From 816c7c873767914a1ee22f5ce3f4143db7d22db8 Mon Sep 17 00:00:00 2001 From: tedu <> Date: Thu, 17 Apr 2014 20:34:24 +0000 Subject: quick pass at removing ability to disable sha256 and sha512. ok miod --- src/lib/libssl/s3_cbc.c | 12 ------------ src/lib/libssl/s3_clnt.c | 4 ---- src/lib/libssl/src/ssl/s3_cbc.c | 12 ------------ src/lib/libssl/src/ssl/s3_clnt.c | 4 ---- src/lib/libssl/src/ssl/ssl_algs.c | 4 ---- src/lib/libssl/src/ssl/ssl_locl.h | 4 ---- src/lib/libssl/src/ssl/t1_lib.c | 12 ------------ src/lib/libssl/ssl_algs.c | 4 ---- src/lib/libssl/ssl_locl.h | 4 ---- src/lib/libssl/t1_lib.c | 12 ------------ 10 files changed, 72 deletions(-) diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c index 964266e5b2..e8f7df572f 100644 --- a/src/lib/libssl/s3_cbc.c +++ b/src/lib/libssl/s3_cbc.c @@ -351,7 +351,6 @@ tls1_sha1_final_raw(void* ctx, unsigned char *md_out) } #define LARGEST_DIGEST_CTX SHA_CTX -#ifndef OPENSSL_NO_SHA256 static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) { @@ -364,9 +363,7 @@ tls1_sha256_final_raw(void* ctx, unsigned char *md_out) } #undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA256_CTX -#endif -#ifndef OPENSSL_NO_SHA512 static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) { @@ -379,7 +376,6 @@ tls1_sha512_final_raw(void* ctx, unsigned char *md_out) } #undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA512_CTX -#endif /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function * which ssl3_cbc_digest_record supports. */ @@ -389,14 +385,10 @@ ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) switch (EVP_MD_CTX_type(ctx)) { case NID_md5: case NID_sha1: -#ifndef OPENSSL_NO_SHA256 case NID_sha224: case NID_sha256: -#endif -#ifndef OPENSSL_NO_SHA512 case NID_sha384: case NID_sha512: -#endif return 1; default: return 0; @@ -469,7 +461,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; md_size = 20; break; -#ifndef OPENSSL_NO_SHA256 case NID_sha224: SHA224_Init((SHA256_CTX*)md_state.c); md_final_raw = tls1_sha256_final_raw; @@ -482,8 +473,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; md_size = 32; break; -#endif -#ifndef OPENSSL_NO_SHA512 case NID_sha384: SHA384_Init((SHA512_CTX*)md_state.c); md_final_raw = tls1_sha512_final_raw; @@ -500,7 +489,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, md_block_size = 128; md_length_size = 16; break; -#endif default: /* ssl3_cbc_record_digest_supported should have been * called first to check that the hash function is diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 26bdef6b4f..32405eac75 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c @@ -1940,11 +1940,7 @@ ssl3_get_new_session_ticket(SSL *s) */ EVP_Digest(p, ticklen, s->session->session_id, &s->session->session_id_length, -#ifndef OPENSSL_NO_SHA256 EVP_sha256(), NULL); -#else - EVP_sha1(), NULL); -#endif ret = 1; return (ret); f_err: diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c index 964266e5b2..e8f7df572f 100644 --- a/src/lib/libssl/src/ssl/s3_cbc.c +++ b/src/lib/libssl/src/ssl/s3_cbc.c @@ -351,7 +351,6 @@ tls1_sha1_final_raw(void* ctx, unsigned char *md_out) } #define LARGEST_DIGEST_CTX SHA_CTX -#ifndef OPENSSL_NO_SHA256 static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) { @@ -364,9 +363,7 @@ tls1_sha256_final_raw(void* ctx, unsigned char *md_out) } #undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA256_CTX -#endif -#ifndef OPENSSL_NO_SHA512 static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) { @@ -379,7 +376,6 @@ tls1_sha512_final_raw(void* ctx, unsigned char *md_out) } #undef LARGEST_DIGEST_CTX #define LARGEST_DIGEST_CTX SHA512_CTX -#endif /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function * which ssl3_cbc_digest_record supports. */ @@ -389,14 +385,10 @@ ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) switch (EVP_MD_CTX_type(ctx)) { case NID_md5: case NID_sha1: -#ifndef OPENSSL_NO_SHA256 case NID_sha224: case NID_sha256: -#endif -#ifndef OPENSSL_NO_SHA512 case NID_sha384: case NID_sha512: -#endif return 1; default: return 0; @@ -469,7 +461,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; md_size = 20; break; -#ifndef OPENSSL_NO_SHA256 case NID_sha224: SHA224_Init((SHA256_CTX*)md_state.c); md_final_raw = tls1_sha256_final_raw; @@ -482,8 +473,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; md_size = 32; break; -#endif -#ifndef OPENSSL_NO_SHA512 case NID_sha384: SHA384_Init((SHA512_CTX*)md_state.c); md_final_raw = tls1_sha512_final_raw; @@ -500,7 +489,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, md_block_size = 128; md_length_size = 16; break; -#endif default: /* ssl3_cbc_record_digest_supported should have been * called first to check that the hash function is diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 26bdef6b4f..32405eac75 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c @@ -1940,11 +1940,7 @@ ssl3_get_new_session_ticket(SSL *s) */ EVP_Digest(p, ticklen, s->session->session_id, &s->session->session_id_length, -#ifndef OPENSSL_NO_SHA256 EVP_sha256(), NULL); -#else - EVP_sha1(), NULL); -#endif ret = 1; return (ret); f_err: diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c index 76644bda91..92973866d2 100644 --- a/src/lib/libssl/src/ssl/ssl_algs.c +++ b/src/lib/libssl/src/ssl/ssl_algs.c @@ -116,14 +116,10 @@ SSL_library_init(void) EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #endif -#ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index c539b1229d..483723736a 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h @@ -1061,11 +1061,7 @@ int ssl_check_clienthello_tlsext_early(SSL *s); int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); -#ifdef OPENSSL_NO_SHA256 -#define tlsext_tick_md EVP_sha1 -#else #define tlsext_tick_md EVP_sha256 -#endif int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret); diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 7ecf7e0658..b88b3561e0 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c @@ -334,14 +334,10 @@ tls1_ec_nid2curve_id(int nid) tlsext_sigalg_ecdsa(md) static unsigned char tls12_sigalgs[] = { -#ifndef OPENSSL_NO_SHA512 tlsext_sigalg(TLSEXT_hash_sha512) tlsext_sigalg(TLSEXT_hash_sha384) -#endif -#ifndef OPENSSL_NO_SHA256 tlsext_sigalg(TLSEXT_hash_sha256) tlsext_sigalg(TLSEXT_hash_sha224) -#endif #ifndef OPENSSL_NO_SHA tlsext_sigalg(TLSEXT_hash_sha1) #endif @@ -2205,14 +2201,10 @@ static tls12_lookup tls12_md[] = { #ifndef OPENSSL_NO_SHA {NID_sha1, TLSEXT_hash_sha1}, #endif -#ifndef OPENSSL_NO_SHA256 {NID_sha224, TLSEXT_hash_sha224}, {NID_sha256, TLSEXT_hash_sha256}, -#endif -#ifndef OPENSSL_NO_SHA512 {NID_sha384, TLSEXT_hash_sha384}, {NID_sha512, TLSEXT_hash_sha512} -#endif }; static tls12_lookup tls12_sig[] = { @@ -2283,20 +2275,16 @@ const EVP_MD case TLSEXT_hash_sha1: return EVP_sha1(); #endif -#ifndef OPENSSL_NO_SHA256 case TLSEXT_hash_sha224: return EVP_sha224(); case TLSEXT_hash_sha256: return EVP_sha256(); -#endif -#ifndef OPENSSL_NO_SHA512 case TLSEXT_hash_sha384: return EVP_sha384(); case TLSEXT_hash_sha512: return EVP_sha512(); -#endif default: return NULL; diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index 76644bda91..92973866d2 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c @@ -116,14 +116,10 @@ SSL_library_init(void) EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #endif -#ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index c539b1229d..483723736a 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1061,11 +1061,7 @@ int ssl_check_clienthello_tlsext_early(SSL *s); int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); -#ifdef OPENSSL_NO_SHA256 -#define tlsext_tick_md EVP_sha1 -#else #define tlsext_tick_md EVP_sha256 -#endif int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret); diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 7ecf7e0658..b88b3561e0 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -334,14 +334,10 @@ tls1_ec_nid2curve_id(int nid) tlsext_sigalg_ecdsa(md) static unsigned char tls12_sigalgs[] = { -#ifndef OPENSSL_NO_SHA512 tlsext_sigalg(TLSEXT_hash_sha512) tlsext_sigalg(TLSEXT_hash_sha384) -#endif -#ifndef OPENSSL_NO_SHA256 tlsext_sigalg(TLSEXT_hash_sha256) tlsext_sigalg(TLSEXT_hash_sha224) -#endif #ifndef OPENSSL_NO_SHA tlsext_sigalg(TLSEXT_hash_sha1) #endif @@ -2205,14 +2201,10 @@ static tls12_lookup tls12_md[] = { #ifndef OPENSSL_NO_SHA {NID_sha1, TLSEXT_hash_sha1}, #endif -#ifndef OPENSSL_NO_SHA256 {NID_sha224, TLSEXT_hash_sha224}, {NID_sha256, TLSEXT_hash_sha256}, -#endif -#ifndef OPENSSL_NO_SHA512 {NID_sha384, TLSEXT_hash_sha384}, {NID_sha512, TLSEXT_hash_sha512} -#endif }; static tls12_lookup tls12_sig[] = { @@ -2283,20 +2275,16 @@ const EVP_MD case TLSEXT_hash_sha1: return EVP_sha1(); #endif -#ifndef OPENSSL_NO_SHA256 case TLSEXT_hash_sha224: return EVP_sha224(); case TLSEXT_hash_sha256: return EVP_sha256(); -#endif -#ifndef OPENSSL_NO_SHA512 case TLSEXT_hash_sha384: return EVP_sha384(); case TLSEXT_hash_sha512: return EVP_sha512(); -#endif default: return NULL; -- cgit v1.2.3-55-g6feb