summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authortedu <>2014-05-29 18:11:13 +0000
committertedu <>2014-05-29 18:11:13 +0000
commit36abfd12740be4329b29e295bfcee8fe22c637d4 (patch)
treee214d026b5b66638630daa4617eb61197c96abb9 /src/lib/libssl/s3_lib.c
parent2aab478749f62f40d50f6200a1396b6352051369 (diff)
downloadopenbsd-36abfd12740be4329b29e295bfcee8fe22c637d4.tar.gz
openbsd-36abfd12740be4329b29e295bfcee8fe22c637d4.tar.bz2
openbsd-36abfd12740be4329b29e295bfcee8fe22c637d4.zip
unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.
ok deraadt jsing
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/s3_lib.c36
1 files changed, 0 insertions, 36 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e3770bd0ae..2c15a87269 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -157,9 +157,7 @@
157#endif /* OPENSSL_NO_EC */ 157#endif /* OPENSSL_NO_EC */
158#endif /* OPENSSL_NO_TLSEXT */ 158#endif /* OPENSSL_NO_TLSEXT */
159#include <openssl/md5.h> 159#include <openssl/md5.h>
160#ifndef OPENSSL_NO_DH
161#include <openssl/dh.h> 160#include <openssl/dh.h>
162#endif
163 161
164const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 162const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
165 163
@@ -1523,7 +1521,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1523 .alg_bits = 256, 1521 .alg_bits = 256,
1524 }, 1522 },
1525 1523
1526#ifndef OPENSSL_NO_ECDH
1527 /* Cipher C001 */ 1524 /* Cipher C001 */
1528 { 1525 {
1529 .valid = 1, 1526 .valid = 1,
@@ -1923,9 +1920,7 @@ SSL_CIPHER ssl3_ciphers[] = {
1923 .strength_bits = 256, 1920 .strength_bits = 256,
1924 .alg_bits = 256, 1921 .alg_bits = 256,
1925 }, 1922 },
1926#endif /* OPENSSL_NO_ECDH */
1927 1923
1928#ifndef OPENSSL_NO_ECDH
1929 1924
1930 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ 1925 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
1931 1926
@@ -2187,7 +2182,6 @@ SSL_CIPHER ssl3_ciphers[] = {
2187 .alg_bits = 256, 2182 .alg_bits = 256,
2188 }, 2183 },
2189 2184
2190#endif /* OPENSSL_NO_ECDH */
2191 2185
2192 2186
2193#ifdef TEMP_GOST_TLS 2187#ifdef TEMP_GOST_TLS
@@ -2343,14 +2337,10 @@ ssl3_free(SSL *s)
2343 if (s->s3->wbuf.buf != NULL) 2337 if (s->s3->wbuf.buf != NULL)
2344 ssl3_release_write_buffer(s); 2338 ssl3_release_write_buffer(s);
2345 free(s->s3->rrec.comp); 2339 free(s->s3->rrec.comp);
2346#ifndef OPENSSL_NO_DH
2347 if (s->s3->tmp.dh != NULL) 2340 if (s->s3->tmp.dh != NULL)
2348 DH_free(s->s3->tmp.dh); 2341 DH_free(s->s3->tmp.dh);
2349#endif
2350#ifndef OPENSSL_NO_ECDH
2351 if (s->s3->tmp.ecdh != NULL) 2342 if (s->s3->tmp.ecdh != NULL)
2352 EC_KEY_free(s->s3->tmp.ecdh); 2343 EC_KEY_free(s->s3->tmp.ecdh);
2353#endif
2354 2344
2355 if (s->s3->tmp.ca_names != NULL) 2345 if (s->s3->tmp.ca_names != NULL)
2356 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2346 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
@@ -2385,18 +2375,14 @@ ssl3_clear(SSL *s)
2385 free(s->s3->rrec.comp); 2375 free(s->s3->rrec.comp);
2386 s->s3->rrec.comp = NULL; 2376 s->s3->rrec.comp = NULL;
2387 2377
2388#ifndef OPENSSL_NO_DH
2389 if (s->s3->tmp.dh != NULL) { 2378 if (s->s3->tmp.dh != NULL) {
2390 DH_free(s->s3->tmp.dh); 2379 DH_free(s->s3->tmp.dh);
2391 s->s3->tmp.dh = NULL; 2380 s->s3->tmp.dh = NULL;
2392 } 2381 }
2393#endif
2394#ifndef OPENSSL_NO_ECDH
2395 if (s->s3->tmp.ecdh != NULL) { 2382 if (s->s3->tmp.ecdh != NULL) {
2396 EC_KEY_free(s->s3->tmp.ecdh); 2383 EC_KEY_free(s->s3->tmp.ecdh);
2397 s->s3->tmp.ecdh = NULL; 2384 s->s3->tmp.ecdh = NULL;
2398 } 2385 }
2399#endif
2400#ifndef OPENSSL_NO_TLSEXT 2386#ifndef OPENSSL_NO_TLSEXT
2401#ifndef OPENSSL_NO_EC 2387#ifndef OPENSSL_NO_EC
2402 s->s3->is_probably_safari = 0; 2388 s->s3->is_probably_safari = 0;
@@ -2505,7 +2491,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2505 return (ret); 2491 return (ret);
2506 } 2492 }
2507 break; 2493 break;
2508#ifndef OPENSSL_NO_DH
2509 case SSL_CTRL_SET_TMP_DH: 2494 case SSL_CTRL_SET_TMP_DH:
2510 { 2495 {
2511 DH *dh = (DH *)parg; 2496 DH *dh = (DH *)parg;
@@ -2540,8 +2525,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2540 return (ret); 2525 return (ret);
2541 } 2526 }
2542 break; 2527 break;
2543#endif
2544#ifndef OPENSSL_NO_ECDH
2545 case SSL_CTRL_SET_TMP_ECDH: 2528 case SSL_CTRL_SET_TMP_ECDH:
2546 { 2529 {
2547 EC_KEY *ecdh = NULL; 2530 EC_KEY *ecdh = NULL;
@@ -2578,7 +2561,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2578 return (ret); 2561 return (ret);
2579 } 2562 }
2580 break; 2563 break;
2581#endif /* !OPENSSL_NO_ECDH */
2582#ifndef OPENSSL_NO_TLSEXT 2564#ifndef OPENSSL_NO_TLSEXT
2583 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 2565 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2584 if (larg == TLSEXT_NAMETYPE_host_name) { 2566 if (larg == TLSEXT_NAMETYPE_host_name) {
@@ -2701,21 +2683,17 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2701 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 2683 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2702 } 2684 }
2703 break; 2685 break;
2704#ifndef OPENSSL_NO_DH
2705 case SSL_CTRL_SET_TMP_DH_CB: 2686 case SSL_CTRL_SET_TMP_DH_CB:
2706 { 2687 {
2707 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2688 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2708 } 2689 }
2709 break; 2690 break;
2710#endif
2711#ifndef OPENSSL_NO_ECDH
2712 case SSL_CTRL_SET_TMP_ECDH_CB: 2691 case SSL_CTRL_SET_TMP_ECDH_CB:
2713 { 2692 {
2714 s->cert->ecdh_tmp_cb = 2693 s->cert->ecdh_tmp_cb =
2715 (EC_KEY *(*)(SSL *, int, int))fp; 2694 (EC_KEY *(*)(SSL *, int, int))fp;
2716 } 2695 }
2717 break; 2696 break;
2718#endif
2719#ifndef OPENSSL_NO_TLSEXT 2697#ifndef OPENSSL_NO_TLSEXT
2720 case SSL_CTRL_SET_TLSEXT_DEBUG_CB: 2698 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2721 s->tlsext_debug_cb = (void (*)(SSL *, int , int, 2699 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
@@ -2777,7 +2755,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2777 return (0); 2755 return (0);
2778 } 2756 }
2779 break; 2757 break;
2780#ifndef OPENSSL_NO_DH
2781 case SSL_CTRL_SET_TMP_DH: 2758 case SSL_CTRL_SET_TMP_DH:
2782 { 2759 {
2783 DH *new = NULL, *dh; 2760 DH *new = NULL, *dh;
@@ -2809,8 +2786,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2809 return (0); 2786 return (0);
2810 } 2787 }
2811 break; 2788 break;
2812#endif
2813#ifndef OPENSSL_NO_ECDH
2814 case SSL_CTRL_SET_TMP_ECDH: 2789 case SSL_CTRL_SET_TMP_ECDH:
2815 { 2790 {
2816 EC_KEY *ecdh = NULL; 2791 EC_KEY *ecdh = NULL;
@@ -2849,7 +2824,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2849 return (0); 2824 return (0);
2850 } 2825 }
2851 break; 2826 break;
2852#endif /* !OPENSSL_NO_ECDH */
2853#ifndef OPENSSL_NO_TLSEXT 2827#ifndef OPENSSL_NO_TLSEXT
2854 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: 2828 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2855 ctx->tlsext_servername_arg = parg; 2829 ctx->tlsext_servername_arg = parg;
@@ -2932,20 +2906,16 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2932 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; 2906 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2933 } 2907 }
2934 break; 2908 break;
2935#ifndef OPENSSL_NO_DH
2936 case SSL_CTRL_SET_TMP_DH_CB: 2909 case SSL_CTRL_SET_TMP_DH_CB:
2937 { 2910 {
2938 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; 2911 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2939 } 2912 }
2940 break; 2913 break;
2941#endif
2942#ifndef OPENSSL_NO_ECDH
2943 case SSL_CTRL_SET_TMP_ECDH_CB: 2914 case SSL_CTRL_SET_TMP_ECDH_CB:
2944 { 2915 {
2945 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; 2916 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2946 } 2917 }
2947 break; 2918 break;
2948#endif
2949#ifndef OPENSSL_NO_TLSEXT 2919#ifndef OPENSSL_NO_TLSEXT
2950 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2920 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2951 ctx->tlsext_servername_callback = 2921 ctx->tlsext_servername_callback =
@@ -3255,7 +3225,6 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3255 } 3225 }
3256#endif 3226#endif
3257 3227
3258#ifndef OPENSSL_NO_DH
3259 if (alg_k & (SSL_kDHr|SSL_kEDH)) { 3228 if (alg_k & (SSL_kDHr|SSL_kEDH)) {
3260 p[ret++] = SSL3_CT_RSA_FIXED_DH; 3229 p[ret++] = SSL3_CT_RSA_FIXED_DH;
3261 p[ret++] = SSL3_CT_DSS_FIXED_DH; 3230 p[ret++] = SSL3_CT_DSS_FIXED_DH;
@@ -3265,17 +3234,13 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3265 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; 3234 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
3266 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; 3235 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
3267 } 3236 }
3268#endif /* !OPENSSL_NO_DH */
3269 p[ret++] = SSL3_CT_RSA_SIGN; 3237 p[ret++] = SSL3_CT_RSA_SIGN;
3270 p[ret++] = SSL3_CT_DSS_SIGN; 3238 p[ret++] = SSL3_CT_DSS_SIGN;
3271#ifndef OPENSSL_NO_ECDH
3272 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { 3239 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
3273 p[ret++] = TLS_CT_RSA_FIXED_ECDH; 3240 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
3274 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; 3241 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
3275 } 3242 }
3276#endif
3277 3243
3278#ifndef OPENSSL_NO_ECDSA
3279 /* 3244 /*
3280 * ECDSA certs can be used with RSA cipher suites as well 3245 * ECDSA certs can be used with RSA cipher suites as well
3281 * so we don't need to check for SSL_kECDH or SSL_kEECDH 3246 * so we don't need to check for SSL_kECDH or SSL_kEECDH
@@ -3283,7 +3248,6 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3283 if (s->version >= TLS1_VERSION) { 3248 if (s->version >= TLS1_VERSION) {
3284 p[ret++] = TLS_CT_ECDSA_SIGN; 3249 p[ret++] = TLS_CT_ECDSA_SIGN;
3285 } 3250 }
3286#endif
3287 return (ret); 3251 return (ret);
3288} 3252}
3289 3253
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 06:08:42 +0000