diff options
| author | tedu <> | 2014-05-29 18:11:13 +0000 |
|---|---|---|
| committer | tedu <> | 2014-05-29 18:11:13 +0000 |
| commit | 149c6f9c05a2f73c39aed364b51e57279a57cd35 (patch) | |
| tree | e214d026b5b66638630daa4617eb61197c96abb9 /src/lib/libssl/d1_clnt.c | |
| parent | e164bff3660a81a13f661bc0f7cf0cb0cbd94e51 (diff) | |
| download | openbsd-149c6f9c05a2f73c39aed364b51e57279a57cd35.tar.gz openbsd-149c6f9c05a2f73c39aed364b51e57279a57cd35.tar.bz2 openbsd-149c6f9c05a2f73c39aed364b51e57279a57cd35.zip | |
unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.
ok deraadt jsing
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/d1_clnt.c | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index d82b099e08..4b8a11426f 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c | |||
| @@ -121,9 +121,7 @@ | |||
| 121 | #include <openssl/evp.h> | 121 | #include <openssl/evp.h> |
| 122 | #include <openssl/md5.h> | 122 | #include <openssl/md5.h> |
| 123 | #include <openssl/bn.h> | 123 | #include <openssl/bn.h> |
| 124 | #ifndef OPENSSL_NO_DH | ||
| 125 | #include <openssl/dh.h> | 124 | #include <openssl/dh.h> |
| 126 | #endif | ||
| 127 | 125 | ||
| 128 | static const SSL_METHOD *dtls1_get_client_method(int ver); | 126 | static const SSL_METHOD *dtls1_get_client_method(int ver); |
| 129 | static int dtls1_get_hello_verify(SSL *s); | 127 | static int dtls1_get_hello_verify(SSL *s); |
| @@ -958,14 +956,12 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 958 | unsigned long alg_k; | 956 | unsigned long alg_k; |
| 959 | unsigned char *q; | 957 | unsigned char *q; |
| 960 | EVP_PKEY *pkey = NULL; | 958 | EVP_PKEY *pkey = NULL; |
| 961 | #ifndef OPENSSL_NO_ECDH | ||
| 962 | EC_KEY *clnt_ecdh = NULL; | 959 | EC_KEY *clnt_ecdh = NULL; |
| 963 | const EC_POINT *srvr_ecpoint = NULL; | 960 | const EC_POINT *srvr_ecpoint = NULL; |
| 964 | EVP_PKEY *srvr_pub_pkey = NULL; | 961 | EVP_PKEY *srvr_pub_pkey = NULL; |
| 965 | unsigned char *encodedPoint = NULL; | 962 | unsigned char *encodedPoint = NULL; |
| 966 | int encoded_pt_len = 0; | 963 | int encoded_pt_len = 0; |
| 967 | BN_CTX * bn_ctx = NULL; | 964 | BN_CTX * bn_ctx = NULL; |
| 968 | #endif | ||
| 969 | 965 | ||
| 970 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) { | 966 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) { |
| 971 | d = (unsigned char *)s->init_buf->data; | 967 | d = (unsigned char *)s->init_buf->data; |
| @@ -1021,7 +1017,6 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1021 | tmp_buf, sizeof tmp_buf); | 1017 | tmp_buf, sizeof tmp_buf); |
| 1022 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 1018 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 1023 | } | 1019 | } |
| 1024 | #ifndef OPENSSL_NO_DH | ||
| 1025 | else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 1020 | else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { |
| 1026 | DH *dh_srvr, *dh_clnt; | 1021 | DH *dh_srvr, *dh_clnt; |
| 1027 | 1022 | ||
| @@ -1071,8 +1066,6 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1071 | 1066 | ||
| 1072 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 1067 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
| 1073 | } | 1068 | } |
| 1074 | #endif | ||
| 1075 | #ifndef OPENSSL_NO_ECDH | ||
| 1076 | else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 1069 | else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { |
| 1077 | const EC_GROUP *srvr_group = NULL; | 1070 | const EC_GROUP *srvr_group = NULL; |
| 1078 | EC_KEY *tkey; | 1071 | EC_KEY *tkey; |
| @@ -1236,7 +1229,6 @@ dtls1_send_client_key_exchange(SSL *s) | |||
| 1236 | EC_KEY_free(clnt_ecdh); | 1229 | EC_KEY_free(clnt_ecdh); |
| 1237 | EVP_PKEY_free(srvr_pub_pkey); | 1230 | EVP_PKEY_free(srvr_pub_pkey); |
| 1238 | } | 1231 | } |
| 1239 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1240 | 1232 | ||
| 1241 | #ifndef OPENSSL_NO_PSK | 1233 | #ifndef OPENSSL_NO_PSK |
| 1242 | else if (alg_k & SSL_kPSK) { | 1234 | else if (alg_k & SSL_kPSK) { |
| @@ -1340,13 +1332,11 @@ psk_err: | |||
| 1340 | /* SSL3_ST_CW_KEY_EXCH_B */ | 1332 | /* SSL3_ST_CW_KEY_EXCH_B */ |
| 1341 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | 1333 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); |
| 1342 | err: | 1334 | err: |
| 1343 | #ifndef OPENSSL_NO_ECDH | ||
| 1344 | BN_CTX_free(bn_ctx); | 1335 | BN_CTX_free(bn_ctx); |
| 1345 | free(encodedPoint); | 1336 | free(encodedPoint); |
| 1346 | if (clnt_ecdh != NULL) | 1337 | if (clnt_ecdh != NULL) |
| 1347 | EC_KEY_free(clnt_ecdh); | 1338 | EC_KEY_free(clnt_ecdh); |
| 1348 | EVP_PKEY_free(srvr_pub_pkey); | 1339 | EVP_PKEY_free(srvr_pub_pkey); |
| 1349 | #endif | ||
| 1350 | return (-1); | 1340 | return (-1); |
| 1351 | } | 1341 | } |
| 1352 | 1342 | ||
| @@ -1391,7 +1381,6 @@ dtls1_send_client_verify(SSL *s) | |||
| 1391 | s2n(j, p); | 1381 | s2n(j, p); |
| 1392 | n = j + 2; | 1382 | n = j + 2; |
| 1393 | } else | 1383 | } else |
| 1394 | #ifndef OPENSSL_NO_ECDSA | ||
| 1395 | if (pkey->type == EVP_PKEY_EC) { | 1384 | if (pkey->type == EVP_PKEY_EC) { |
| 1396 | if (!ECDSA_sign(pkey->save_type, | 1385 | if (!ECDSA_sign(pkey->save_type, |
| 1397 | &(data[MD5_DIGEST_LENGTH]), | 1386 | &(data[MD5_DIGEST_LENGTH]), |
| @@ -1404,7 +1393,6 @@ dtls1_send_client_verify(SSL *s) | |||
| 1404 | s2n(j, p); | 1393 | s2n(j, p); |
| 1405 | n = j + 2; | 1394 | n = j + 2; |
| 1406 | } else | 1395 | } else |
| 1407 | #endif | ||
| 1408 | { | 1396 | { |
| 1409 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); | 1397 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); |
| 1410 | goto err; | 1398 | goto err; |