diff options
author | Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk> | 2024-05-02 16:21:44 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-05-10 09:01:07 +0100 |
commit | 5044c68c377fd3d213ed2bbc915cf11735ff4814 (patch) | |
tree | 6b64d95315c827a33601b307ed295327676cd798 | |
parent | a1a5d437535273f0a756eede2a3166614fb4a6d9 (diff) |
Check that both tls1.3 and dtls1.3 is disabled before removing code from compilation path.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
-rw-r--r-- | ssl/statem/extensions.c | 4 | ||||
-rw-r--r-- | ssl/statem/extensions_clnt.c | 14 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 12 |
3 files changed, 16 insertions, 14 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index ea210ab9f0..9930de9510 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1348,7 +1348,7 @@ static int final_sig_algs(SSL_CONNECTION *s, unsigned int context, int sent) static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) { -#if !defined(OPENSSL_NO_TLS1_3) +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) if (!SSL_CONNECTION_IS_VERSION13(s)) return 1; @@ -1510,7 +1510,7 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) return 0; } } -#endif /* !defined(OPENSSL_NO_TLS1_3) */ +#endif /* !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_DTLS1_3) */ return 1; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 151e690781..560f1097ad 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -617,7 +617,7 @@ EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk_kex_modes) @@ -639,7 +639,7 @@ EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, return EXT_RETURN_SENT; } -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int curve_id) { unsigned char *encoded_point = NULL; @@ -700,7 +700,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) size_t i, num_groups = 0; const uint16_t *pgroups = NULL; uint16_t curve_id = 0; @@ -1039,7 +1039,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) uint32_t agesec, agems = 0; size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen; unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL; @@ -1241,7 +1241,7 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pk ossl_unused X509 *x, ossl_unused size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) if (!s->pha_enabled) return EXT_RETURN_NOT_SENT; @@ -1817,7 +1817,7 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) unsigned int group_id; PACKET encoded_pt; EVP_PKEY *ckey = s->s3.tmp.pkey, *skey = NULL; @@ -2030,7 +2030,7 @@ int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) unsigned int identity; if (!PACKET_get_net_2(pkt, &identity) || PACKET_remaining(pkt) != 0) { diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 35f9a9c39b..e880095e2d 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -556,7 +556,7 @@ int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) PACKET psk_kex_modes; unsigned int mode; @@ -600,7 +600,7 @@ int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) unsigned int group_id; PACKET key_share_list, encoded_pt; const uint16_t *clntgroups, *srvrgroups; @@ -721,7 +721,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) unsigned int format, version, key_share, group_id; EVP_MD_CTX *hctx; EVP_PKEY *pkey; @@ -1637,7 +1637,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) unsigned char *encodedPoint; size_t encoded_pt_len = 0; EVP_PKEY *ckey = s->s3.peer_tmp, *skey = NULL; @@ -1765,6 +1765,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, s->s3.did_kex = 1; return EXT_RETURN_SENT; #else + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; #endif } @@ -1773,7 +1774,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { -#ifndef OPENSSL_NO_TLS1_3 +#if !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_DTLS1_3)) unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie; unsigned char *hmac, *hmac2; size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen; @@ -1894,6 +1895,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, EVP_PKEY_free(pkey); return ret; #else + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; #endif } |