Fix compilation with no-ec and/or no-tlsext.

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 9c2843b316e40912cc97a0154c63c1771bb53791..26c0e96aed58796d5cf2fd7f5654ee16871c1316 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3066,7 +3066,10 @@ void ssl3_clear(SSL *s)
                s->s3->tlsext_custom_types = NULL;
                }
        s->s3->tlsext_custom_types_count = 0;   
-#endif
+#ifndef OPENSSL_NO_EC
+       s->s3->is_probably_safari = 0;
+#endif /* OPENSSL_NO_EC */
+#endif /* OPENSSL_NO_TLSEXT */
 
        rp = s->s3->rbuf.buf;
        wp = s->s3->wbuf.buf;
@@ -3397,6 +3400,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                else
                        return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
 
+#ifndef OPENSSL_NO_EC
        case SSL_CTRL_GET_CURVES:
                {
                unsigned char *clist;
@@ -3438,8 +3442,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 
        case SSL_CTRL_SET_ECDH_AUTO:
                s->cert->ecdh_tmp_auto = larg;
-               break;
-
+               return 1;
+#endif
        case SSL_CTRL_SET_SIGALGS:
                return tls1_set_sigalgs(s->cert, parg, larg, 0);
 
@@ -3510,9 +3514,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        EVP_PKEY *ptmp;
                        int rv = 0;
                        sc = s->session->sess_cert;
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
                        if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
                                                        && !sc->peer_ecdh_tmp)
                                return 0;
+#endif
                        ptmp = EVP_PKEY_new();
                        if (!ptmp)
                                return 0;
@@ -3537,7 +3543,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        EVP_PKEY_free(ptmp);
                        return 0;
                        }
-
+#ifndef OPENSSL_NO_EC
        case SSL_CTRL_GET_EC_POINT_FORMATS:
                {
                SSL_SESSION *sess = s->session;
@@ -3547,7 +3553,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                *pformat = sess->tlsext_ecpointformatlist;
                return (int)sess->tlsext_ecpointformatlist_length;
                }
-
+#endif
        default:
                break;
                }
@@ -3812,6 +3818,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                break;
 #endif
 
+#ifndef OPENSSL_NO_EC
        case SSL_CTRL_SET_CURVES:
                return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
                                        &ctx->tlsext_ellipticcurvelist_length,
@@ -3823,8 +3830,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                                                                parg);
        case SSL_CTRL_SET_ECDH_AUTO:
                ctx->cert->ecdh_tmp_auto = larg;
-               break;
-
+               return 1;
+#endif
        case SSL_CTRL_SET_SIGALGS:
                return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
 
@@ -4125,6 +4132,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                ii=sk_SSL_CIPHER_find(allow,c);
                if (ii >= 0)
                        {
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+                       if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+                               {
+                               if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+                               continue;
+                               }
+#endif
                        ret=sk_SSL_CIPHER_value(allow,ii);
                        break;
                        }
@@ -4137,7 +4151,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
        int ret=0;
        const unsigned char *sig;
        size_t i, siglen;
-       int have_rsa_sign = 0, have_dsa_sign = 0, have_ecdsa_sign = 0;
+       int have_rsa_sign = 0, have_dsa_sign = 0;
+#ifndef OPENSSL_NO_ECDSA
+       int have_ecdsa_sign = 0;
+#endif
        int nostrict = 1;
        unsigned long alg_k;
 
@@ -4162,10 +4179,11 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
                case TLSEXT_signature_dsa:
                        have_dsa_sign = 1;
                        break;
-
+#ifndef OPENSSL_NO_ECDSA
                case TLSEXT_signature_ecdsa:
                        have_ecdsa_sign = 1;
                        break;
+#endif
                        }
                }