summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/s3_both.c2
-rw-r--r--lib/libssl/s3_lib.c6
-rw-r--r--lib/libssl/ssl.h4
-rw-r--r--lib/libssl/ssl3.h2
-rw-r--r--lib/libssl/ssl_lib.c4
-rw-r--r--lib/libssl/ssl_locl.h4
-rw-r--r--lib/libssl/ssl_sess.c6
-rw-r--r--lib/libssl/t1_lib.c22
8 files changed, 0 insertions, 50 deletions
diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c
index 54b73451eb4..2a96c199146 100644
--- a/lib/libssl/s3_both.c
+++ b/lib/libssl/s3_both.c
@@ -550,11 +550,9 @@ ssl_cert_type(X509 *x, EVP_PKEY *pkey)
} else if (i == EVP_PKEY_DSA) {
ret = SSL_PKEY_DSA_SIGN;
}
-#ifndef OPENSSL_NO_EC
else if (i == EVP_PKEY_EC) {
ret = SSL_PKEY_ECC;
}
-#endif
else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
ret = SSL_PKEY_GOST94;
} else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 72492a33329..9aa72a9c4ee 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -151,9 +151,7 @@
#include <stdio.h>
#include <openssl/objects.h>
#include "ssl_locl.h"
-#ifndef OPENSSL_NO_EC
#include "../crypto/ec/ec_lcl.h"
-#endif /* OPENSSL_NO_EC */
#include <openssl/md5.h>
#include <openssl/dh.h>
@@ -2381,9 +2379,7 @@ ssl3_clear(SSL *s)
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;
}
-#ifndef OPENSSL_NO_EC
s->s3->is_probably_safari = 0;
-#endif /* !OPENSSL_NO_EC */
rp = s->s3->rbuf.buf;
wp = s->s3->wbuf.buf;
@@ -3031,7 +3027,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
ok = (alg_k & mask_k) && (alg_a & mask_a);
}
-#ifndef OPENSSL_NO_EC
if (
/*
* if we are considering an ECC cipher suite that uses our
@@ -3167,7 +3162,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
ok = ok && ec_ok;
}
-#endif /* OPENSSL_NO_EC */
if (!ok)
continue;
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index d6f875a7977..fd01ac98064 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -505,12 +505,10 @@ struct ssl_session_st {
* efficient and to implement a maximum cache size. */
struct ssl_session_st *prev, *next;
char *tlsext_hostname;
-#ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist; /* peer's list */
size_t tlsext_ellipticcurvelist_length;
unsigned char *tlsext_ellipticcurvelist; /* peer's list */
-#endif /* OPENSSL_NO_EC */
/* RFC4507 info */
unsigned char *tlsext_tick; /* Session ticket */
size_t tlsext_ticklen; /* Session ticket length */
@@ -1204,12 +1202,10 @@ struct ssl_st {
/* RFC4507 session ticket expected to be received or sent */
int tlsext_ticket_expected;
-#ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist; /* our list */
size_t tlsext_ellipticcurvelist_length;
unsigned char *tlsext_ellipticcurvelist; /* our list */
-#endif /* OPENSSL_NO_EC */
/* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
void *tlsext_opaque_prf_input;
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index c264422a364..1d2bc2f5c01 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -519,12 +519,10 @@ typedef struct ssl3_state_st {
int next_proto_neg_seen;
#endif
-#ifndef OPENSSL_NO_EC
/* This is set to true if we believe that this is a version of Safari
* running on OS X 10.6 or newer. We wish to know this because Safari
* on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
char is_probably_safari;
-#endif /* !OPENSSL_NO_EC */
} SSL3_STATE;
#endif
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 262b5a21309..1138ac5a699 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -536,10 +536,8 @@ SSL_free(SSL *s)
free(s->tlsext_hostname);
if (s->initial_ctx)
SSL_CTX_free(s->initial_ctx);
-#ifndef OPENSSL_NO_EC
free(s->tlsext_ecpointformatlist);
free(s->tlsext_ellipticcurvelist);
-#endif /* OPENSSL_NO_EC */
free(s->tlsext_opaque_prf_input);
if (s->tlsext_ocsp_exts)
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
@@ -2120,7 +2118,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-#ifndef OPENSSL_NO_EC
int
ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
@@ -2190,7 +2187,6 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
/* all checks are ok */
}
-#endif
/* THIS NEEDS CLEANING UP */
CERT_PKEY *
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index ecf108d6a57..4aa2911da70 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -448,14 +448,12 @@
#define CERT_PRIVATE_KEY 2
*/
-#ifndef OPENSSL_NO_EC
/* From ECC-TLS draft, used in encoding the curve type in
* ECParameters
*/
#define EXPLICIT_PRIME_CURVE_TYPE 1
#define EXPLICIT_CHAR2_CURVE_TYPE 2
#define NAMED_CURVE_TYPE 3
-#endif /* OPENSSL_NO_EC */
typedef struct cert_pkey_st {
X509 *x509;
@@ -830,10 +828,8 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-#ifndef OPENSSL_NO_EC
int tls1_ec_curve_id2nid(int curve_id);
int tls1_ec_nid2curve_id(int nid);
-#endif /* OPENSSL_NO_EC */
unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
unsigned char *limit);
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index de133a72ca5..2900490ad2e 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -210,12 +210,10 @@ SSL_SESSION_new(void)
ss->compress_meth = 0;
ss->tlsext_hostname = NULL;
-#ifndef OPENSSL_NO_EC
ss->tlsext_ecpointformatlist_length = 0;
ss->tlsext_ecpointformatlist = NULL;
ss->tlsext_ellipticcurvelist_length = 0;
ss->tlsext_ellipticcurvelist = NULL;
-#endif
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
#ifndef OPENSSL_NO_PSK
ss->psk_identity_hint = NULL;
@@ -359,7 +357,6 @@ ssl_get_new_session(SSL *s, int session)
return 0;
}
}
-#ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist) {
free(ss->tlsext_ecpointformatlist);
if ((ss->tlsext_ecpointformatlist = malloc(s->tlsext_ecpointformatlist_length)) == NULL) {
@@ -380,7 +377,6 @@ ssl_get_new_session(SSL *s, int session)
ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
}
-#endif
} else {
ss->session_id_length = 0;
}
@@ -691,12 +687,10 @@ SSL_SESSION_free(SSL_SESSION *ss)
sk_SSL_CIPHER_free(ss->ciphers);
free(ss->tlsext_hostname);
free(ss->tlsext_tick);
-#ifndef OPENSSL_NO_EC
ss->tlsext_ecpointformatlist_length = 0;
free(ss->tlsext_ecpointformatlist);
ss->tlsext_ellipticcurvelist_length = 0;
free(ss->tlsext_ellipticcurvelist);
-#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
free(ss->psk_identity_hint);
free(ss->psk_identity);
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 5d442558ddf..3546a45df12 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -209,7 +209,6 @@ tls1_clear(SSL *s)
s->version = s->method->version;
}
-#ifndef OPENSSL_NO_EC
static int nid_list[] = {
NID_sect163k1, /* sect163k1 (1) */
@@ -348,7 +347,6 @@ tls1_ec_nid2curve_id(int nid)
return 0;
}
}
-#endif /* OPENSSL_NO_EC */
/* List of supported signature algorithms and hashes. Should make this
@@ -460,7 +458,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
}
-#ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist != NULL &&
s->version != DTLS1_VERSION) {
/* Add TLS extension ECPointFormats to the ClientHello message */
@@ -515,7 +512,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
s->tlsext_ellipticcurvelist_length);
ret += s->tlsext_ellipticcurvelist_length;
}
-#endif /* OPENSSL_NO_EC */
if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
int ticklen;
@@ -743,7 +739,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
ret += el;
}
-#ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist != NULL &&
s->version != DTLS1_VERSION) {
/* Add TLS extension ECPointFormats to the ServerHello message */
@@ -770,7 +765,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
}
/* Currently the server should not respond with a SupportedCurves extension */
-#endif /* OPENSSL_NO_EC */
if (s->tlsext_ticket_expected &&
!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
@@ -875,7 +869,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
return ret;
}
-#ifndef OPENSSL_NO_EC
/* ssl_check_for_safari attempts to fingerprint Safari using OS X
* SecureTransport using the TLS extension block in |d|, of length |n|.
* Safari, since 10.6, sends exactly these extensions, in this order:
@@ -956,7 +949,6 @@ ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d,
s->s3->is_probably_safari = 1;
}
-#endif /* !OPENSSL_NO_EC */
int
ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
@@ -975,10 +967,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
s->s3->next_proto_neg_seen = 0;
#endif
-#ifndef OPENSSL_NO_EC
if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
ssl_check_for_safari(s, data, d, n);
-#endif /* !OPENSSL_NO_EC */
if (data >= (d + n - 2))
goto ri_check;
@@ -1095,7 +1085,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
}
-#ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats &&
s->version != DTLS1_VERSION) {
unsigned char *sdata = data;
@@ -1142,7 +1131,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
}
}
-#endif /* OPENSSL_NO_EC */
#ifdef TLSEXT_TYPE_opaque_prf_input
else if (type == TLSEXT_TYPE_opaque_prf_input &&
s->version != DTLS1_VERSION) {
@@ -1408,7 +1396,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
tlsext_servername = 1;
}
-#ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats &&
s->version != DTLS1_VERSION) {
unsigned char *sdata = data;
@@ -1430,7 +1417,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
}
-#endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb &&
!s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
@@ -1576,7 +1562,6 @@ ri_check:
int
ssl_prepare_clienthello_tlsext(SSL *s)
{
-#ifndef OPENSSL_NO_EC
/* If we are client and using an elliptic curve cryptography cipher suite, send the point formats
* and elliptic curves we support.
*/
@@ -1624,7 +1609,6 @@ ssl_prepare_clienthello_tlsext(SSL *s)
s2n(id, j);
}
}
-#endif /* OPENSSL_NO_EC */
#ifdef TLSEXT_TYPE_opaque_prf_input
{
@@ -1667,7 +1651,6 @@ ssl_prepare_clienthello_tlsext(SSL *s)
int
ssl_prepare_serverhello_tlsext(SSL *s)
{
-#ifndef OPENSSL_NO_EC
/* If we are server and using an ECC cipher suite, send the point formats we support
* if the client sent us an ECPointsFormat extension. Note that the server is not
* supposed to send an EllipticCurves extension.
@@ -1689,7 +1672,6 @@ ssl_prepare_serverhello_tlsext(SSL *s)
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
}
-#endif /* OPENSSL_NO_EC */
return 1;
}
@@ -1700,14 +1682,12 @@ ssl_check_clienthello_tlsext_early(SSL *s)
int ret = SSL_TLSEXT_ERR_NOACK;
int al = SSL_AD_UNRECOGNIZED_NAME;
-#ifndef OPENSSL_NO_EC
/* The handling of the ECPointFormats extension is done elsewhere, namely in
* ssl3_choose_cipher in s3_lib.c.
*/
/* The handling of the EllipticCurves extension is done elsewhere, namely in
* ssl3_choose_cipher in s3_lib.c.
*/
-#endif
if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
@@ -1850,7 +1830,6 @@ ssl_check_serverhello_tlsext(SSL *s)
int ret = SSL_TLSEXT_ERR_NOACK;
int al = SSL_AD_UNRECOGNIZED_NAME;
-#ifndef OPENSSL_NO_EC
/* If we are client and using an elliptic curve cryptography cipher
* suite, then if server returns an EC point formats lists extension
* it must contain uncompressed.
@@ -1879,7 +1858,6 @@ ssl_check_serverhello_tlsext(SSL *s)
}
}
ret = SSL_TLSEXT_ERR_OK;
-#endif /* OPENSSL_NO_EC */
if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);