generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC

Browse Source 
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Rich Salz 2015-03-10 19:09:27 -04:00
parent ac5a110621
commit 10bf4fc2c3
31 changed files with 130 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
CHANGES
View File

@ -41,28 +41,33 @@
[Rich Salz]
*) Remove various unsupported platforms:
Sony NEWS4
BEOS and BEOS_R5
NeXT
SUNOS
MPE/iX
Sinix/ReliantUNIX RM400
DGUX
NCR
Tandem
Cray
16-bit platforms such as WIN16
Sony NEWS4
BEOS and BEOS_R5
NeXT
SUNOS
MPE/iX
Sinix/ReliantUNIX RM400
DGUX
NCR
Tandem
Cray
16-bit platforms such as WIN16
[Rich Salz]
*) Start cleaning up OPENSSL_NO_xxx #define's
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
*) Clean up OPENSSL_NO_xxx #define's
Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
Remove MS_STATIC; it's a relic from platforms <32 bits.
[Rich Salz]
*) Start cleaning up dead code
*) Cleaned up dead code
Remove all but one '#ifdef undef' which is to be looked at.
[Rich Salz]

2
apps/req.c
View File

@ -398,7 +398,7 @@ int MAIN(int argc, char **argv)
" -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err,
" -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
BIO_printf(bio_err,
" -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
#endif

2
apps/s_cb.c
View File

@ -521,7 +521,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break;
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);

6
apps/s_server.c
View File

@ -486,7 +486,7 @@ static void sv_usage(void)
" -dhparam arg - DH parameter file to use, in cert file if not specified\n");
BIO_printf(bio_err,
" or a default set of parameters is used\n");
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
BIO_printf(bio_err,
" -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
" Use \"openssl ecparam -list_curves\" for all names\n"
@ -545,7 +545,7 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_DH
BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n");
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n");
#endif
BIO_printf(bio_err,
@ -1677,7 +1677,7 @@ int MAIN(int argc, char *argv[])
bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
}
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
if (nocert)
#endif
{

74
apps/speed.c
View File

@ -172,10 +172,8 @@
# include <openssl/dsa.h>
# include "./testdsa.h"
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
# include <openssl/ecdsa.h>
#endif
#ifndef OPENSSL_NO_ECDH
# include <openssl/ecdh.h>
#endif
#include <openssl/modes.h>
@ -242,14 +240,12 @@ static double rsa_results[RSA_NUM][2];
#ifndef OPENSSL_NO_DSA
static double dsa_results[DSA_NUM][2];
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
static double ecdsa_results[EC_NUM][2];
#endif
#ifndef OPENSSL_NO_ECDH
static double ecdh_results[EC_NUM][1];
#endif
#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
#if defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_EC)
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
static int rnd_fake = 0;
@ -330,7 +326,7 @@ static double Time_F(int s)
}
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
size_t *outlen)
@ -340,7 +336,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
*outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
}
#endif /* OPENSSL_NO_ECDH */
#endif /* OPENSSL_NO_EC */
static void multiblock_speed(const EVP_CIPHER *evp_cipher);
@ -595,30 +591,23 @@ int MAIN(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
unsigned char ecdsasig[256];
unsigned int ecdsasiglen;
EC_KEY *ecdsa[EC_NUM];
long ecdsa_c[EC_NUM][2];
#endif
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
int secret_size_a, secret_size_b;
int ecdh_checks = 0;
int secret_idx = 0;
long ecdh_c[EC_NUM][2];
int ecdsa_doit[EC_NUM];
int ecdh_doit[EC_NUM];
#endif
int rsa_doit[RSA_NUM];
int dsa_doit[DSA_NUM];
#ifndef OPENSSL_NO_ECDSA
int ecdsa_doit[EC_NUM];
#endif
#ifndef OPENSSL_NO_ECDH
int ecdh_doit[EC_NUM];
#endif
int doit[ALGOR_NUM];
int pr_header = 0;
const EVP_CIPHER *evp_cipher = NULL;
@ -639,11 +628,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_DSA
memset(dsa_key, 0, sizeof(dsa_key));
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
ecdsa[i] = NULL;
#endif
#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++) {
ecdh_a[i] = NULL;
ecdh_b[i] = NULL;
@ -689,11 +676,9 @@ int MAIN(int argc, char **argv)
rsa_doit[i] = 0;
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 0;
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 0;
#endif
#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 0;
#endif
@ -986,7 +971,7 @@ int MAIN(int argc, char **argv)
dsa_doit[R_DSA_2048] = 1;
} else
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
if (strcmp(*argv, "ecdsap160") == 0)
ecdsa_doit[R_EC_P160] = 2;
else if (strcmp(*argv, "ecdsap192") == 0)
@ -1022,10 +1007,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "ecdsa") == 0) {
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
} else
#endif
#ifndef OPENSSL_NO_ECDH
if (strcmp(*argv, "ecdhp160") == 0)
} else if (strcmp(*argv, "ecdhp160") == 0)
ecdh_doit[R_EC_P160] = 2;
else if (strcmp(*argv, "ecdhp192") == 0)
ecdh_doit[R_EC_P192] = 2;
@ -1135,7 +1117,7 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_DSA
BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
"ecdsap256 ecdsap384 ecdsap521\n");
BIO_printf(bio_err,
@ -1143,8 +1125,6 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
BIO_printf(bio_err, "ecdsa\n");
#endif
#ifndef OPENSSL_NO_ECDH
BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
"ecdhp256 ecdhp384 ecdhp521\n");
BIO_printf(bio_err,
@ -1234,11 +1214,9 @@ int MAIN(int argc, char **argv)
rsa_doit[i] = 1;
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 1;
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
#endif
#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 1;
#endif
@ -1428,7 +1406,7 @@ int MAIN(int argc, char **argv)
}
# endif
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
ecdsa_c[R_EC_P160][0] = count / 1000;
ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
for (i = R_EC_P192; i <= R_EC_P521; i++) {
@ -1471,9 +1449,6 @@ int MAIN(int argc, char **argv)
}
}
}
# endif
# ifndef OPENSSL_NO_ECDH
ecdh_c[R_EC_P160][0] = count / 1000;
ecdh_c[R_EC_P160][1] = count / 1000;
for (i = R_EC_P192; i <= R_EC_P521; i++) {
@ -2144,7 +2119,7 @@ int MAIN(int argc, char **argv)
RAND_cleanup();
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
@ -2236,9 +2211,6 @@ int MAIN(int argc, char **argv)
}
if (rnd_fake)
RAND_cleanup();
#endif
#ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
@ -2423,7 +2395,7 @@ int MAIN(int argc, char **argv)
1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
}
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
j = 1;
for (k = 0; k < EC_NUM; k++) {
if (!ecdsa_doit[k])
@ -2445,9 +2417,6 @@ int MAIN(int argc, char **argv)
ecdsa_results[k][0], ecdsa_results[k][1],
1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
}
#endif
#ifndef OPENSSL_NO_ECDH
j = 1;
for (k = 0; k < EC_NUM; k++) {
if (!ecdh_doit[k])
@ -2488,12 +2457,10 @@ int MAIN(int argc, char **argv)
DSA_free(dsa_key[i]);
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
if (ecdsa[i] != NULL)
EC_KEY_free(ecdsa[i]);
#endif
#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++) {
if (ecdh_a[i] != NULL)
EC_KEY_free(ecdh_a[i]);
@ -2697,7 +2664,7 @@ static int do_multi(int multi)
dsa_results[k][1] = d;
}
# endif
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
else if (!strncmp(buf, "+F4:", 4)) {
int k;
double d;
@ -2720,9 +2687,6 @@ static int do_multi(int multi)
else
ecdsa_results[k][1] = d;
}
# endif
# ifndef OPENSSL_NO_ECDH
else if (!strncmp(buf, "+F5:", 4)) {
int k;
double d;

7
crypto/ec/ec_pmeth.c
View File

@ -203,7 +203,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
return ret;
}
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
@ -302,7 +302,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
return 1;
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
if (p1 == -2) {
if (dctx->cofactor_mode != -1)
@ -519,12 +519,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
0, 0,
0,
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
pkey_ec_kdf_derive,
#else
0,
#endif
pkey_ec_ctrl,
pkey_ec_ctrl_str
};

2
crypto/ecdh/ecdh.h
View File

@ -71,7 +71,7 @@
# include <openssl/opensslconf.h>
# ifdef OPENSSL_NO_ECDH
# ifdef OPENSSL_NO_EC
# error ECDH is disabled.
# endif

4
crypto/ecdh/ecdhtest.c
View File

@ -73,7 +73,7 @@
#include "../e_os.h"
#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
#include <openssl/opensslconf.h> /* for OPENSSL_NO_EC */
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
@ -82,7 +82,7 @@
#include <openssl/sha.h>
#include <openssl/err.h>
#ifdef OPENSSL_NO_ECDH
#ifdef OPENSSL_NO_EC
int main(int argc, char *argv[])
{
printf("No ECDH support\n");

2
crypto/ecdsa/ecdsa.h
View File

@ -61,7 +61,7 @@
# include <openssl/opensslconf.h>
# ifdef OPENSSL_NO_ECDSA
# ifdef OPENSSL_NO_EC
# error ECDSA is disabled.
# endif

4
crypto/ecdsa/ecdsatest.c
View File

@ -73,9 +73,9 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
#ifdef OPENSSL_NO_ECDSA
#ifdef OPENSSL_NO_EC
int main(int argc, char *argv[])
{
puts("Elliptic curves are disabled.");

8
crypto/engine/eng_fat.c
View File

@ -79,11 +79,9 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
return 0;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
return 0;
#endif
#ifndef OPENSSL_NO_ECDSA
if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
return 0;
#endif
@ -159,10 +157,8 @@ int ENGINE_register_complete(ENGINE *e)
#ifndef OPENSSL_NO_DH
ENGINE_register_DH(e);
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
ENGINE_register_ECDH(e);
#endif
#ifndef OPENSSL_NO_ECDSA
ENGINE_register_ECDSA(e);
#endif
ENGINE_register_RAND(e);

4
crypto/engine/eng_list.c
View File

@ -300,10 +300,8 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
#ifndef OPENSSL_NO_DH
dest->dh_meth = src->dh_meth;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
dest->ecdh_meth = src->ecdh_meth;
#endif
#ifndef OPENSSL_NO_ECDSA
dest->ecdsa_meth = src->ecdsa_meth;
#endif
dest->rand_meth = src->rand_meth;

4
crypto/engine/eng_openssl.c
View File

@ -149,10 +149,8 @@ static int bind_helper(ENGINE *e)
# ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
# endif
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
# endif
# ifndef OPENSSL_NO_ECDSA
|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
# endif
# ifndef OPENSSL_NO_DH

4
crypto/engine/engine.h
View File

@ -82,10 +82,8 @@
# ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
# endif
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
# include <openssl/ecdh.h>
# endif
# ifndef OPENSSL_NO_ECDSA
# include <openssl/ecdsa.h>
# endif
# include <openssl/rand.h>

8
crypto/err/err_all.c
View File

@ -76,10 +76,8 @@
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
# include <openssl/ecdsa.h>
#endif
#ifndef OPENSSL_NO_ECDH
# include <openssl/ecdh.h>
#endif
#include <openssl/evp.h>
@ -138,11 +136,7 @@ void ERR_load_crypto_strings(void)
# endif
# ifndef OPENSSL_NO_EC
ERR_load_EC_strings();
# endif
# ifndef OPENSSL_NO_ECDSA
ERR_load_ECDSA_strings();
# endif
# ifndef OPENSSL_NO_ECDH
ERR_load_ECDH_strings();
# endif
/* skip ERR_load_SSL_strings() because it is not in this library */

2
crypto/evp/c_alld.c
View File

@ -80,7 +80,7 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
# endif
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
EVP_add_digest(EVP_ecdsa());
# endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)

2
crypto/evp/evp.h
View File

@ -234,7 +234,7 @@ typedef int evp_verify_method(int type, const unsigned char *m,
# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
# endif
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
(evp_verify_method *)ECDSA_verify, \
{EVP_PKEY_EC,0,0,0}

6
crypto/x509/x509.h
View File

@ -75,13 +75,7 @@
# ifndef OPENSSL_NO_EC
# include <openssl/ec.h>
# endif
# ifndef OPENSSL_NO_ECDSA
# include <openssl/ecdsa.h>
# endif
# ifndef OPENSSL_NO_ECDH
# include <openssl/ecdh.h>
# endif

24
ssl/s3_clnt.c
View File

@ -1321,7 +1321,7 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_DH
DH *dh = NULL;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *srvr_ecpoint = NULL;
@ -1385,7 +1385,7 @@ int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_dh_tmp = NULL;
}
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (s->session->sess_cert->peer_ecdh_tmp) {
EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
s->session->sess_cert->peer_ecdh_tmp = NULL;
@ -1724,7 +1724,7 @@ int ssl3_get_key_exchange(SSL *s)
}
#endif /* !OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
else if (alg_k & SSL_kECDHE) {
EC_GROUP *ngroup;
const EC_GROUP *group;
@ -1822,7 +1822,7 @@ int ssl3_get_key_exchange(SSL *s)
X509_get_pubkey(s->session->
sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
# endif
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
else if (alg_a & SSL_aECDSA)
pkey =
X509_get_pubkey(s->session->
@ -1841,7 +1841,7 @@ int ssl3_get_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
#endif /* !OPENSSL_NO_ECDH */
#endif /* !OPENSSL_NO_EC */
/* p points to the next byte, there are 'n' bytes left */
@ -1961,7 +1961,7 @@ int ssl3_get_key_exchange(SSL *s)
if (dh != NULL)
DH_free(dh);
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
EC_POINT_free(srvr_ecpoint);
if (ecdh != NULL)
@ -2299,7 +2299,7 @@ int ssl3_send_client_key_exchange(SSL *s)
#ifndef OPENSSL_NO_KRB5
KSSL_ERR kssl_err;
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
EC_KEY *clnt_ecdh = NULL;
const EC_POINT *srvr_ecpoint = NULL;
EVP_PKEY *srvr_pub_pkey = NULL;
@ -2597,7 +2597,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
@ -2768,7 +2768,7 @@ int ssl3_send_client_key_exchange(SSL *s)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
}
#endif /* !OPENSSL_NO_ECDH */
#endif /* !OPENSSL_NO_EC */
else if (alg_k & SSL_kGOST) {
/* GOST key exchange message creation */
EVP_PKEY_CTX *pkey_ctx;
@ -3054,7 +3054,7 @@ int ssl3_send_client_key_exchange(SSL *s)
OPENSSL_free(pms);
s->cert->pms = NULL;
}
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
if (encodedPoint != NULL)
OPENSSL_free(encodedPoint);
@ -3156,7 +3156,7 @@ int ssl3_send_client_verify(SSL *s)
n = j + 2;
} else
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC) {
if (!ECDSA_sign(pkey->save_type,
&(data[MD5_DIGEST_LENGTH]),
@ -3365,7 +3365,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
/* This is the passed certificate */
idx = sc->peer_cert_type;
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (idx == SSL_PKEY_ECC) {
if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) {
/* check failed */

39
ssl/s3_lib.c
View File

@ -2051,7 +2051,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
},
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
/* Cipher C001 */
{
1,
@ -2451,7 +2451,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#endif /* OPENSSL_NO_ECDH */
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_SRP
/* Cipher C01A */
@ -2598,7 +2598,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
#endif /* OPENSSL_NO_SRP */
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@ -2973,7 +2973,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256},
# endif /* OPENSSL_NO_CAMELLIA */
#endif /* OPENSSL_NO_ECDH */
#endif /* OPENSSL_NO_EC */
#ifdef TEMP_GOST_TLS
/* Cipher FF00 */
@ -3138,7 +3138,7 @@ void ssl3_free(SSL *s)
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (s->s3->tmp.ecdh != NULL)
EC_KEY_free(s->s3->tmp.ecdh);
#endif
@ -3183,7 +3183,7 @@ void ssl3_clear(SSL *s)
s->s3->tmp.dh = NULL;
}
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (s->s3->tmp.ecdh != NULL) {
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;
@ -3357,7 +3357,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
s->cert->dh_tmp_auto = larg;
return 1;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
@ -3389,7 +3389,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
}
#endif /* !OPENSSL_NO_ECDH */
#endif /* !OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
@ -3558,7 +3558,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_ECDH_AUTO:
s->cert->ecdh_tmp_auto = larg;
return 1;
@ -3629,7 +3629,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
EVP_PKEY *ptmp;
int rv = 0;
sc = s->session->sess_cert;
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
return 0;
#endif
@ -3645,7 +3645,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
else if (sc->peer_dh_tmp)
rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
else if (sc->peer_ecdh_tmp)
rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
#endif
@ -3736,7 +3736,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
}
break;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH_CB:
{
s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
@ -3847,7 +3847,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
ctx->cert->dh_tmp_auto = larg;
return 1;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
@ -3881,7 +3881,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
#endif /* !OPENSSL_NO_ECDH */
#endif /* !OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg;
@ -3955,7 +3955,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
parg);
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_ECDH_AUTO:
ctx->cert->ecdh_tmp_auto = larg;
return 1;
@ -4059,7 +4059,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
}
break;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH_CB:
{
cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
@ -4251,14 +4251,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_ECDH
/*
* if we are considering an ECC cipher suite that uses an ephemeral
* EC key check it
*/
if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
# endif /* OPENSSL_NO_ECDH */
# endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
@ -4346,16 +4344,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
if (!(alg_a & SSL_aDSS))
p[ret++] = SSL3_CT_DSS_SIGN;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
if (nostrict || !(alg_a & SSL_aRSA))
p[ret++] = TLS_CT_RSA_FIXED_ECDH;
if (nostrict || !(alg_a & SSL_aECDSA))
p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
}
#endif
#ifndef OPENSSL_NO_ECDSA
/*
* ECDSA certs can be used with RSA cipher suites as well so we don't
* need to check for SSL_kECDH or SSL_kECDHE

10
ssl/s3_srvr.c
View File

@ -1532,7 +1532,7 @@ int ssl3_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_DH
DH *dh = NULL, *dhp;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL, *ecdhp;
unsigned char *encodedPoint = NULL;
int encodedlen = 0;
@ -1654,7 +1654,7 @@ int ssl3_send_server_key_exchange(SSL *s)
r[2] = dh->pub_key;
} else
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (type & SSL_kECDHE) {
const EC_GROUP *group;
@ -1782,7 +1782,7 @@ int ssl3_send_server_key_exchange(SSL *s)
r[2] = NULL;
r[3] = NULL;
} else
#endif /* !OPENSSL_NO_ECDH */
#endif /* !OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
/*
@ -1853,7 +1853,7 @@ int ssl3_send_server_key_exchange(SSL *s)
p += nr[i];
}
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (type & SSL_kECDHE) {
/*
* XXX: For now, we only support named (not generic) curves. In
@ -3001,7 +3001,7 @@ int ssl3_get_cert_verify(SSL *s)
}
} else
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC) {
j = ECDSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),

2
ssl/ssl.h
View File

@ -1760,7 +1760,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
DH *(*dh) (SSL *ssl, int is_export,
int keylength));
# endif
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
EC_KEY *(*ecdh) (SSL *ssl, int is_export,
int keylength));

2
ssl/ssl_algs.c
View File

@ -122,7 +122,7 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
EVP_add_digest(EVP_ecdsa());
#endif
#ifndef OPENSSL_NO_COMP

8
ssl/ssl_cert.c
View File

@ -175,7 +175,7 @@ void ssl_cert_set_default_md(CERT *cert)
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
#endif
#ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_EC
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#endif
}
@ -261,7 +261,7 @@ CERT *ssl_cert_dup(CERT *cert)
ret->dh_tmp_auto = cert->dh_tmp_auto;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (cert->ecdh_tmp) {
ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
if (ret->ecdh_tmp == NULL) {
@ -450,7 +450,7 @@ void ssl_cert_free(CERT *c)
if (c->dh_tmp)
DH_free(c->dh_tmp);
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (c->ecdh_tmp)
EC_KEY_free(c->ecdh_tmp);
#endif
@ -683,7 +683,7 @@ void ssl_sess_cert_free(SESS_CERT *sc)
if (sc->peer_dh_tmp != NULL)
DH_free(sc->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (sc->peer_ecdh_tmp != NULL)
EC_KEY_free(sc->peer_ecdh_tmp);
#endif

9
ssl/ssl_ciph.c
View File

@ -748,12 +748,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
*mkey |= SSL_kKRB5;
*auth |= SSL_aKRB5;
#endif
#ifdef OPENSSL_NO_ECDSA
*auth |= SSL_aECDSA;
#endif
#ifdef OPENSSL_NO_ECDH
#ifdef OPENSSL_NO_EC
*mkey |= SSL_kECDHe | SSL_kECDHr;
*auth |= SSL_aECDH;
*auth |= SSL_aECDSA | SSL_aECDH;
#endif
#ifdef OPENSSL_NO_PSK
*mkey |= SSL_kPSK;
@ -1437,7 +1434,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
return 0;
}
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
switch (suiteb_flags) {
case SSL_CERT_FLAG_SUITEB_128_LOS:
if (suiteb_comb2)

4
ssl/ssl_conf.c
View File

@ -257,7 +257,7 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
return rv > 0;
}
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
/* ECDH temporary parameters */
static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
{
@ -447,7 +447,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"),
SSL_CONF_CMD_STRING(Curves, "curves"),
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"),
#endif
SSL_CONF_CMD_STRING(CipherString, "cipher"),

20
ssl/ssl_lib.c
View File

@ -2153,13 +2153,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
int rsa_enc_export, dh_rsa_export, dh_dsa_export;
int rsa_tmp_export, dh_tmp_export, kl;
unsigned long mask_k, mask_a, emask_k, emask_a;
#ifndef OPENSSL_NO_ECDSA
int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
#endif
#ifndef OPENSSL_NO_ECDH
int have_ecdh_tmp, ecdh_ok;
#endif
#ifndef OPENSSL_NO_EC
int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
int have_ecdh_tmp, ecdh_ok;
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
int signature_nid = 0, pk_nid = 0, md_nid = 0;
@ -2185,7 +2181,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
dh_tmp = dh_tmp_export = 0;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
#endif
cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
@ -2283,10 +2279,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
x = cpk->x509;
/* This call populates extension flags (ex_flags) */
X509_check_purpose(x, -1, 0);
# ifndef OPENSSL_NO_ECDH
ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
(x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
# endif
ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
(x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
if (!(cpk->valid_flags & CERT_PKEY_SIGN))
@ -2298,7 +2292,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
}
# ifndef OPENSSL_NO_ECDH
if (ecdh_ok) {
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
@ -2319,17 +2312,14 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
}
}
}
# endif
# ifndef OPENSSL_NO_ECDSA
if (ecdsa_ok) {
mask_a |= SSL_aECDSA;
emask_a |= SSL_aECDSA;
}
# endif
}
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (have_ecdh_tmp) {
mask_k |= SSL_kECDHE;
emask_k |= SSL_kECDHE;
@ -3267,7 +3257,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
}
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
EC_KEY *(*ecdh) (SSL *ssl, int is_export,
int keylength))

10
ssl/ssl_locl.h
View File

@ -1350,7 +1350,7 @@ typedef struct ssl3_state_st {
# ifndef OPENSSL_NO_DH
DH *dh;
# endif
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
EC_KEY *ecdh; /* holds short lived ECDH key */
# endif
/* used when SSL_ST_FLUSH_DATA is entered */
@ -1662,7 +1662,7 @@ typedef struct cert_st {
DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
int dh_tmp_auto;
# endif
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
EC_KEY *ecdh_tmp;
/* Callback for generating ephemeral ECDH keys */
EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
@ -1760,7 +1760,7 @@ typedef struct sess_cert_st {
# ifndef OPENSSL_NO_DH
DH *peer_dh_tmp; /* not used for SSL 2 */
# endif
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
EC_KEY *peer_ecdh_tmp;
# endif
int references; /* actually always 1 at the moment */
@ -2317,7 +2317,7 @@ int tls1_alert_code(int code);
int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
# endif
@ -2332,9 +2332,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
int *curves, size_t ncurves);
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str);
# ifndef OPENSSL_NO_ECDH
int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
# endif /* OPENSSL_NO_ECDH */
# endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_TLSEXT

12
ssl/ssltest.c
View File

@ -774,7 +774,7 @@ static void sv_usage(void)
" -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr, " -no_dhe - disable DHE\n");
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
#endif
#ifndef OPENSSL_NO_PSK
@ -803,7 +803,7 @@ static void sv_usage(void)
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
fprintf(stderr, " -rle - use rle compression\n");
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
fprintf(stderr,
" -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
" Use \"openssl ecparam -list_curves\" for all names\n"
@ -967,7 +967,7 @@ int main(int argc, char *argv[])
char *server_key = NULL;
char *client_cert = TEST_CLIENT_CERT;
char *client_key = NULL;
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
char *named_curve = NULL;
#endif
SSL_CTX *s_ctx = NULL;
@ -980,7 +980,7 @@ int main(int argc, char *argv[])
DH *dh;
int dhe1024 = 0, dhe1024dsa = 0;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL;
#endif
#ifndef OPENSSL_NO_SRP
@ -1206,7 +1206,7 @@ int main(int argc, char *argv[])
else if (strcmp(*argv, "-named_curve") == 0) {
if (--argc < 1)
goto bad;
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
named_curve = *(++argv);
#else
fprintf(stderr,
@ -1470,7 +1470,7 @@ int main(int argc, char *argv[])
(void)no_dhe;
#endif
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
if (!no_ecdhe) {
int nid;

17
ssl/t1_lib.c
View File

@ -798,7 +798,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
return rv;
}
# ifndef OPENSSL_NO_ECDH
# ifndef OPENSSL_NO_EC
/* Check EC temporary key is compatible with client extensions */
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
{
@ -863,7 +863,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
return tls1_check_ec_key(s, curve_id, NULL);
# endif
}
# endif /* OPENSSL_NO_ECDH */
# endif /* OPENSSL_NO_EC */
#else
@ -893,9 +893,8 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
# endif
# ifdef OPENSSL_NO_ECDSA
# define tlsext_sigalg_ecdsa(md)
/* */
# ifdef OPENSSL_NO_EC
# define tlsext_sigalg_ecdsa(md) /* */
# else
# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
# endif
@ -913,7 +912,7 @@ static const unsigned char tls12_sigalgs[] = {
tlsext_sigalg(TLSEXT_hash_sha1)
};
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
static const unsigned char suiteb_sigalgs[] = {
tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
@ -3246,7 +3245,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
case TLSEXT_signature_dsa:
return SSL_PKEY_DSA_SIGN;
# endif
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
case TLSEXT_signature_ecdsa:
return SSL_PKEY_ECC;
# endif
@ -3326,7 +3325,7 @@ void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op)
have_dsa = 1;
break;
# endif
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
case TLSEXT_signature_ecdsa:
if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs))
have_ecdsa = 1;
@ -3521,7 +3520,7 @@ int tls1_process_sigalgs(SSL *s)
c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
}
# endif
# ifndef OPENSSL_NO_ECDSA
# ifndef OPENSSL_NO_EC
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
# endif

6
util/mk1mf.pl
View File

@ -142,8 +142,6 @@ and [options] can be one of
no-krb5 - No KRB5
no-srp - No SRP
no-ec - No EC
no-ecdsa - No ECDSA
no-ecdh - No ECDH
no-engine - No engine
no-hw - No hw
nasm - Use NASM for x86 asm
@ -298,8 +296,6 @@ $cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
@ -1427,8 +1423,6 @@ sub read_options
"no-sock" => \$no_sock,
"no-krb5" => \$no_krb5,
"no-ec" => \$no_ec,
"no-ecdsa" => \$no_ecdsa,
"no-ecdh" => \$no_ecdh,
"no-gost" => \$no_gost,
"no-engine" => \$no_engine,
"no-hw" => \$no_hw,