diff options
| author | Riza Sulistyo <riza@teluu.com> | 2017-01-10 09:17:07 +0000 |
|---|---|---|
| committer | Riza Sulistyo <riza@teluu.com> | 2017-01-10 09:17:07 +0000 |
| commit | 9c135526de34da4f5b477021599bc00f61f1c1a3 (patch) | |
| tree | 86ee54b2db34b53c5bdc3999812f6b209f8b3a06 | |
| parent | 7de8ae3fa6de2f422162eddbbe5359601dcc4eb5 (diff) | |
Re #1975:
- Change autoconf detection in r5483 to compile time check.
- Don't use tls1_ec_nid2curve_id()/tls1_ec_curve_id2nid() since they are not public API.
Thanks to Alexander Traud for the suggestions.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5517 74dad513-b988-da41-8d7b-12977e46ad98
| -rwxr-xr-x | aconfigure | 180 | ||||
| -rw-r--r-- | aconfigure.ac | 39 | ||||
| -rw-r--r-- | pjlib/build/os-auto.mak.in | 8 | ||||
| -rw-r--r-- | pjlib/src/pj/ssl_sock_ossl.c | 73 |
4 files changed, 97 insertions, 203 deletions
@@ -641,13 +641,9 @@ opencore_amrnb_present opencore_amrnb_h_present ac_no_opencore_amrwb ac_no_opencore_amrnb -ec_curve_present -set_curve_present libcrypto_present libssl_present openssl_h_present -ac_ssl_has_sigalg -ac_ssl_has_ec ac_ssl_has_aes_gcm ac_no_ssl ac_openh264_ldflags @@ -759,6 +755,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -881,6 +878,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1133,6 +1131,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1270,7 +1277,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1423,6 +1430,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -2344,7 +2352,7 @@ $as_echo "$as_me: loading site script $ac_site_file" >&6;} || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi done @@ -2487,7 +2495,7 @@ fi $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; -*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5 ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' @@ -2520,7 +2528,7 @@ fi $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; -*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5 ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' @@ -2553,7 +2561,7 @@ fi $as_echo "$ac_cv_target" >&6; } case $ac_cv_target in *-*-*) ;; -*) as_fn_error $? "invalid value of canonical target" "$LINENO" 5 ;; +*) as_fn_error $? "invalid value of canonical target" "$LINENO" 5;; esac target=$ac_cv_target ac_save_IFS=$IFS; IFS='-' @@ -2890,7 +2898,7 @@ fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -3005,7 +3013,7 @@ sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -3048,7 +3056,7 @@ else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 @@ -3107,7 +3115,7 @@ $as_echo "$ac_try_echo"; } >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi fi fi @@ -3159,7 +3167,7 @@ sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi @@ -4553,7 +4561,7 @@ else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c @@ -5043,7 +5051,7 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) as_fn_error $? "unknown endianness - presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac @@ -7616,7 +7624,7 @@ else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Error: unable to recognize your IPP installation. Make sure the paths and ARCH suffix are set correctly, run with --help for more info -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext @@ -7672,13 +7680,13 @@ $as_echo_n "checking Intel IPP USC build location... " >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Unable to find to find built binaries under $IPPSAMPLES/speech-codecs/{bin,_bin}. Have you built the IPP samples? -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "unable to find $IPPSAMPLES/speech-codecs/bin/*gcc*/lib or $IPPSAMPLES/speech-codecs/_bin/*gcc*/lib directory. Have you built the samples? -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi # Test the directory @@ -7686,7 +7694,7 @@ See \`config.log' for more details" "$LINENO" 5 ; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "There's something wrong with this script, directory $IPPSAMP_DIR does not exist -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } exit 1; fi @@ -7700,14 +7708,14 @@ See \`config.log' for more details" "$LINENO" 5 ; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "bug in this script: unsupported IPP version -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi if test ! -f $IPPSAMP_DIR/$IPPSAMP_LIBS; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "$IPPSAMP_LIBS doesn't exist in $IPPSAMP_DIR -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IPPSAMP_DIR" >&5 @@ -7743,7 +7751,7 @@ else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no -See \`config.log' for more details" "$LINENO" 5 ; } +See \`config.log' for more details" "$LINENO" 5; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext @@ -7789,10 +7797,6 @@ fi ac_ssl_has_aes_gcm=0 -ac_ssl_has_ec=0 - -ac_ssl_has_sigalg=0 - # Check whether --enable-ssl was given. if test "${enable_ssl+set}" = set; then : enableval=$enable_ssl; @@ -7955,120 +7959,6 @@ $as_echo "OpenSSL has AES GCM support, SRTP will use OpenSSL" >&6; } $as_echo "OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos" >&6; } fi - # Check if OpenSSL supports setting curve algorithm - # and has elliptic curve - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL setting curve functions" >&5 -$as_echo_n "checking OpenSSL setting curve functions... " >&6; } - set_curve_present=0 - - ec_curve_present=0 - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <openssl/ssl.h> - -int -main () -{ - SSL_set1_curves(NULL, NULL, 0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - set_curve_present=1 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EC_curve_nid2nist in -lssl" >&5 -$as_echo_n "checking for EC_curve_nid2nist in -lssl... " >&6; } -if ${ac_cv_lib_ssl_EC_curve_nid2nist+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char EC_curve_nid2nist (); -int -main () -{ -return EC_curve_nid2nist (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_EC_curve_nid2nist=yes -else - ac_cv_lib_ssl_EC_curve_nid2nist=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_EC_curve_nid2nist" >&5 -$as_echo "$ac_cv_lib_ssl_EC_curve_nid2nist" >&6; } -if test "x$ac_cv_lib_ssl_EC_curve_nid2nist" = xyes; then : - ec_curve_present=1 -fi - - if test "x$set_curve_present" = "x1" -a "x$ec_curve_present" = "x1"; then - ac_ssl_has_ec=1 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL has elliptic curve support" >&5 -$as_echo "OpenSSL has elliptic curve support" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL elliptic curve algorithm unsupported" >&5 -$as_echo "OpenSSL elliptic curve algorithm unsupported" >&6; } - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL setting sigalg" >&5 -$as_echo_n "checking OpenSSL setting sigalg... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <openssl/ssl.h> - -int -main () -{ -SSL_set1_sigalgs_list(NULL, NULL); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_ssl_has_sigalg=1 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1) $as_echo "#define PJ_HAS_SSL_SOCK 1" >>confdefs.h @@ -9399,7 +9289,7 @@ do "pjsip/build/os-auto.mak") CONFIG_FILES="$CONFIG_FILES pjsip/build/os-auto.mak" ;; "third_party/build/os-auto.mak") CONFIG_FILES="$CONFIG_FILES third_party/build/os-auto.mak" ;; - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;; + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done @@ -9716,7 +9606,7 @@ do esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -9744,7 +9634,7 @@ do [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;; + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" @@ -9771,7 +9661,7 @@ $as_echo "$as_me: creating $ac_file" >&6;} case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac diff --git a/aconfigure.ac b/aconfigure.ac index bd72e786..4d40f307 100644 --- a/aconfigure.ac +++ b/aconfigure.ac @@ -1533,8 +1533,6 @@ fi dnl # Include SSL support AC_SUBST(ac_no_ssl) AC_SUBST(ac_ssl_has_aes_gcm,0) -AC_SUBST(ac_ssl_has_ec,0) -AC_SUBST(ac_ssl_has_sigalg,0) AC_ARG_ENABLE(ssl, AS_HELP_STRING([--disable-ssl], [Exclude SSL support the build (default: autodetect)]) @@ -1570,43 +1568,6 @@ AC_ARG_ENABLE(ssl, AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos]) fi - # Check if OpenSSL supports setting curve algorithm - # and has elliptic curve - - AC_MSG_CHECKING([OpenSSL setting curve functions]) - AC_SUBST(set_curve_present,0) - AC_SUBST(ec_curve_present,0) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h> - ]], - [ SSL_set1_curves(NULL, NULL, 0);] - )], - [ set_curve_present=1 - AC_MSG_RESULT(ok) - ], - [ - AC_MSG_RESULT(no) - ]) - - AC_CHECK_LIB(ssl,EC_curve_nid2nist,[ec_curve_present=1]) - if test "x$set_curve_present" = "x1" -a "x$ec_curve_present" = "x1"; then - [ac_ssl_has_ec=1] - AC_MSG_RESULT([OpenSSL has elliptic curve support]) - else - AC_MSG_RESULT([OpenSSL elliptic curve algorithm unsupported]) - fi - - AC_MSG_CHECKING([OpenSSL setting sigalg]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h> - ]], - [SSL_set1_sigalgs_list(NULL, NULL);] - )], - [ ac_ssl_has_sigalg=1 - AC_MSG_RESULT(ok) - ], - [ - AC_MSG_RESULT(no) - ]) - # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1) AC_DEFINE(PJ_HAS_SSL_SOCK, 1) diff --git a/pjlib/build/os-auto.mak.in b/pjlib/build/os-auto.mak.in index e4a7970d..1e44d12f 100644 --- a/pjlib/build/os-auto.mak.in +++ b/pjlib/build/os-auto.mak.in @@ -32,11 +32,3 @@ export TEST_OBJS += @ac_main_obj@ # export TARGETS = $(PJLIB_LIB) $(PJLIB_SONAME) export TARGETS_EXE = $(TEST_EXE) - -ifeq (@ac_ssl_has_ec@,1) -export PJLIB_CFLAGS += -DPJ_SSL_SOCK_OSSL_HAS_EC=1 -endif - -ifeq (@ac_ssl_has_sigalg@,1) -export PJLIB_CFLAGS += -DPJ_SSL_SOCK_OSSL_HAS_SIGALG=1 -endif diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index 267aea5d..15a243f8 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -51,10 +51,63 @@ #include <openssl/x509v3.h> #include <openssl/rand.h> #include <openssl/engine.h> +#include <openssl/opensslconf.h> + +#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL + +# include <openssl/obj_mac.h> + +static const unsigned nid_cid_map[] = { + NID_sect163k1, /* sect163k1 (1) */ + NID_sect163r1, /* sect163r1 (2) */ + NID_sect163r2, /* sect163r2 (3) */ + NID_sect193r1, /* sect193r1 (4) */ + NID_sect193r2, /* sect193r2 (5) */ + NID_sect233k1, /* sect233k1 (6) */ + NID_sect233r1, /* sect233r1 (7) */ + NID_sect239k1, /* sect239k1 (8) */ + NID_sect283k1, /* sect283k1 (9) */ + NID_sect283r1, /* sect283r1 (10) */ + NID_sect409k1, /* sect409k1 (11) */ + NID_sect409r1, /* sect409r1 (12) */ + NID_sect571k1, /* sect571k1 (13) */ + NID_sect571r1, /* sect571r1 (14) */ + NID_secp160k1, /* secp160k1 (15) */ + NID_secp160r1, /* secp160r1 (16) */ + NID_secp160r2, /* secp160r2 (17) */ + NID_secp192k1, /* secp192k1 (18) */ + NID_X9_62_prime192v1, /* secp192r1 (19) */ + NID_secp224k1, /* secp224k1 (20) */ + NID_secp224r1, /* secp224r1 (21) */ + NID_secp256k1, /* secp256k1 (22) */ + NID_X9_62_prime256v1, /* secp256r1 (23) */ + NID_secp384r1, /* secp384r1 (24) */ + NID_secp521r1, /* secp521r1 (25) */ + NID_brainpoolP256r1, /* brainpoolP256r1 (26) */ + NID_brainpoolP384r1, /* brainpoolP384r1 (27) */ + NID_brainpoolP512r1 /* brainpoolP512r1 (28) */ +}; + +static unsigned get_cid_from_nid(unsigned nid) +{ + unsigned i, cid = 0; + for (i=0; i<PJ_ARRAY_SIZE(nid_cid_map); ++i) { + if (nid == nid_cid_map[i]) { + cid = i+1; + break; + } + } + return cid; +}; + +static unsigned get_nid_from_cid(unsigned cid) +{ + if ((cid == 0) || (cid > PJ_ARRAY_SIZE(nid_cid_map))) + return 0; + + return nid_cid_map[cid-1]; +} -#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1 - extern int tls1_ec_nid2curve_id(int nid); - extern int tls1_ec_curve_id2nid(int curve_id); #endif #ifdef _MSC_VER @@ -385,7 +438,7 @@ static pj_status_t init_openssl(void) ssl->session = SSL_SESSION_new(); -#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1 +#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL openssl_curves_num = SSL_get_shared_curve(ssl,-1); if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves)) openssl_curves_num = PJ_ARRAY_SIZE(openssl_curves); @@ -402,7 +455,7 @@ static pj_status_t init_openssl(void) cname = OBJ_nid2sn(nid); } - openssl_curves[i].id = tls1_ec_nid2curve_id(nid); + openssl_curves[i].id = get_cid_from_nid(nid); openssl_curves[i].name = cname; } #else @@ -1001,16 +1054,16 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) { -#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1 +#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL int ret; int curves[PJ_SSL_SOCK_MAX_CURVES]; - int cnt; + unsigned cnt; if (ssock->param.curves_num == 0) return PJ_SUCCESS; for (cnt = 0; cnt < ssock->param.curves_num; cnt++) { - curves[cnt] = tls1_ec_curve_id2nid(ssock->param.curves[cnt]); + curves[cnt] = get_nid_from_cid(ssock->param.curves[cnt]); } if( ssock->ossl_ssl->server ) { @@ -1027,13 +1080,12 @@ static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) #else PJ_UNUSED_ARG(ssock); #endif - return PJ_SUCCESS; } static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock) { -#if defined(PJ_SSL_SOCK_OSSL_HAS_SIGALG) && PJ_SSL_SOCK_OSSL_HAS_SIGALG==1 +#if OPENSSL_VERSION_NUMBER >= 0x1000200fL int ret; if (ssock->param.sigalgs.ptr && ssock->param.sigalgs.slen) { @@ -1051,7 +1103,6 @@ static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock) #else PJ_UNUSED_ARG(ssock); #endif - return PJ_SUCCESS; } |