summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/d1_clnt.c12
-rw-r--r--lib/libssl/d1_srvr.c8
-rw-r--r--lib/libssl/s3_clnt.c51
-rw-r--r--lib/libssl/s3_lib.c45
-rw-r--r--lib/libssl/s3_srvr.c16
-rw-r--r--lib/libssl/ssl.h6
-rw-r--r--lib/libssl/ssl_algs.c2
-rw-r--r--lib/libssl/ssl_cert.c12
-rw-r--r--lib/libssl/ssl_ciph.c7
-rw-r--r--lib/libssl/ssl_lib.c6
-rw-r--r--lib/libssl/ssl_locl.h8
-rw-r--r--lib/libssl/ssl_rsa.c10
-rw-r--r--lib/libssl/t1_lib.c20
13 files changed, 3 insertions, 200 deletions
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index 3f159eed263..1ad65ba5416 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -925,10 +925,8 @@ dtls1_send_client_key_exchange(SSL *s)
unsigned char *p, *d;
int n;
unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
unsigned char *q;
EVP_PKEY *pkey = NULL;
-#endif
#ifndef OPENSSL_NO_KRB5
KSSL_ERR kssl_err;
#endif /* OPENSSL_NO_KRB5 */
@@ -950,7 +948,6 @@ dtls1_send_client_key_exchange(SSL *s)
/* Fool emacs indentation */
if (0) {
}
-#ifndef OPENSSL_NO_RSA
else if (alg_k & SSL_kRSA) {
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -1005,7 +1002,6 @@ dtls1_send_client_key_exchange(SSL *s)
tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
}
-#endif
#ifndef OPENSSL_NO_KRB5
else if (alg_k & SSL_kKRB5) {
krb5_error_code krb5rc;
@@ -1474,13 +1470,9 @@ dtls1_send_client_verify(SSL *s)
unsigned char *p, *d;
unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
unsigned u = 0;
-#endif
unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
int j;
-#endif
if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
d = (unsigned char *)s->init_buf->data;
@@ -1490,7 +1482,6 @@ dtls1_send_client_verify(SSL *s)
s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
&(data[MD5_DIGEST_LENGTH]));
-#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
s->method->ssl3_enc->cert_verify_mac(s,
NID_md5, &(data[0]));
@@ -1503,8 +1494,6 @@ dtls1_send_client_verify(SSL *s)
s2n(u, p);
n = u + 2;
} else
-#endif
-#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA) {
if (!DSA_sign(pkey->save_type,
&(data[MD5_DIGEST_LENGTH]),
@@ -1516,7 +1505,6 @@ dtls1_send_client_verify(SSL *s)
s2n(j, p);
n = j + 2;
} else
-#endif
#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC) {
if (!ECDSA_sign(pkey->save_type,
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index ce7b243c2db..6a10f7a3ddb 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -1000,13 +1000,11 @@ dtls1_send_server_done(SSL *s)
int
dtls1_send_server_key_exchange(SSL *s)
{
-#ifndef OPENSSL_NO_RSA
unsigned char *q;
int j, num;
RSA *rsa;
unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
unsigned int u;
-#endif
#ifndef OPENSSL_NO_DH
DH *dh = NULL, *dhp;
#endif
@@ -1041,7 +1039,6 @@ dtls1_send_server_key_exchange(SSL *s)
r[0] = r[1] = r[2] = r[3] = NULL;
n = 0;
-#ifndef OPENSSL_NO_RSA
if (type & SSL_kRSA) {
rsa = cert->rsa_tmp;
if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
@@ -1065,7 +1062,6 @@ dtls1_send_server_key_exchange(SSL *s)
r[1] = rsa->e;
s->s3->tmp.use_rsa_tmp = 1;
} else
-#endif
#ifndef OPENSSL_NO_DH
if (type & SSL_kEDH) {
dhp = cert->dh_tmp;
@@ -1310,7 +1306,6 @@ dtls1_send_server_key_exchange(SSL *s)
/* n is the length of the params, they start at
* &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
* at the end. */
-#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
q = md_buf;
j = 0;
@@ -1338,8 +1333,6 @@ dtls1_send_server_key_exchange(SSL *s)
s2n(u, p);
n += u + 2;
} else
-#endif
-#if !defined(OPENSSL_NO_DSA)
if (pkey->type == EVP_PKEY_DSA) {
/* lets do DSS */
EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
@@ -1354,7 +1347,6 @@ dtls1_send_server_key_exchange(SSL *s)
s2n(i, p);
n += i + 2;
} else
-#endif
#if !defined(OPENSSL_NO_ECDSA)
if (pkey->type == EVP_PKEY_EC) {
/* let's do ECDSA */
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 32405eac752..52e2174f6bb 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1183,18 +1183,14 @@ err:
int
ssl3_get_key_exchange(SSL *s)
{
-#ifndef OPENSSL_NO_RSA
unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
-#endif
EVP_MD_CTX md_ctx;
unsigned char *param, *p;
int al, i, j, param_len, ok;
long n, alg_k, alg_a;
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
-#ifndef OPENSSL_NO_RSA
RSA *rsa = NULL;
-#endif
#ifndef OPENSSL_NO_DH
DH *dh = NULL;
#endif
@@ -1232,12 +1228,10 @@ ssl3_get_key_exchange(SSL *s)
param = p = (unsigned char *)s->init_msg;
if (s->session->sess_cert != NULL) {
-#ifndef OPENSSL_NO_RSA
if (s->session->sess_cert->peer_rsa_tmp != NULL) {
RSA_free(s->session->sess_cert->peer_rsa_tmp);
s->session->sess_cert->peer_rsa_tmp = NULL;
}
-#endif
#ifndef OPENSSL_NO_DH
if (s->session->sess_cert->peer_dh_tmp) {
DH_free(s->session->sess_cert->peer_dh_tmp);
@@ -1356,20 +1350,12 @@ ssl3_get_key_exchange(SSL *s)
n -= param_len;
/* We must check if there is a certificate */
-#ifndef OPENSSL_NO_RSA
if (alg_a & SSL_aRSA)
pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
- if (0)
-;
-#endif
-#ifndef OPENSSL_NO_DSA
else if (alg_a & SSL_aDSS)
pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
} else
#endif /* !OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA) {
if ((rsa = RSA_new()) == NULL) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
@@ -1412,10 +1398,6 @@ ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_rsa_tmp = rsa;
rsa = NULL;
}
-#else /* OPENSSL_NO_RSA */
- if (0)
-;
-#endif
#ifndef OPENSSL_NO_DH
else if (alg_k & SSL_kEDH) {
if ((dh = DH_new()) == NULL) {
@@ -1462,17 +1444,10 @@ ssl3_get_key_exchange(SSL *s)
p += i;
n -= param_len;
-#ifndef OPENSSL_NO_RSA
if (alg_a & SSL_aRSA)
pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
- if (0)
-;
-#endif
-#ifndef OPENSSL_NO_DSA
else if (alg_a & SSL_aDSS)
pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
/* else anonymous DH, so no certificate or pkey. */
s->session->sess_cert->peer_dh_tmp = dh;
@@ -1561,10 +1536,8 @@ ssl3_get_key_exchange(SSL *s)
* key exchange message. We do support RSA and ECDSA.
*/
if (0);
-#ifndef OPENSSL_NO_RSA
else if (alg_a & SSL_aRSA)
pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#endif
#ifndef OPENSSL_NO_ECDSA
else if (alg_a & SSL_aECDSA)
pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
@@ -1627,7 +1600,6 @@ ssl3_get_key_exchange(SSL *s)
goto f_err;
}
-#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) {
int num;
@@ -1659,7 +1631,6 @@ ssl3_get_key_exchange(SSL *s)
goto f_err;
}
} else
-#endif
{
EVP_VerifyInit_ex(&md_ctx, md, NULL);
EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
@@ -1693,10 +1664,8 @@ f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
if (rsa != NULL)
RSA_free(rsa);
-#endif
#ifndef OPENSSL_NO_DH
if (dh != NULL)
DH_free(dh);
@@ -2042,10 +2011,8 @@ ssl3_send_client_key_exchange(SSL *s)
unsigned char *p, *d;
int n;
unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
unsigned char *q;
EVP_PKEY *pkey = NULL;
-#endif
#ifndef OPENSSL_NO_KRB5
KSSL_ERR kssl_err;
#endif /* OPENSSL_NO_KRB5 */
@@ -2067,7 +2034,6 @@ ssl3_send_client_key_exchange(SSL *s)
/* Fool emacs indentation */
if (0) {
}
-#ifndef OPENSSL_NO_RSA
else if (alg_k & SSL_kRSA) {
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -2122,7 +2088,6 @@ ssl3_send_client_key_exchange(SSL *s)
sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
}
-#endif
#ifndef OPENSSL_NO_KRB5
else if (alg_k & SSL_kKRB5) {
krb5_error_code krb5rc;
@@ -2760,7 +2725,6 @@ ssl3_send_client_verify(SSL *s)
if (!ssl3_digest_cached_records(s))
goto err;
} else
-#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
s->method->ssl3_enc->cert_verify_mac(
s, NID_md5, &(data[0]));
@@ -2773,8 +2737,6 @@ ssl3_send_client_verify(SSL *s)
s2n(u, p);
n = u + 2;
} else
-#endif
-#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA) {
if (!DSA_sign(pkey->save_type,
&(data[MD5_DIGEST_LENGTH]),
@@ -2786,7 +2748,6 @@ ssl3_send_client_verify(SSL *s)
s2n(j, p);
n = j + 2;
} else
-#endif
#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC) {
if (!ECDSA_sign(pkey->save_type,
@@ -2914,9 +2875,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
RSA *rsa;
-#endif
#ifndef OPENSSL_NO_DH
DH *dh;
#endif
@@ -2934,9 +2893,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
goto err;
}
-#ifndef OPENSSL_NO_RSA
rsa = s->session->sess_cert->peer_rsa_tmp;
-#endif
#ifndef OPENSSL_NO_DH
dh = s->session->sess_cert->peer_dh_tmp;
#endif
@@ -2966,19 +2923,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT);
goto f_err;
}
-#ifndef OPENSSL_NO_DSA
else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT);
goto f_err;
}
-#endif
-#ifndef OPENSSL_NO_RSA
if ((alg_k & SSL_kRSA) &&
!(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
goto f_err;
}
-#endif
#ifndef OPENSSL_NO_DH
if ((alg_k & SSL_kEDH) &&
!(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
@@ -2988,16 +2941,13 @@ ssl3_check_cert_and_algorithm(SSL *s)
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT);
goto f_err;
}
-#ifndef OPENSSL_NO_DSA
else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT);
goto f_err;
}
#endif
-#endif
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) {
-#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA) {
if (rsa == NULL ||
RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
@@ -3005,7 +2955,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
goto f_err;
}
} else
-#endif
#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
if (dh == NULL ||
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 8df07a1e4c7..288d885d9ec 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -3098,23 +3098,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
{
int ret = 0;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-#ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA ||
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH ||
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0) {
+ if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+ cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
if (!ssl_cert_inst(&s->cert)) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
return (0);
}
}
-#endif
switch (cmd) {
case SSL_CTRL_GET_SESSION_REUSED:
@@ -3135,7 +3125,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_FLAGS:
ret = (int)(s->s3->flags);
break;
-#ifndef OPENSSL_NO_RSA
case SSL_CTRL_NEED_TMP_RSA:
if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -3165,7 +3154,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (ret);
}
break;
-#endif
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
@@ -3331,30 +3319,19 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
{
int ret = 0;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-#ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0) {
+ if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) {
if (!ssl_cert_inst(&s->cert)) {
SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
return (0);
}
}
-#endif
switch (cmd) {
-#ifndef OPENSSL_NO_RSA
case SSL_CTRL_SET_TMP_RSA_CB:
{
s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
-#endif
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
@@ -3389,7 +3366,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
cert = ctx->cert;
switch (cmd) {
-#ifndef OPENSSL_NO_RSA
case SSL_CTRL_NEED_TMP_RSA:
if ((cert->rsa_tmp == NULL) &&
((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -3429,7 +3405,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return (0);
}
break;
-#endif
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
@@ -3599,13 +3574,11 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
cert = ctx->cert;
switch (cmd) {
-#ifndef OPENSSL_NO_RSA
case SSL_CTRL_SET_TMP_RSA_CB:
{
cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
-#endif
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
@@ -3962,29 +3935,17 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kDHr|SSL_kEDH)) {
-# ifndef OPENSSL_NO_RSA
p[ret++] = SSL3_CT_RSA_FIXED_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
p[ret++] = SSL3_CT_DSS_FIXED_DH;
-# endif
}
if ((s->version == SSL3_VERSION) &&
(alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
-# ifndef OPENSSL_NO_RSA
p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
-# endif
}
#endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
p[ret++] = SSL3_CT_RSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_DSA
p[ret++] = SSL3_CT_DSS_SIGN;
-#endif
#ifndef OPENSSL_NO_ECDH
if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
p[ret++] = TLS_CT_RSA_FIXED_ECDH;
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 927b0d7db1e..19e0495fe63 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1554,13 +1554,11 @@ ssl3_send_server_done(SSL *s)
int
ssl3_send_server_key_exchange(SSL *s)
{
-#ifndef OPENSSL_NO_RSA
unsigned char *q;
int j, num;
RSA *rsa;
unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
unsigned int u;
-#endif
#ifndef OPENSSL_NO_DH
DH *dh = NULL, *dhp;
#endif
@@ -1596,7 +1594,6 @@ ssl3_send_server_key_exchange(SSL *s)
r[0] = r[1] = r[2] = r[3] = NULL;
n = 0;
-#ifndef OPENSSL_NO_RSA
if (type & SSL_kRSA) {
rsa = cert->rsa_tmp;
if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
@@ -1623,7 +1620,6 @@ ssl3_send_server_key_exchange(SSL *s)
r[1] = rsa->e;
s->s3->tmp.use_rsa_tmp = 1;
} else
-#endif
#ifndef OPENSSL_NO_DH
if (type & SSL_kEDH) {
dhp = cert->dh_tmp;
@@ -1913,7 +1909,6 @@ ssl3_send_server_key_exchange(SSL *s)
* n is the length of the params, they start at &(d[4])
* and p points to the space at the end.
*/
-#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA
&& TLS1_get_version(s) < TLS1_2_VERSION) {
q = md_buf;
@@ -1946,7 +1941,6 @@ ssl3_send_server_key_exchange(SSL *s)
s2n(u, p);
n += u + 2;
} else
-#endif
if (md) {
/*
* For TLS1.2 and later send signature
@@ -2120,10 +2114,8 @@ ssl3_get_client_key_exchange(SSL *s)
long n;
unsigned long alg_k;
unsigned char *p;
-#ifndef OPENSSL_NO_RSA
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
-#endif
#ifndef OPENSSL_NO_DH
BIGNUM *pub = NULL;
DH *dh_srvr;
@@ -2149,7 +2141,6 @@ ssl3_get_client_key_exchange(SSL *s)
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA) {
/* FIX THIS UP EAY EAY EAY EAY */
if (s->s3->tmp.use_rsa_tmp) {
@@ -2259,7 +2250,6 @@ ssl3_get_client_key_exchange(SSL *s)
p, i);
OPENSSL_cleanse(p, i);
} else
-#endif
#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
n2s(p, i);
@@ -2851,9 +2841,7 @@ ssl3_get_client_key_exchange(SSL *s)
return (1);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
err:
-#endif
#ifndef OPENSSL_NO_ECDH
EVP_PKEY_free(clnt_pub_pkey);
EC_POINT_free(clnt_ecpoint);
@@ -3010,7 +2998,6 @@ ssl3_get_cert_verify(SSL *s)
goto f_err;
}
} else
-#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA) {
i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
@@ -3028,8 +3015,6 @@ ssl3_get_cert_verify(SSL *s)
goto f_err;
}
} else
-#endif
-#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA) {
j = DSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
@@ -3042,7 +3027,6 @@ ssl3_get_cert_verify(SSL *s)
goto f_err;
}
} else
-#endif
#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC) {
j = ECDSA_verify(pkey->save_type,
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index cefee6189d8..ef829797b7a 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1690,9 +1690,7 @@ int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
void SSL_set_verify(SSL *s, int mode,
int (*callback)(int ok, X509_STORE_CTX *ctx));
void SSL_set_verify_depth(SSL *s, int depth);
-#ifndef OPENSSL_NO_RSA
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
@@ -1765,9 +1763,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
int (*callback)(int, X509_STORE_CTX *));
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
-#ifndef OPENSSL_NO_RSA
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
@@ -1963,13 +1959,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
/* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*cb)(SSL *ssl, int is_export, int keylength));
void SSL_set_tmp_rsa_callback(SSL *ssl,
RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-#endif
#ifndef OPENSSL_NO_DH
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
DH *(*dh)(SSL *ssl, int is_export, int keylength));
diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c
index 463bf8ad66e..aaecb2da0fa 100644
--- a/lib/libssl/ssl_algs.c
+++ b/lib/libssl/ssl_algs.c
@@ -111,12 +111,10 @@ SSL_library_init(void)
EVP_add_digest(EVP_sha256());
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-#endif
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index cf5cfb97f62..a823c16edff 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -163,13 +163,9 @@ static void
ssl_cert_set_default_md(CERT *cert)
{
/* Set digest values to defaults */
-#ifndef OPENSSL_NO_DSA
cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_RSA
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-#endif
#ifndef OPENSSL_NO_ECDSA
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#endif
@@ -217,13 +213,11 @@ CERT
ret->export_mask_k = cert->export_mask_k;
ret->export_mask_a = cert->export_mask_a;
-#ifndef OPENSSL_NO_RSA
if (cert->rsa_tmp != NULL) {
RSA_up_ref(cert->rsa_tmp);
ret->rsa_tmp = cert->rsa_tmp;
}
ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
#ifndef OPENSSL_NO_DH
if (cert->dh_tmp != NULL) {
@@ -319,10 +313,8 @@ CERT
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
err:
#endif
-#ifndef OPENSSL_NO_RSA
if (ret->rsa_tmp != NULL)
RSA_free(ret->rsa_tmp);
-#endif
#ifndef OPENSSL_NO_DH
if (ret->dh_tmp != NULL)
DH_free(ret->dh_tmp);
@@ -355,10 +347,8 @@ ssl_cert_free(CERT *c)
if (i > 0)
return;
-#ifndef OPENSSL_NO_RSA
if (c->rsa_tmp)
RSA_free(c->rsa_tmp);
-#endif
#ifndef OPENSSL_NO_DH
if (c->dh_tmp)
DH_free(c->dh_tmp);
@@ -452,10 +442,8 @@ ssl_sess_cert_free(SESS_CERT *sc)
#endif
}
-#ifndef OPENSSL_NO_RSA
if (sc->peer_rsa_tmp != NULL)
RSA_free(sc->peer_rsa_tmp);
-#endif
#ifndef OPENSSL_NO_DH
if (sc->peer_dh_tmp != NULL)
DH_free(sc->peer_dh_tmp);
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index b56a93d4cbf..140a00ceca5 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -696,13 +696,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
*mac = 0;
*ssl = 0;
-#ifdef OPENSSL_NO_RSA
- *mkey |= SSL_kRSA;
- *auth |= SSL_aRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
- *auth |= SSL_aDSS;
-#endif
*mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
*auth |= SSL_aDH;
#ifdef OPENSSL_NO_DH
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 3ab652a6a49..37fff3a38fc 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1978,13 +1978,9 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
-#ifndef OPENSSL_NO_RSA
rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
- rsa_tmp = rsa_tmp_export = 0;
-#endif
#ifndef OPENSSL_NO_DH
dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
dh_tmp_export = (c->dh_tmp_cb != NULL ||
@@ -2990,7 +2986,6 @@ SSL_want(const SSL *s)
* \param cb the callback
*/
-#ifndef OPENSSL_NO_RSA
void
SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,
int is_export,
@@ -3006,7 +3001,6 @@ int keylength))
{
SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
}
-#endif
#ifdef DOXYGEN
/*!
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 483723736a6..5767c1dd4b1 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -159,12 +159,8 @@
#endif
#include <openssl/bio.h>
#include <openssl/stack.h>
-#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
-#endif
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -500,10 +496,8 @@ typedef struct cert_st {
unsigned long mask_a;
unsigned long export_mask_k;
unsigned long export_mask_a;
-#ifndef OPENSSL_NO_RSA
RSA *rsa_tmp;
RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
-#endif
#ifndef OPENSSL_NO_DH
DH *dh_tmp;
DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
@@ -531,9 +525,7 @@ typedef struct sess_cert_st {
/* Obviously we don't have the private keys of these,
* so maybe we shouldn't even use the CERT_PKEY type here. */
-#ifndef OPENSSL_NO_RSA
RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
#ifndef OPENSSL_NO_DH
DH *peer_dh_tmp; /* not used for SSL 2 */
#endif
diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c
index 078df55f06a..05d18de1d99 100644
--- a/lib/libssl/ssl_rsa.c
+++ b/lib/libssl/ssl_rsa.c
@@ -142,7 +142,6 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
return (ret);
}
-#ifndef OPENSSL_NO_RSA
int
SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
{
@@ -169,7 +168,6 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
EVP_PKEY_free(pkey);
return (ret);
}
-#endif
static int
ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
@@ -189,14 +187,12 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
EVP_PKEY_free(pktmp);
ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
/* Don't check the public/private key, this is mostly
* for smart cards. */
if ((pkey->type == EVP_PKEY_RSA) &&
(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
;
else
-#endif
if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
X509_free(c->pkeys[i].x509);
c->pkeys[i].x509 = NULL;
@@ -214,7 +210,6 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
return (1);
}
-#ifndef OPENSSL_NO_RSA
#ifndef OPENSSL_NO_STDIO
int
SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
@@ -274,7 +269,6 @@ SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
RSA_free(rsa);
return (ret);
}
-#endif /* !OPENSSL_NO_RSA */
int
SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
@@ -390,7 +384,6 @@ ssl_set_cert(CERT *c, X509 *x)
EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
ERR_clear_error();
-#ifndef OPENSSL_NO_RSA
/* Don't check the public/private key, this is mostly
* for smart cards. */
if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
@@ -398,7 +391,6 @@ ssl_set_cert(CERT *c, X509 *x)
RSA_METHOD_FLAG_NO_CHECK))
;
else
-#endif /* OPENSSL_NO_RSA */
if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
/* don't fail for a cert/key mismatch, just free
* current private key (when switching to a different
@@ -485,7 +477,6 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
return (ret);
}
-#ifndef OPENSSL_NO_RSA
int
SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
{
@@ -572,7 +563,6 @@ SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
RSA_free(rsa);
return (ret);
}
-#endif /* !OPENSSL_NO_RSA */
int
SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 304140d7f6d..6ee2289153f 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -310,17 +310,9 @@ tls1_ec_nid2curve_id(int nid)
* customisable at some point, for now include everything we support.
*/
-#ifdef OPENSSL_NO_RSA
-#define tlsext_sigalg_rsa(md) /* */
-#else
#define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
-#endif
-#ifdef OPENSSL_NO_DSA
-#define tlsext_sigalg_dsa(md) /* */
-#else
#define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
-#endif
#ifdef OPENSSL_NO_ECDSA
#define tlsext_sigalg_ecdsa(md) /* */
@@ -2202,12 +2194,8 @@ static tls12_lookup tls12_md[] = {
};
static tls12_lookup tls12_sig[] = {
-#ifndef OPENSSL_NO_RSA
{EVP_PKEY_RSA, TLSEXT_signature_rsa},
-#endif
-#ifndef OPENSSL_NO_DSA
{EVP_PKEY_DSA, TLSEXT_signature_dsa},
-#endif
#ifndef OPENSSL_NO_ECDSA
{EVP_PKEY_EC, TLSEXT_signature_ecdsa}
#endif
@@ -2307,16 +2295,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
unsigned char hash_alg = data[i], sig_alg = data[i + 1];
switch (sig_alg) {
-#ifndef OPENSSL_NO_RSA
case TLSEXT_signature_rsa:
idx = SSL_PKEY_RSA_SIGN;
break;
-#endif
-#ifndef OPENSSL_NO_DSA
case TLSEXT_signature_dsa:
idx = SSL_PKEY_DSA_SIGN;
break;
-#endif
#ifndef OPENSSL_NO_ECDSA
case TLSEXT_signature_ecdsa:
idx = SSL_PKEY_ECC;
@@ -2341,16 +2325,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
/* Set any remaining keys to default values. NOTE: if alg is not
* supported it stays as NULL.
*/
-#ifndef OPENSSL_NO_DSA
if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_RSA
if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
}
-#endif
#ifndef OPENSSL_NO_ECDSA
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-18 00:01:12 +0000