OPENSSL_NO_xxx cleanup: SHA

Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
parent c73ad69017
commit 474e469bbd
59 changed files with 240 additions and 1062 deletions
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -328,9 +328,6 @@ static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
    l2n(sha1->h4, md_out);
 }

-#define LARGEST_DIGEST_CTX SHA_CTX
-
-#ifndef OPENSSL_NO_SHA256
 static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
 {
    SHA256_CTX *sha256 = ctx;
@@ -341,11 +338,6 @@ static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
    }
 }

-# undef  LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
-
-#ifndef OPENSSL_NO_SHA512
 static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
 {
    SHA512_CTX *sha512 = ctx;
@@ -356,9 +348,8 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
    }
 }

-# undef  LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
+#undef  LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX

 /*
 * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
@@ -371,14 +362,10 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
    switch (EVP_MD_CTX_type(ctx)) {
    case NID_md5:
    case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
    case NID_sha224:
    case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
    case NID_sha384:
    case NID_sha512:
-#endif
        return 1;
    default:
        return 0;
@@ -465,7 +452,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
            (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
        md_size = 20;
        break;
-#ifndef OPENSSL_NO_SHA256
    case NID_sha224:
        SHA224_Init((SHA256_CTX *)md_state.c);
        md_final_raw = tls1_sha256_final_raw;
@@ -480,8 +466,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
        md_size = 32;
        break;
-#endif
-#ifndef OPENSSL_NO_SHA512
    case NID_sha384:
        SHA384_Init((SHA512_CTX *)md_state.c);
        md_final_raw = tls1_sha512_final_raw;
@@ -500,7 +484,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
        md_block_size = 128;
        md_length_size = 16;
        break;
-#endif
    default:
        /*
         * ssl3_cbc_record_digest_supported should have been called first to