diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/s3_both.c | 2 | ||||
-rw-r--r-- | lib/libssl/s3_lib.c | 6 | ||||
-rw-r--r-- | lib/libssl/ssl.h | 4 | ||||
-rw-r--r-- | lib/libssl/ssl3.h | 2 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 4 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 4 | ||||
-rw-r--r-- | lib/libssl/ssl_sess.c | 6 | ||||
-rw-r--r-- | lib/libssl/t1_lib.c | 22 |
8 files changed, 0 insertions, 50 deletions
diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 54b73451eb4..2a96c199146 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -550,11 +550,9 @@ ssl_cert_type(X509 *x, EVP_PKEY *pkey) } else if (i == EVP_PKEY_DSA) { ret = SSL_PKEY_DSA_SIGN; } -#ifndef OPENSSL_NO_EC else if (i == EVP_PKEY_EC) { ret = SSL_PKEY_ECC; } -#endif else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) { ret = SSL_PKEY_GOST94; } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) { diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 72492a33329..9aa72a9c4ee 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -151,9 +151,7 @@ #include <stdio.h> #include <openssl/objects.h> #include "ssl_locl.h" -#ifndef OPENSSL_NO_EC #include "../crypto/ec/ec_lcl.h" -#endif /* OPENSSL_NO_EC */ #include <openssl/md5.h> #include <openssl/dh.h> @@ -2381,9 +2379,7 @@ ssl3_clear(SSL *s) EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; } -#ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; -#endif /* !OPENSSL_NO_EC */ rp = s->s3->rbuf.buf; wp = s->s3->wbuf.buf; @@ -3031,7 +3027,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ok = (alg_k & mask_k) && (alg_a & mask_a); } -#ifndef OPENSSL_NO_EC if ( /* * if we are considering an ECC cipher suite that uses our @@ -3167,7 +3162,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } ok = ok && ec_ok; } -#endif /* OPENSSL_NO_EC */ if (!ok) continue; diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index d6f875a7977..fd01ac98064 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -505,12 +505,10 @@ struct ssl_session_st { * efficient and to implement a maximum cache size. */ struct ssl_session_st *prev, *next; char *tlsext_hostname; -#ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; /* peer's list */ size_t tlsext_ellipticcurvelist_length; unsigned char *tlsext_ellipticcurvelist; /* peer's list */ -#endif /* OPENSSL_NO_EC */ /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ size_t tlsext_ticklen; /* Session ticket length */ @@ -1204,12 +1202,10 @@ struct ssl_st { /* RFC4507 session ticket expected to be received or sent */ int tlsext_ticket_expected; -#ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; /* our list */ size_t tlsext_ellipticcurvelist_length; unsigned char *tlsext_ellipticcurvelist; /* our list */ -#endif /* OPENSSL_NO_EC */ /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */ void *tlsext_opaque_prf_input; diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index c264422a364..1d2bc2f5c01 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -519,12 +519,10 @@ typedef struct ssl3_state_st { int next_proto_neg_seen; #endif -#ifndef OPENSSL_NO_EC /* This is set to true if we believe that this is a version of Safari * running on OS X 10.6 or newer. We wish to know this because Safari * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ char is_probably_safari; -#endif /* !OPENSSL_NO_EC */ } SSL3_STATE; #endif diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 262b5a21309..1138ac5a699 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -536,10 +536,8 @@ SSL_free(SSL *s) free(s->tlsext_hostname); if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); -#ifndef OPENSSL_NO_EC free(s->tlsext_ecpointformatlist); free(s->tlsext_ellipticcurvelist); -#endif /* OPENSSL_NO_EC */ free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, @@ -2120,7 +2118,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -#ifndef OPENSSL_NO_EC int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) @@ -2190,7 +2187,6 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) /* all checks are ok */ } -#endif /* THIS NEEDS CLEANING UP */ CERT_PKEY * diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index ecf108d6a57..4aa2911da70 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -448,14 +448,12 @@ #define CERT_PRIVATE_KEY 2 */ -#ifndef OPENSSL_NO_EC /* From ECC-TLS draft, used in encoding the curve type in * ECParameters */ #define EXPLICIT_PRIME_CURVE_TYPE 1 #define EXPLICIT_CHAR2_CURVE_TYPE 2 #define NAMED_CURVE_TYPE 3 -#endif /* OPENSSL_NO_EC */ typedef struct cert_pkey_st { X509 *x509; @@ -830,10 +828,8 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); -#ifndef OPENSSL_NO_EC int tls1_ec_curve_id2nid(int curve_id); int tls1_ec_nid2curve_id(int nid); -#endif /* OPENSSL_NO_EC */ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index de133a72ca5..2900490ad2e 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -210,12 +210,10 @@ SSL_SESSION_new(void) ss->compress_meth = 0; ss->tlsext_hostname = NULL; -#ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; ss->tlsext_ecpointformatlist = NULL; ss->tlsext_ellipticcurvelist_length = 0; ss->tlsext_ellipticcurvelist = NULL; -#endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); #ifndef OPENSSL_NO_PSK ss->psk_identity_hint = NULL; @@ -359,7 +357,6 @@ ssl_get_new_session(SSL *s, int session) return 0; } } -#ifndef OPENSSL_NO_EC if (s->tlsext_ecpointformatlist) { free(ss->tlsext_ecpointformatlist); if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) { @@ -380,7 +377,6 @@ ssl_get_new_session(SSL *s, int session) ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); } -#endif } else { ss->session_id_length = 0; } @@ -691,12 +687,10 @@ SSL_SESSION_free(SSL_SESSION *ss) sk_SSL_CIPHER_free(ss->ciphers); free(ss->tlsext_hostname); free(ss->tlsext_tick); -#ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; free(ss->tlsext_ellipticcurvelist); -#endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK free(ss->psk_identity_hint); free(ss->psk_identity); diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 5d442558ddf..3546a45df12 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -209,7 +209,6 @@ tls1_clear(SSL *s) s->version = s->method->version; } -#ifndef OPENSSL_NO_EC static int nid_list[] = { NID_sect163k1, /* sect163k1 (1) */ @@ -348,7 +347,6 @@ tls1_ec_nid2curve_id(int nid) return 0; } } -#endif /* OPENSSL_NO_EC */ /* List of supported signature algorithms and hashes. Should make this @@ -460,7 +458,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) } -#ifndef OPENSSL_NO_EC if (s->tlsext_ecpointformatlist != NULL && s->version != DTLS1_VERSION) { /* Add TLS extension ECPointFormats to the ClientHello message */ @@ -515,7 +512,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) s->tlsext_ellipticcurvelist_length); ret += s->tlsext_ellipticcurvelist_length; } -#endif /* OPENSSL_NO_EC */ if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { int ticklen; @@ -743,7 +739,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) ret += el; } -#ifndef OPENSSL_NO_EC if (s->tlsext_ecpointformatlist != NULL && s->version != DTLS1_VERSION) { /* Add TLS extension ECPointFormats to the ServerHello message */ @@ -770,7 +765,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) } /* Currently the server should not respond with a SupportedCurves extension */ -#endif /* OPENSSL_NO_EC */ if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { @@ -875,7 +869,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) return ret; } -#ifndef OPENSSL_NO_EC /* ssl_check_for_safari attempts to fingerprint Safari using OS X * SecureTransport using the TLS extension block in |d|, of length |n|. * Safari, since 10.6, sends exactly these extensions, in this order: @@ -956,7 +949,6 @@ ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, s->s3->is_probably_safari = 1; } -#endif /* !OPENSSL_NO_EC */ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, @@ -975,10 +967,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->s3->next_proto_neg_seen = 0; #endif -#ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) ssl_check_for_safari(s, data, d, n); -#endif /* !OPENSSL_NO_EC */ if (data >= (d + n - 2)) goto ri_check; @@ -1095,7 +1085,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } -#ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats && s->version != DTLS1_VERSION) { unsigned char *sdata = data; @@ -1142,7 +1131,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); } } -#endif /* OPENSSL_NO_EC */ #ifdef TLSEXT_TYPE_opaque_prf_input else if (type == TLSEXT_TYPE_opaque_prf_input && s->version != DTLS1_VERSION) { @@ -1408,7 +1396,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, tlsext_servername = 1; } -#ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats && s->version != DTLS1_VERSION) { unsigned char *sdata = data; @@ -1430,7 +1417,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } -#endif /* OPENSSL_NO_EC */ else if (type == TLSEXT_TYPE_session_ticket) { if (s->tls_session_ticket_ext_cb && !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { @@ -1576,7 +1562,6 @@ ri_check: int ssl_prepare_clienthello_tlsext(SSL *s) { -#ifndef OPENSSL_NO_EC /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats * and elliptic curves we support. */ @@ -1624,7 +1609,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) s2n(id, j); } } -#endif /* OPENSSL_NO_EC */ #ifdef TLSEXT_TYPE_opaque_prf_input { @@ -1667,7 +1651,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) int ssl_prepare_serverhello_tlsext(SSL *s) { -#ifndef OPENSSL_NO_EC /* If we are server and using an ECC cipher suite, send the point formats we support * if the client sent us an ECPointsFormat extension. Note that the server is not * supposed to send an EllipticCurves extension. @@ -1689,7 +1672,6 @@ ssl_prepare_serverhello_tlsext(SSL *s) s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; } -#endif /* OPENSSL_NO_EC */ return 1; } @@ -1700,14 +1682,12 @@ ssl_check_clienthello_tlsext_early(SSL *s) int ret = SSL_TLSEXT_ERR_NOACK; int al = SSL_AD_UNRECOGNIZED_NAME; -#ifndef OPENSSL_NO_EC /* The handling of the ECPointFormats extension is done elsewhere, namely in * ssl3_choose_cipher in s3_lib.c. */ /* The handling of the EllipticCurves extension is done elsewhere, namely in * ssl3_choose_cipher in s3_lib.c. */ -#endif if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); @@ -1850,7 +1830,6 @@ ssl_check_serverhello_tlsext(SSL *s) int ret = SSL_TLSEXT_ERR_NOACK; int al = SSL_AD_UNRECOGNIZED_NAME; -#ifndef OPENSSL_NO_EC /* If we are client and using an elliptic curve cryptography cipher * suite, then if server returns an EC point formats lists extension * it must contain uncompressed. @@ -1879,7 +1858,6 @@ ssl_check_serverhello_tlsext(SSL *s) } } ret = SSL_TLSEXT_ERR_OK; -#endif /* OPENSSL_NO_EC */ if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); |