diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index c16f7bb2ef..b53f27a47d 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -159,9 +159,7 @@ | |||
| 159 | #include <openssl/evp.h> | 159 | #include <openssl/evp.h> |
| 160 | #include <openssl/hmac.h> | 160 | #include <openssl/hmac.h> |
| 161 | #include <openssl/x509.h> | 161 | #include <openssl/x509.h> |
| 162 | #ifndef OPENSSL_NO_DH | ||
| 163 | #include <openssl/dh.h> | 162 | #include <openssl/dh.h> |
| 164 | #endif | ||
| 165 | #include <openssl/bn.h> | 163 | #include <openssl/bn.h> |
| 166 | #include <openssl/md5.h> | 164 | #include <openssl/md5.h> |
| 167 | 165 | ||
| @@ -881,18 +879,14 @@ ssl3_check_client_hello(SSL *s) | |||
| 881 | * which will now be aborted. (A full SSL_clear would be too | 879 | * which will now be aborted. (A full SSL_clear would be too |
| 882 | * much.) | 880 | * much.) |
| 883 | */ | 881 | */ |
| 884 | #ifndef OPENSSL_NO_DH | ||
| 885 | if (s->s3->tmp.dh != NULL) { | 882 | if (s->s3->tmp.dh != NULL) { |
| 886 | DH_free(s->s3->tmp.dh); | 883 | DH_free(s->s3->tmp.dh); |
| 887 | s->s3->tmp.dh = NULL; | 884 | s->s3->tmp.dh = NULL; |
| 888 | } | 885 | } |
| 889 | #endif | ||
| 890 | #ifndef OPENSSL_NO_ECDH | ||
| 891 | if (s->s3->tmp.ecdh != NULL) { | 886 | if (s->s3->tmp.ecdh != NULL) { |
| 892 | EC_KEY_free(s->s3->tmp.ecdh); | 887 | EC_KEY_free(s->s3->tmp.ecdh); |
| 893 | s->s3->tmp.ecdh = NULL; | 888 | s->s3->tmp.ecdh = NULL; |
| 894 | } | 889 | } |
| 895 | #endif | ||
| 896 | s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; | 890 | s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; |
| 897 | return (2); | 891 | return (2); |
| 898 | } | 892 | } |
| @@ -1509,17 +1503,13 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1509 | RSA *rsa; | 1503 | RSA *rsa; |
| 1510 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | 1504 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; |
| 1511 | unsigned int u; | 1505 | unsigned int u; |
| 1512 | #ifndef OPENSSL_NO_DH | ||
| 1513 | DH *dh = NULL, *dhp; | 1506 | DH *dh = NULL, *dhp; |
| 1514 | #endif | ||
| 1515 | #ifndef OPENSSL_NO_ECDH | ||
| 1516 | EC_KEY *ecdh = NULL, *ecdhp; | 1507 | EC_KEY *ecdh = NULL, *ecdhp; |
| 1517 | unsigned char *encodedPoint = NULL; | 1508 | unsigned char *encodedPoint = NULL; |
| 1518 | int encodedlen = 0; | 1509 | int encodedlen = 0; |
| 1519 | int curve_id = 0; | 1510 | int curve_id = 0; |
| 1520 | BN_CTX *bn_ctx = NULL; | 1511 | BN_CTX *bn_ctx = NULL; |
| 1521 | 1512 | ||
| 1522 | #endif | ||
| 1523 | #ifndef OPENSSL_NO_PSK | 1513 | #ifndef OPENSSL_NO_PSK |
| 1524 | size_t pskhintlen = 0; | 1514 | size_t pskhintlen = 0; |
| 1525 | #endif | 1515 | #endif |
| @@ -1570,7 +1560,6 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1570 | r[1] = rsa->e; | 1560 | r[1] = rsa->e; |
| 1571 | s->s3->tmp.use_rsa_tmp = 1; | 1561 | s->s3->tmp.use_rsa_tmp = 1; |
| 1572 | } else | 1562 | } else |
| 1573 | #ifndef OPENSSL_NO_DH | ||
| 1574 | if (type & SSL_kEDH) { | 1563 | if (type & SSL_kEDH) { |
| 1575 | dhp = cert->dh_tmp; | 1564 | dhp = cert->dh_tmp; |
| 1576 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | 1565 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| @@ -1620,8 +1609,6 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1620 | r[1] = dh->g; | 1609 | r[1] = dh->g; |
| 1621 | r[2] = dh->pub_key; | 1610 | r[2] = dh->pub_key; |
| 1622 | } else | 1611 | } else |
| 1623 | #endif | ||
| 1624 | #ifndef OPENSSL_NO_ECDH | ||
| 1625 | if (type & SSL_kEECDH) { | 1612 | if (type & SSL_kEECDH) { |
| 1626 | const EC_GROUP *group; | 1613 | const EC_GROUP *group; |
| 1627 | 1614 | ||
| @@ -1747,7 +1734,6 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1747 | r[2] = NULL; | 1734 | r[2] = NULL; |
| 1748 | r[3] = NULL; | 1735 | r[3] = NULL; |
| 1749 | } else | 1736 | } else |
| 1750 | #endif /* !OPENSSL_NO_ECDH */ | ||
| 1751 | #ifndef OPENSSL_NO_PSK | 1737 | #ifndef OPENSSL_NO_PSK |
| 1752 | if (type & SSL_kPSK) { | 1738 | if (type & SSL_kPSK) { |
| 1753 | pskhintlen = strlen(s->ctx->psk_identity_hint); | 1739 | pskhintlen = strlen(s->ctx->psk_identity_hint); |
| @@ -1793,7 +1779,6 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1793 | p += nr[i]; | 1779 | p += nr[i]; |
| 1794 | } | 1780 | } |
| 1795 | 1781 | ||
| 1796 | #ifndef OPENSSL_NO_ECDH | ||
| 1797 | if (type & SSL_kEECDH) { | 1782 | if (type & SSL_kEECDH) { |
| 1798 | /* | 1783 | /* |
| 1799 | * XXX: For now, we only support named (not generic) | 1784 | * XXX: For now, we only support named (not generic) |
| @@ -1817,7 +1802,6 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1817 | encodedPoint = NULL; | 1802 | encodedPoint = NULL; |
| 1818 | p += encodedlen; | 1803 | p += encodedlen; |
| 1819 | } | 1804 | } |
| 1820 | #endif | ||
| 1821 | 1805 | ||
| 1822 | #ifndef OPENSSL_NO_PSK | 1806 | #ifndef OPENSSL_NO_PSK |
| 1823 | if (type & SSL_kPSK) { | 1807 | if (type & SSL_kPSK) { |
| @@ -1926,10 +1910,8 @@ ssl3_send_server_key_exchange(SSL *s) | |||
| 1926 | f_err: | 1910 | f_err: |
| 1927 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 1911 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 1928 | err: | 1912 | err: |
| 1929 | #ifndef OPENSSL_NO_ECDH | ||
| 1930 | free(encodedPoint); | 1913 | free(encodedPoint); |
| 1931 | BN_CTX_free(bn_ctx); | 1914 | BN_CTX_free(bn_ctx); |
| 1932 | #endif | ||
| 1933 | EVP_MD_CTX_cleanup(&md_ctx); | 1915 | EVP_MD_CTX_cleanup(&md_ctx); |
| 1934 | return (-1); | 1916 | return (-1); |
| 1935 | } | 1917 | } |
| @@ -2042,18 +2024,14 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2042 | unsigned char *p; | 2024 | unsigned char *p; |
| 2043 | RSA *rsa = NULL; | 2025 | RSA *rsa = NULL; |
| 2044 | EVP_PKEY *pkey = NULL; | 2026 | EVP_PKEY *pkey = NULL; |
| 2045 | #ifndef OPENSSL_NO_DH | ||
| 2046 | BIGNUM *pub = NULL; | 2027 | BIGNUM *pub = NULL; |
| 2047 | DH *dh_srvr; | 2028 | DH *dh_srvr; |
| 2048 | #endif | ||
| 2049 | 2029 | ||
| 2050 | #ifndef OPENSSL_NO_ECDH | ||
| 2051 | EC_KEY *srvr_ecdh = NULL; | 2030 | EC_KEY *srvr_ecdh = NULL; |
| 2052 | EVP_PKEY *clnt_pub_pkey = NULL; | 2031 | EVP_PKEY *clnt_pub_pkey = NULL; |
| 2053 | EC_POINT *clnt_ecpoint = NULL; | 2032 | EC_POINT *clnt_ecpoint = NULL; |
| 2054 | BN_CTX *bn_ctx = NULL; | 2033 | BN_CTX *bn_ctx = NULL; |
| 2055 | 2034 | ||
| 2056 | #endif | ||
| 2057 | 2035 | ||
| 2058 | n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A, | 2036 | n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A, |
| 2059 | SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, | 2037 | SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, |
| @@ -2173,7 +2151,6 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2173 | p, i); | 2151 | p, i); |
| 2174 | OPENSSL_cleanse(p, i); | 2152 | OPENSSL_cleanse(p, i); |
| 2175 | } else | 2153 | } else |
| 2176 | #ifndef OPENSSL_NO_DH | ||
| 2177 | if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { | 2154 | if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { |
| 2178 | n2s(p, i); | 2155 | n2s(p, i); |
| 2179 | if (n != i + 2) { | 2156 | if (n != i + 2) { |
| @@ -2229,9 +2206,7 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2229 | s, s->session->master_key, p, i); | 2206 | s, s->session->master_key, p, i); |
| 2230 | OPENSSL_cleanse(p, i); | 2207 | OPENSSL_cleanse(p, i); |
| 2231 | } else | 2208 | } else |
| 2232 | #endif | ||
| 2233 | 2209 | ||
| 2234 | #ifndef OPENSSL_NO_ECDH | ||
| 2235 | if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { | 2210 | if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { |
| 2236 | int ret = 1; | 2211 | int ret = 1; |
| 2237 | int field_size = 0; | 2212 | int field_size = 0; |
| @@ -2375,7 +2350,6 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2375 | OPENSSL_cleanse(p, i); | 2350 | OPENSSL_cleanse(p, i); |
| 2376 | return (ret); | 2351 | return (ret); |
| 2377 | } else | 2352 | } else |
| 2378 | #endif | ||
| 2379 | #ifndef OPENSSL_NO_PSK | 2353 | #ifndef OPENSSL_NO_PSK |
| 2380 | if (alg_k & SSL_kPSK) { | 2354 | if (alg_k & SSL_kPSK) { |
| 2381 | unsigned char *t = NULL; | 2355 | unsigned char *t = NULL; |
| @@ -2542,13 +2516,11 @@ ssl3_get_client_key_exchange(SSL *s) | |||
| 2542 | f_err: | 2516 | f_err: |
| 2543 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | 2517 | ssl3_send_alert(s, SSL3_AL_FATAL, al); |
| 2544 | err: | 2518 | err: |
| 2545 | #ifndef OPENSSL_NO_ECDH | ||
| 2546 | EVP_PKEY_free(clnt_pub_pkey); | 2519 | EVP_PKEY_free(clnt_pub_pkey); |
| 2547 | EC_POINT_free(clnt_ecpoint); | 2520 | EC_POINT_free(clnt_ecpoint); |
| 2548 | if (srvr_ecdh != NULL) | 2521 | if (srvr_ecdh != NULL) |
| 2549 | EC_KEY_free(srvr_ecdh); | 2522 | EC_KEY_free(srvr_ecdh); |
| 2550 | BN_CTX_free(bn_ctx); | 2523 | BN_CTX_free(bn_ctx); |
| 2551 | #endif | ||
| 2552 | return (-1); | 2524 | return (-1); |
| 2553 | } | 2525 | } |
| 2554 | 2526 | ||
| @@ -2722,7 +2694,6 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2722 | goto f_err; | 2694 | goto f_err; |
| 2723 | } | 2695 | } |
| 2724 | } else | 2696 | } else |
| 2725 | #ifndef OPENSSL_NO_ECDSA | ||
| 2726 | if (pkey->type == EVP_PKEY_EC) { | 2697 | if (pkey->type == EVP_PKEY_EC) { |
| 2727 | j = ECDSA_verify(pkey->save_type, | 2698 | j = ECDSA_verify(pkey->save_type, |
| 2728 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | 2699 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), |
| @@ -2735,7 +2706,6 @@ ssl3_get_cert_verify(SSL *s) | |||
| 2735 | goto f_err; | 2706 | goto f_err; |
| 2736 | } | 2707 | } |
| 2737 | } else | 2708 | } else |
| 2738 | #endif | ||
| 2739 | if (pkey->type == NID_id_GostR3410_94 || | 2709 | if (pkey->type == NID_id_GostR3410_94 || |
| 2740 | pkey->type == NID_id_GostR3410_2001) { | 2710 | pkey->type == NID_id_GostR3410_2001) { |
| 2741 | unsigned char signature[64]; | 2711 | unsigned char signature[64]; |