diff options
| author | tedu <> | 2014-04-17 21:37:37 +0000 |
|---|---|---|
| committer | tedu <> | 2014-04-17 21:37:37 +0000 |
| commit | 153e0cd77b7a56682f71acec88a0c318e197fcb3 (patch) | |
| tree | 08e9b3a8cf6f35c7585646ca19c69f2ba87cc08c /src/lib/libssl/s3_clnt.c | |
| parent | 5f4d080a0e8eb89385e3020de8bbbd5243abf8dc (diff) | |
| download | openbsd-153e0cd77b7a56682f71acec88a0c318e197fcb3.tar.gz openbsd-153e0cd77b7a56682f71acec88a0c318e197fcb3.tar.bz2 openbsd-153e0cd77b7a56682f71acec88a0c318e197fcb3.zip | |
always build in RSA and DSA. ok deraadt miod
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 32405eac75..52e2174f6b 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1183,18 +1183,14 @@ err: | |||
| 1183 | int | 1183 | int |
| 1184 | ssl3_get_key_exchange(SSL *s) | 1184 | ssl3_get_key_exchange(SSL *s) |
| 1185 | { | 1185 | { |
| 1186 | #ifndef OPENSSL_NO_RSA | ||
| 1187 | unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; | 1186 | unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; |
| 1188 | #endif | ||
| 1189 | EVP_MD_CTX md_ctx; | 1187 | EVP_MD_CTX md_ctx; |
| 1190 | unsigned char *param, *p; | 1188 | unsigned char *param, *p; |
| 1191 | int al, i, j, param_len, ok; | 1189 | int al, i, j, param_len, ok; |
| 1192 | long n, alg_k, alg_a; | 1190 | long n, alg_k, alg_a; |
| 1193 | EVP_PKEY *pkey = NULL; | 1191 | EVP_PKEY *pkey = NULL; |
| 1194 | const EVP_MD *md = NULL; | 1192 | const EVP_MD *md = NULL; |
| 1195 | #ifndef OPENSSL_NO_RSA | ||
| 1196 | RSA *rsa = NULL; | 1193 | RSA *rsa = NULL; |
| 1197 | #endif | ||
| 1198 | #ifndef OPENSSL_NO_DH | 1194 | #ifndef OPENSSL_NO_DH |
| 1199 | DH *dh = NULL; | 1195 | DH *dh = NULL; |
| 1200 | #endif | 1196 | #endif |
| @@ -1232,12 +1228,10 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1232 | 1228 | ||
| 1233 | param = p = (unsigned char *)s->init_msg; | 1229 | param = p = (unsigned char *)s->init_msg; |
| 1234 | if (s->session->sess_cert != NULL) { | 1230 | if (s->session->sess_cert != NULL) { |
| 1235 | #ifndef OPENSSL_NO_RSA | ||
| 1236 | if (s->session->sess_cert->peer_rsa_tmp != NULL) { | 1231 | if (s->session->sess_cert->peer_rsa_tmp != NULL) { |
| 1237 | RSA_free(s->session->sess_cert->peer_rsa_tmp); | 1232 | RSA_free(s->session->sess_cert->peer_rsa_tmp); |
| 1238 | s->session->sess_cert->peer_rsa_tmp = NULL; | 1233 | s->session->sess_cert->peer_rsa_tmp = NULL; |
| 1239 | } | 1234 | } |
| 1240 | #endif | ||
| 1241 | #ifndef OPENSSL_NO_DH | 1235 | #ifndef OPENSSL_NO_DH |
| 1242 | if (s->session->sess_cert->peer_dh_tmp) { | 1236 | if (s->session->sess_cert->peer_dh_tmp) { |
| 1243 | DH_free(s->session->sess_cert->peer_dh_tmp); | 1237 | DH_free(s->session->sess_cert->peer_dh_tmp); |
| @@ -1356,20 +1350,12 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1356 | n -= param_len; | 1350 | n -= param_len; |
| 1357 | 1351 | ||
| 1358 | /* We must check if there is a certificate */ | 1352 | /* We must check if there is a certificate */ |
| 1359 | #ifndef OPENSSL_NO_RSA | ||
| 1360 | if (alg_a & SSL_aRSA) | 1353 | if (alg_a & SSL_aRSA) |
| 1361 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | 1354 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 1362 | #else | ||
| 1363 | if (0) | ||
| 1364 | ; | ||
| 1365 | #endif | ||
| 1366 | #ifndef OPENSSL_NO_DSA | ||
| 1367 | else if (alg_a & SSL_aDSS) | 1355 | else if (alg_a & SSL_aDSS) |
| 1368 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); | 1356 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); |
| 1369 | #endif | ||
| 1370 | } else | 1357 | } else |
| 1371 | #endif /* !OPENSSL_NO_SRP */ | 1358 | #endif /* !OPENSSL_NO_SRP */ |
| 1372 | #ifndef OPENSSL_NO_RSA | ||
| 1373 | if (alg_k & SSL_kRSA) { | 1359 | if (alg_k & SSL_kRSA) { |
| 1374 | if ((rsa = RSA_new()) == NULL) { | 1360 | if ((rsa = RSA_new()) == NULL) { |
| 1375 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | 1361 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); |
| @@ -1412,10 +1398,6 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1412 | s->session->sess_cert->peer_rsa_tmp = rsa; | 1398 | s->session->sess_cert->peer_rsa_tmp = rsa; |
| 1413 | rsa = NULL; | 1399 | rsa = NULL; |
| 1414 | } | 1400 | } |
| 1415 | #else /* OPENSSL_NO_RSA */ | ||
| 1416 | if (0) | ||
| 1417 | ; | ||
| 1418 | #endif | ||
| 1419 | #ifndef OPENSSL_NO_DH | 1401 | #ifndef OPENSSL_NO_DH |
| 1420 | else if (alg_k & SSL_kEDH) { | 1402 | else if (alg_k & SSL_kEDH) { |
| 1421 | if ((dh = DH_new()) == NULL) { | 1403 | if ((dh = DH_new()) == NULL) { |
| @@ -1462,17 +1444,10 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1462 | p += i; | 1444 | p += i; |
| 1463 | n -= param_len; | 1445 | n -= param_len; |
| 1464 | 1446 | ||
| 1465 | #ifndef OPENSSL_NO_RSA | ||
| 1466 | if (alg_a & SSL_aRSA) | 1447 | if (alg_a & SSL_aRSA) |
| 1467 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | 1448 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 1468 | #else | ||
| 1469 | if (0) | ||
| 1470 | ; | ||
| 1471 | #endif | ||
| 1472 | #ifndef OPENSSL_NO_DSA | ||
| 1473 | else if (alg_a & SSL_aDSS) | 1449 | else if (alg_a & SSL_aDSS) |
| 1474 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); | 1450 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); |
| 1475 | #endif | ||
| 1476 | /* else anonymous DH, so no certificate or pkey. */ | 1451 | /* else anonymous DH, so no certificate or pkey. */ |
| 1477 | 1452 | ||
| 1478 | s->session->sess_cert->peer_dh_tmp = dh; | 1453 | s->session->sess_cert->peer_dh_tmp = dh; |
| @@ -1561,10 +1536,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1561 | * key exchange message. We do support RSA and ECDSA. | 1536 | * key exchange message. We do support RSA and ECDSA. |
| 1562 | */ | 1537 | */ |
| 1563 | if (0); | 1538 | if (0); |
| 1564 | #ifndef OPENSSL_NO_RSA | ||
| 1565 | else if (alg_a & SSL_aRSA) | 1539 | else if (alg_a & SSL_aRSA) |
| 1566 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | 1540 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 1567 | #endif | ||
| 1568 | #ifndef OPENSSL_NO_ECDSA | 1541 | #ifndef OPENSSL_NO_ECDSA |
| 1569 | else if (alg_a & SSL_aECDSA) | 1542 | else if (alg_a & SSL_aECDSA) |
| 1570 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | 1543 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); |
| @@ -1627,7 +1600,6 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1627 | goto f_err; | 1600 | goto f_err; |
| 1628 | } | 1601 | } |
| 1629 | 1602 | ||
| 1630 | #ifndef OPENSSL_NO_RSA | ||
| 1631 | if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { | 1603 | if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 1632 | int num; | 1604 | int num; |
| 1633 | 1605 | ||
| @@ -1659,7 +1631,6 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1659 | goto f_err; | 1631 | goto f_err; |
| 1660 | } | 1632 | } |
| 1661 | } else | 1633 | } else |
| 1662 | #endif | ||
| 1663 | { | 1634 | { |
| 1664 | EVP_VerifyInit_ex(&md_ctx, md, NULL); | 1635 | EVP_VerifyInit_ex(&md_ctx, md, NULL); |
| 1665 | EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); | 1636 | EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); |
| @@ -1693,10 +1664,8 @@ f_err: | |||
| 1693 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1664 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1694 | err: | 1665 | err: |
| 1695 | EVP_PKEY_free(pkey); | 1666 | EVP_PKEY_free(pkey); |
| 1696 | #ifndef OPENSSL_NO_RSA | ||
| 1697 | if (rsa != NULL) | 1667 | if (rsa != NULL) |
| 1698 | RSA_free(rsa); | 1668 | RSA_free(rsa); |
| 1699 | #endif | ||
| 1700 | #ifndef OPENSSL_NO_DH | 1669 | #ifndef OPENSSL_NO_DH |
| 1701 | if (dh != NULL) | 1670 | if (dh != NULL) |
| 1702 | DH_free(dh); | 1671 | DH_free(dh); |
| @@ -2042,10 +2011,8 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2042 | unsigned char *p, *d; | 2011 | unsigned char *p, *d; |
| 2043 | int n; | 2012 | int n; |
| 2044 | unsigned long alg_k; | 2013 | unsigned long alg_k; |
| 2045 | #ifndef OPENSSL_NO_RSA | ||
| 2046 | unsigned char *q; | 2014 | unsigned char *q; |
| 2047 | EVP_PKEY *pkey = NULL; | 2015 | EVP_PKEY *pkey = NULL; |
| 2048 | #endif | ||
| 2049 | #ifndef OPENSSL_NO_KRB5 | 2016 | #ifndef OPENSSL_NO_KRB5 |
| 2050 | KSSL_ERR kssl_err; | 2017 | KSSL_ERR kssl_err; |
| 2051 | #endif /* OPENSSL_NO_KRB5 */ | 2018 | #endif /* OPENSSL_NO_KRB5 */ |
| @@ -2067,7 +2034,6 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2067 | /* Fool emacs indentation */ | 2034 | /* Fool emacs indentation */ |
| 2068 | if (0) { | 2035 | if (0) { |
| 2069 | } | 2036 | } |
| 2070 | #ifndef OPENSSL_NO_RSA | ||
| 2071 | else if (alg_k & SSL_kRSA) { | 2037 | else if (alg_k & SSL_kRSA) { |
| 2072 | RSA *rsa; | 2038 | RSA *rsa; |
| 2073 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | 2039 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
| @@ -2122,7 +2088,6 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2122 | sizeof tmp_buf); | 2088 | sizeof tmp_buf); |
| 2123 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 2089 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 2124 | } | 2090 | } |
| 2125 | #endif | ||
| 2126 | #ifndef OPENSSL_NO_KRB5 | 2091 | #ifndef OPENSSL_NO_KRB5 |
| 2127 | else if (alg_k & SSL_kKRB5) { | 2092 | else if (alg_k & SSL_kKRB5) { |
| 2128 | krb5_error_code krb5rc; | 2093 | krb5_error_code krb5rc; |
| @@ -2760,7 +2725,6 @@ ssl3_send_client_verify(SSL *s) | |||
| 2760 | if (!ssl3_digest_cached_records(s)) | 2725 | if (!ssl3_digest_cached_records(s)) |
| 2761 | goto err; | 2726 | goto err; |
| 2762 | } else | 2727 | } else |
| 2763 | #ifndef OPENSSL_NO_RSA | ||
| 2764 | if (pkey->type == EVP_PKEY_RSA) { | 2728 | if (pkey->type == EVP_PKEY_RSA) { |
| 2765 | s->method->ssl3_enc->cert_verify_mac( | 2729 | s->method->ssl3_enc->cert_verify_mac( |
| 2766 | s, NID_md5, &(data[0])); | 2730 | s, NID_md5, &(data[0])); |
| @@ -2773,8 +2737,6 @@ ssl3_send_client_verify(SSL *s) | |||
| 2773 | s2n(u, p); | 2737 | s2n(u, p); |
| 2774 | n = u + 2; | 2738 | n = u + 2; |
| 2775 | } else | 2739 | } else |
| 2776 | #endif | ||
| 2777 | #ifndef OPENSSL_NO_DSA | ||
| 2778 | if (pkey->type == EVP_PKEY_DSA) { | 2740 | if (pkey->type == EVP_PKEY_DSA) { |
| 2779 | if (!DSA_sign(pkey->save_type, | 2741 | if (!DSA_sign(pkey->save_type, |
| 2780 | &(data[MD5_DIGEST_LENGTH]), | 2742 | &(data[MD5_DIGEST_LENGTH]), |
| @@ -2786,7 +2748,6 @@ ssl3_send_client_verify(SSL *s) | |||
| 2786 | s2n(j, p); | 2748 | s2n(j, p); |
| 2787 | n = j + 2; | 2749 | n = j + 2; |
| 2788 | } else | 2750 | } else |
| 2789 | #endif | ||
| 2790 | #ifndef OPENSSL_NO_ECDSA | 2751 | #ifndef OPENSSL_NO_ECDSA |
| 2791 | if (pkey->type == EVP_PKEY_EC) { | 2752 | if (pkey->type == EVP_PKEY_EC) { |
| 2792 | if (!ECDSA_sign(pkey->save_type, | 2753 | if (!ECDSA_sign(pkey->save_type, |
| @@ -2914,9 +2875,7 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2914 | long alg_k, alg_a; | 2875 | long alg_k, alg_a; |
| 2915 | EVP_PKEY *pkey = NULL; | 2876 | EVP_PKEY *pkey = NULL; |
| 2916 | SESS_CERT *sc; | 2877 | SESS_CERT *sc; |
| 2917 | #ifndef OPENSSL_NO_RSA | ||
| 2918 | RSA *rsa; | 2878 | RSA *rsa; |
| 2919 | #endif | ||
| 2920 | #ifndef OPENSSL_NO_DH | 2879 | #ifndef OPENSSL_NO_DH |
| 2921 | DH *dh; | 2880 | DH *dh; |
| 2922 | #endif | 2881 | #endif |
| @@ -2934,9 +2893,7 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2934 | goto err; | 2893 | goto err; |
| 2935 | } | 2894 | } |
| 2936 | 2895 | ||
| 2937 | #ifndef OPENSSL_NO_RSA | ||
| 2938 | rsa = s->session->sess_cert->peer_rsa_tmp; | 2896 | rsa = s->session->sess_cert->peer_rsa_tmp; |
| 2939 | #endif | ||
| 2940 | #ifndef OPENSSL_NO_DH | 2897 | #ifndef OPENSSL_NO_DH |
| 2941 | dh = s->session->sess_cert->peer_dh_tmp; | 2898 | dh = s->session->sess_cert->peer_dh_tmp; |
| 2942 | #endif | 2899 | #endif |
| @@ -2966,19 +2923,15 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2966 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT); | 2923 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT); |
| 2967 | goto f_err; | 2924 | goto f_err; |
| 2968 | } | 2925 | } |
| 2969 | #ifndef OPENSSL_NO_DSA | ||
| 2970 | else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { | 2926 | else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { |
| 2971 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT); | 2927 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT); |
| 2972 | goto f_err; | 2928 | goto f_err; |
| 2973 | } | 2929 | } |
| 2974 | #endif | ||
| 2975 | #ifndef OPENSSL_NO_RSA | ||
| 2976 | if ((alg_k & SSL_kRSA) && | 2930 | if ((alg_k & SSL_kRSA) && |
| 2977 | !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { | 2931 | !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { |
| 2978 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); | 2932 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); |
| 2979 | goto f_err; | 2933 | goto f_err; |
| 2980 | } | 2934 | } |
| 2981 | #endif | ||
| 2982 | #ifndef OPENSSL_NO_DH | 2935 | #ifndef OPENSSL_NO_DH |
| 2983 | if ((alg_k & SSL_kEDH) && | 2936 | if ((alg_k & SSL_kEDH) && |
| 2984 | !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { | 2937 | !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { |
| @@ -2988,16 +2941,13 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2988 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); | 2941 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); |
| 2989 | goto f_err; | 2942 | goto f_err; |
| 2990 | } | 2943 | } |
| 2991 | #ifndef OPENSSL_NO_DSA | ||
| 2992 | else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { | 2944 | else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { |
| 2993 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); | 2945 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); |
| 2994 | goto f_err; | 2946 | goto f_err; |
| 2995 | } | 2947 | } |
| 2996 | #endif | 2948 | #endif |
| 2997 | #endif | ||
| 2998 | 2949 | ||
| 2999 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { | 2950 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { |
| 3000 | #ifndef OPENSSL_NO_RSA | ||
| 3001 | if (alg_k & SSL_kRSA) { | 2951 | if (alg_k & SSL_kRSA) { |
| 3002 | if (rsa == NULL || | 2952 | if (rsa == NULL || |
| 3003 | RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { | 2953 | RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { |
| @@ -3005,7 +2955,6 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 3005 | goto f_err; | 2955 | goto f_err; |
| 3006 | } | 2956 | } |
| 3007 | } else | 2957 | } else |
| 3008 | #endif | ||
| 3009 | #ifndef OPENSSL_NO_DH | 2958 | #ifndef OPENSSL_NO_DH |
| 3010 | if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 2959 | if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { |
| 3011 | if (dh == NULL || | 2960 | if (dh == NULL || |