From: Rich Salz Date: Tue, 10 Mar 2015 23:09:27 +0000 (-0400) Subject: Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC X-Git-Tag: OpenSSL_1_1_0-pre1~1560 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=10bf4fc2c3da332a54247da1f3c0dcb44944f7ff Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC Suggested by John Foley . Reviewed-by: Matt Caswell --- diff --git a/CHANGES b/CHANGES index 8fcfcceef1..8d6fcaf493 100644 --- a/CHANGES +++ b/CHANGES @@ -41,28 +41,33 @@ [Rich Salz] *) Remove various unsupported platforms: - Sony NEWS4 - BEOS and BEOS_R5 - NeXT - SUNOS - MPE/iX - Sinix/ReliantUNIX RM400 - DGUX - NCR - Tandem - Cray - 16-bit platforms such as WIN16 + Sony NEWS4 + BEOS and BEOS_R5 + NeXT + SUNOS + MPE/iX + Sinix/ReliantUNIX RM400 + DGUX + NCR + Tandem + Cray + 16-bit platforms such as WIN16 [Rich Salz] - *) Start cleaning up OPENSSL_NO_xxx #define's - OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 - OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO - Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF + *) Clean up OPENSSL_NO_xxx #define's + Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx + OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC + OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 + OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO + Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY + OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP + OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK + OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY Remove MS_STATIC; it's a relic from platforms <32 bits. [Rich Salz] - *) Start cleaning up dead code + *) Cleaned up dead code Remove all but one '#ifdef undef' which is to be looked at. [Rich Salz] diff --git a/apps/req.c b/apps/req.c index 6d06ed74a7..231535bfaf 100644 --- a/apps/req.c +++ b/apps/req.c @@ -398,7 +398,7 @@ int MAIN(int argc, char **argv) " -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index 12f7b8cb03..8a66c9a7dc 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -521,7 +521,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s) case EVP_PKEY_DH: BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); break; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case EVP_PKEY_EC: { EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); diff --git a/apps/s_server.c b/apps/s_server.c index 42088d0e84..874b402aac 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -486,7 +486,7 @@ static void sv_usage(void) " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); BIO_printf(bio_err, " or a default set of parameters is used\n"); -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BIO_printf(bio_err, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" " Use \"openssl ecparam -list_curves\" for all names\n" @@ -545,7 +545,7 @@ static void sv_usage(void) #ifndef OPENSSL_NO_DH BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n"); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n"); #endif BIO_printf(bio_err, @@ -1677,7 +1677,7 @@ int MAIN(int argc, char *argv[]) bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE); } } -#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) if (nocert) #endif { diff --git a/apps/speed.c b/apps/speed.c index 57b53ce32e..44c276ab21 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -172,10 +172,8 @@ # include # include "./testdsa.h" #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC # include -#endif -#ifndef OPENSSL_NO_ECDH # include #endif #include @@ -242,14 +240,12 @@ static double rsa_results[RSA_NUM][2]; #ifndef OPENSSL_NO_DSA static double dsa_results[DSA_NUM][2]; #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC static double ecdsa_results[EC_NUM][2]; -#endif -#ifndef OPENSSL_NO_ECDH static double ecdh_results[EC_NUM][1]; #endif -#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) +#if defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_EC) static const char rnd_seed[] = "string to make the random number generator think it has entropy"; static int rnd_fake = 0; @@ -330,7 +326,7 @@ static double Time_F(int s) } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) @@ -340,7 +336,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); } -#endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_EC */ static void multiblock_speed(const EVP_CIPHER *evp_cipher); @@ -595,30 +591,23 @@ int MAIN(int argc, char **argv) #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC unsigned char ecdsasig[256]; unsigned int ecdsasiglen; EC_KEY *ecdsa[EC_NUM]; long ecdsa_c[EC_NUM][2]; -#endif - -#ifndef OPENSSL_NO_ECDH EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; int secret_size_a, secret_size_b; int ecdh_checks = 0; int secret_idx = 0; long ecdh_c[EC_NUM][2]; + int ecdsa_doit[EC_NUM]; + int ecdh_doit[EC_NUM]; #endif int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; -#ifndef OPENSSL_NO_ECDSA - int ecdsa_doit[EC_NUM]; -#endif -#ifndef OPENSSL_NO_ECDH - int ecdh_doit[EC_NUM]; -#endif int doit[ALGOR_NUM]; int pr_header = 0; const EVP_CIPHER *evp_cipher = NULL; @@ -639,11 +628,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA memset(dsa_key, 0, sizeof(dsa_key)); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) ecdsa[i] = NULL; -#endif -#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) { ecdh_a[i] = NULL; ecdh_b[i] = NULL; @@ -689,11 +676,9 @@ int MAIN(int argc, char **argv) rsa_doit[i] = 0; for (i = 0; i < DSA_NUM; i++) dsa_doit[i] = 0; -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 0; -#endif -#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) ecdh_doit[i] = 0; #endif @@ -986,7 +971,7 @@ int MAIN(int argc, char **argv) dsa_doit[R_DSA_2048] = 1; } else #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (strcmp(*argv, "ecdsap160") == 0) ecdsa_doit[R_EC_P160] = 2; else if (strcmp(*argv, "ecdsap192") == 0) @@ -1022,10 +1007,7 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "ecdsa") == 0) { for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 1; - } else -#endif -#ifndef OPENSSL_NO_ECDH - if (strcmp(*argv, "ecdhp160") == 0) + } else if (strcmp(*argv, "ecdhp160") == 0) ecdh_doit[R_EC_P160] = 2; else if (strcmp(*argv, "ecdhp192") == 0) ecdh_doit[R_EC_P192] = 2; @@ -1135,7 +1117,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " "ecdsap256 ecdsap384 ecdsap521\n"); BIO_printf(bio_err, @@ -1143,8 +1125,6 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); BIO_printf(bio_err, "ecdsa\n"); -#endif -#ifndef OPENSSL_NO_ECDH BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " "ecdhp256 ecdhp384 ecdhp521\n"); BIO_printf(bio_err, @@ -1234,11 +1214,9 @@ int MAIN(int argc, char **argv) rsa_doit[i] = 1; for (i = 0; i < DSA_NUM; i++) dsa_doit[i] = 1; -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 1; -#endif -#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) ecdh_doit[i] = 1; #endif @@ -1428,7 +1406,7 @@ int MAIN(int argc, char **argv) } # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC ecdsa_c[R_EC_P160][0] = count / 1000; ecdsa_c[R_EC_P160][1] = count / 1000 / 2; for (i = R_EC_P192; i <= R_EC_P521; i++) { @@ -1471,9 +1449,6 @@ int MAIN(int argc, char **argv) } } } -# endif - -# ifndef OPENSSL_NO_ECDH ecdh_c[R_EC_P160][0] = count / 1000; ecdh_c[R_EC_P160][1] = count / 1000; for (i = R_EC_P192; i <= R_EC_P521; i++) { @@ -2144,7 +2119,7 @@ int MAIN(int argc, char **argv) RAND_cleanup(); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); rnd_fake = 1; @@ -2236,9 +2211,6 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); -#endif - -#ifndef OPENSSL_NO_ECDH if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); rnd_fake = 1; @@ -2423,7 +2395,7 @@ int MAIN(int argc, char **argv) 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]); } #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC j = 1; for (k = 0; k < EC_NUM; k++) { if (!ecdsa_doit[k]) @@ -2445,9 +2417,6 @@ int MAIN(int argc, char **argv) ecdsa_results[k][0], ecdsa_results[k][1], 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]); } -#endif - -#ifndef OPENSSL_NO_ECDH j = 1; for (k = 0; k < EC_NUM; k++) { if (!ecdh_doit[k]) @@ -2488,12 +2457,10 @@ int MAIN(int argc, char **argv) DSA_free(dsa_key[i]); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) if (ecdsa[i] != NULL) EC_KEY_free(ecdsa[i]); -#endif -#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) { if (ecdh_a[i] != NULL) EC_KEY_free(ecdh_a[i]); @@ -2697,7 +2664,7 @@ static int do_multi(int multi) dsa_results[k][1] = d; } # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC else if (!strncmp(buf, "+F4:", 4)) { int k; double d; @@ -2720,9 +2687,6 @@ static int do_multi(int multi) else ecdsa_results[k][1] = d; } -# endif - -# ifndef OPENSSL_NO_ECDH else if (!strncmp(buf, "+F5:", 4)) { int k; double d; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 0437dcff60..d789e7e916 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -203,7 +203,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, return ret; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -302,7 +302,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EC_GROUP_set_asn1_flag(dctx->gen_group, p1); return 1; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case EVP_PKEY_CTRL_EC_ECDH_COFACTOR: if (p1 == -2) { if (dctx->cofactor_mode != -1) @@ -519,12 +519,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = { 0, 0, 0, -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC pkey_ec_kdf_derive, #else 0, #endif - pkey_ec_ctrl, pkey_ec_ctrl_str }; diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index 0d643a3f05..25ccdc9088 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -71,7 +71,7 @@ # include -# ifdef OPENSSL_NO_ECDH +# ifdef OPENSSL_NO_EC # error ECDH is disabled. # endif diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 41725f6a8d..578de316be 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -73,7 +73,7 @@ #include "../e_os.h" -#include /* for OPENSSL_NO_ECDH */ +#include /* for OPENSSL_NO_EC */ #include #include #include @@ -82,7 +82,7 @@ #include #include -#ifdef OPENSSL_NO_ECDH +#ifdef OPENSSL_NO_EC int main(int argc, char *argv[]) { printf("No ECDH support\n"); diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index 86cafe2ba1..3876004473 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -61,7 +61,7 @@ # include -# ifdef OPENSSL_NO_ECDSA +# ifdef OPENSSL_NO_EC # error ECDSA is disabled. # endif diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index d58490f21f..31d9c84e99 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -73,9 +73,9 @@ #include #include -#include /* To see if OPENSSL_NO_ECDSA is defined */ +#include /* To see if OPENSSL_NO_EC is defined */ -#ifdef OPENSSL_NO_ECDSA +#ifdef OPENSSL_NO_EC int main(int argc, char *argv[]) { puts("Elliptic curves are disabled."); diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index 4279dd94b1..af353bd936 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -79,11 +79,9 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) return 0; -#endif -#ifndef OPENSSL_NO_ECDSA if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) return 0; #endif @@ -159,10 +157,8 @@ int ENGINE_register_complete(ENGINE *e) #ifndef OPENSSL_NO_DH ENGINE_register_DH(e); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC ENGINE_register_ECDH(e); -#endif -#ifndef OPENSSL_NO_ECDSA ENGINE_register_ECDSA(e); #endif ENGINE_register_RAND(e); diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index c69e8a7eda..9e80eafdde 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -300,10 +300,8 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) #ifndef OPENSSL_NO_DH dest->dh_meth = src->dh_meth; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC dest->ecdh_meth = src->ecdh_meth; -#endif -#ifndef OPENSSL_NO_ECDSA dest->ecdsa_meth = src->ecdsa_meth; #endif dest->rand_meth = src->rand_meth; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 3e12ecf760..78fa3c8d45 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -149,10 +149,8 @@ static int bind_helper(ENGINE *e) # ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) -# endif -# ifndef OPENSSL_NO_ECDSA || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) # endif # ifndef OPENSSL_NO_DH diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index c931907599..e2f3e5cd9e 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -82,10 +82,8 @@ # ifndef OPENSSL_NO_DH # include # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC # include -# endif -# ifndef OPENSSL_NO_ECDSA # include # endif # include diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 1363fb026a..b844167f94 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -76,10 +76,8 @@ #ifndef OPENSSL_NO_DSA # include #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC # include -#endif -#ifndef OPENSSL_NO_ECDH # include #endif #include @@ -138,11 +136,7 @@ void ERR_load_crypto_strings(void) # endif # ifndef OPENSSL_NO_EC ERR_load_EC_strings(); -# endif -# ifndef OPENSSL_NO_ECDSA ERR_load_ECDSA_strings(); -# endif -# ifndef OPENSSL_NO_ECDH ERR_load_ECDH_strings(); # endif /* skip ERR_load_SSL_strings() because it is not in this library */ diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 0d4278b86a..94039ef5fd 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -80,7 +80,7 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC EVP_add_digest(EVP_ecdsa()); # endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 2e9f83fac7..0d26fd3129 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -234,7 +234,7 @@ typedef int evp_verify_method(int type, const unsigned char *m, # define EVP_PKEY_DSA_method EVP_PKEY_NULL_method # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC # define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ (evp_verify_method *)ECDSA_verify, \ {EVP_PKEY_EC,0,0,0} diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 1e78e30f5e..9835be5e6c 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -75,13 +75,7 @@ # ifndef OPENSSL_NO_EC # include -# endif - -# ifndef OPENSSL_NO_ECDSA # include -# endif - -# ifndef OPENSSL_NO_ECDH # include # endif diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 750217fff6..1e611c44be 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1321,7 +1321,7 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_DH DH *dh = NULL; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL; BN_CTX *bn_ctx = NULL; EC_POINT *srvr_ecpoint = NULL; @@ -1385,7 +1385,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_dh_tmp = NULL; } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->session->sess_cert->peer_ecdh_tmp) { EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); s->session->sess_cert->peer_ecdh_tmp = NULL; @@ -1724,7 +1724,7 @@ int ssl3_get_key_exchange(SSL *s) } #endif /* !OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (alg_k & SSL_kECDHE) { EC_GROUP *ngroup; const EC_GROUP *group; @@ -1822,7 +1822,7 @@ int ssl3_get_key_exchange(SSL *s) X509_get_pubkey(s->session-> sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC else if (alg_a & SSL_aECDSA) pkey = X509_get_pubkey(s->session-> @@ -1841,7 +1841,7 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ /* p points to the next byte, there are 'n' bytes left */ @@ -1961,7 +1961,7 @@ int ssl3_get_key_exchange(SSL *s) if (dh != NULL) DH_free(dh); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); EC_POINT_free(srvr_ecpoint); if (ecdh != NULL) @@ -2299,7 +2299,7 @@ int ssl3_send_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_KRB5 KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *clnt_ecdh = NULL; const EC_POINT *srvr_ecpoint = NULL; EVP_PKEY *srvr_pub_pkey = NULL; @@ -2597,7 +2597,7 @@ int ssl3_send_client_key_exchange(SSL *s) } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; @@ -2768,7 +2768,7 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ else if (alg_k & SSL_kGOST) { /* GOST key exchange message creation */ EVP_PKEY_CTX *pkey_ctx; @@ -3054,7 +3054,7 @@ int ssl3_send_client_key_exchange(SSL *s) OPENSSL_free(pms); s->cert->pms = NULL; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); if (encodedPoint != NULL) OPENSSL_free(encodedPoint); @@ -3156,7 +3156,7 @@ int ssl3_send_client_verify(SSL *s) n = j + 2; } else #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { if (!ECDSA_sign(pkey->save_type, &(data[MD5_DIGEST_LENGTH]), @@ -3365,7 +3365,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) /* This is the passed certificate */ idx = sc->peer_cert_type; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (idx == SSL_PKEY_ECC) { if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) { /* check failed */ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 20ce112e5f..f4369eb928 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2051,7 +2051,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { }, #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* Cipher C001 */ { 1, @@ -2451,7 +2451,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -#endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_SRP /* Cipher C01A */ @@ -2598,7 +2598,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, }, #endif /* OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ @@ -2973,7 +2973,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256}, # endif /* OPENSSL_NO_CAMELLIA */ -#endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_EC */ #ifdef TEMP_GOST_TLS /* Cipher FF00 */ @@ -3138,7 +3138,7 @@ void ssl3_free(SSL *s) if (s->s3->tmp.dh != NULL) DH_free(s->s3->tmp.dh); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->s3->tmp.ecdh != NULL) EC_KEY_free(s->s3->tmp.ecdh); #endif @@ -3183,7 +3183,7 @@ void ssl3_clear(SSL *s) s->s3->tmp.dh = NULL; } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->s3->tmp.ecdh != NULL) { EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; @@ -3357,7 +3357,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) s->cert->dh_tmp_auto = larg; return 1; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { EC_KEY *ecdh = NULL; @@ -3389,7 +3389,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { @@ -3558,7 +3558,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_SHARED_CURVE: return tls1_shared_curve(s, larg); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC case SSL_CTRL_SET_ECDH_AUTO: s->cert->ecdh_tmp_auto = larg; return 1; @@ -3629,7 +3629,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY *ptmp; int rv = 0; sc = s->session->sess_cert; -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH) +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) return 0; #endif @@ -3645,7 +3645,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) else if (sc->peer_dh_tmp) rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (sc->peer_ecdh_tmp) rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); #endif @@ -3736,7 +3736,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH_CB: { s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; @@ -3847,7 +3847,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->cert->dh_tmp_auto = larg; return 1; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { EC_KEY *ecdh = NULL; @@ -3881,7 +3881,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg = parg; @@ -3955,7 +3955,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, parg); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC case SSL_CTRL_SET_ECDH_AUTO: ctx->cert->ecdh_tmp_auto = larg; return 1; @@ -4059,7 +4059,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH_CB: { cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; @@ -4251,14 +4251,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_ECDH /* * if we are considering an ECC cipher suite that uses an ephemeral * EC key check it */ if (alg_k & SSL_kECDHE) ok = ok && tls1_check_ec_tmp_key(s, c->id); -# endif /* OPENSSL_NO_ECDH */ # endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_TLSEXT */ @@ -4346,16 +4344,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) if (!(alg_a & SSL_aDSS)) p[ret++] = SSL3_CT_DSS_SIGN; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { if (nostrict || !(alg_a & SSL_aRSA)) p[ret++] = TLS_CT_RSA_FIXED_ECDH; if (nostrict || !(alg_a & SSL_aECDSA)) p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; } -#endif - -#ifndef OPENSSL_NO_ECDSA /* * ECDSA certs can be used with RSA cipher suites as well so we don't * need to check for SSL_kECDH or SSL_kECDHE diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 39c1574eb4..ee66a5af0b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1532,7 +1532,7 @@ int ssl3_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_DH DH *dh = NULL, *dhp; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL, *ecdhp; unsigned char *encodedPoint = NULL; int encodedlen = 0; @@ -1654,7 +1654,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[2] = dh->pub_key; } else #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (type & SSL_kECDHE) { const EC_GROUP *group; @@ -1782,7 +1782,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[2] = NULL; r[3] = NULL; } else -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { /* @@ -1853,7 +1853,7 @@ int ssl3_send_server_key_exchange(SSL *s) p += nr[i]; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (type & SSL_kECDHE) { /* * XXX: For now, we only support named (not generic) curves. In @@ -3001,7 +3001,7 @@ int ssl3_get_cert_verify(SSL *s) } } else #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { j = ECDSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), diff --git a/ssl/ssl.h b/ssl/ssl.h index 160d37c437..56eb7ba948 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1760,7 +1760,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, int keylength)); # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh) (SSL *ssl, int is_export, int keylength)); diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 3843aefe8d..504e4d7a46 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -122,7 +122,7 @@ int SSL_library_init(void) EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC EVP_add_digest(EVP_ecdsa()); #endif #ifndef OPENSSL_NO_COMP diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 974259969f..fa0c693b2f 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -175,7 +175,7 @@ void ssl_cert_set_default_md(CERT *cert) cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif } @@ -261,7 +261,7 @@ CERT *ssl_cert_dup(CERT *cert) ret->dh_tmp_auto = cert->dh_tmp_auto; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (cert->ecdh_tmp) { ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); if (ret->ecdh_tmp == NULL) { @@ -450,7 +450,7 @@ void ssl_cert_free(CERT *c) if (c->dh_tmp) DH_free(c->dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); #endif @@ -683,7 +683,7 @@ void ssl_sess_cert_free(SESS_CERT *sc) if (sc->peer_dh_tmp != NULL) DH_free(sc->peer_dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (sc->peer_ecdh_tmp != NULL) EC_KEY_free(sc->peer_ecdh_tmp); #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 12820b6acb..f220e8e572 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -748,12 +748,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, *mkey |= SSL_kKRB5; *auth |= SSL_aKRB5; #endif -#ifdef OPENSSL_NO_ECDSA - *auth |= SSL_aECDSA; -#endif -#ifdef OPENSSL_NO_ECDH +#ifdef OPENSSL_NO_EC *mkey |= SSL_kECDHe | SSL_kECDHr; - *auth |= SSL_aECDH; + *auth |= SSL_aECDSA | SSL_aECDH; #endif #ifdef OPENSSL_NO_PSK *mkey |= SSL_kPSK; @@ -1437,7 +1434,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); return 0; } -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC switch (suiteb_flags) { case SSL_CERT_FLAG_SUITEB_128_LOS: if (suiteb_comb2) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 354f218cee..cfed40ddc2 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -257,7 +257,7 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -447,7 +447,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"), SSL_CONF_CMD_STRING(Curves, "curves"), -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"), #endif SSL_CONF_CMD_STRING(CipherString, "cipher"), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c535a42900..3bce4cf9a2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2153,13 +2153,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) int rsa_enc_export, dh_rsa_export, dh_dsa_export; int rsa_tmp_export, dh_tmp_export, kl; unsigned long mask_k, mask_a, emask_k, emask_a; -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok, ecc_pkey_size; -#endif -#ifndef OPENSSL_NO_ECDH int have_ecdh_tmp, ecdh_ok; -#endif -#ifndef OPENSSL_NO_EC X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0, pk_nid = 0, md_nid = 0; @@ -2185,7 +2181,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) dh_tmp = dh_tmp_export = 0; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); #endif cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); @@ -2283,10 +2279,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) x = cpk->x509; /* This call populates extension flags (ex_flags) */ X509_check_purpose(x, -1, 0); -# ifndef OPENSSL_NO_ECDH ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; -# endif ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; if (!(cpk->valid_flags & CERT_PKEY_SIGN)) @@ -2298,7 +2292,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); } -# ifndef OPENSSL_NO_ECDH if (ecdh_ok) { if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { @@ -2319,17 +2312,14 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) } } } -# endif -# ifndef OPENSSL_NO_ECDSA if (ecdsa_ok) { mask_a |= SSL_aECDSA; emask_a |= SSL_aECDSA; } -# endif } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (have_ecdh_tmp) { mask_k |= SSL_kECDHE; emask_k |= SSL_kECDHE; @@ -3267,7 +3257,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh) (SSL *ssl, int is_export, int keylength)) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 7a8a303648..a16ad08047 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1350,7 +1350,7 @@ typedef struct ssl3_state_st { # ifndef OPENSSL_NO_DH DH *dh; # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *ecdh; /* holds short lived ECDH key */ # endif /* used when SSL_ST_FLUSH_DATA is entered */ @@ -1662,7 +1662,7 @@ typedef struct cert_st { DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); int dh_tmp_auto; # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *ecdh_tmp; /* Callback for generating ephemeral ECDH keys */ EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize); @@ -1760,7 +1760,7 @@ typedef struct sess_cert_st { # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; /* not used for SSL 2 */ # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *peer_ecdh_tmp; # endif int references; /* actually always 1 at the moment */ @@ -2317,7 +2317,7 @@ int tls1_alert_code(int code); int ssl3_alert_code(int code); int ssl_ok(SSL *s); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); # endif @@ -2332,9 +2332,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str); -# ifndef OPENSSL_NO_ECDH int tls1_check_ec_tmp_key(SSL *s, unsigned long id); -# endif /* OPENSSL_NO_ECDH */ # endif /* OPENSSL_NO_EC */ # ifndef OPENSSL_NO_TLSEXT diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 89fb44a4ca..7a157a694b 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -774,7 +774,7 @@ static void sv_usage(void) " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); #endif #ifndef OPENSSL_NO_PSK @@ -803,7 +803,7 @@ static void sv_usage(void) " -time - measure processor time used by client and server\n"); fprintf(stderr, " -zlib - use zlib compression\n"); fprintf(stderr, " -rle - use rle compression\n"); -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" " Use \"openssl ecparam -list_curves\" for all names\n" @@ -967,7 +967,7 @@ int main(int argc, char *argv[]) char *server_key = NULL; char *client_cert = TEST_CLIENT_CERT; char *client_key = NULL; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC char *named_curve = NULL; #endif SSL_CTX *s_ctx = NULL; @@ -980,7 +980,7 @@ int main(int argc, char *argv[]) DH *dh; int dhe1024 = 0, dhe1024dsa = 0; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL; #endif #ifndef OPENSSL_NO_SRP @@ -1206,7 +1206,7 @@ int main(int argc, char *argv[]) else if (strcmp(*argv, "-named_curve") == 0) { if (--argc < 1) goto bad; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC named_curve = *(++argv); #else fprintf(stderr, @@ -1470,7 +1470,7 @@ int main(int argc, char *argv[]) (void)no_dhe; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (!no_ecdhe) { int nid; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c91b761647..8296ea1f5c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -798,7 +798,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) return rv; } -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC /* Check EC temporary key is compatible with client extensions */ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) { @@ -863,7 +863,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) return tls1_check_ec_key(s, curve_id, NULL); # endif } -# endif /* OPENSSL_NO_ECDH */ +# endif /* OPENSSL_NO_EC */ #else @@ -893,9 +893,8 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) # define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, # endif -# ifdef OPENSSL_NO_ECDSA -# define tlsext_sigalg_ecdsa(md) - /* */ +# ifdef OPENSSL_NO_EC +# define tlsext_sigalg_ecdsa(md) /* */ # else # define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, # endif @@ -913,7 +912,7 @@ static const unsigned char tls12_sigalgs[] = { tlsext_sigalg(TLSEXT_hash_sha1) }; -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC static const unsigned char suiteb_sigalgs[] = { tlsext_sigalg_ecdsa(TLSEXT_hash_sha256) tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) @@ -3246,7 +3245,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg) case TLSEXT_signature_dsa: return SSL_PKEY_DSA_SIGN; # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC case TLSEXT_signature_ecdsa: return SSL_PKEY_ECC; # endif @@ -3326,7 +3325,7 @@ void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op) have_dsa = 1; break; # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC case TLSEXT_signature_ecdsa: if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs)) have_ecdsa = 1; @@ -3521,7 +3520,7 @@ int tls1_process_sigalgs(SSL *s) c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); } # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC if (!c->pkeys[SSL_PKEY_ECC].digest) c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); # endif diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 809e9b3d14..d3379d2a16 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -142,8 +142,6 @@ and [options] can be one of no-krb5 - No KRB5 no-srp - No SRP no-ec - No EC - no-ecdsa - No ECDSA - no-ecdh - No ECDH no-engine - No engine no-hw - No hw nasm - Use NASM for x86 asm @@ -298,8 +296,6 @@ $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; -$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; -$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; @@ -1427,8 +1423,6 @@ sub read_options "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, "no-ec" => \$no_ec, - "no-ecdsa" => \$no_ecdsa, - "no-ecdh" => \$no_ecdh, "no-gost" => \$no_gost, "no-engine" => \$no_engine, "no-hw" => \$no_hw,