From 65d2c16cbe0da8efed2f285f59930297326fb435 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 12 Nov 2018 14:23:07 +0000
Subject: Fix no-ec and no-tls1_2

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7620)
---
 ssl/ssl_locl.h          | 2 ++
 ssl/statem/statem_lib.c | 9 ++++++++-
 ssl/t1_lib.c            | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'ssl')

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e9c5c5cf80..70e5a1740f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2572,7 +2572,9 @@ __owur int tls1_process_sigalgs(SSL *s);
 __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
 __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
 __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+#  ifndef OPENSSL_NO_EC
 __owur int tls_check_sigalg_curve(const SSL *s, int curve);
+#  endif
 __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
 __owur int ssl_set_client_disabled(SSL *s);
 __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 95c22062ba..4324896f50 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1506,8 +1506,11 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
  */
 static int is_tls13_capable(const SSL *s)
 {
-    int i, curve;
+    int i;
+#ifndef OPENSSL_NO_EC
+    int curve;
     EC_KEY *eckey;
+#endif
 
 #ifndef OPENSSL_NO_PSK
     if (s->psk_server_callback != NULL)
@@ -1530,6 +1533,7 @@ static int is_tls13_capable(const SSL *s)
         }
         if (!ssl_has_cert(s, i))
             continue;
+#ifndef OPENSSL_NO_EC
         if (i != SSL_PKEY_ECC)
             return 1;
         /*
@@ -1543,6 +1547,9 @@ static int is_tls13_capable(const SSL *s)
         curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
         if (tls_check_sigalg_curve(s, curve))
             return 1;
+#else
+        return 1;
+#endif
     }
 
     return 0;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fe13a39c38..3415c6335f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -949,6 +949,7 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
     }
 }
 
+#ifndef OPENSSL_NO_EC
 /*
  * Called by servers only. Checks that we have a sig alg that supports the
  * specified EC curve.
@@ -979,6 +980,7 @@ int tls_check_sigalg_curve(const SSL *s, int curve)
 
     return 0;
 }
+#endif
 
 /*
  * Check signature algorithm is consistent with sent supported signature
-- 
cgit v1.2.3