diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-03-10 19:09:27 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@akamai.com> | 2015-03-11 09:29:37 -0400 |
| commit | 10bf4fc2c3da332a54247da1f3c0dcb44944f7ff (patch) | |
| tree | c2f597e901f98829266ec4045492195cefdd958c /ssl | |
| parent | ac5a110621ca48f0bebd5b4d76d081de403da29e (diff) | |
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_clnt.c | 24 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 39 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 10 | ||||
| -rw-r--r-- | ssl/ssl.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_algs.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 8 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 9 | ||||
| -rw-r--r-- | ssl/ssl_conf.c | 4 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 18 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 10 | ||||
| -rw-r--r-- | ssl/ssltest.c | 12 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 17 |
12 files changed, 67 insertions, 88 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 750217fff6..1e611c44be 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1321,7 +1321,7 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_DH DH *dh = NULL; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL; BN_CTX *bn_ctx = NULL; EC_POINT *srvr_ecpoint = NULL; @@ -1385,7 +1385,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_dh_tmp = NULL; } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->session->sess_cert->peer_ecdh_tmp) { EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); s->session->sess_cert->peer_ecdh_tmp = NULL; @@ -1724,7 +1724,7 @@ int ssl3_get_key_exchange(SSL *s) } #endif /* !OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (alg_k & SSL_kECDHE) { EC_GROUP *ngroup; const EC_GROUP *group; @@ -1822,7 +1822,7 @@ int ssl3_get_key_exchange(SSL *s) X509_get_pubkey(s->session-> sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC else if (alg_a & SSL_aECDSA) pkey = X509_get_pubkey(s->session-> @@ -1841,7 +1841,7 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ /* p points to the next byte, there are 'n' bytes left */ @@ -1961,7 +1961,7 @@ int ssl3_get_key_exchange(SSL *s) if (dh != NULL) DH_free(dh); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); EC_POINT_free(srvr_ecpoint); if (ecdh != NULL) @@ -2299,7 +2299,7 @@ int ssl3_send_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_KRB5 KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *clnt_ecdh = NULL; const EC_POINT *srvr_ecpoint = NULL; EVP_PKEY *srvr_pub_pkey = NULL; @@ -2597,7 +2597,7 @@ int ssl3_send_client_key_exchange(SSL *s) } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; @@ -2768,7 +2768,7 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ else if (alg_k & SSL_kGOST) { /* GOST key exchange message creation */ EVP_PKEY_CTX *pkey_ctx; @@ -3054,7 +3054,7 @@ int ssl3_send_client_key_exchange(SSL *s) OPENSSL_free(pms); s->cert->pms = NULL; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); if (encodedPoint != NULL) OPENSSL_free(encodedPoint); @@ -3156,7 +3156,7 @@ int ssl3_send_client_verify(SSL *s) n = j + 2; } else #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { if (!ECDSA_sign(pkey->save_type, &(data[MD5_DIGEST_LENGTH]), @@ -3365,7 +3365,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) /* This is the passed certificate */ idx = sc->peer_cert_type; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (idx == SSL_PKEY_ECC) { if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) { /* check failed */ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 20ce112e5f..f4369eb928 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2051,7 +2051,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { }, #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* Cipher C001 */ { 1, @@ -2451,7 +2451,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -#endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_SRP /* Cipher C01A */ @@ -2598,7 +2598,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, }, #endif /* OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ @@ -2973,7 +2973,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256}, # endif /* OPENSSL_NO_CAMELLIA */ -#endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_EC */ #ifdef TEMP_GOST_TLS /* Cipher FF00 */ @@ -3138,7 +3138,7 @@ void ssl3_free(SSL *s) if (s->s3->tmp.dh != NULL) DH_free(s->s3->tmp.dh); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->s3->tmp.ecdh != NULL) EC_KEY_free(s->s3->tmp.ecdh); #endif @@ -3183,7 +3183,7 @@ void ssl3_clear(SSL *s) s->s3->tmp.dh = NULL; } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->s3->tmp.ecdh != NULL) { EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; @@ -3357,7 +3357,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) s->cert->dh_tmp_auto = larg; return 1; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { EC_KEY *ecdh = NULL; @@ -3389,7 +3389,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { @@ -3558,7 +3558,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_SHARED_CURVE: return tls1_shared_curve(s, larg); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC case SSL_CTRL_SET_ECDH_AUTO: s->cert->ecdh_tmp_auto = larg; return 1; @@ -3629,7 +3629,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY *ptmp; int rv = 0; sc = s->session->sess_cert; -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH) +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) return 0; #endif @@ -3645,7 +3645,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) else if (sc->peer_dh_tmp) rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (sc->peer_ecdh_tmp) rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); #endif @@ -3736,7 +3736,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH_CB: { s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; @@ -3847,7 +3847,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->cert->dh_tmp_auto = larg; return 1; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { EC_KEY *ecdh = NULL; @@ -3881,7 +3881,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg = parg; @@ -3955,7 +3955,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, parg); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC case SSL_CTRL_SET_ECDH_AUTO: ctx->cert->ecdh_tmp_auto = larg; return 1; @@ -4059,7 +4059,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH_CB: { cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; @@ -4251,14 +4251,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_ECDH /* * if we are considering an ECC cipher suite that uses an ephemeral * EC key check it */ if (alg_k & SSL_kECDHE) ok = ok && tls1_check_ec_tmp_key(s, c->id); -# endif /* OPENSSL_NO_ECDH */ # endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_TLSEXT */ @@ -4346,16 +4344,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) if (!(alg_a & SSL_aDSS)) p[ret++] = SSL3_CT_DSS_SIGN; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { if (nostrict || !(alg_a & SSL_aRSA)) p[ret++] = TLS_CT_RSA_FIXED_ECDH; if (nostrict || !(alg_a & SSL_aECDSA)) p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; } -#endif - -#ifndef OPENSSL_NO_ECDSA /* * ECDSA certs can be used with RSA cipher suites as well so we don't * need to check for SSL_kECDH or SSL_kECDHE diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 39c1574eb4..ee66a5af0b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1532,7 +1532,7 @@ int ssl3_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_DH DH *dh = NULL, *dhp; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL, *ecdhp; unsigned char *encodedPoint = NULL; int encodedlen = 0; @@ -1654,7 +1654,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[2] = dh->pub_key; } else #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (type & SSL_kECDHE) { const EC_GROUP *group; @@ -1782,7 +1782,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[2] = NULL; r[3] = NULL; } else -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { /* @@ -1853,7 +1853,7 @@ int ssl3_send_server_key_exchange(SSL *s) p += nr[i]; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (type & SSL_kECDHE) { /* * XXX: For now, we only support named (not generic) curves. In @@ -3001,7 +3001,7 @@ int ssl3_get_cert_verify(SSL *s) } } else #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { j = ECDSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), @@ -1760,7 +1760,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, int keylength)); # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh) (SSL *ssl, int is_export, int keylength)); diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 3843aefe8d..504e4d7a46 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -122,7 +122,7 @@ int SSL_library_init(void) EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC EVP_add_digest(EVP_ecdsa()); #endif #ifndef OPENSSL_NO_COMP diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 974259969f..fa0c693b2f 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -175,7 +175,7 @@ void ssl_cert_set_default_md(CERT *cert) cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif } @@ -261,7 +261,7 @@ CERT *ssl_cert_dup(CERT *cert) ret->dh_tmp_auto = cert->dh_tmp_auto; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (cert->ecdh_tmp) { ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); if (ret->ecdh_tmp == NULL) { @@ -450,7 +450,7 @@ void ssl_cert_free(CERT *c) if (c->dh_tmp) DH_free(c->dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); #endif @@ -683,7 +683,7 @@ void ssl_sess_cert_free(SESS_CERT *sc) if (sc->peer_dh_tmp != NULL) DH_free(sc->peer_dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (sc->peer_ecdh_tmp != NULL) EC_KEY_free(sc->peer_ecdh_tmp); #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 12820b6acb..f220e8e572 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -748,12 +748,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, *mkey |= SSL_kKRB5; *auth |= SSL_aKRB5; #endif -#ifdef OPENSSL_NO_ECDSA - *auth |= SSL_aECDSA; -#endif -#ifdef OPENSSL_NO_ECDH +#ifdef OPENSSL_NO_EC *mkey |= SSL_kECDHe | SSL_kECDHr; - *auth |= SSL_aECDH; + *auth |= SSL_aECDSA | SSL_aECDH; #endif #ifdef OPENSSL_NO_PSK *mkey |= SSL_kPSK; @@ -1437,7 +1434,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); return 0; } -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC switch (suiteb_flags) { case SSL_CERT_FLAG_SUITEB_128_LOS: if (suiteb_comb2) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 354f218cee..cfed40ddc2 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -257,7 +257,7 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -447,7 +447,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"), SSL_CONF_CMD_STRING(Curves, "curves"), -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"), #endif SSL_CONF_CMD_STRING(CipherString, "cipher"), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c535a42900..3bce4cf9a2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2153,13 +2153,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) int rsa_enc_export, dh_rsa_export, dh_dsa_export; int rsa_tmp_export, dh_tmp_export, kl; unsigned long mask_k, mask_a, emask_k, emask_a; -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok, ecc_pkey_size; -#endif -#ifndef OPENSSL_NO_ECDH int have_ecdh_tmp, ecdh_ok; -#endif -#ifndef OPENSSL_NO_EC X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0, pk_nid = 0, md_nid = 0; @@ -2185,7 +2181,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) dh_tmp = dh_tmp_export = 0; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); #endif cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); @@ -2283,10 +2279,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) x = cpk->x509; /* This call populates extension flags (ex_flags) */ X509_check_purpose(x, -1, 0); -# ifndef OPENSSL_NO_ECDH ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; -# endif ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; if (!(cpk->valid_flags & CERT_PKEY_SIGN)) @@ -2298,7 +2292,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); } -# ifndef OPENSSL_NO_ECDH if (ecdh_ok) { if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { @@ -2319,17 +2312,14 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) } } } -# endif -# ifndef OPENSSL_NO_ECDSA if (ecdsa_ok) { mask_a |= SSL_aECDSA; emask_a |= SSL_aECDSA; } -# endif } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (have_ecdh_tmp) { mask_k |= SSL_kECDHE; emask_k |= SSL_kECDHE; @@ -3267,7 +3257,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh) (SSL *ssl, int is_export, int keylength)) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 7a8a303648..a16ad08047 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1350,7 +1350,7 @@ typedef struct ssl3_state_st { # ifndef OPENSSL_NO_DH DH *dh; # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *ecdh; /* holds short lived ECDH key */ # endif /* used when SSL_ST_FLUSH_DATA is entered */ @@ -1662,7 +1662,7 @@ typedef struct cert_st { DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); int dh_tmp_auto; # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *ecdh_tmp; /* Callback for generating ephemeral ECDH keys */ EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize); @@ -1760,7 +1760,7 @@ typedef struct sess_cert_st { # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; /* not used for SSL 2 */ # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *peer_ecdh_tmp; # endif int references; /* actually always 1 at the moment */ @@ -2317,7 +2317,7 @@ int tls1_alert_code(int code); int ssl3_alert_code(int code); int ssl_ok(SSL *s); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); # endif @@ -2332,9 +2332,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str); -# ifndef OPENSSL_NO_ECDH int tls1_check_ec_tmp_key(SSL *s, unsigned long id); -# endif /* OPENSSL_NO_ECDH */ # endif /* OPENSSL_NO_EC */ # ifndef OPENSSL_NO_TLSEXT diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 89fb44a4ca..7a157a694b 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -774,7 +774,7 @@ static void sv_usage(void) " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); #endif #ifndef OPENSSL_NO_PSK @@ -803,7 +803,7 @@ static void sv_usage(void) " -time - measure processor time used by client and server\n"); fprintf(stderr, " -zlib - use zlib compression\n"); fprintf(stderr, " -rle - use rle compression\n"); -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" " Use \"openssl ecparam -list_curves\" for all names\n" @@ -967,7 +967,7 @@ int main(int argc, char *argv[]) char *server_key = NULL; char *client_cert = TEST_CLIENT_CERT; char *client_key = NULL; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC char *named_curve = NULL; #endif SSL_CTX *s_ctx = NULL; @@ -980,7 +980,7 @@ int main(int argc, char *argv[]) DH *dh; int dhe1024 = 0, dhe1024dsa = 0; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL; #endif #ifndef OPENSSL_NO_SRP @@ -1206,7 +1206,7 @@ int main(int argc, char *argv[]) else if (strcmp(*argv, "-named_curve") == 0) { if (--argc < 1) goto bad; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC named_curve = *(++argv); #else fprintf(stderr, @@ -1470,7 +1470,7 @@ int main(int argc, char *argv[]) (void)no_dhe; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (!no_ecdhe) { int nid; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c91b761647..8296ea1f5c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -798,7 +798,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) return rv; } -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC /* Check EC temporary key is compatible with client extensions */ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) { @@ -863,7 +863,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) return tls1_check_ec_key(s, curve_id, NULL); # endif } -# endif /* OPENSSL_NO_ECDH */ +# endif /* OPENSSL_NO_EC */ #else @@ -893,9 +893,8 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) # define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, # endif -# ifdef OPENSSL_NO_ECDSA -# define tlsext_sigalg_ecdsa(md) - /* */ +# ifdef OPENSSL_NO_EC +# define tlsext_sigalg_ecdsa(md) /* */ # else # define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, # endif @@ -913,7 +912,7 @@ static const unsigned char tls12_sigalgs[] = { tlsext_sigalg(TLSEXT_hash_sha1) }; -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC static const unsigned char suiteb_sigalgs[] = { tlsext_sigalg_ecdsa(TLSEXT_hash_sha256) tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) @@ -3246,7 +3245,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg) case TLSEXT_signature_dsa: return SSL_PKEY_DSA_SIGN; # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC case TLSEXT_signature_ecdsa: return SSL_PKEY_ECC; # endif @@ -3326,7 +3325,7 @@ void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op) have_dsa = 1; break; # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC case TLSEXT_signature_ecdsa: if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs)) have_ecdsa = 1; @@ -3521,7 +3520,7 @@ int tls1_process_sigalgs(SSL *s) c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); } # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC if (!c->pkeys[SSL_PKEY_ECC].digest) c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); # endif |