diff options
Diffstat (limited to 'providers/common')
-rw-r--r-- | providers/common/capabilities.c | 62 |
1 files changed, 34 insertions, 28 deletions
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c index 44764fd70a..f935268ab2 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -19,6 +19,8 @@ #include "prov/providercommon.h" #include "e_os.h" +/* If neither ec or dh is available then we have no TLS-GROUP capabilities */ +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) typedef struct tls_group_constants_st { unsigned int group_id; /* Group ID */ unsigned int secbits; /* Bits of security */ @@ -97,83 +99,87 @@ static const TLS_GROUP_CONSTANTS group_list[35] = { } static const OSSL_PARAM param_group_list[][10] = { -#ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_EC2M +# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect163k1", "sect163k1", "EC", 0), -# endif -# ifndef FIPS_MODULE +# endif +# ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect163r1", "sect163r1", "EC", 1), -# endif -# ifndef OPENSSL_NO_EC2M +# endif +# ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect163r2", "sect163r2", "EC", 2), -# endif -# ifndef FIPS_MODULE +# endif +# ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect193r1", "sect193r1", "EC", 3), TLS_GROUP_ENTRY("sect193r2", "sect193r2", "EC", 4), -# endif -# ifndef OPENSSL_NO_EC2M +# endif +# ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect233k1", "sect233k1", "EC", 5), TLS_GROUP_ENTRY("sect233r1", "sect233r1", "EC", 6), -# endif -# ifndef FIPS_MODULE +# endif +# ifndef FIPS_MODULE TLS_GROUP_ENTRY("sect239k1", "sect239k1", "EC", 7), -# endif -# ifndef OPENSSL_NO_EC2M +# endif +# ifndef OPENSSL_NO_EC2M TLS_GROUP_ENTRY("sect283k1", "sect283k1", "EC", 8), TLS_GROUP_ENTRY("sect283r1", "sect283r1", "EC", 9), TLS_GROUP_ENTRY("sect409k1", "sect409k1", "EC", 10), TLS_GROUP_ENTRY("sect409r1", "sect409r1", "EC", 11), TLS_GROUP_ENTRY("sect571k1", "sect571k1", "EC", 12), TLS_GROUP_ENTRY("sect571r1", "sect571r1", "EC", 13), -# endif -# ifndef FIPS_MODULE +# endif +# ifndef FIPS_MODULE TLS_GROUP_ENTRY("secp160k1", "secp160k1", "EC", 14), TLS_GROUP_ENTRY("secp160r1", "secp160r1", "EC", 15), TLS_GROUP_ENTRY("secp160r2", "secp160r2", "EC", 16), TLS_GROUP_ENTRY("secp192k1", "secp192k1", "EC", 17), -# endif +# endif TLS_GROUP_ENTRY("secp192r1", "prime192v1", "EC", 18), -# ifndef FIPS_MODULE +# ifndef FIPS_MODULE TLS_GROUP_ENTRY("secp224k1", "secp224k1", "EC", 19), -# endif +# endif TLS_GROUP_ENTRY("secp224r1", "secp224r1", "EC", 20), -# ifndef FIPS_MODULE +# ifndef FIPS_MODULE TLS_GROUP_ENTRY("secp256k1", "secp256k1", "EC", 21), -# endif +# endif TLS_GROUP_ENTRY("secp256r1", "prime256v1", "EC", 22), TLS_GROUP_ENTRY("secp384r1", "secp384r1", "EC", 23), TLS_GROUP_ENTRY("secp521r1", "secp521r1", "EC", 24), -# ifndef FIPS_MODULE +# ifndef FIPS_MODULE TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), -# endif +# endif TLS_GROUP_ENTRY("x25519", "x25519", "X25519", 28), TLS_GROUP_ENTRY("x448", "x448", "X448", 29), -#endif /* OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_DH +# endif /* OPENSSL_NO_EC */ +# ifndef OPENSSL_NO_DH /* Security bit values for FFDHE groups are as per RFC 7919 */ TLS_GROUP_ENTRY("ffdhe2048", "ffdhe2048", "DH", 30), TLS_GROUP_ENTRY("ffdhe3072", "ffdhe3072", "DH", 31), TLS_GROUP_ENTRY("ffdhe4096", "ffdhe4096", "DH", 32), TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 33), TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 34), -#endif +# endif }; +#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg) { +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) size_t i; -#if !defined(OPENSSL_NO_EC) \ +# if !defined(OPENSSL_NO_EC) \ && !defined(OPENSSL_NO_EC2M) \ && !defined(OPENSSL_NO_DH) \ && !defined(FIPS_MODULE) assert(OSSL_NELEM(param_group_list) == OSSL_NELEM(group_list)); -#endif +# endif + for (i = 0; i < OSSL_NELEM(param_group_list); i++) if (!cb(param_group_list[i], arg)) return 0; +#endif return 1; } |