diff options
| author | tedu <> | 2014-04-17 20:34:24 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-17 20:34:24 +0000 |
| commit | 816c7c873767914a1ee22f5ce3f4143db7d22db8 (patch) | |
| tree | 43eb7871ab96b298855c37d0802ec9dcdd62876a | |
| parent | 10f8584c8d154372271c63ed30f4d22c72b9bdc6 (diff) | |
| download | openbsd-816c7c873767914a1ee22f5ce3f4143db7d22db8.tar.gz openbsd-816c7c873767914a1ee22f5ce3f4143db7d22db8.tar.bz2 openbsd-816c7c873767914a1ee22f5ce3f4143db7d22db8.zip | |
quick pass at removing ability to disable sha256 and sha512. ok miod
| -rw-r--r-- | src/lib/libssl/s3_cbc.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_cbc.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_algs.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_algs.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 12 |
10 files changed, 0 insertions, 72 deletions
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index 964266e5b2..e8f7df572f 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c | |||
| @@ -351,7 +351,6 @@ tls1_sha1_final_raw(void* ctx, unsigned char *md_out) | |||
| 351 | } | 351 | } |
| 352 | #define LARGEST_DIGEST_CTX SHA_CTX | 352 | #define LARGEST_DIGEST_CTX SHA_CTX |
| 353 | 353 | ||
| 354 | #ifndef OPENSSL_NO_SHA256 | ||
| 355 | static void | 354 | static void |
| 356 | tls1_sha256_final_raw(void* ctx, unsigned char *md_out) | 355 | tls1_sha256_final_raw(void* ctx, unsigned char *md_out) |
| 357 | { | 356 | { |
| @@ -364,9 +363,7 @@ tls1_sha256_final_raw(void* ctx, unsigned char *md_out) | |||
| 364 | } | 363 | } |
| 365 | #undef LARGEST_DIGEST_CTX | 364 | #undef LARGEST_DIGEST_CTX |
| 366 | #define LARGEST_DIGEST_CTX SHA256_CTX | 365 | #define LARGEST_DIGEST_CTX SHA256_CTX |
| 367 | #endif | ||
| 368 | 366 | ||
| 369 | #ifndef OPENSSL_NO_SHA512 | ||
| 370 | static void | 367 | static void |
| 371 | tls1_sha512_final_raw(void* ctx, unsigned char *md_out) | 368 | tls1_sha512_final_raw(void* ctx, unsigned char *md_out) |
| 372 | { | 369 | { |
| @@ -379,7 +376,6 @@ tls1_sha512_final_raw(void* ctx, unsigned char *md_out) | |||
| 379 | } | 376 | } |
| 380 | #undef LARGEST_DIGEST_CTX | 377 | #undef LARGEST_DIGEST_CTX |
| 381 | #define LARGEST_DIGEST_CTX SHA512_CTX | 378 | #define LARGEST_DIGEST_CTX SHA512_CTX |
| 382 | #endif | ||
| 383 | 379 | ||
| 384 | /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function | 380 | /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function |
| 385 | * which ssl3_cbc_digest_record supports. */ | 381 | * which ssl3_cbc_digest_record supports. */ |
| @@ -389,14 +385,10 @@ ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) | |||
| 389 | switch (EVP_MD_CTX_type(ctx)) { | 385 | switch (EVP_MD_CTX_type(ctx)) { |
| 390 | case NID_md5: | 386 | case NID_md5: |
| 391 | case NID_sha1: | 387 | case NID_sha1: |
| 392 | #ifndef OPENSSL_NO_SHA256 | ||
| 393 | case NID_sha224: | 388 | case NID_sha224: |
| 394 | case NID_sha256: | 389 | case NID_sha256: |
| 395 | #endif | ||
| 396 | #ifndef OPENSSL_NO_SHA512 | ||
| 397 | case NID_sha384: | 390 | case NID_sha384: |
| 398 | case NID_sha512: | 391 | case NID_sha512: |
| 399 | #endif | ||
| 400 | return 1; | 392 | return 1; |
| 401 | default: | 393 | default: |
| 402 | return 0; | 394 | return 0; |
| @@ -469,7 +461,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, | |||
| 469 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; | 461 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; |
| 470 | md_size = 20; | 462 | md_size = 20; |
| 471 | break; | 463 | break; |
| 472 | #ifndef OPENSSL_NO_SHA256 | ||
| 473 | case NID_sha224: | 464 | case NID_sha224: |
| 474 | SHA224_Init((SHA256_CTX*)md_state.c); | 465 | SHA224_Init((SHA256_CTX*)md_state.c); |
| 475 | md_final_raw = tls1_sha256_final_raw; | 466 | md_final_raw = tls1_sha256_final_raw; |
| @@ -482,8 +473,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, | |||
| 482 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; | 473 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; |
| 483 | md_size = 32; | 474 | md_size = 32; |
| 484 | break; | 475 | break; |
| 485 | #endif | ||
| 486 | #ifndef OPENSSL_NO_SHA512 | ||
| 487 | case NID_sha384: | 476 | case NID_sha384: |
| 488 | SHA384_Init((SHA512_CTX*)md_state.c); | 477 | SHA384_Init((SHA512_CTX*)md_state.c); |
| 489 | md_final_raw = tls1_sha512_final_raw; | 478 | md_final_raw = tls1_sha512_final_raw; |
| @@ -500,7 +489,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, | |||
| 500 | md_block_size = 128; | 489 | md_block_size = 128; |
| 501 | md_length_size = 16; | 490 | md_length_size = 16; |
| 502 | break; | 491 | break; |
| 503 | #endif | ||
| 504 | default: | 492 | default: |
| 505 | /* ssl3_cbc_record_digest_supported should have been | 493 | /* ssl3_cbc_record_digest_supported should have been |
| 506 | * called first to check that the hash function is | 494 | * called first to check that the hash function is |
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 26bdef6b4f..32405eac75 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1940,11 +1940,7 @@ ssl3_get_new_session_ticket(SSL *s) | |||
| 1940 | */ | 1940 | */ |
| 1941 | EVP_Digest(p, ticklen, | 1941 | EVP_Digest(p, ticklen, |
| 1942 | s->session->session_id, &s->session->session_id_length, | 1942 | s->session->session_id, &s->session->session_id_length, |
| 1943 | #ifndef OPENSSL_NO_SHA256 | ||
| 1944 | EVP_sha256(), NULL); | 1943 | EVP_sha256(), NULL); |
| 1945 | #else | ||
| 1946 | EVP_sha1(), NULL); | ||
| 1947 | #endif | ||
| 1948 | ret = 1; | 1944 | ret = 1; |
| 1949 | return (ret); | 1945 | return (ret); |
| 1950 | f_err: | 1946 | f_err: |
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c index 964266e5b2..e8f7df572f 100644 --- a/src/lib/libssl/src/ssl/s3_cbc.c +++ b/src/lib/libssl/src/ssl/s3_cbc.c | |||
| @@ -351,7 +351,6 @@ tls1_sha1_final_raw(void* ctx, unsigned char *md_out) | |||
| 351 | } | 351 | } |
| 352 | #define LARGEST_DIGEST_CTX SHA_CTX | 352 | #define LARGEST_DIGEST_CTX SHA_CTX |
| 353 | 353 | ||
| 354 | #ifndef OPENSSL_NO_SHA256 | ||
| 355 | static void | 354 | static void |
| 356 | tls1_sha256_final_raw(void* ctx, unsigned char *md_out) | 355 | tls1_sha256_final_raw(void* ctx, unsigned char *md_out) |
| 357 | { | 356 | { |
| @@ -364,9 +363,7 @@ tls1_sha256_final_raw(void* ctx, unsigned char *md_out) | |||
| 364 | } | 363 | } |
| 365 | #undef LARGEST_DIGEST_CTX | 364 | #undef LARGEST_DIGEST_CTX |
| 366 | #define LARGEST_DIGEST_CTX SHA256_CTX | 365 | #define LARGEST_DIGEST_CTX SHA256_CTX |
| 367 | #endif | ||
| 368 | 366 | ||
| 369 | #ifndef OPENSSL_NO_SHA512 | ||
| 370 | static void | 367 | static void |
| 371 | tls1_sha512_final_raw(void* ctx, unsigned char *md_out) | 368 | tls1_sha512_final_raw(void* ctx, unsigned char *md_out) |
| 372 | { | 369 | { |
| @@ -379,7 +376,6 @@ tls1_sha512_final_raw(void* ctx, unsigned char *md_out) | |||
| 379 | } | 376 | } |
| 380 | #undef LARGEST_DIGEST_CTX | 377 | #undef LARGEST_DIGEST_CTX |
| 381 | #define LARGEST_DIGEST_CTX SHA512_CTX | 378 | #define LARGEST_DIGEST_CTX SHA512_CTX |
| 382 | #endif | ||
| 383 | 379 | ||
| 384 | /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function | 380 | /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function |
| 385 | * which ssl3_cbc_digest_record supports. */ | 381 | * which ssl3_cbc_digest_record supports. */ |
| @@ -389,14 +385,10 @@ ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) | |||
| 389 | switch (EVP_MD_CTX_type(ctx)) { | 385 | switch (EVP_MD_CTX_type(ctx)) { |
| 390 | case NID_md5: | 386 | case NID_md5: |
| 391 | case NID_sha1: | 387 | case NID_sha1: |
| 392 | #ifndef OPENSSL_NO_SHA256 | ||
| 393 | case NID_sha224: | 388 | case NID_sha224: |
| 394 | case NID_sha256: | 389 | case NID_sha256: |
| 395 | #endif | ||
| 396 | #ifndef OPENSSL_NO_SHA512 | ||
| 397 | case NID_sha384: | 390 | case NID_sha384: |
| 398 | case NID_sha512: | 391 | case NID_sha512: |
| 399 | #endif | ||
| 400 | return 1; | 392 | return 1; |
| 401 | default: | 393 | default: |
| 402 | return 0; | 394 | return 0; |
| @@ -469,7 +461,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, | |||
| 469 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; | 461 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; |
| 470 | md_size = 20; | 462 | md_size = 20; |
| 471 | break; | 463 | break; |
| 472 | #ifndef OPENSSL_NO_SHA256 | ||
| 473 | case NID_sha224: | 464 | case NID_sha224: |
| 474 | SHA224_Init((SHA256_CTX*)md_state.c); | 465 | SHA224_Init((SHA256_CTX*)md_state.c); |
| 475 | md_final_raw = tls1_sha256_final_raw; | 466 | md_final_raw = tls1_sha256_final_raw; |
| @@ -482,8 +473,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, | |||
| 482 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; | 473 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; |
| 483 | md_size = 32; | 474 | md_size = 32; |
| 484 | break; | 475 | break; |
| 485 | #endif | ||
| 486 | #ifndef OPENSSL_NO_SHA512 | ||
| 487 | case NID_sha384: | 476 | case NID_sha384: |
| 488 | SHA384_Init((SHA512_CTX*)md_state.c); | 477 | SHA384_Init((SHA512_CTX*)md_state.c); |
| 489 | md_final_raw = tls1_sha512_final_raw; | 478 | md_final_raw = tls1_sha512_final_raw; |
| @@ -500,7 +489,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, | |||
| 500 | md_block_size = 128; | 489 | md_block_size = 128; |
| 501 | md_length_size = 16; | 490 | md_length_size = 16; |
| 502 | break; | 491 | break; |
| 503 | #endif | ||
| 504 | default: | 492 | default: |
| 505 | /* ssl3_cbc_record_digest_supported should have been | 493 | /* ssl3_cbc_record_digest_supported should have been |
| 506 | * called first to check that the hash function is | 494 | * called first to check that the hash function is |
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 26bdef6b4f..32405eac75 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1940,11 +1940,7 @@ ssl3_get_new_session_ticket(SSL *s) | |||
| 1940 | */ | 1940 | */ |
| 1941 | EVP_Digest(p, ticklen, | 1941 | EVP_Digest(p, ticklen, |
| 1942 | s->session->session_id, &s->session->session_id_length, | 1942 | s->session->session_id, &s->session->session_id_length, |
| 1943 | #ifndef OPENSSL_NO_SHA256 | ||
| 1944 | EVP_sha256(), NULL); | 1943 | EVP_sha256(), NULL); |
| 1945 | #else | ||
| 1946 | EVP_sha1(), NULL); | ||
| 1947 | #endif | ||
| 1948 | ret = 1; | 1944 | ret = 1; |
| 1949 | return (ret); | 1945 | return (ret); |
| 1950 | f_err: | 1946 | f_err: |
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c index 76644bda91..92973866d2 100644 --- a/src/lib/libssl/src/ssl/ssl_algs.c +++ b/src/lib/libssl/src/ssl/ssl_algs.c | |||
| @@ -116,14 +116,10 @@ SSL_library_init(void) | |||
| 116 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | 116 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); |
| 117 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | 117 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); |
| 118 | #endif | 118 | #endif |
| 119 | #ifndef OPENSSL_NO_SHA256 | ||
| 120 | EVP_add_digest(EVP_sha224()); | 119 | EVP_add_digest(EVP_sha224()); |
| 121 | EVP_add_digest(EVP_sha256()); | 120 | EVP_add_digest(EVP_sha256()); |
| 122 | #endif | ||
| 123 | #ifndef OPENSSL_NO_SHA512 | ||
| 124 | EVP_add_digest(EVP_sha384()); | 121 | EVP_add_digest(EVP_sha384()); |
| 125 | EVP_add_digest(EVP_sha512()); | 122 | EVP_add_digest(EVP_sha512()); |
| 126 | #endif | ||
| 127 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) | 123 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) |
| 128 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | 124 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ |
| 129 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); | 125 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); |
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index c539b1229d..483723736a 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h | |||
| @@ -1061,11 +1061,7 @@ int ssl_check_clienthello_tlsext_early(SSL *s); | |||
| 1061 | int ssl_check_clienthello_tlsext_late(SSL *s); | 1061 | int ssl_check_clienthello_tlsext_late(SSL *s); |
| 1062 | int ssl_check_serverhello_tlsext(SSL *s); | 1062 | int ssl_check_serverhello_tlsext(SSL *s); |
| 1063 | 1063 | ||
| 1064 | #ifdef OPENSSL_NO_SHA256 | ||
| 1065 | #define tlsext_tick_md EVP_sha1 | ||
| 1066 | #else | ||
| 1067 | #define tlsext_tick_md EVP_sha256 | 1064 | #define tlsext_tick_md EVP_sha256 |
| 1068 | #endif | ||
| 1069 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | 1065 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, |
| 1070 | const unsigned char *limit, SSL_SESSION **ret); | 1066 | const unsigned char *limit, SSL_SESSION **ret); |
| 1071 | 1067 | ||
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 7ecf7e0658..b88b3561e0 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -334,14 +334,10 @@ tls1_ec_nid2curve_id(int nid) | |||
| 334 | tlsext_sigalg_ecdsa(md) | 334 | tlsext_sigalg_ecdsa(md) |
| 335 | 335 | ||
| 336 | static unsigned char tls12_sigalgs[] = { | 336 | static unsigned char tls12_sigalgs[] = { |
| 337 | #ifndef OPENSSL_NO_SHA512 | ||
| 338 | tlsext_sigalg(TLSEXT_hash_sha512) | 337 | tlsext_sigalg(TLSEXT_hash_sha512) |
| 339 | tlsext_sigalg(TLSEXT_hash_sha384) | 338 | tlsext_sigalg(TLSEXT_hash_sha384) |
| 340 | #endif | ||
| 341 | #ifndef OPENSSL_NO_SHA256 | ||
| 342 | tlsext_sigalg(TLSEXT_hash_sha256) | 339 | tlsext_sigalg(TLSEXT_hash_sha256) |
| 343 | tlsext_sigalg(TLSEXT_hash_sha224) | 340 | tlsext_sigalg(TLSEXT_hash_sha224) |
| 344 | #endif | ||
| 345 | #ifndef OPENSSL_NO_SHA | 341 | #ifndef OPENSSL_NO_SHA |
| 346 | tlsext_sigalg(TLSEXT_hash_sha1) | 342 | tlsext_sigalg(TLSEXT_hash_sha1) |
| 347 | #endif | 343 | #endif |
| @@ -2205,14 +2201,10 @@ static tls12_lookup tls12_md[] = { | |||
| 2205 | #ifndef OPENSSL_NO_SHA | 2201 | #ifndef OPENSSL_NO_SHA |
| 2206 | {NID_sha1, TLSEXT_hash_sha1}, | 2202 | {NID_sha1, TLSEXT_hash_sha1}, |
| 2207 | #endif | 2203 | #endif |
| 2208 | #ifndef OPENSSL_NO_SHA256 | ||
| 2209 | {NID_sha224, TLSEXT_hash_sha224}, | 2204 | {NID_sha224, TLSEXT_hash_sha224}, |
| 2210 | {NID_sha256, TLSEXT_hash_sha256}, | 2205 | {NID_sha256, TLSEXT_hash_sha256}, |
| 2211 | #endif | ||
| 2212 | #ifndef OPENSSL_NO_SHA512 | ||
| 2213 | {NID_sha384, TLSEXT_hash_sha384}, | 2206 | {NID_sha384, TLSEXT_hash_sha384}, |
| 2214 | {NID_sha512, TLSEXT_hash_sha512} | 2207 | {NID_sha512, TLSEXT_hash_sha512} |
| 2215 | #endif | ||
| 2216 | }; | 2208 | }; |
| 2217 | 2209 | ||
| 2218 | static tls12_lookup tls12_sig[] = { | 2210 | static tls12_lookup tls12_sig[] = { |
| @@ -2283,20 +2275,16 @@ const EVP_MD | |||
| 2283 | case TLSEXT_hash_sha1: | 2275 | case TLSEXT_hash_sha1: |
| 2284 | return EVP_sha1(); | 2276 | return EVP_sha1(); |
| 2285 | #endif | 2277 | #endif |
| 2286 | #ifndef OPENSSL_NO_SHA256 | ||
| 2287 | case TLSEXT_hash_sha224: | 2278 | case TLSEXT_hash_sha224: |
| 2288 | return EVP_sha224(); | 2279 | return EVP_sha224(); |
| 2289 | 2280 | ||
| 2290 | case TLSEXT_hash_sha256: | 2281 | case TLSEXT_hash_sha256: |
| 2291 | return EVP_sha256(); | 2282 | return EVP_sha256(); |
| 2292 | #endif | ||
| 2293 | #ifndef OPENSSL_NO_SHA512 | ||
| 2294 | case TLSEXT_hash_sha384: | 2283 | case TLSEXT_hash_sha384: |
| 2295 | return EVP_sha384(); | 2284 | return EVP_sha384(); |
| 2296 | 2285 | ||
| 2297 | case TLSEXT_hash_sha512: | 2286 | case TLSEXT_hash_sha512: |
| 2298 | return EVP_sha512(); | 2287 | return EVP_sha512(); |
| 2299 | #endif | ||
| 2300 | default: | 2288 | default: |
| 2301 | return NULL; | 2289 | return NULL; |
| 2302 | 2290 | ||
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index 76644bda91..92973866d2 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c | |||
| @@ -116,14 +116,10 @@ SSL_library_init(void) | |||
| 116 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | 116 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); |
| 117 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | 117 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); |
| 118 | #endif | 118 | #endif |
| 119 | #ifndef OPENSSL_NO_SHA256 | ||
| 120 | EVP_add_digest(EVP_sha224()); | 119 | EVP_add_digest(EVP_sha224()); |
| 121 | EVP_add_digest(EVP_sha256()); | 120 | EVP_add_digest(EVP_sha256()); |
| 122 | #endif | ||
| 123 | #ifndef OPENSSL_NO_SHA512 | ||
| 124 | EVP_add_digest(EVP_sha384()); | 121 | EVP_add_digest(EVP_sha384()); |
| 125 | EVP_add_digest(EVP_sha512()); | 122 | EVP_add_digest(EVP_sha512()); |
| 126 | #endif | ||
| 127 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) | 123 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) |
| 128 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | 124 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ |
| 129 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); | 125 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index c539b1229d..483723736a 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1061,11 +1061,7 @@ int ssl_check_clienthello_tlsext_early(SSL *s); | |||
| 1061 | int ssl_check_clienthello_tlsext_late(SSL *s); | 1061 | int ssl_check_clienthello_tlsext_late(SSL *s); |
| 1062 | int ssl_check_serverhello_tlsext(SSL *s); | 1062 | int ssl_check_serverhello_tlsext(SSL *s); |
| 1063 | 1063 | ||
| 1064 | #ifdef OPENSSL_NO_SHA256 | ||
| 1065 | #define tlsext_tick_md EVP_sha1 | ||
| 1066 | #else | ||
| 1067 | #define tlsext_tick_md EVP_sha256 | 1064 | #define tlsext_tick_md EVP_sha256 |
| 1068 | #endif | ||
| 1069 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | 1065 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, |
| 1070 | const unsigned char *limit, SSL_SESSION **ret); | 1066 | const unsigned char *limit, SSL_SESSION **ret); |
| 1071 | 1067 | ||
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 7ecf7e0658..b88b3561e0 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -334,14 +334,10 @@ tls1_ec_nid2curve_id(int nid) | |||
| 334 | tlsext_sigalg_ecdsa(md) | 334 | tlsext_sigalg_ecdsa(md) |
| 335 | 335 | ||
| 336 | static unsigned char tls12_sigalgs[] = { | 336 | static unsigned char tls12_sigalgs[] = { |
| 337 | #ifndef OPENSSL_NO_SHA512 | ||
| 338 | tlsext_sigalg(TLSEXT_hash_sha512) | 337 | tlsext_sigalg(TLSEXT_hash_sha512) |
| 339 | tlsext_sigalg(TLSEXT_hash_sha384) | 338 | tlsext_sigalg(TLSEXT_hash_sha384) |
| 340 | #endif | ||
| 341 | #ifndef OPENSSL_NO_SHA256 | ||
| 342 | tlsext_sigalg(TLSEXT_hash_sha256) | 339 | tlsext_sigalg(TLSEXT_hash_sha256) |
| 343 | tlsext_sigalg(TLSEXT_hash_sha224) | 340 | tlsext_sigalg(TLSEXT_hash_sha224) |
| 344 | #endif | ||
| 345 | #ifndef OPENSSL_NO_SHA | 341 | #ifndef OPENSSL_NO_SHA |
| 346 | tlsext_sigalg(TLSEXT_hash_sha1) | 342 | tlsext_sigalg(TLSEXT_hash_sha1) |
| 347 | #endif | 343 | #endif |
| @@ -2205,14 +2201,10 @@ static tls12_lookup tls12_md[] = { | |||
| 2205 | #ifndef OPENSSL_NO_SHA | 2201 | #ifndef OPENSSL_NO_SHA |
| 2206 | {NID_sha1, TLSEXT_hash_sha1}, | 2202 | {NID_sha1, TLSEXT_hash_sha1}, |
| 2207 | #endif | 2203 | #endif |
| 2208 | #ifndef OPENSSL_NO_SHA256 | ||
| 2209 | {NID_sha224, TLSEXT_hash_sha224}, | 2204 | {NID_sha224, TLSEXT_hash_sha224}, |
| 2210 | {NID_sha256, TLSEXT_hash_sha256}, | 2205 | {NID_sha256, TLSEXT_hash_sha256}, |
| 2211 | #endif | ||
| 2212 | #ifndef OPENSSL_NO_SHA512 | ||
| 2213 | {NID_sha384, TLSEXT_hash_sha384}, | 2206 | {NID_sha384, TLSEXT_hash_sha384}, |
| 2214 | {NID_sha512, TLSEXT_hash_sha512} | 2207 | {NID_sha512, TLSEXT_hash_sha512} |
| 2215 | #endif | ||
| 2216 | }; | 2208 | }; |
| 2217 | 2209 | ||
| 2218 | static tls12_lookup tls12_sig[] = { | 2210 | static tls12_lookup tls12_sig[] = { |
| @@ -2283,20 +2275,16 @@ const EVP_MD | |||
| 2283 | case TLSEXT_hash_sha1: | 2275 | case TLSEXT_hash_sha1: |
| 2284 | return EVP_sha1(); | 2276 | return EVP_sha1(); |
| 2285 | #endif | 2277 | #endif |
| 2286 | #ifndef OPENSSL_NO_SHA256 | ||
| 2287 | case TLSEXT_hash_sha224: | 2278 | case TLSEXT_hash_sha224: |
| 2288 | return EVP_sha224(); | 2279 | return EVP_sha224(); |
| 2289 | 2280 | ||
| 2290 | case TLSEXT_hash_sha256: | 2281 | case TLSEXT_hash_sha256: |
| 2291 | return EVP_sha256(); | 2282 | return EVP_sha256(); |
| 2292 | #endif | ||
| 2293 | #ifndef OPENSSL_NO_SHA512 | ||
| 2294 | case TLSEXT_hash_sha384: | 2283 | case TLSEXT_hash_sha384: |
| 2295 | return EVP_sha384(); | 2284 | return EVP_sha384(); |
| 2296 | 2285 | ||
| 2297 | case TLSEXT_hash_sha512: | 2286 | case TLSEXT_hash_sha512: |
| 2298 | return EVP_sha512(); | 2287 | return EVP_sha512(); |
| 2299 | #endif | ||
| 2300 | default: | 2288 | default: |
| 2301 | return NULL; | 2289 | return NULL; |
| 2302 | 2290 | ||