Make no-ec compilation work.

(cherry picked from commit 14536c8c9c0abb894afcadb9a58b4b29fc8f7a4d)
author: Dr. Stephen Henson <steve@openssl.org> 2013-08-17 17:40:08 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-08-19 14:13:38 +0100
commit: 5b430cfc441e7e442199ccfaefb99af2b13dc44e (patch)
tree: a27bef52db1875d47e744584951883be5a16c9e8 /ssl
parent: 171c4da568bc8606e107cfaa3c994e3b961bec30 (diff)
5 files changed, 49 insertions, 18 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 6f2c6f4fbc..f3acb8a96a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3397,6 +3397,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		else
 			return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
 
+#ifndef OPENSSL_NO_EC
 	case SSL_CTRL_GET_CURVES:
 		{
 		unsigned char *clist;
@@ -3439,7 +3440,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 	case SSL_CTRL_SET_ECDH_AUTO:
 		s->cert->ecdh_tmp_auto = larg;
 		return 1;
-
+#endif
 	case SSL_CTRL_SET_SIGALGS:
 		return tls1_set_sigalgs(s->cert, parg, larg, 0);
 
@@ -3510,9 +3511,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 			EVP_PKEY *ptmp;
 			int rv = 0;
 			sc = s->session->sess_cert;
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
 			if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
 							&& !sc->peer_ecdh_tmp)
 				return 0;
+#endif
 			ptmp = EVP_PKEY_new();
 			if (!ptmp)
 				return 0;
@@ -3537,7 +3540,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 			EVP_PKEY_free(ptmp);
 			return 0;
 			}
-
+#ifndef OPENSSL_NO_EC
 	case SSL_CTRL_GET_EC_POINT_FORMATS:
 		{
 		SSL_SESSION *sess = s->session;
@@ -3547,7 +3550,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		*pformat = sess->tlsext_ecpointformatlist;
 		return (int)sess->tlsext_ecpointformatlist_length;
 		}
-
+#endif
 	default:
 		break;
 		}
@@ -3812,6 +3815,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 		break;
 #endif
 
+#ifndef OPENSSL_NO_EC
 	case SSL_CTRL_SET_CURVES:
 		return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
 					&ctx->tlsext_ellipticcurvelist_length,
@@ -3824,7 +3828,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 	case SSL_CTRL_SET_ECDH_AUTO:
 		ctx->cert->ecdh_tmp_auto = larg;
 		return 1;
-
+#endif
 	case SSL_CTRL_SET_SIGALGS:
 		return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
 
@@ -4137,7 +4141,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 	int ret=0;
 	const unsigned char *sig;
 	size_t i, siglen;
-	int have_rsa_sign = 0, have_dsa_sign = 0, have_ecdsa_sign = 0;
+	int have_rsa_sign = 0, have_dsa_sign = 0;
+#ifndef OPENSSL_NO_ECDSA
+	int have_ecdsa_sign = 0;
+#endif
 	int nostrict = 1;
 	unsigned long alg_k;
 
@@ -4162,10 +4169,11 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 		case TLSEXT_signature_dsa:
 			have_dsa_sign = 1;
 			break;
-
+#ifndef OPENSSL_NO_ECDSA
 		case TLSEXT_signature_ecdsa:
 			have_ecdsa_sign = 1;
 			break;
+#endif
 			}
 		}
 
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 4d87d2dbc4..7c649109ec 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1350,7 +1350,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 
 	return(retval);
 	}
-
+#ifndef OPENSSL_NO_EC
 static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
 					const char **prule_str)
 	{
@@ -1405,6 +1405,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
 	c->ecdh_tmp_auto = 1;
 	return 1;
 	}
+#endif
 
 
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1424,10 +1425,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 */
 	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
 		return NULL;
-
+#ifndef OPENSSL_NO_EC
 	if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
 		return NULL;
-
+#endif
 
 	/*
 	 * To reduce the work to do we only want to process the compiled
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 437f385f05..1f4c4dd153 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -253,7 +253,7 @@ static int cmd_curves(SSL_CONF_CTX *cctx, const char *value)
 		rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
 	return rv > 0;
 	}
-
+#ifndef OPENSSL_NO_ECDH
 /* ECDH temporary parameters */
 static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
 	{
@@ -314,7 +314,7 @@ static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
 
 	return rv > 0;
 	}
-
+#endif
 static int cmd_cipher_list(SSL_CONF_CTX *cctx, const char *value)
 	{
 	int rv = 1;
@@ -378,7 +378,9 @@ static ssl_conf_cmd_tbl ssl_conf_cmds[] = {
 	{cmd_sigalgs,		"SignatureAlgorithms", "sigalgs"},
 	{cmd_client_sigalgs,	"ClientSignatureAlgorithms", "client_sigalgs"},
 	{cmd_curves,		"Curves", "curves"},
+#ifndef OPENSSL_NO_ECDH
 	{cmd_ecdhparam,		"ECDHParameters", "named_curve"},
+#endif
 	{cmd_cipher_list,	"CipherString", "cipher"},
 	{cmd_protocol,		"Protocol", NULL},
 	{cmd_options,		"Options", NULL},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 541efba064..dad33fa14b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1186,8 +1186,10 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
 		{
 		switch (cmd)
 			{
+#ifndef OPENSSL_NO_EC
 		case SSL_CTRL_SET_CURVES_LIST:
 			return tls1_set_curves_list(NULL, NULL, parg);
+#endif
 		case SSL_CTRL_SET_SIGALGS_LIST:
 		case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
 			return tls1_set_sigalgs_list(NULL, parg, 0);
@@ -2179,14 +2181,17 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 	int rsa_enc_export,dh_rsa_export,dh_dsa_export;
 	int rsa_tmp_export,dh_tmp_export,kl;
 	unsigned long mask_k,mask_a,emask_k,emask_a;
-	int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDSA
+	int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
+#endif
 #ifndef OPENSSL_NO_ECDH
-	int have_ecdh_tmp;
+	int have_ecdh_tmp, ecdh_ok;
 #endif
+#ifndef OPENSSL_NO_EC
 	X509 *x = NULL;
 	EVP_PKEY *ecc_pkey = NULL;
 	int signature_nid = 0, pk_nid = 0, md_nid = 0;
-
+#endif
 	if (c == NULL) return;
 
 	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
@@ -2224,7 +2229,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 	dh_dsa=  cpk->valid_flags & CERT_PKEY_VALID;
 	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
 	cpk= &(c->pkeys[SSL_PKEY_ECC]);
+#ifndef OPENSSL_NO_EC
 	have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
+#endif
 	mask_k=0;
 	mask_a=0;
 	emask_k=0;
@@ -2304,6 +2311,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 	/* An ECC certificate may be usable for ECDH and/or
 	 * ECDSA cipher suites depending on the key usage extension.
 	 */
+#ifndef OPENSSL_NO_EC
 	if (have_ecc_cert)
 		{
 		cpk = &c->pkeys[SSL_PKEY_ECC];
@@ -2360,6 +2368,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 			}
 #endif
 		}
+#endif
 
 #ifndef OPENSSL_NO_ECDH
 	if (have_ecdh_tmp)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index decc94d1a3..ea10a52f91 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -769,6 +769,13 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
 #endif
 	}
 
+#else
+
+static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
+	{
+	return 1;
+	}
+
 #endif /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -816,17 +823,18 @@ static unsigned char tls12_sigalgs[] = {
 	tlsext_sigalg_rsa(TLSEXT_hash_md5)
 #endif
 };
-
+#ifndef OPENSSL_NO_ECDSA
 static unsigned char suiteb_sigalgs[] = {
 	tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
 	tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
 };
-
+#endif
 size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
 	{
 	/* If Suite B mode use Suite B sigalgs only, ignore any other
 	 * preferences.
 	 */
+#ifndef OPENSSL_NO_EC
 	switch (tls1_suiteb(s))
 		{
 	case SSL_CERT_FLAG_SUITEB_128_LOS:
@@ -841,7 +849,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
 		*psigs = suiteb_sigalgs + 2;
 		return 2;
 		}
-
+#endif
 	/* If server use client authentication sigalgs if not NULL */
 	if (s->server && s->cert->client_sigalgs)
 		{
@@ -883,6 +891,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 		SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,SSL_R_WRONG_SIGNATURE_TYPE);
 		return 0;
 		}
+#ifndef OPENSSL_NO_EC
 	if (pkey->type == EVP_PKEY_EC)
 		{
 		unsigned char curve_id[2], comp_id;
@@ -923,6 +932,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 		}
 	else if (tls1_suiteb(s))
 		return 0;
+#endif
 
 	/* Check signature matches a type we sent */
 	sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
@@ -1448,11 +1458,12 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 #ifndef OPENSSL_NO_NEXTPROTONEG
 	int next_proto_neg_seen;
 #endif
+#ifndef OPENSSL_NO_EC
 	unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
 	int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
 	using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
-
+#endif
 	/* don't add extensions for SSLv3, unless doing secure renegotiation */
 	if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
 		return p;
author	Dr. Stephen Henson <steve@openssl.org>	2013-08-17 17:40:08 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-08-19 14:13:38 +0100
commit	5b430cfc441e7e442199ccfaefb99af2b13dc44e (patch)
tree	a27bef52db1875d47e744584951883be5a16c9e8 /ssl
parent	171c4da568bc8606e107cfaa3c994e3b961bec30 (diff)