diff options
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 5d442558dd..3546a45df1 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -209,7 +209,6 @@ tls1_clear(SSL *s) | |||
| 209 | s->version = s->method->version; | 209 | s->version = s->method->version; |
| 210 | } | 210 | } |
| 211 | 211 | ||
| 212 | #ifndef OPENSSL_NO_EC | ||
| 213 | 212 | ||
| 214 | static int nid_list[] = { | 213 | static int nid_list[] = { |
| 215 | NID_sect163k1, /* sect163k1 (1) */ | 214 | NID_sect163k1, /* sect163k1 (1) */ |
| @@ -348,7 +347,6 @@ tls1_ec_nid2curve_id(int nid) | |||
| 348 | return 0; | 347 | return 0; |
| 349 | } | 348 | } |
| 350 | } | 349 | } |
| 351 | #endif /* OPENSSL_NO_EC */ | ||
| 352 | 350 | ||
| 353 | 351 | ||
| 354 | /* List of supported signature algorithms and hashes. Should make this | 352 | /* List of supported signature algorithms and hashes. Should make this |
| @@ -460,7 +458,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 460 | } | 458 | } |
| 461 | 459 | ||
| 462 | 460 | ||
| 463 | #ifndef OPENSSL_NO_EC | ||
| 464 | if (s->tlsext_ecpointformatlist != NULL && | 461 | if (s->tlsext_ecpointformatlist != NULL && |
| 465 | s->version != DTLS1_VERSION) { | 462 | s->version != DTLS1_VERSION) { |
| 466 | /* Add TLS extension ECPointFormats to the ClientHello message */ | 463 | /* Add TLS extension ECPointFormats to the ClientHello message */ |
| @@ -515,7 +512,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 515 | s->tlsext_ellipticcurvelist_length); | 512 | s->tlsext_ellipticcurvelist_length); |
| 516 | ret += s->tlsext_ellipticcurvelist_length; | 513 | ret += s->tlsext_ellipticcurvelist_length; |
| 517 | } | 514 | } |
| 518 | #endif /* OPENSSL_NO_EC */ | ||
| 519 | 515 | ||
| 520 | if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | 516 | if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { |
| 521 | int ticklen; | 517 | int ticklen; |
| @@ -743,7 +739,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 743 | ret += el; | 739 | ret += el; |
| 744 | } | 740 | } |
| 745 | 741 | ||
| 746 | #ifndef OPENSSL_NO_EC | ||
| 747 | if (s->tlsext_ecpointformatlist != NULL && | 742 | if (s->tlsext_ecpointformatlist != NULL && |
| 748 | s->version != DTLS1_VERSION) { | 743 | s->version != DTLS1_VERSION) { |
| 749 | /* Add TLS extension ECPointFormats to the ServerHello message */ | 744 | /* Add TLS extension ECPointFormats to the ServerHello message */ |
| @@ -770,7 +765,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 770 | 765 | ||
| 771 | } | 766 | } |
| 772 | /* Currently the server should not respond with a SupportedCurves extension */ | 767 | /* Currently the server should not respond with a SupportedCurves extension */ |
| 773 | #endif /* OPENSSL_NO_EC */ | ||
| 774 | 768 | ||
| 775 | if (s->tlsext_ticket_expected && | 769 | if (s->tlsext_ticket_expected && |
| 776 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | 770 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { |
| @@ -875,7 +869,6 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 875 | return ret; | 869 | return ret; |
| 876 | } | 870 | } |
| 877 | 871 | ||
| 878 | #ifndef OPENSSL_NO_EC | ||
| 879 | /* ssl_check_for_safari attempts to fingerprint Safari using OS X | 872 | /* ssl_check_for_safari attempts to fingerprint Safari using OS X |
| 880 | * SecureTransport using the TLS extension block in |d|, of length |n|. | 873 | * SecureTransport using the TLS extension block in |d|, of length |n|. |
| 881 | * Safari, since 10.6, sends exactly these extensions, in this order: | 874 | * Safari, since 10.6, sends exactly these extensions, in this order: |
| @@ -956,7 +949,6 @@ ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, | |||
| 956 | 949 | ||
| 957 | s->s3->is_probably_safari = 1; | 950 | s->s3->is_probably_safari = 1; |
| 958 | } | 951 | } |
| 959 | #endif /* !OPENSSL_NO_EC */ | ||
| 960 | 952 | ||
| 961 | int | 953 | int |
| 962 | ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | 954 | ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, |
| @@ -975,10 +967,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 975 | s->s3->next_proto_neg_seen = 0; | 967 | s->s3->next_proto_neg_seen = 0; |
| 976 | #endif | 968 | #endif |
| 977 | 969 | ||
| 978 | #ifndef OPENSSL_NO_EC | ||
| 979 | if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) | 970 | if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) |
| 980 | ssl_check_for_safari(s, data, d, n); | 971 | ssl_check_for_safari(s, data, d, n); |
| 981 | #endif /* !OPENSSL_NO_EC */ | ||
| 982 | 972 | ||
| 983 | if (data >= (d + n - 2)) | 973 | if (data >= (d + n - 2)) |
| 984 | goto ri_check; | 974 | goto ri_check; |
| @@ -1095,7 +1085,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1095 | 1085 | ||
| 1096 | } | 1086 | } |
| 1097 | 1087 | ||
| 1098 | #ifndef OPENSSL_NO_EC | ||
| 1099 | else if (type == TLSEXT_TYPE_ec_point_formats && | 1088 | else if (type == TLSEXT_TYPE_ec_point_formats && |
| 1100 | s->version != DTLS1_VERSION) { | 1089 | s->version != DTLS1_VERSION) { |
| 1101 | unsigned char *sdata = data; | 1090 | unsigned char *sdata = data; |
| @@ -1142,7 +1131,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1142 | memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); | 1131 | memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); |
| 1143 | } | 1132 | } |
| 1144 | } | 1133 | } |
| 1145 | #endif /* OPENSSL_NO_EC */ | ||
| 1146 | #ifdef TLSEXT_TYPE_opaque_prf_input | 1134 | #ifdef TLSEXT_TYPE_opaque_prf_input |
| 1147 | else if (type == TLSEXT_TYPE_opaque_prf_input && | 1135 | else if (type == TLSEXT_TYPE_opaque_prf_input && |
| 1148 | s->version != DTLS1_VERSION) { | 1136 | s->version != DTLS1_VERSION) { |
| @@ -1408,7 +1396,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1408 | tlsext_servername = 1; | 1396 | tlsext_servername = 1; |
| 1409 | 1397 | ||
| 1410 | } | 1398 | } |
| 1411 | #ifndef OPENSSL_NO_EC | ||
| 1412 | else if (type == TLSEXT_TYPE_ec_point_formats && | 1399 | else if (type == TLSEXT_TYPE_ec_point_formats && |
| 1413 | s->version != DTLS1_VERSION) { | 1400 | s->version != DTLS1_VERSION) { |
| 1414 | unsigned char *sdata = data; | 1401 | unsigned char *sdata = data; |
| @@ -1430,7 +1417,6 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1430 | s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; | 1417 | s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; |
| 1431 | memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); | 1418 | memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); |
| 1432 | } | 1419 | } |
| 1433 | #endif /* OPENSSL_NO_EC */ | ||
| 1434 | else if (type == TLSEXT_TYPE_session_ticket) { | 1420 | else if (type == TLSEXT_TYPE_session_ticket) { |
| 1435 | if (s->tls_session_ticket_ext_cb && | 1421 | if (s->tls_session_ticket_ext_cb && |
| 1436 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | 1422 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { |
| @@ -1576,7 +1562,6 @@ ri_check: | |||
| 1576 | int | 1562 | int |
| 1577 | ssl_prepare_clienthello_tlsext(SSL *s) | 1563 | ssl_prepare_clienthello_tlsext(SSL *s) |
| 1578 | { | 1564 | { |
| 1579 | #ifndef OPENSSL_NO_EC | ||
| 1580 | /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats | 1565 | /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats |
| 1581 | * and elliptic curves we support. | 1566 | * and elliptic curves we support. |
| 1582 | */ | 1567 | */ |
| @@ -1624,7 +1609,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1624 | s2n(id, j); | 1609 | s2n(id, j); |
| 1625 | } | 1610 | } |
| 1626 | } | 1611 | } |
| 1627 | #endif /* OPENSSL_NO_EC */ | ||
| 1628 | 1612 | ||
| 1629 | #ifdef TLSEXT_TYPE_opaque_prf_input | 1613 | #ifdef TLSEXT_TYPE_opaque_prf_input |
| 1630 | { | 1614 | { |
| @@ -1667,7 +1651,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1667 | int | 1651 | int |
| 1668 | ssl_prepare_serverhello_tlsext(SSL *s) | 1652 | ssl_prepare_serverhello_tlsext(SSL *s) |
| 1669 | { | 1653 | { |
| 1670 | #ifndef OPENSSL_NO_EC | ||
| 1671 | /* If we are server and using an ECC cipher suite, send the point formats we support | 1654 | /* If we are server and using an ECC cipher suite, send the point formats we support |
| 1672 | * if the client sent us an ECPointsFormat extension. Note that the server is not | 1655 | * if the client sent us an ECPointsFormat extension. Note that the server is not |
| 1673 | * supposed to send an EllipticCurves extension. | 1656 | * supposed to send an EllipticCurves extension. |
| @@ -1689,7 +1672,6 @@ ssl_prepare_serverhello_tlsext(SSL *s) | |||
| 1689 | s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; | 1672 | s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; |
| 1690 | s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; | 1673 | s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; |
| 1691 | } | 1674 | } |
| 1692 | #endif /* OPENSSL_NO_EC */ | ||
| 1693 | 1675 | ||
| 1694 | return 1; | 1676 | return 1; |
| 1695 | } | 1677 | } |
| @@ -1700,14 +1682,12 @@ ssl_check_clienthello_tlsext_early(SSL *s) | |||
| 1700 | int ret = SSL_TLSEXT_ERR_NOACK; | 1682 | int ret = SSL_TLSEXT_ERR_NOACK; |
| 1701 | int al = SSL_AD_UNRECOGNIZED_NAME; | 1683 | int al = SSL_AD_UNRECOGNIZED_NAME; |
| 1702 | 1684 | ||
| 1703 | #ifndef OPENSSL_NO_EC | ||
| 1704 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | 1685 | /* The handling of the ECPointFormats extension is done elsewhere, namely in |
| 1705 | * ssl3_choose_cipher in s3_lib.c. | 1686 | * ssl3_choose_cipher in s3_lib.c. |
| 1706 | */ | 1687 | */ |
| 1707 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | 1688 | /* The handling of the EllipticCurves extension is done elsewhere, namely in |
| 1708 | * ssl3_choose_cipher in s3_lib.c. | 1689 | * ssl3_choose_cipher in s3_lib.c. |
| 1709 | */ | 1690 | */ |
| 1710 | #endif | ||
| 1711 | 1691 | ||
| 1712 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | 1692 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) |
| 1713 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | 1693 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); |
| @@ -1850,7 +1830,6 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1850 | int ret = SSL_TLSEXT_ERR_NOACK; | 1830 | int ret = SSL_TLSEXT_ERR_NOACK; |
| 1851 | int al = SSL_AD_UNRECOGNIZED_NAME; | 1831 | int al = SSL_AD_UNRECOGNIZED_NAME; |
| 1852 | 1832 | ||
| 1853 | #ifndef OPENSSL_NO_EC | ||
| 1854 | /* If we are client and using an elliptic curve cryptography cipher | 1833 | /* If we are client and using an elliptic curve cryptography cipher |
| 1855 | * suite, then if server returns an EC point formats lists extension | 1834 | * suite, then if server returns an EC point formats lists extension |
| 1856 | * it must contain uncompressed. | 1835 | * it must contain uncompressed. |
| @@ -1879,7 +1858,6 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1879 | } | 1858 | } |
| 1880 | } | 1859 | } |
| 1881 | ret = SSL_TLSEXT_ERR_OK; | 1860 | ret = SSL_TLSEXT_ERR_OK; |
| 1882 | #endif /* OPENSSL_NO_EC */ | ||
| 1883 | 1861 | ||
| 1884 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | 1862 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) |
| 1885 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | 1863 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); |