diff options
author | Matt Caswell <matt@openssl.org> | 2021-01-15 16:54:28 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-02-05 15:22:43 +0000 |
commit | 462f4f4bc0eeb6505a8914bd751b3f20b43ea778 (patch) | |
tree | 02761e4fdcc934bc996588d25f7cb6f0b205e120 /ssl/statem | |
parent | 54e3efff81f41f71fe17303d5ec6db49415e5d6d (diff) |
Remove OPENSSL_NO_EC guards from libssl
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/extensions.c | 8 | ||||
-rw-r--r-- | ssl/statem/extensions_clnt.c | 4 | ||||
-rw-r--r-- | ssl/statem/extensions_cust.c | 2 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 13 | ||||
-rw-r--r-- | ssl/statem/statem_lib.c | 6 | ||||
-rw-r--r-- | ssl/statem/statem_local.h | 8 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 21 |
8 files changed, 2 insertions, 64 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 6bd7a69364..13e5f5a8e5 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -17,9 +17,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent); static int init_server_name(SSL *s, unsigned int context); static int final_server_name(SSL *s, unsigned int context, int sent); -#ifndef OPENSSL_NO_EC static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); -#endif static int init_session_ticket(SSL *s, unsigned int context); #ifndef OPENSSL_NO_OCSP static int init_status_request(SSL *s, unsigned int context); @@ -151,7 +149,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { #else INVALID_EXTENSION, #endif -#ifndef OPENSSL_NO_EC { TLSEXT_TYPE_ec_point_formats, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO @@ -160,9 +157,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, final_ec_pt_formats }, -#else - INVALID_EXTENSION, -#endif { /* * "supported_groups" is spread across several specifications. @@ -1008,7 +1002,6 @@ static int final_server_name(SSL *s, unsigned int context, int sent) } } -#ifndef OPENSSL_NO_EC static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) { unsigned long alg_k, alg_a; @@ -1046,7 +1039,6 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) return 1; } -#endif static int init_session_ticket(SSL *s, unsigned int context) { diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index cc958aa1b0..3e4353b90e 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -151,7 +151,6 @@ static int use_ecc(SSL *s, int min_version, int max_version) return 0; } -#ifndef OPENSSL_NO_EC EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -182,7 +181,6 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -#endif EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, @@ -1312,7 +1310,6 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, return 1; } -#ifndef OPENSSL_NO_EC int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1350,7 +1347,6 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, return 1; } -#endif int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index 2bc17db1bf..738051e1da 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -488,11 +488,9 @@ int SSL_extension_supported(unsigned int ext_type) switch (ext_type) { /* Internally supported extensions. */ case TLSEXT_TYPE_application_layer_protocol_negotiation: -#ifndef OPENSSL_NO_EC case TLSEXT_TYPE_ec_point_formats: case TLSEXT_TYPE_supported_groups: case TLSEXT_TYPE_key_share: -#endif #ifndef OPENSSL_NO_NEXTPROTONEG case TLSEXT_TYPE_next_proto_neg: #endif diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 42fd6ee7d3..56fcbd03c1 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -228,7 +228,6 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, } #endif -#ifndef OPENSSL_NO_EC int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -251,7 +250,6 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, return 1; } -#endif /* OPENSSL_NO_EC */ int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -1303,7 +1301,6 @@ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -#ifndef OPENSSL_NO_EC EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -1329,7 +1326,6 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } -#endif EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index e4007b37de..cff522604f 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2111,7 +2111,6 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) { -#ifndef OPENSSL_NO_EC PACKET encoded_pt; unsigned int curve_type, curve_id; @@ -2164,10 +2163,6 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) /* else anonymous ECDH, so no certificate or pkey. */ return 1; -#else - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; -#endif } MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) @@ -2959,7 +2954,6 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) { -#ifndef OPENSSL_NO_EC unsigned char *encodedPoint = NULL; size_t encoded_pt_len = 0; EVP_PKEY *ckey = NULL, *skey = NULL; @@ -3000,10 +2994,6 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) OPENSSL_free(encodedPoint); EVP_PKEY_free(ckey); return ret; -#else - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; -#endif } static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) @@ -3550,14 +3540,13 @@ int ssl3_check_cert_and_algorithm(SSL *s) return 0; } -#ifndef OPENSSL_NO_EC if (clu->amask & SSL_aECDSA) { if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s)) return 1; SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_ECC_CERT); return 0; } -#endif + if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_MISSING_RSA_ENCRYPTING_CERT); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d5def193a0..6e491c978a 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1521,9 +1521,7 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) static int is_tls13_capable(const SSL *s) { int i; -#ifndef OPENSSL_NO_EC int curve; -#endif if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) return 0; @@ -1557,7 +1555,6 @@ static int is_tls13_capable(const SSL *s) } if (!ssl_has_cert(s, i)) continue; -#ifndef OPENSSL_NO_EC if (i != SSL_PKEY_ECC) return 1; /* @@ -1568,9 +1565,6 @@ static int is_tls13_capable(const SSL *s) curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC].privatekey); if (tls_check_sigalg_curve(s, curve)) return 1; -#else - return 1; -#endif } return 0; diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index 839a7010c9..c277a8e9c5 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -205,10 +205,8 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, #endif int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_EC int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#endif int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidxl); int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, @@ -258,11 +256,9 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_EC EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#endif EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); @@ -319,11 +315,9 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); #endif -#ifndef OPENSSL_NO_EC EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#endif EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); @@ -387,10 +381,8 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_EC int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#endif int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); #ifndef OPENSSL_NO_OCSP diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 03c4d2ba81..956348613b 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1306,7 +1306,6 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) return 1; } -#ifndef OPENSSL_NO_EC /*- * ssl_check_for_safari attempts to fingerprint Safari using OS X * SecureTransport using the TLS extension block in |hello|. @@ -1368,7 +1367,6 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello) s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock, ext_len); } -#endif /* !OPENSSL_NO_EC */ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) { @@ -1853,10 +1851,8 @@ static int tls_early_post_process_client_hello(SSL *s) goto err; } -#ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) ssl_check_for_safari(s, clienthello); -#endif /* !OPENSSL_NO_EC */ /* TLS extensions */ if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO, @@ -2420,11 +2416,9 @@ int tls_construct_server_done(SSL *s, WPACKET *pkt) int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) { EVP_PKEY *pkdh = NULL; -#ifndef OPENSSL_NO_EC unsigned char *encodedPoint = NULL; size_t encodedlen = 0; int curve_id = 0; -#endif const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg; int i; unsigned long type; @@ -2510,9 +2504,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - } else -#ifndef OPENSSL_NO_EC - if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { + } else if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { if (s->s3.tmp.pkey != NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -2550,7 +2542,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) r[2] = NULL; r[3] = NULL; } else -#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_SRP if (type & SSL_kSRP) { if ((s->srp_ctx.N == NULL) || @@ -2638,7 +2629,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) BN_bn2bin(r[i], binval); } -#ifndef OPENSSL_NO_EC if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { /* * We only support named (not generic) curves. In this situation, the @@ -2656,7 +2646,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) OPENSSL_free(encodedPoint); encodedPoint = NULL; } -#endif /* not anonymous */ if (lu != NULL) { @@ -2717,9 +2706,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) ret = 1; err: EVP_PKEY_free(pkdh); -#ifndef OPENSSL_NO_EC OPENSSL_free(encodedPoint); -#endif EVP_MD_CTX_free(md_ctx); if (freer) { BN_free(r[0]); @@ -3004,7 +2991,6 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) { -#ifndef OPENSSL_NO_EC EVP_PKEY *skey = s->s3.tmp.pkey; EVP_PKEY *ckey = NULL; int ret = 0; @@ -3057,11 +3043,6 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) EVP_PKEY_free(ckey); return ret; -#else - /* Should never happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; -#endif } static int tls_process_cke_srp(SSL *s, PACKET *pkt) |