[openssl.org #3037] [PATCH] so 1.0.1e will build with "no-tlsext" option specified

[email protected] via RT Fri, 03 May 2013 10:03:59 -0700

These patches primarily move around a few #ifdefs so that 1.0.1e will compile 
when the "no-tlsext" option is specified.


Note that when "no-tlsext" is specified, "no-srtp" is forced now too in 
addition to "no-srp" and "no-heartbeats".

I'm not 100% confident in these changes, so I'd appreciate some level of review 
and comment before they are accepted, but I'm sure do that as a matter of 
course anyway.

Thanks,
Geoff


*** ./openssl-1.0.1e/Configure  Mon Feb 11 09:26:04 2013
--- ./openssl-1.0.1e-fixed/Configure    Fri Apr 26 10:53:38 2013
*************** if (defined($disabled{"tlsext"}))
*** 1026,1031 ****
--- 1026,1032 ----
        {
        $disabled{"srp"} = "forced";
        $disabled{"heartbeats"} = "forced";
+       $disabled{"srtp"} = "forced";
        }
  
  if ($target eq "TABLE") {

*** ./openssl-1.0.1e/ssl/s3_clnt.c      Mon Feb 11 09:26:04 2013
--- ./openssl-1.0.1e-fixed/ssl/s3_clnt.c        Fri Apr 26 11:00:30 2013
*************** int ssl3_get_server_hello(SSL *s)
*** 1068,1074 ****
--- 1068,1076 ----
        return(1);
  f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ #ifndef OPENSSL_NO_TLSEXT
  err:
+ #endif
        return(-1);
        }
  
*** ./openssl-1.0.1e/ssl/s3_srvr.c      Mon Feb 11 09:26:04 2013
--- ./openssl-1.0.1e-fixed/ssl/s3_srvr.c        Fri Apr 26 14:28:00 2013
*************** int ssl3_get_client_hello(SSL *s)
*** 1408,1413 ****
--- 1408,1414 ----
         * s->tmp.new_cipher    - the new cipher to use.
         */
  
+ #ifndef OPENSSL_NO_TLSEXT
        /* Handles TLS extensions that we couldn't check earlier */
        if (s->version >= SSL3_VERSION)
                {
*************** int ssl3_get_client_hello(SSL *s)
*** 1417,1422 ****
--- 1418,1424 ----
                        goto err;
                        }
                }
+ #endif
  
        if (ret < 0) ret=1;
        if (0)

*** ./openssl-1.0.1e/ssl/ssl_locl.h     Mon Feb 11 09:26:04 2013
--- ./openssl-1.0.1e-fixed/ssl/ssl_locl.h       Fri Apr 26 11:00:02 2013
*************** int dtls1_process_heartbeat(SSL *s);
*** 1117,1128 ****
  int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                const unsigned char *limit, SSL_SESSION **ret);
  
  int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
                                const EVP_MD *md);
  int tls12_get_sigid(const EVP_PKEY *pk);
  const EVP_MD *tls12_get_hash(unsigned char hash_alg);
  
- #endif
  EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
  void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
  int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
--- 1117,1128 ----
  int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                const unsigned char *limit, SSL_SESSION **ret);
  
+ #endif
  int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
                                const EVP_MD *md);
  int tls12_get_sigid(const EVP_PKEY *pk);
  const EVP_MD *tls12_get_hash(unsigned char hash_alg);
  
  EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
  void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
  int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,

*** ./openssl-1.0.1e/ssl/t1_lib.c       Mon Feb 11 09:26:04 2013
--- ./openssl-1.0.1e-fixed/ssl/t1_lib.c Fri Apr 26 11:00:14 2013
*************** static int nid_list[] =
*** 202,207 ****
--- 202,208 ----
                NID_secp521r1  /* secp521r1 (25) */     
        };
  
+ #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
  static int pref_list[] =
        {
                NID_sect571r1, /* sect571r1 (14) */ 
*************** static int pref_list[] =
*** 230,235 ****
--- 231,237 ----
                NID_secp160r1, /* secp160r1 (16) */ 
                NID_secp160r2, /* secp160r2 (17) */ 
        };
+ #endif
  
  int tls1_ec_curve_id2nid(int curve_id)
        {
*************** int tls1_ec_nid2curve_id(int nid)
*** 301,308 ****
        }
  #endif /* OPENSSL_NO_EC */
  
- #ifndef OPENSSL_NO_TLSEXT
- 
  /* List of supported signature algorithms and hashes. Should make this
   * customisable at some point, for now include everything we support.
   */
--- 303,308 ----
*************** int tls12_get_req_sig_algs(SSL *s, unsig
*** 360,365 ****
--- 360,367 ----
        return (int)slen;
        }
  
+ #ifndef OPENSSL_NO_TLSEXT
+ 
  unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned 
char *limit)
        {
        int extdatalen=0;
*************** static int tls_decrypt_ticket(SSL *s, co
*** 2276,2281 ****
--- 2278,2284 ----
         * ticket. */
        return 2;
        }
+ #endif /* OPENSSL_NO_TLSEXT */
  
  /* Tables to translate from NIDs to TLS v1.2 ids */
  
*************** int tls1_process_sigalgs(SSL *s, const u
*** 2475,2482 ****
        return 1;
        }
  
- #endif
- 
  #ifndef OPENSSL_NO_HEARTBEATS
  int
  tls1_process_heartbeat(SSL *s)
--- 2478,2483 ----

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

[openssl.org #3037] [PATCH] so 1.0.1e will build with "no-tlsext" option specified

Reply via email to