diff options
Diffstat (limited to 'pjlib/src/pj/ssl_sock_ossl.c')
-rw-r--r-- | pjlib/src/pj/ssl_sock_ossl.c | 73 |
1 files changed, 62 insertions, 11 deletions
diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index 267aea5d..15a243f8 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -51,10 +51,63 @@ #include <openssl/x509v3.h> #include <openssl/rand.h> #include <openssl/engine.h> +#include <openssl/opensslconf.h> + +#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL + +# include <openssl/obj_mac.h> + +static const unsigned nid_cid_map[] = { + NID_sect163k1, /* sect163k1 (1) */ + NID_sect163r1, /* sect163r1 (2) */ + NID_sect163r2, /* sect163r2 (3) */ + NID_sect193r1, /* sect193r1 (4) */ + NID_sect193r2, /* sect193r2 (5) */ + NID_sect233k1, /* sect233k1 (6) */ + NID_sect233r1, /* sect233r1 (7) */ + NID_sect239k1, /* sect239k1 (8) */ + NID_sect283k1, /* sect283k1 (9) */ + NID_sect283r1, /* sect283r1 (10) */ + NID_sect409k1, /* sect409k1 (11) */ + NID_sect409r1, /* sect409r1 (12) */ + NID_sect571k1, /* sect571k1 (13) */ + NID_sect571r1, /* sect571r1 (14) */ + NID_secp160k1, /* secp160k1 (15) */ + NID_secp160r1, /* secp160r1 (16) */ + NID_secp160r2, /* secp160r2 (17) */ + NID_secp192k1, /* secp192k1 (18) */ + NID_X9_62_prime192v1, /* secp192r1 (19) */ + NID_secp224k1, /* secp224k1 (20) */ + NID_secp224r1, /* secp224r1 (21) */ + NID_secp256k1, /* secp256k1 (22) */ + NID_X9_62_prime256v1, /* secp256r1 (23) */ + NID_secp384r1, /* secp384r1 (24) */ + NID_secp521r1, /* secp521r1 (25) */ + NID_brainpoolP256r1, /* brainpoolP256r1 (26) */ + NID_brainpoolP384r1, /* brainpoolP384r1 (27) */ + NID_brainpoolP512r1 /* brainpoolP512r1 (28) */ +}; + +static unsigned get_cid_from_nid(unsigned nid) +{ + unsigned i, cid = 0; + for (i=0; i<PJ_ARRAY_SIZE(nid_cid_map); ++i) { + if (nid == nid_cid_map[i]) { + cid = i+1; + break; + } + } + return cid; +}; + +static unsigned get_nid_from_cid(unsigned cid) +{ + if ((cid == 0) || (cid > PJ_ARRAY_SIZE(nid_cid_map))) + return 0; + + return nid_cid_map[cid-1]; +} -#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1 - extern int tls1_ec_nid2curve_id(int nid); - extern int tls1_ec_curve_id2nid(int curve_id); #endif #ifdef _MSC_VER @@ -385,7 +438,7 @@ static pj_status_t init_openssl(void) ssl->session = SSL_SESSION_new(); -#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1 +#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL openssl_curves_num = SSL_get_shared_curve(ssl,-1); if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves)) openssl_curves_num = PJ_ARRAY_SIZE(openssl_curves); @@ -402,7 +455,7 @@ static pj_status_t init_openssl(void) cname = OBJ_nid2sn(nid); } - openssl_curves[i].id = tls1_ec_nid2curve_id(nid); + openssl_curves[i].id = get_cid_from_nid(nid); openssl_curves[i].name = cname; } #else @@ -1001,16 +1054,16 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) { -#if defined(PJ_SSL_SOCK_OSSL_HAS_EC) && PJ_SSL_SOCK_OSSL_HAS_EC==1 +#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL int ret; int curves[PJ_SSL_SOCK_MAX_CURVES]; - int cnt; + unsigned cnt; if (ssock->param.curves_num == 0) return PJ_SUCCESS; for (cnt = 0; cnt < ssock->param.curves_num; cnt++) { - curves[cnt] = tls1_ec_curve_id2nid(ssock->param.curves[cnt]); + curves[cnt] = get_nid_from_cid(ssock->param.curves[cnt]); } if( ssock->ossl_ssl->server ) { @@ -1027,13 +1080,12 @@ static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) #else PJ_UNUSED_ARG(ssock); #endif - return PJ_SUCCESS; } static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock) { -#if defined(PJ_SSL_SOCK_OSSL_HAS_SIGALG) && PJ_SSL_SOCK_OSSL_HAS_SIGALG==1 +#if OPENSSL_VERSION_NUMBER >= 0x1000200fL int ret; if (ssock->param.sigalgs.ptr && ssock->param.sigalgs.slen) { @@ -1051,7 +1103,6 @@ static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock) #else PJ_UNUSED_ARG(ssock); #endif - return PJ_SUCCESS; } |