diff options
author | Matt Caswell <matt@openssl.org> | 2019-06-13 11:06:12 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-06-17 10:57:19 +0100 |
commit | dbc6268f68e50b2e49d7c5b1157b4f6bcea5d6f9 (patch) | |
tree | 67a9fa2beac320e8d437c04225cbc377a0145f2d /ssl/statem/extensions.c | |
parent | 8013a933dacc80096e2bfca06c00f9ec29adb35b (diff) |
Allow TLSv1.3 in a no-ec build
Now that we have TLSv1.3 FFDHE support there is no reason why we should
not allow TLSv1.3 to be used in a no-ec build. This commit enables that
to happen.
It also fixes no-ec which was previously broken.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)
Diffstat (limited to 'ssl/statem/extensions.c')
-rw-r--r-- | ssl/statem/extensions.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 2e51aab4af..9023e47599 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -46,9 +46,7 @@ static int init_etm(SSL *s, unsigned int context); static int init_ems(SSL *s, unsigned int context); static int final_ems(SSL *s, unsigned int context, int sent); static int init_psk_kex_modes(SSL *s, unsigned int context); -#ifndef OPENSSL_NO_EC static int final_key_share(SSL *s, unsigned int context, int sent); -#endif #ifndef OPENSSL_NO_SRTP static int init_srtp(SSL *s, unsigned int context); #endif @@ -162,6 +160,10 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, final_ec_pt_formats }, +#else + INVALID_EXTENSION, +#endif +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) { /* * "supported_groups" is spread across several specifications. @@ -197,7 +199,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { }, #else INVALID_EXTENSION, - INVALID_EXTENSION, #endif { TLSEXT_TYPE_session_ticket, @@ -322,7 +323,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, tls_construct_ctos_psk_kex_modes, NULL }, -#ifndef OPENSSL_NO_EC { /* * Must be in this list after supported_groups. We need that to have @@ -336,7 +336,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_key_share, tls_construct_ctos_key_share, final_key_share }, -#endif { /* Must be after key_share */ TLSEXT_TYPE_cookie, @@ -1266,7 +1265,6 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent) return 1; } -#ifndef OPENSSL_NO_EC static int final_key_share(SSL *s, unsigned int context, int sent) { if (!SSL_IS_TLS13(s)) @@ -1429,7 +1427,6 @@ static int final_key_share(SSL *s, unsigned int context, int sent) return 1; } -#endif static int init_psk_kex_modes(SSL *s, unsigned int context) { |