diff options
| author | Matt Caswell <matt@openssl.org> | 2021-01-13 12:39:40 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-02-05 15:20:36 +0000 |
| commit | 5b64ce89b0859956387cda1d56718d2a5f09d928 (patch) | |
| tree | 842aef9e8c3f1b2b0d86ff75414ed475d6ec7125 /ssl/statem | |
| parent | 9ca08f91e9817892c3545612a91d38687e593e14 (diff) | |
Remove OPENSSL_NO_DH guards from libssl
This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged
in via providers it is no longer needed to disable DH at compile time in
libssl. Instead it should detect at runtime whether DH is available from
the loaded providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/statem_clnt.c | 11 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
2 files changed, 3 insertions, 10 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 35e45d59a1..e4007b37de 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1725,11 +1725,7 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, OPENSSL_free(extensions); extensions = NULL; - if (s->ext.tls13_cookie_len == 0 -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - && s->s3.tmp.pkey != NULL -#endif - ) { + if (s->ext.tls13_cookie_len == 0 && s->s3.tmp.pkey != NULL) { /* * We didn't receive a cookie or a new key_share so the next * ClientHello will not change @@ -2186,10 +2182,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) save_param_start = *pkt; -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) EVP_PKEY_free(s->s3.peer_tmp); s->s3.peer_tmp = NULL; -#endif if (alg_k & SSL_PSK) { if (!tls_process_ske_psk_preamble(s, pkt)) { @@ -3569,12 +3563,11 @@ int ssl3_check_cert_and_algorithm(SSL *s) SSL_R_MISSING_RSA_ENCRYPTING_CERT); return 0; } -#ifndef OPENSSL_NO_DH + if ((alg_k & SSL_kDHE) && (s->s3.peer_tmp == NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } -#endif return 1; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 8ae8ddc052..03c4d2ba81 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2466,7 +2466,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } else { pkdhp = cert->dh_tmp; } -#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) +#if !defined(OPENSSL_NO_DEPRECATED_3_0) if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(s, 0, 1024)); if (pkdh == NULL) { |