Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg

We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availability of crypto algorithms should be determined at runtime based on what providers have been loaded. Fixes #13616 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
author: Matt Caswell <matt@openssl.org> 2021-01-20 15:29:59 +0000
committer: Matt Caswell <matt@openssl.org> 2021-02-05 15:22:43 +0000
commit: e376242d28e08591af229674a2816ac6f4bb8fdf (patch)
tree: 375da20102fdc45ce4553a578e6e7cf13fb7ad75 /ssl
parent: 462f4f4bc0eeb6505a8914bd751b3f20b43ea778 (diff)
5 files changed, 5 insertions, 29 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 1e297d23d5..cf4d5fe4e7 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -297,10 +297,8 @@ int ssl3_setup_key_block(SSL *s)
             if (s->session->cipher->algorithm_enc == SSL_eNULL)
                 s->s3.need_empty_fragments = 0;
 
-#ifndef OPENSSL_NO_RC4
             if (s->session->cipher->algorithm_enc == SSL_RC4)
                 s->s3.need_empty_fragments = 0;
-#endif
         }
     }
 
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 12876add7f..ec19eeacc3 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -66,7 +66,6 @@ static SSL_CIPHER tls13_ciphers[] = {
         256,
         256,
     },
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
     {
         1,
         TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
@@ -83,7 +82,6 @@ static SSL_CIPHER tls13_ciphers[] = {
         256,
         256,
     },
-#endif
     {
         1,
         TLS1_3_RFC_AES_128_CCM_SHA256,
@@ -2036,7 +2034,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
      256,
      },
 
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
     {
      1,
      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
@@ -2149,10 +2146,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      256,
      256,
      },
-#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
-                                 * !defined(OPENSSL_NO_POLY1305) */
 
-#ifndef OPENSSL_NO_CAMELLIA
     {
      1,
      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@@ -2601,7 +2595,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
      256,
      256,
      },
-#endif                          /* OPENSSL_NO_CAMELLIA */
 
 #ifndef OPENSSL_NO_GOST
     {
@@ -2718,7 +2711,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
      },
 #endif                          /* OPENSSL_NO_GOST */
 
-#ifndef OPENSSL_NO_IDEA
     {
      1,
      SSL3_TXT_RSA_IDEA_128_SHA,
@@ -2735,9 +2727,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      128,
      128,
      },
-#endif
 
-#ifndef OPENSSL_NO_SEED
     {
      1,
      TLS1_TXT_RSA_WITH_SEED_SHA,
@@ -2802,7 +2792,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
      128,
      128,
      },
-#endif                          /* OPENSSL_NO_SEED */
 
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
     {
@@ -2967,7 +2956,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
      },
 #endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
 
-#ifndef OPENSSL_NO_ARIA
     {
      1,
      TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
@@ -3224,7 +3212,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
      256,
      256,
      },
-#endif /* OPENSSL_NO_ARIA */
 };
 
 /*
@@ -4120,9 +4107,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     STACK_OF(SSL_CIPHER) *prio, *allow;
     int i, ii, ok, prefer_sha256 = 0;
     unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
-#ifndef OPENSSL_NO_CHACHA
     STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
-#endif
 
     /* Let's see which ciphers we can support */
 
@@ -4155,7 +4140,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
         prio = srvr;
         allow = clnt;
-#ifndef OPENSSL_NO_CHACHA
+
         /* If ChaCha20 is at the top of the client preference list,
            and there are ChaCha20 ciphers in the server list, then
            temporarily prioritize all ChaCha20 ciphers in the servers list. */
@@ -4194,7 +4179,6 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                 }
             }
         }
-# endif
     } else {
         prio = clnt;
         allow = srvr;
@@ -4308,9 +4292,9 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
             break;
         }
     }
-#ifndef OPENSSL_NO_CHACHA
+
     sk_SSL_CIPHER_free(prio_chacha);
-#endif
+
     return ret;
 }
 
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 43dcf2d6fe..d517799895 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -2215,8 +2215,6 @@ const char *OSSL_default_cipher_list(void)
 const char *OSSL_default_ciphersuites(void)
 {
     return "TLS_AES_256_GCM_SHA384:"
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
            "TLS_CHACHA20_POLY1305_SHA256:"
-#endif
            "TLS_AES_128_GCM_SHA256";
 }
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 67d148473e..531872bfb0 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -597,10 +597,8 @@ int tls1_setup_key_block(SSL *s)
             if (s->session->cipher->algorithm_enc == SSL_eNULL)
                 s->s3.need_empty_fragments = 0;
 
-#ifndef OPENSSL_NO_RC4
             if (s->session->cipher->algorithm_enc == SSL_RC4)
                 s->s3.need_empty_fragments = 0;
-#endif
         }
     }
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5101c7a4da..a7b5a6cc3f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -981,14 +981,14 @@ static const uint16_t tls12_sigalgs[] = {
 
     TLSEXT_SIGALG_rsa_pkcs1_sha224,
     TLSEXT_SIGALG_rsa_pkcs1_sha1,
-#ifndef OPENSSL_NO_DSA
+
     TLSEXT_SIGALG_dsa_sha224,
     TLSEXT_SIGALG_dsa_sha1,
 
     TLSEXT_SIGALG_dsa_sha256,
     TLSEXT_SIGALG_dsa_sha384,
     TLSEXT_SIGALG_dsa_sha512,
-#endif
+
 #ifndef OPENSSL_NO_GOST
     TLSEXT_SIGALG_gostr34102012_256_intrinsic,
     TLSEXT_SIGALG_gostr34102012_512_intrinsic,
@@ -1059,7 +1059,6 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
     {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
      NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
      NID_sha1WithRSAEncryption, NID_undef, 1},
-#ifndef OPENSSL_NO_DSA
     {NULL, TLSEXT_SIGALG_dsa_sha256,
      NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
      NID_dsa_with_SHA256, NID_undef, 1},
@@ -1075,7 +1074,6 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
     {NULL, TLSEXT_SIGALG_dsa_sha1,
      NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
      NID_dsaWithSHA1, NID_undef, 1},
-#endif
 #ifndef OPENSSL_NO_GOST
     {NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic,
      NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
author	Matt Caswell <matt@openssl.org>	2021-01-20 15:29:59 +0000
committer	Matt Caswell <matt@openssl.org>	2021-02-05 15:22:43 +0000
commit	e376242d28e08591af229674a2816ac6f4bb8fdf (patch)
tree	375da20102fdc45ce4553a578e6e7cf13fb7ad75 /ssl
parent	462f4f4bc0eeb6505a8914bd751b3f20b43ea778 (diff)