::FUNCTION:TLSEXT -SSL_CTX_set_psk_server_callback 299 EXIST::FUNCTION:PSK -SSL_get_psk_identity 300 EXIST::FUNCTION:PSK -PEM_write_bio_SSL_SESSION 301 EXIST::FUNCTION: -PEM_read_SSL_SESSION 302 EXIST:!WIN16:FUNCTION: -PEM_read_bio_SSL_SESSION 303 EXIST::FUNCTION: +SSL_get_servername 291 EXIST::FUNCTION:TLSEXT +SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT +SSL_CTX_use_psk_identity_hint 293 EXIST::FUNCTION:PSK +SSL_CTX_set_psk_client_callback 294 EXIST::FUNCTION:PSK +PEM_write_bio_SSL_SESSION 295 EXIST::FUNCTION: +SSL_get_psk_identity_hint 296 EXIST::FUNCTION:PSK +SSL_set_psk_server_callback 297 EXIST::FUNCTION:PSK +SSL_use_psk_identity_hint 298 EXIST::FUNCTION:PSK +SSL_set_psk_client_callback 299 EXIST::FUNCTION:PSK +PEM_read_SSL_SESSION 300 EXIST:!WIN16:FUNCTION: +PEM_read_bio_SSL_SESSION 301 EXIST::FUNCTION: +SSL_CTX_set_psk_server_callback 302 EXIST::FUNCTION:PSK +SSL_get_psk_identity 303 EXIST::FUNCTION:PSK PEM_write_SSL_SESSION 304 EXIST:!WIN16:FUNCTION: