I'm in the process of integrating OpenSSL into FreeBSD 4.0-CURRENT, and
have run into a bunch of undefined symbols when libssl is compiled as a
shared library when NO_RSA is defined: there are several SSL2 functions
which are referenced, but not defined. The following patch seems to take
care of them.
This patch also:
* adds -DNO_SSL2 conditional on the no-rsa config option, since SSL2
requires RSA.
* Changes several #ifndef NO_RSA to #ifndef NO_SSL2 which is more
appropriate (the code should not be compiled if we just specify no-ssl2
and keep rsa).
The only thing which seems to be (still) broken is the rsatest target,
since with NO_RSA defined the crypto/rsa directory never gets recursed
into, hence never creates the links in test/. I couldn't think of an easy
way to fix this so I just left it alone: since FreeBSD doesn't use the
openssl build infrastructure this doesnt affect my purposes.
I'd appreciate someone giving my patch a review.
Kris
diff -ruN openssl-0.9.4/Configure openssl~/Configure
--- openssl-0.9.4/Configure Sun Aug 8 04:56:29 1999
+++ openssl~/Configure Fri Jan 7 18:43:50 2000
@@ -370,6 +370,12 @@
$flags .= "-DNO_MDC2 ";
$depflags .= "-DNO_MDC2 ";
}
+ if ($algo eq "RSA")
+ {
+ $options .= " no-ssl2";
+ $flags .= "-DNO_SSL2 ";
+ $depflags .= "-DNO_SSL2 ";
+ }
}
elsif (/^386$/)
{ $processor=386; }
diff -ruN openssl-0.9.4/ssl/s23_clnt.c openssl~/ssl/s23_clnt.c
--- openssl-0.9.4/ssl/s23_clnt.c Thu Jun 10 09:29:31 1999
+++ openssl~/ssl/s23_clnt.c Fri Jan 7 19:30:55 2000
@@ -68,8 +68,10 @@
static int ssl23_get_server_hello(SSL *s);
static SSL_METHOD *ssl23_get_client_method(int ver)
{
+#ifndef NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_client_method());
+#endif
if (ver == SSL3_VERSION)
return(SSLv3_client_method());
else if (ver == TLS1_VERSION)
@@ -320,6 +322,10 @@
if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
(p[5] == 0x00) && (p[6] == 0x02))
{
+#ifdef NO_SSL2
+
+SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+#else
/* we are talking sslv2 */
/* we need to clean up the SSLv3 setup and put in the
* sslv2 stuff. */
@@ -375,6 +381,7 @@
s->method=SSLv2_client_method();
s->handshake_func=s->method->ssl_connect;
+#endif
}
else if ((p[0] == SSL3_RT_HANDSHAKE) &&
(p[1] == SSL3_VERSION_MAJOR) &&
diff -ruN openssl-0.9.4/ssl/s23_lib.c openssl~/ssl/s23_lib.c
--- openssl-0.9.4/ssl/s23_lib.c Mon Jun 7 13:26:51 1999
+++ openssl~/ssl/s23_lib.c Fri Jan 7 17:35:28 2000
@@ -106,7 +106,11 @@
static int ssl23_num_ciphers(void)
{
- return(ssl3_num_ciphers()+ssl2_num_ciphers());
+ return(ssl3_num_ciphers()
+#ifndef NO_SSL2
+ +ssl2_num_ciphers()
+#endif
+ );
}
static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
@@ -116,7 +120,11 @@
if (u < uu)
return(ssl3_get_cipher(u));
else
+#ifndef NO_SSL2
return(ssl2_get_cipher(u-uu));
+#else
+ return(NULL);
+#endif
}
/* This function needs to check if the ciphers required are actually
@@ -132,8 +140,10 @@
((unsigned long)p[1]<<8L)|(unsigned long)p[2];
c.id=id;
cp=ssl3_get_cipher_by_char(p);
+#ifndef NO_SSL2
if (cp == NULL)
cp=ssl2_get_cipher_by_char(p);
+#endif
return(cp);
}
diff -ruN openssl-0.9.4/ssl/s23_srvr.c openssl~/ssl/s23_srvr.c
--- openssl-0.9.4/ssl/s23_srvr.c Tue Apr 27 04:46:13 1999
+++ openssl~/ssl/s23_srvr.c Fri Jan 7 17:40:09 2000
@@ -67,8 +67,10 @@
int ssl23_get_client_hello(SSL *s);
static SSL_METHOD *ssl23_get_server_method(int ver)
{
+#ifndef NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_server_method());
+#endif
if (ver == SSL3_VERSION)
return(SSLv3_server_method());
else if (ver == TLS1_VERSION)
@@ -404,6 +406,10 @@
if (type == 1)
{
+#ifdef NO_SSL2
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
+ goto err;
+#else
/* we are talking sslv2 */
/* we need to clean up the SSLv3/TLSv1 setup and put in the
* sslv2 stuff. */
@@ -442,6 +448,7 @@
s->method=SSLv2_server_method();
s->handshake_func=s->method->ssl_accept;
+#endif
}
if ((type == 2) || (type == 3))
diff -ruN openssl-0.9.4/ssl/s2_clnt.c openssl~/ssl/s2_clnt.c
--- openssl-0.9.4/ssl/s2_clnt.c Thu May 13 08:09:36 1999
+++ openssl~/ssl/s2_clnt.c Fri Jan 7 19:23:25 2000
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_RSA
+#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
diff -ruN openssl-0.9.4/ssl/s2_enc.c openssl~/ssl/s2_enc.c
--- openssl-0.9.4/ssl/s2_enc.c Mon Apr 19 14:31:36 1999
+++ openssl~/ssl/s2_enc.c Fri Jan 7 17:26:22 2000
@@ -56,6 +56,8 @@
* [including the GNU Public Licence.]
*/
+#ifndef NO_SSL2
+
#include <stdio.h>
#include "ssl_locl.h"
@@ -178,3 +180,4 @@
/* some would say I should zero the md context */
}
+#endif
diff -ruN openssl-0.9.4/ssl/s2_lib.c openssl~/ssl/s2_lib.c
--- openssl-0.9.4/ssl/s2_lib.c Fri Jun 4 14:54:13 1999
+++ openssl~/ssl/s2_lib.c Fri Jan 7 17:33:00 2000
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_RSA
+#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/objects.h>
diff -ruN openssl-0.9.4/ssl/s2_meth.c openssl~/ssl/s2_meth.c
--- openssl-0.9.4/ssl/s2_meth.c Mon Apr 26 20:19:11 1999
+++ openssl~/ssl/s2_meth.c Fri Jan 7 17:33:25 2000
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_RSA
+#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
diff -ruN openssl-0.9.4/ssl/s2_pkt.c openssl~/ssl/s2_pkt.c
--- openssl-0.9.4/ssl/s2_pkt.c Fri Jul 2 10:52:20 1999
+++ openssl~/ssl/s2_pkt.c Fri Jan 7 17:33:17 2000
@@ -56,6 +56,8 @@
* [including the GNU Public Licence.]
*/
+#ifndef NO_SSL2
+
#include <stdio.h>
#include <errno.h>
#define USE_SOCKETS
@@ -638,3 +640,5 @@
}
return(ret);
}
+
+#endif
diff -ruN openssl-0.9.4/ssl/s2_srvr.c openssl~/ssl/s2_srvr.c
--- openssl-0.9.4/ssl/s2_srvr.c Wed Jun 9 09:33:17 1999
+++ openssl~/ssl/s2_srvr.c Fri Jan 7 17:33:36 2000
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifndef NO_RSA
+#ifndef NO_SSL2
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
