unifdef a bunch of OPENSSL_NO_* ifdefs.
Get all this stuff out of the way.
- OPENSSL_NO_MD5
- OPENSSL_NO_SHA
- OPENSSL_NO_EC
- OPENSSL_NO_ECDSA
- OPENSSL_NO_ECDH
- OPENSSL_NO_NEXTPROTONEG
- OPENSSL_NO_DH
- OPENSSL_NO_SSL3
- OPENSSL_NO_RC4
- OPENSSL_NO_RSA
Also manually removed a couple instances of OPENSSL_NO_DSA that seemed to be
confused anyway. Did some minor manual cleanup. (Removed a few now-pointless
'if (0)'s.)
Change-Id: Id540ba97ee22ff2309ab20ceb24c7eabe766d4c4
Reviewed-on: https://boringssl-review.googlesource.com/1662
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index c1b8d6e..24ecc62 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -224,7 +224,6 @@
#endif
-#ifndef OPENSSL_NO_EC
static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
{
EC_KEY *dtmp;
@@ -271,15 +270,12 @@
#endif
-#endif
-#ifndef OPENSSL_NO_DH
IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
/* TODO(fork): remove this code? */
/* IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) */
-#endif
IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 6e59a7f..c4974c2 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -207,7 +207,6 @@
}
else
#endif
-#ifndef OPENSSL_NO_EC
if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)
{
d2i=(D2I_OF(void))d2i_ECPrivateKey;
@@ -228,7 +227,6 @@
raw=1;
}
else
-#endif
{
d2i=NULL;
pp=NULL;
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index d0f08c8..0ef08d0 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -262,7 +262,6 @@
#endif
-#ifndef OPENSSL_NO_DH
/* Transparently read in PKCS#3 or X9.42 DH parameters */
@@ -310,4 +309,3 @@
}
#endif
-#endif
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 57e6167..0974ef6 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -78,7 +78,6 @@
return(X509_NAME_cmp(ai->issuer,bi->issuer));
}
-#ifndef OPENSSL_NO_MD5
unsigned long X509_issuer_and_serial_hash(X509 *a)
{
unsigned long ret=0;
@@ -105,7 +104,6 @@
EVP_MD_CTX_cleanup(&ctx);
return(ret);
}
-#endif
int X509_issuer_name_cmp(const X509 *a, const X509 *b)
{
@@ -122,12 +120,10 @@
return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
}
-#ifndef OPENSSL_NO_SHA
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
{
return memcmp(a->sha1_hash, b->sha1_hash, 20);
}
-#endif
X509_NAME *X509_get_issuer_name(X509 *a)
{
@@ -139,12 +135,10 @@
return(X509_NAME_hash(x->cert_info->issuer));
}
-#ifndef OPENSSL_NO_MD5
unsigned long X509_issuer_name_hash_old(X509 *x)
{
return(X509_NAME_hash_old(x->cert_info->issuer));
}
-#endif
X509_NAME *X509_get_subject_name(X509 *a)
{
@@ -161,14 +155,11 @@
return(X509_NAME_hash(x->cert_info->subject));
}
-#ifndef OPENSSL_NO_MD5
unsigned long X509_subject_name_hash_old(X509 *x)
{
return(X509_NAME_hash_old(x->cert_info->subject));
}
-#endif
-#ifndef OPENSSL_NO_SHA
/* Compare two certificates: they must be identical for
* this to work. NB: Although "cmp" operations are generally
* prototyped to take "const" arguments (eg. for use in
@@ -199,7 +190,6 @@
}
return rv;
}
-#endif
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
@@ -249,7 +239,6 @@
}
-#ifndef OPENSSL_NO_MD5
/* I now DER encode the name and hash it. Since I cache the DER encoding,
* this is reasonably efficient. */
@@ -273,7 +262,6 @@
return(ret);
}
-#endif
/* Search a stack of X509 for a match */
X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
@@ -364,7 +352,6 @@
* flags.
*/
-#ifndef OPENSSL_NO_EC
static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
{
@@ -484,19 +471,6 @@
return check_suite_b(pk, sign_nid, &flags);
}
-#else
-int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
- unsigned long flags)
- {
- return 0;
- }
-
-int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
- {
- return 0;
- }
-
-#endif
/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference
* count but it has the same effect by duping the STACK and upping the ref
* of each X509 structure.
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index ccaf729..64f2c37 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -132,21 +132,17 @@
OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_KEY_TYPE_MISMATCH);
break;
case -2:
-#ifndef OPENSSL_NO_EC
if (k->type == EVP_PKEY_EC)
{
OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, ERR_R_EC_LIB);
break;
}
-#endif
-#ifndef OPENSSL_NO_DH
if (k->type == EVP_PKEY_DH)
{
/* No idea */
OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_CANT_CHECK_DH_KEY);
break;
}
-#endif
OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_UNKNOWN_KEY_TYPE);
}
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 08cc79d..cbc46e2 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -345,7 +345,6 @@
#endif
-#ifndef OPENSSL_NO_EC
#ifndef OPENSSL_NO_FP_API
EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
{
@@ -386,7 +385,6 @@
{
return ASN1_i2d_bio_of_const(EC_KEY,i2d_ECPrivateKey,bp,eckey);
}
-#endif
int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 2f77fd7..21785dc 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -234,9 +234,7 @@
break;
case ASN1_OP_D2I_POST:
-#ifndef OPENSSL_NO_SHA
X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
-#endif
crl->idp = X509_CRL_get_ext_d2i(crl,
NID_issuing_distribution_point, NULL, NULL);
if (crl->idp)
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 04275f7..c285aa6 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -300,7 +300,6 @@
}
#endif
-#ifndef OPENSSL_NO_EC
EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
{
EVP_PKEY *pkey;
@@ -336,7 +335,6 @@
EVP_PKEY_free(pktmp);
return(ret);
}
-#endif
int X509_PUBKEY_set0_param(X509_PUBKEY *pub, const ASN1_OBJECT *aobj,
int ptype, void *pval,
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index feebd9a..e08bdf4 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -361,9 +361,7 @@
size_t i;
int j;
if(x->ex_flags & EXFLAG_SET) return;
-#ifndef OPENSSL_NO_SHA
X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
-#endif
/* V1 should mean no extensions ... */
if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
/* Handle basic constraints */
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 3eaac0a..c18cedd 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -465,18 +465,14 @@
#endif
-#ifndef OPENSSL_NO_EC
DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
-#endif
-#ifndef OPENSSL_NO_DH
DECLARE_PEM_rw_const(DHparams, DH)
DECLARE_PEM_write_const(DHxparams, DH)
-#endif
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
@@ -506,10 +502,8 @@
OPENSSL_EXPORT EVP_PKEY *b2i_PublicKey_bio(BIO *in);
OPENSSL_EXPORT int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
OPENSSL_EXPORT int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
-#ifndef OPENSSL_NO_RC4
OPENSSL_EXPORT EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
OPENSSL_EXPORT int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u);
-#endif
void ERR_load_PEM_strings(void);
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 725bb09..de91feb 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -441,12 +441,10 @@
* efficient and to implement a maximum cache size. */
struct ssl_session_st *prev,*next;
char *tlsext_hostname;
-#ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist; /* peer's list */
size_t tlsext_ellipticcurvelist_length;
uint16_t *tlsext_ellipticcurvelist; /* peer's list */
-#endif /* OPENSSL_NO_EC */
/* RFC4507 info */
uint8_t *tlsext_tick; /* Session ticket */
size_t tlsext_ticklen; /* Session ticket length */
@@ -964,7 +962,6 @@
* memory and session space. Only effective on the server side. */
char retain_only_sha256_of_client_certs;
-# ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation information */
/* (for experimental NPN extension). */
@@ -981,7 +978,6 @@
unsigned int inlen,
void *arg);
void *next_proto_select_cb_arg;
-# endif
/* ALPN information
* (we are in the process of transitioning from NPN to ALPN.) */
@@ -1009,13 +1005,11 @@
/* SRTP profiles we are willing to do from RFC 5764 */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
-# ifndef OPENSSL_NO_EC
/* EC extension values inherited by SSL structure */
size_t tlsext_ecpointformatlist_length;
uint8_t *tlsext_ecpointformatlist;
size_t tlsext_ellipticcurvelist_length;
uint16_t *tlsext_ellipticcurvelist;
-# endif /* OPENSSL_NO_EC */
/* If true, a client will advertise the Channel ID extension and a
* server will echo it. */
@@ -1115,7 +1109,6 @@
* WARNING: the returned data is not guaranteed to be well formed. */
OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, uint8_t **out, size_t *out_len);
-#ifndef OPENSSL_NO_NEXTPROTONEG
OPENSSL_EXPORT void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
int (*cb) (SSL *ssl,
const unsigned char **out,
@@ -1129,7 +1122,6 @@
void *arg);
OPENSSL_EXPORT void SSL_get0_next_proto_negotiated(const SSL *s,
const uint8_t **data, unsigned *len);
-#endif
OPENSSL_EXPORT int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
@@ -1376,12 +1368,10 @@
/* RFC4507 session ticket expected to be received or sent */
int tlsext_ticket_expected;
-#ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
uint8_t *tlsext_ecpointformatlist; /* our list */
size_t tlsext_ellipticcurvelist_length;
uint16_t *tlsext_ellipticcurvelist; /* our list */
-#endif /* OPENSSL_NO_EC */
/* TLS Session Ticket extension override */
TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
@@ -1396,7 +1386,6 @@
SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation. For the client, this is the protocol that
* we sent in NextProtocol and is set when handling ServerHello
* extensions.
@@ -1406,7 +1395,6 @@
* before the Finished message. */
uint8_t *next_proto_negotiated;
size_t next_proto_negotiated_len;
-#endif
#define session_ctx initial_ctx
@@ -2228,22 +2216,18 @@
OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl,
RSA *(*cb)(SSL *ssl,int is_export,
int keylength));
-#ifndef OPENSSL_NO_DH
OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
DH *(*dh)(SSL *ssl,int is_export,
int keylength));
OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl,
DH *(*dh)(SSL *ssl,int is_export,
int keylength));
-#endif
-#ifndef OPENSSL_NO_ECDH
OPENSSL_EXPORT void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
EC_KEY *(*ecdh)(SSL *ssl,int is_export,
int keylength));
OPENSSL_EXPORT void SSL_set_tmp_ecdh_callback(SSL *ssl,
EC_KEY *(*ecdh)(SSL *ssl,int is_export,
int keylength));
-#endif
OPENSSL_EXPORT const void *SSL_get_current_compression(SSL *s);
OPENSSL_EXPORT const void *SSL_get_current_expansion(SSL *s);
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 4cc9f6c..2e9b8cc 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -432,13 +432,9 @@
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
-#ifndef OPENSSL_NO_DH
DH *dh;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh; /* holds short lived ECDH key */
-#endif
/* used when SSL_ST_FLUSH_DATA is entered */
int next_state;
@@ -482,10 +478,8 @@
unsigned char previous_server_finished_len;
int send_connection_binding; /* TODOEKR */
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* Set if we saw the Next Protocol Negotiation extension from our peer. */
int next_proto_neg_seen;
-#endif
/* ALPN information
* (we are in the process of transitioning from NPN to ALPN.) */
@@ -548,10 +542,8 @@
#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
-#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
-#endif
#define SSL3_ST_CW_CHANNEL_ID_A (0x220|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANNEL_ID_B (0x221|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
@@ -598,10 +590,8 @@
#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE (0x1B0|SSL_ST_ACCEPT)
-#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
-#endif
#define SSL3_ST_SR_CHANNEL_ID_A (0x230|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANNEL_ID_B (0x231|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
@@ -631,9 +621,7 @@
#define SSL3_MT_FINISHED 20
#define SSL3_MT_CERTIFICATE_STATUS 22
#define SSL3_MT_SUPPLEMENTAL_DATA 23
-#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_MT_NEXT_PROTO 67
-#endif
#define SSL3_MT_ENCRYPTED_EXTENSIONS 203
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 76a1296..b8dd7ae 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -249,10 +249,8 @@
/* ExtensionType value from RFC6962 */
#define TLSEXT_TYPE_certificate_timestamp 18
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* This is not an IANA defined extension number */
#define TLSEXT_TYPE_next_proto_neg 13172
-#endif
/* This is not an IANA defined extension number */
#define TLSEXT_TYPE_channel_id 30031
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 29fba40..1f277f3 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -259,9 +259,7 @@
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
-#ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
X509_CERT_AUX *aux;
} /* X509 */;
@@ -433,9 +431,7 @@
/* CRL and base CRL numbers for delta processing */
ASN1_INTEGER *crl_number;
ASN1_INTEGER *base_crl_number;
-#ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
STACK_OF(GENERAL_NAMES) *issuers;
const X509_CRL_METHOD *meth;
void *meth_data;
@@ -664,12 +660,10 @@
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
OPENSSL_EXPORT int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
#endif
-#ifndef OPENSSL_NO_EC
OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
OPENSSL_EXPORT int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
OPENSSL_EXPORT int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
-#endif
OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
@@ -701,12 +695,10 @@
OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
OPENSSL_EXPORT int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
#endif
-#ifndef OPENSSL_NO_EC
OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
OPENSSL_EXPORT int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
OPENSSL_EXPORT int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
-#endif
OPENSSL_EXPORT X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
OPENSSL_EXPORT int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
@@ -770,11 +762,9 @@
OPENSSL_EXPORT DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,
long length);
#endif
-#ifndef OPENSSL_NO_EC
OPENSSL_EXPORT int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp);
OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
long length);
-#endif
DECLARE_ASN1_FUNCTIONS(X509_SIG)
DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
@@ -946,10 +936,8 @@
OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b);
OPENSSL_EXPORT unsigned long X509_subject_name_hash(X509 *x);
-#ifndef OPENSSL_NO_MD5
OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a);
OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x);
-#endif
OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b);
OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index cfa6d00..cec6f8c 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -289,9 +289,7 @@
* answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
*/
mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1
-#if !defined(OPENSSL_NO_SSL3)
|SSL_OP_NO_SSLv3
-#endif
;
#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
version = TLS1_2_VERSION;
@@ -305,11 +303,9 @@
if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
version = TLS1_VERSION;
mask &= ~SSL_OP_NO_TLSv1;
-#if !defined(OPENSSL_NO_SSL3)
if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
version = SSL3_VERSION;
mask &= ~SSL_OP_NO_SSLv3;
-#endif
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c
index 5f0f8b2..f3af959 100644
--- a/ssl/s23_meth.c
+++ b/ssl/s23_meth.c
@@ -65,11 +65,9 @@
static const SSL_METHOD *ssl23_get_method(int ver);
static const SSL_METHOD *ssl23_get_method(int ver)
{
-#ifndef OPENSSL_NO_SSL3
if (ver == SSL3_VERSION)
return(SSLv3_method());
else
-#endif
if (ver == TLS1_VERSION)
return(TLSv1_method());
else if (ver == TLS1_1_VERSION)
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 7944891..f5bd284 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -561,12 +561,10 @@
{
ret=SSL_PKEY_RSA_ENC;
}
-#ifndef OPENSSL_NO_EC
else if (i == EVP_PKEY_EC)
{
ret = SSL_PKEY_ECC;
}
-#endif
err:
if(!pkey) EVP_PKEY_free(pk);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 5dce641..63fbbeb 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -395,10 +395,8 @@
s->state=SSL3_ST_CW_FINISHED_A;
if (s->s3->tlsext_channel_id_valid)
s->state=SSL3_ST_CW_CHANNEL_ID_A;
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
if (s->s3->next_proto_neg_seen)
s->state=SSL3_ST_CW_NEXT_PROTO_A;
-# endif
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
@@ -417,7 +415,6 @@
break;
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_CW_NEXT_PROTO_A:
case SSL3_ST_CW_NEXT_PROTO_B:
ret=ssl3_send_next_proto(s);
@@ -427,7 +424,6 @@
else
s->state=SSL3_ST_CW_FINISHED_A;
break;
-#endif
case SSL3_ST_CW_CHANNEL_ID_A:
case SSL3_ST_CW_CHANNEL_ID_B:
@@ -1147,14 +1143,10 @@
EVP_PKEY *pkey=NULL;
const EVP_MD *md = NULL;
RSA *rsa=NULL;
-#ifndef OPENSSL_NO_DH
DH *dh=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *srvr_ecpoint = NULL;
-#endif
CBS server_key_exchange, server_key_exchange_orig, parameter;
/* use same message size as in ssl3_get_certificate_request()
@@ -1210,20 +1202,16 @@
RSA_free(s->session->sess_cert->peer_rsa_tmp);
s->session->sess_cert->peer_rsa_tmp=NULL;
}
-#ifndef OPENSSL_NO_DH
if (s->session->sess_cert->peer_dh_tmp)
{
DH_free(s->session->sess_cert->peer_dh_tmp);
s->session->sess_cert->peer_dh_tmp=NULL;
}
-#endif
-#ifndef OPENSSL_NO_ECDH
if (s->session->sess_cert->peer_ecdh_tmp)
{
EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
s->session->sess_cert->peer_ecdh_tmp=NULL;
}
-#endif
}
else
{
@@ -1272,8 +1260,7 @@
}
}
- if (0) {}
- else if (alg_k & SSL_kRSA)
+ if (alg_k & SSL_kRSA)
{
CBS rsa_modulus, rsa_exponent;
@@ -1321,7 +1308,6 @@
s->session->sess_cert->peer_rsa_tmp=rsa;
rsa=NULL;
}
-#ifndef OPENSSL_NO_DH
else if (alg_k & SSL_kEDH)
{
CBS dh_p, dh_g, dh_Ys;
@@ -1373,9 +1359,7 @@
s->session->sess_cert->peer_dh_tmp=dh;
dh=NULL;
}
-#endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_ECDH
else if (alg_k & SSL_kEECDH)
{
uint16_t curve_id;
@@ -1453,10 +1437,8 @@
if (0) ;
else if (alg_a & SSL_aRSA)
pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#ifndef OPENSSL_NO_ECDSA
else if (alg_a & SSL_aECDSA)
pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-#endif
/* else anonymous ECDH, so no certificate or pkey. */
EC_KEY_set_public_key(ecdh, srvr_ecpoint);
s->session->sess_cert->peer_ecdh_tmp=ecdh;
@@ -1466,7 +1448,6 @@
EC_POINT_free(srvr_ecpoint);
srvr_ecpoint = NULL;
}
-#endif /* !OPENSSL_NO_ECDH */
else if (!(alg_k & SSL_kPSK))
{
@@ -1576,16 +1557,12 @@
EVP_PKEY_free(pkey);
if (rsa != NULL)
RSA_free(rsa);
-#ifndef OPENSSL_NO_DH
if (dh != NULL)
DH_free(dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
BN_CTX_free(bn_ctx);
EC_POINT_free(srvr_ecpoint);
if (ecdh != NULL)
EC_KEY_free(ecdh);
-#endif
EVP_MD_CTX_cleanup(&md_ctx);
return(-1);
}
@@ -1913,7 +1890,6 @@
unsigned long alg_a;
unsigned char *q;
EVP_PKEY *pkey=NULL;
-#ifndef OPENSSL_NO_ECDH
EC_KEY *clnt_ecdh = NULL;
const EC_POINT *srvr_ecpoint = NULL;
EVP_PKEY *srvr_pub_pkey = NULL;
@@ -1922,7 +1898,6 @@
BN_CTX * bn_ctx = NULL;
unsigned int psk_len = 0;
unsigned char psk[PSK_MAX_PSK_LEN];
-#endif /* OPENSSL_NO_ECDH */
if (s->state == SSL3_ST_CW_KEY_EXCH_A)
{
@@ -2008,9 +1983,7 @@
}
}
- /* Fool emacs indentation */
- if (0) {}
- else if (alg_k & SSL_kRSA)
+ if (alg_k & SSL_kRSA)
{
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -2070,7 +2043,6 @@
tmp_buf,sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
}
-#ifndef OPENSSL_NO_DH
else if (alg_k & SSL_kEDH)
{
DH *dh_srvr,*dh_clnt;
@@ -2131,9 +2103,7 @@
/* perhaps clean things up a bit EAY EAY EAY EAY*/
}
-#endif
-#ifndef OPENSSL_NO_ECDH
else if (alg_k & SSL_kEECDH)
{
const EC_GROUP *srvr_group = NULL;
@@ -2286,7 +2256,6 @@
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
}
-#endif /* !OPENSSL_NO_ECDH */
else if (!(alg_k & SSL_kPSK) || ((alg_k & SSL_kPSK) && !(alg_a & SSL_aPSK)))
{
ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2302,13 +2271,11 @@
/* SSL3_ST_CW_KEY_EXCH_B */
return ssl_do_write(s);
err:
-#ifndef OPENSSL_NO_ECDH
BN_CTX_free(bn_ctx);
if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
if (clnt_ecdh != NULL)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
-#endif
return(-1);
}
@@ -2507,9 +2474,7 @@
EVP_PKEY *pkey=NULL;
SESS_CERT *sc;
RSA *rsa;
-#ifndef OPENSSL_NO_DH
DH *dh;
-#endif
/* we don't have a certificate */
if (!ssl_cipher_has_server_public_key(s->s3->tmp.new_cipher))
@@ -2526,14 +2491,11 @@
}
rsa=s->session->sess_cert->peer_rsa_tmp;
-#ifndef OPENSSL_NO_DH
dh=s->session->sess_cert->peer_dh_tmp;
-#endif
/* This is the passed certificate */
idx=sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
if (idx == SSL_PKEY_ECC)
{
if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
@@ -2552,7 +2514,6 @@
OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_ECDSA_SIGNING_CERT);
goto f_err;
}
-#endif
pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
EVP_PKEY_free(pkey);
@@ -2570,14 +2531,12 @@
OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
goto f_err;
}
-#ifndef OPENSSL_NO_DH
if ((alg_k & SSL_kEDH) &&
!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
{
OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_DH_KEY);
goto f_err;
}
-#endif
return(1);
f_err:
@@ -2586,7 +2545,6 @@
return(0);
}
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
int ssl3_send_next_proto(SSL *s)
{
unsigned int len, padding_len;
@@ -2611,7 +2569,6 @@
return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
}
-# endif /* !OPENSSL_NO_NEXTPROTONEG */
int ssl3_send_channel_id(SSL *s)
{
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index e25d90c..d574b25 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -369,10 +369,8 @@
if (s->session->cipher != NULL)
{
-#ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3->need_record_splitting = 0;
-#endif
}
}
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index cef94b1..50aa4bd 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -578,7 +578,6 @@
256,
},
-#ifndef OPENSSL_NO_ECDH
/* Cipher C007 */
{
1,
@@ -722,9 +721,7 @@
256,
256,
},
-#endif /* OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_ECDH
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@@ -878,7 +875,6 @@
128,
},
-#endif /* OPENSSL_NO_ECDH */
{
1,
@@ -1014,14 +1010,10 @@
ssl3_release_read_buffer(s);
if (s->s3->wbuf.buf != NULL)
ssl3_release_write_buffer(s);
-#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL)
EC_KEY_free(s->s3->tmp.ecdh);
-#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
@@ -1052,20 +1044,16 @@
OPENSSL_free(s->s3->tmp.certificate_types);
s->s3->tmp.num_certificate_types = 0;
-#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
{
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
}
-#endif
-#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL)
{
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;
}
-#endif
rp = s->s3->rbuf.buf;
wp = s->s3->wbuf.buf;
rlen = s->s3->rbuf.len;
@@ -1100,14 +1088,12 @@
s->s3->in_read_app_data=0;
s->version = s->method->version;
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
if (s->next_proto_negotiated)
{
OPENSSL_free(s->next_proto_negotiated);
s->next_proto_negotiated = NULL;
s->next_proto_negotiated_len = 0;
}
-#endif
s->s3->tlsext_channel_id_valid = 0;
}
@@ -1118,14 +1104,10 @@
{
int ret=0;
- if (
- cmd == SSL_CTRL_SET_TMP_RSA ||
+ if (cmd == SSL_CTRL_SET_TMP_RSA ||
cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#ifndef OPENSSL_NO_DSA
cmd == SSL_CTRL_SET_TMP_DH ||
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0)
+ cmd == SSL_CTRL_SET_TMP_DH_CB)
{
if (!ssl_cert_inst(&s->cert))
{
@@ -1168,7 +1150,6 @@
return(ret);
}
break;
-#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *dh = (DH *)parg;
@@ -1203,8 +1184,6 @@
return(ret);
}
break;
-#endif
-#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
@@ -1241,7 +1220,6 @@
return(ret);
}
break;
-#endif /* !OPENSSL_NO_ECDH */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name)
{
@@ -1333,7 +1311,6 @@
case SSL_CTRL_SELECT_CURRENT_CERT:
return ssl_cert_select_current(s->cert, (X509 *)parg);
-#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_CURVES:
{
const uint16_t *clist;
@@ -1367,7 +1344,6 @@
case SSL_CTRL_SET_ECDH_AUTO:
s->cert->ecdh_tmp_auto = larg;
return 1;
-#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
@@ -1426,25 +1402,17 @@
EVP_PKEY *ptmp;
int rv = 0;
sc = s->session->sess_cert;
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
- if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
- && !sc->peer_ecdh_tmp)
+ if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
return 0;
-#endif
ptmp = EVP_PKEY_new();
if (!ptmp)
return 0;
- if (0);
- else if (sc->peer_rsa_tmp)
+ if (sc->peer_rsa_tmp)
rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
-#ifndef OPENSSL_NO_DH
else if (sc->peer_dh_tmp)
rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
else if (sc->peer_ecdh_tmp)
rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
-#endif
if (rv)
{
*(EVP_PKEY **)parg = ptmp;
@@ -1453,7 +1421,6 @@
EVP_PKEY_free(ptmp);
return 0;
}
-#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
SSL_SESSION *sess = s->session;
@@ -1463,7 +1430,6 @@
*pformat = sess->tlsext_ecpointformatlist;
return (int)sess->tlsext_ecpointformatlist_length;
}
-#endif
case SSL_CTRL_CHANNEL_ID:
s->tlsext_channel_id_enabled = 1;
@@ -1510,12 +1476,7 @@
{
int ret=0;
- if (
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0)
+ if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB)
{
if (!ssl_cert_inst(&s->cert))
{
@@ -1529,20 +1490,16 @@
case SSL_CTRL_SET_TMP_RSA_CB:
/* Ignore the callback; temporary RSA keys are never used. */
break;
-#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
-#endif
-#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH_CB:
{
s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
}
break;
-#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
unsigned char *, int, void *))fp;
@@ -1573,7 +1530,6 @@
return(0);
}
break;
-#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *new=NULL,*dh;
@@ -1605,8 +1561,6 @@
return(0);
}
break;
-#endif
-#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
@@ -1646,7 +1600,6 @@
return(0);
}
break;
-#endif /* !OPENSSL_NO_ECDH */
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg=parg;
break;
@@ -1681,7 +1634,6 @@
return 1;
break;
-#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_CURVES:
return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
@@ -1690,7 +1642,6 @@
case SSL_CTRL_SET_ECDH_AUTO:
ctx->cert->ecdh_tmp_auto = larg;
return 1;
-#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
@@ -1792,20 +1743,16 @@
case SSL_CTRL_SET_TMP_RSA_CB:
/* Ignore the callback; temporary RSA keys are never used. */
break;
-#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
-#endif
-#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH_CB:
{
cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
}
break;
-#endif
case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
break;
@@ -1959,12 +1906,10 @@
c->name);
#endif
-#ifndef OPENSSL_NO_EC
/* if we are considering an ECC cipher suite that uses
* an ephemeral EC key check it */
if (alg_k & SSL_kEECDH)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
-#endif /* OPENSSL_NO_EC */
if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c))
{
@@ -2004,9 +1949,7 @@
const unsigned char *sig;
size_t i, siglen;
int have_rsa_sign = 0;
-#ifndef OPENSSL_NO_ECDSA
int have_ecdsa_sign = 0;
-#endif
/* If we have custom certificate types set, use them */
if (s->cert->client_certificate_types)
@@ -2025,18 +1968,15 @@
have_rsa_sign = 1;
break;
-#ifndef OPENSSL_NO_ECDSA
case TLSEXT_signature_ecdsa:
have_ecdsa_sign = 1;
break;
-#endif
}
}
if (have_rsa_sign)
p[ret++]=SSL3_CT_RSA_SIGN;
-#ifndef OPENSSL_NO_ECDSA
/* ECDSA certs can be used with RSA cipher suites as well
* so we don't need to check for SSL_kECDH or SSL_kEECDH
*/
@@ -2045,7 +1985,6 @@
if (have_ecdsa_sign)
p[ret++]=TLS_CT_ECDSA_SIGN;
}
-#endif
return(ret);
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e9353d1..1017f4a 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -500,9 +500,7 @@
case SSL3_ST_SR_CHANGE: {
char next_proto_neg = 0;
char channel_id = 0;
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
next_proto_neg = s->s3->next_proto_neg_seen;
-# endif
channel_id = s->s3->tlsext_channel_id_valid;
/* At this point, the next message must be entirely
@@ -521,7 +519,6 @@
break;
}
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
ret=ssl3_get_next_proto(s);
@@ -532,7 +529,6 @@
else
s->state=SSL3_ST_SR_FINISHED_A;
break;
-#endif
case SSL3_ST_SR_CHANNEL_ID_A:
case SSL3_ST_SR_CHANNEL_ID_B:
@@ -1280,16 +1276,12 @@
int j,num;
unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
unsigned int u;
-#ifndef OPENSSL_NO_DH
DH *dh=NULL,*dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh=NULL, *ecdhp;
unsigned char *encodedPoint = NULL;
int encodedlen = 0;
int curve_id = 0;
BN_CTX *bn_ctx = NULL;
-#endif
const char* psk_identity_hint = NULL;
size_t psk_identity_hint_len = 0;
EVP_PKEY *pkey;
@@ -1326,7 +1318,6 @@
psk_identity_hint_len = 0;
n+=2+psk_identity_hint_len;
}
-#ifndef OPENSSL_NO_DH
if (alg_k & SSL_kEDH)
{
dhp=cert->dh_tmp;
@@ -1378,8 +1369,6 @@
r[2]=dh->pub_key;
}
else
-#endif
-#ifndef OPENSSL_NO_ECDH
if (alg_k & SSL_kEECDH)
{
const EC_GROUP *group;
@@ -1504,7 +1493,6 @@
r[3]=NULL;
}
else
-#endif /* !OPENSSL_NO_ECDH */
if (!(alg_k & SSL_kPSK))
{
al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1561,7 +1549,6 @@
}
}
-#ifndef OPENSSL_NO_ECDH
if (alg_k & SSL_kEECDH)
{
/* XXX: For now, we only support named (not generic) curves.
@@ -1585,7 +1572,6 @@
encodedPoint = NULL;
p += encodedlen;
}
-#endif /* OPENSSL_NO_ECDH */
/* not anonymous */
if (pkey != NULL)
@@ -1669,10 +1655,8 @@
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
-#ifndef OPENSSL_NO_ECDH
if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
BN_CTX_free(bn_ctx);
-#endif
EVP_MD_CTX_cleanup(&md_ctx);
return(-1);
}
@@ -1777,19 +1761,15 @@
RSA *rsa=NULL;
uint8_t *decrypt_buf = NULL;
EVP_PKEY *pkey=NULL;
-#ifndef OPENSSL_NO_DH
BIGNUM *pub=NULL;
DH *dh_srvr;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *srvr_ecdh = NULL;
EVP_PKEY *clnt_pub_pkey = NULL;
EC_POINT *clnt_ecpoint = NULL;
BN_CTX *bn_ctx = NULL;
unsigned int psk_len = 0;
unsigned char psk[PSK_MAX_PSK_LEN];
-#endif
n=s->method->ssl_get_message(s,
SSL3_ST_SR_KEY_EXCH_A,
@@ -2018,7 +1998,6 @@
premaster_secret_len = sizeof(rand_premaster_secret);
}
-#ifndef OPENSSL_NO_DH
else if (alg_k & SSL_kEDH)
{
CBS dh_Yc;
@@ -2071,9 +2050,7 @@
premaster_secret_len = dh_len;
}
-#endif
-#ifndef OPENSSL_NO_ECDH
else if (alg_k & SSL_kEECDH)
{
int field_size = 0, ecdh_len;
@@ -2168,7 +2145,6 @@
premaster_secret_len = ecdh_len;
}
-#endif
else if (alg_k & SSL_kPSK)
{
/* For plain PSK, other_secret is a block of 0s with the same
@@ -2238,13 +2214,11 @@
}
if (decrypt_buf)
OPENSSL_free(decrypt_buf);
-#ifndef OPENSSL_NO_ECDH
EVP_PKEY_free(clnt_pub_pkey);
EC_POINT_free(clnt_ecpoint);
if (srvr_ecdh != NULL)
EC_KEY_free(srvr_ecdh);
BN_CTX_free(bn_ctx);
-#endif
return(-1);
}
@@ -2712,7 +2686,6 @@
return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
* sets the next_proto member in s if found */
int ssl3_get_next_proto(SSL *s)
@@ -2771,7 +2744,6 @@
return 1;
}
-# endif
/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */
int ssl3_get_channel_id(SSL *s)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index bab0eff..5e9d41d 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -161,9 +161,7 @@
/* Set digest values to defaults */
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-#ifndef OPENSSL_NO_ECDSA
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
-#endif
}
CERT *ssl_cert_new(void)
@@ -205,7 +203,6 @@
ret->mask_k = cert->mask_k;
ret->mask_a = cert->mask_a;
-#ifndef OPENSSL_NO_DH
if (cert->dh_tmp != NULL)
{
ret->dh_tmp = DHparams_dup(cert->dh_tmp);
@@ -236,9 +233,7 @@
}
}
ret->dh_tmp_cb = cert->dh_tmp_cb;
-#endif
-#ifndef OPENSSL_NO_ECDH
if (cert->ecdh_tmp)
{
ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
@@ -250,7 +245,6 @@
}
ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
-#endif
for (i = 0; i < SSL_PKEY_NUM; i++)
{
@@ -366,17 +360,11 @@
return(ret);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
err:
-#endif
-#ifndef OPENSSL_NO_DH
if (ret->dh_tmp != NULL)
DH_free(ret->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
if (ret->ecdh_tmp != NULL)
EC_KEY_free(ret->ecdh_tmp);
-#endif
ssl_cert_clear_certs(ret);
@@ -418,12 +406,8 @@
if(c == NULL)
return;
-#ifndef OPENSSL_NO_DH
if (c->dh_tmp) DH_free(c->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
-#endif
ssl_cert_clear_certs(c);
if (c->peer_sigalgs)
@@ -591,14 +575,10 @@
if (sc->peer_rsa_tmp != NULL)
RSA_free(sc->peer_rsa_tmp);
-#ifndef OPENSSL_NO_DH
if (sc->peer_dh_tmp != NULL)
DH_free(sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
if (sc->peer_ecdh_tmp != NULL)
EC_KEY_free(sc->peer_ecdh_tmp);
-#endif
OPENSSL_free(sc);
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 0caed0b..691b5fd 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -289,7 +289,6 @@
(c->algorithm2 & SSL_CIPHER_ALGORITHM2_STATEFUL_AEAD) == 0)
return 0;
-#ifndef OPENSSL_NO_AES
switch (c->algorithm_enc)
{
case SSL_AES128GCM:
@@ -308,7 +307,6 @@
return 0;
return 1;
}
-#endif
return 0;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fafe528..d6f6bdc 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -344,7 +344,6 @@
s->tlsext_ocsp_resplen = -1;
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
s->initial_ctx=ctx;
-#ifndef OPENSSL_NO_EC
if (ctx->tlsext_ecpointformatlist)
{
s->tlsext_ecpointformatlist =
@@ -365,10 +364,7 @@
s->tlsext_ellipticcurvelist_length =
ctx->tlsext_ellipticcurvelist_length;
}
-#endif
-# ifndef OPENSSL_NO_NEXTPROTONEG
s->next_proto_negotiated = NULL;
-# endif
if (s->ctx->alpn_client_proto_list)
{
@@ -672,10 +668,8 @@
if (s->tlsext_hostname)
OPENSSL_free(s->tlsext_hostname);
if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
-#ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
-#endif /* OPENSSL_NO_EC */
if (s->tlsext_ocsp_exts)
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
X509_EXTENSION_free);
@@ -701,10 +695,8 @@
if (s->ctx) SSL_CTX_free(s->ctx);
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
if (s->next_proto_negotiated)
OPENSSL_free(s->next_proto_negotiated);
-#endif
if (s->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
@@ -1773,7 +1765,6 @@
return status;
}
-# ifndef OPENSSL_NO_NEXTPROTONEG
/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
* requested protocol for this connection and returns 0. If the client didn't
* request any protocol, then *data is set to NULL.
@@ -1822,7 +1813,6 @@
ctx->next_proto_select_cb = cb;
ctx->next_proto_select_cb_arg = arg;
}
-# endif
/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
* |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
@@ -2035,10 +2025,8 @@
ret->tlsext_status_cb = 0;
ret->tlsext_status_arg = NULL;
-# ifndef OPENSSL_NO_NEXTPROTONEG
ret->next_protos_advertised_cb = 0;
ret->next_proto_select_cb = 0;
-# endif
ret->psk_identity_hint=NULL;
ret->psk_client_callback=NULL;
ret->psk_server_callback=NULL;
@@ -2117,12 +2105,10 @@
if (a->psk_identity_hint)
OPENSSL_free(a->psk_identity_hint);
-# ifndef OPENSSL_NO_EC
if (a->tlsext_ecpointformatlist)
OPENSSL_free(a->tlsext_ecpointformatlist);
if (a->tlsext_ellipticcurvelist)
OPENSSL_free(a->tlsext_ellipticcurvelist);
-# endif /* OPENSSL_NO_EC */
if (a->alpn_client_proto_list != NULL)
OPENSSL_free(a->alpn_client_proto_list);
@@ -2174,34 +2160,20 @@
CERT_PKEY *cpk;
int rsa_enc,rsa_sign,dh_tmp;
unsigned long mask_k,mask_a;
-#ifndef OPENSSL_NO_ECDSA
int have_ecc_cert, ecdsa_ok;
-#endif
-#ifndef OPENSSL_NO_ECDH
int have_ecdh_tmp;
-#endif
-#ifndef OPENSSL_NO_EC
X509 *x = NULL;
-#endif
if (c == NULL) return;
-#ifndef OPENSSL_NO_DH
dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
-#else
- dh_tmp=0;
-#endif
-#ifndef OPENSSL_NO_ECDH
have_ecdh_tmp=(c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
-#endif
cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
rsa_enc= cpk->valid_flags & CERT_PKEY_VALID;
cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
rsa_sign= cpk->valid_flags & CERT_PKEY_SIGN;
cpk= &(c->pkeys[SSL_PKEY_ECC]);
-#ifndef OPENSSL_NO_EC
have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
-#endif
mask_k=0;
mask_a=0;
@@ -2226,7 +2198,6 @@
/* An ECC certificate may be usable for ECDSA cipher suites depending on
* the key usage extension. */
-#ifndef OPENSSL_NO_EC
if (have_ecc_cert)
{
cpk = &c->pkeys[SSL_PKEY_ECC];
@@ -2237,21 +2208,16 @@
(x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
if (!(cpk->valid_flags & CERT_PKEY_SIGN))
ecdsa_ok = 0;
-#ifndef OPENSSL_NO_ECDSA
if (ecdsa_ok)
{
mask_a|=SSL_aECDSA;
}
-#endif
}
-#endif
-#ifndef OPENSSL_NO_ECDH
if (have_ecdh_tmp)
{
mask_k|=SSL_kEECDH;
}
-#endif
mask_k |= SSL_kPSK;
mask_a |= SSL_aPSK;
@@ -2265,7 +2231,6 @@
#define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-#ifndef OPENSSL_NO_EC
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
@@ -2295,7 +2260,6 @@
return 1; /* all checks are ok */
}
-#endif
static int ssl_get_server_cert_index(const SSL *s)
{
@@ -2964,7 +2928,6 @@
* \param dh the callback
*/
-#ifndef OPENSSL_NO_DH
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
int keylength))
{
@@ -2976,9 +2939,7 @@
{
SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
}
-#endif
-#ifndef OPENSSL_NO_ECDH
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
int keylength))
{
@@ -2990,7 +2951,6 @@
{
SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
}
-#endif
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
{
@@ -3144,11 +3104,7 @@
return 0;
/* require ALPN or NPN extension */
- if (!s->s3->alpn_selected
-#ifndef OPENSSL_NO_NEXTPROTONEG
- && !s->s3->next_proto_neg_seen
-#endif
- )
+ if (!s->s3->alpn_selected && !s->s3->next_proto_neg_seen)
{
return 0;
}
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 09ba191..0aefaa4 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -415,14 +415,12 @@
#define PENDING_SESSION -10000
#define CERTIFICATE_SELECTION_PENDING -10001
-#ifndef OPENSSL_NO_EC
/* From ECC-TLS draft, used in encoding the curve type in
* ECParameters
*/
#define EXPLICIT_PRIME_CURVE_TYPE 1
#define EXPLICIT_CHAR2_CURVE_TYPE 2
#define NAMED_CURVE_TYPE 3
-#endif /* OPENSSL_NO_EC */
/* Values for the |hash_message| parameter of |s->method->ssl_get_message|. */
#define SSL_GET_MESSAGE_DONT_HASH_MESSAGE 0
@@ -463,17 +461,13 @@
unsigned long mask_a;
/* Client only */
unsigned long mask_ssl;
-#ifndef OPENSSL_NO_DH
DH *dh_tmp;
DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh_tmp;
/* Callback for generating ephemeral ECDH keys */
EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
/* Select ECDH parameters automatically */
int ecdh_tmp_auto;
-#endif
/* Flags related to certificates */
unsigned int cert_flags;
CERT_PKEY pkeys[SSL_PKEY_NUM];
@@ -549,12 +543,8 @@
* so maybe we shouldn't even use the CERT_PKEY type here. */
RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#ifndef OPENSSL_NO_DH
DH *peer_dh_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *peer_ecdh_tmp;
-#endif
} SESS_CERT;
/* Structure containing decoded values of signature algorithms extension */
struct tls_sigalgs_st
@@ -990,10 +980,8 @@
int ssl3_get_server_key_exchange(SSL *s);
int ssl3_get_server_certificate(SSL *s);
int ssl3_check_cert_and_algorithm(SSL *s);
-# ifndef OPENSSL_NO_NEXTPROTONEG
int ssl3_send_next_proto(SSL *s);
int ssl3_send_channel_id(SSL *s);
-# endif
int dtls1_client_hello(SSL *s);
@@ -1007,10 +995,8 @@
int ssl3_get_client_certificate(SSL *s);
int ssl3_get_client_key_exchange(SSL *s);
int ssl3_get_cert_verify(SSL *s);
-#ifndef OPENSSL_NO_NEXTPROTONEG
int ssl3_get_next_proto(SSL *s);
int ssl3_get_channel_id(SSL *s);
-#endif
int ssl23_accept(SSL *s);
int ssl23_connect(SSL *s);
@@ -1050,12 +1036,9 @@
int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
-#ifndef OPENSSL_NO_ECDH
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
-#endif
char ssl_early_callback_init(struct ssl_early_callback_ctx *ctx);
-#ifndef OPENSSL_NO_EC
int tls1_ec_curve_id2nid(uint16_t curve_id);
uint16_t tls1_ec_nid2curve_id(int nid);
@@ -1078,7 +1061,6 @@
const int *curves, size_t ncurves);
int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
-#endif /* OPENSSL_NO_EC */
int tls1_shared_list(SSL *s,
const unsigned char *l1, size_t l1len,
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 56ba7c9..bc20e86 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -710,12 +710,10 @@
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
-#ifndef OPENSSL_NO_EC
ss->tlsext_ecpointformatlist_length = 0;
if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
ss->tlsext_ellipticcurvelist_length = 0;
if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
-#endif /* OPENSSL_NO_EC */
if (ss->tlsext_signed_cert_timestamp_list != NULL)
OPENSSL_free(ss->tlsext_signed_cert_timestamp_list);
if (ss->psk_identity_hint != NULL)
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index 361a2fa..2f46b8c 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -101,7 +101,6 @@
case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
-#ifndef OPENSSL_NO_SSL3
/* SSLv3 additions */
case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
@@ -169,9 +168,7 @@
case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
-#endif
-#if !defined(OPENSSL_NO_SSL3)
/* SSLv2/v3 compatibility states */
/* client */
case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
@@ -182,7 +179,6 @@
case SSL23_ST_SR_CLNT_HELLO: str="SSLv2/v3 read client hello"; break;
case SSL23_ST_SR_V2_CLNT_HELLO: str="SSLv2/v3 read v2 client hello"; break;
case SSL23_ST_SR_SWITCH_VERSION: str="SSLv2/v3 switch version"; break;
-#endif
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
@@ -220,7 +216,6 @@
case SSL_ST_CONNECT: str="CINIT "; break;
case SSL_ST_OK: str="SSLOK "; break;
-#ifndef OPENSSL_NO_SSL3
/* SSLv3 additions */
case SSL3_ST_SW_FLUSH:
case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
@@ -283,9 +278,7 @@
case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
-#endif
-#if !defined(OPENSSL_NO_SSL3)
/* SSLv2/v3 compatibility states */
/* client */
case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
@@ -296,7 +289,6 @@
case SSL23_ST_SR_CLNT_HELLO: str="23RCH_"; break;
case SSL23_ST_SR_V2_CLNT_HELLO: str="23R2CH"; break;
case SSL23_ST_SR_SWITCH_VERSION: str="23RSW_"; break;
-#endif
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 7bbf446..a2d96d6 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -675,10 +675,8 @@
if (s->session->cipher != NULL)
{
-#ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3->need_record_splitting = 0;
-#endif
}
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d23b41e..cafcfa2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -365,7 +365,6 @@
return 0;
}
-#ifndef OPENSSL_NO_EC
static const int nid_list[] =
{
@@ -704,14 +703,6 @@
#endif
}
-#else
-
-static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
- {
- return 1;
- }
-
-#endif /* OPENSSL_NO_EC */
/* List of supported signature algorithms and hashes. Should make this
@@ -720,11 +711,7 @@
#define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
-#ifdef OPENSSL_NO_ECDSA
-#define tlsext_sigalg_ecdsa(md) /* */
-#else
#define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
-#endif
#define tlsext_sigalg(md) \
tlsext_sigalg_rsa(md) \
@@ -735,9 +722,7 @@
tlsext_sigalg(TLSEXT_hash_sha384)
tlsext_sigalg(TLSEXT_hash_sha256)
tlsext_sigalg(TLSEXT_hash_sha224)
-#ifndef OPENSSL_NO_SHA
tlsext_sigalg(TLSEXT_hash_sha1)
-#endif
};
size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
{
@@ -793,7 +778,6 @@
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
-#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC)
{
uint16_t curve_id;
@@ -811,7 +795,6 @@
return 0;
}
}
-#endif
/* Check signature matches a type we sent */
sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
@@ -872,11 +855,9 @@
case TLSEXT_signature_rsa:
have_rsa = 1;
break;
-#ifndef OPENSSL_NO_ECDSA
case TLSEXT_signature_ecdsa:
have_ecdsa = 1;
break;
-#endif
}
}
/* Disable auth if we don't include any appropriate signature
@@ -907,7 +888,6 @@
int extdatalen=0;
unsigned char *ret = buf;
unsigned char *orig = buf;
-#ifndef OPENSSL_NO_EC
/* See if we support any ECC ciphersuites */
int using_ecc = 0;
if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s))
@@ -929,7 +909,6 @@
}
}
}
-#endif
/* don't add extensions for SSLv3 unless doing secure renegotiation */
if (s->client_version == SSL3_VERSION
@@ -1097,7 +1076,6 @@
}
#endif
-#ifndef OPENSSL_NO_NEXTPROTONEG
if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
{
/* The client advertises an emtpy extension to indicate its
@@ -1107,7 +1085,6 @@
s2n(TLSEXT_TYPE_next_proto_neg,ret);
s2n(0,ret);
}
-#endif
if (s->signed_cert_timestamps_enabled && !s->s3->tmp.finish_md_len)
{
@@ -1163,7 +1140,6 @@
ret += el;
}
-#ifndef OPENSSL_NO_EC
if (using_ecc)
{
/* Add TLS extension ECPointFormats to the ClientHello message */
@@ -1213,7 +1189,6 @@
s2n(curves[i], ret);
}
}
-#endif /* OPENSSL_NO_EC */
#ifdef TLSEXT_TYPE_padding
/* Add padding to workaround bugs in F5 terminators.
@@ -1258,15 +1233,11 @@
int extdatalen=0;
unsigned char *orig = buf;
unsigned char *ret = buf;
-#ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen;
-#endif
-#ifndef OPENSSL_NO_EC
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
int using_ecc = (alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
-#endif
/* don't add extensions for SSLv3, unless doing secure renegotiation */
if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
return orig;
@@ -1306,7 +1277,6 @@
ret += el;
}
-#ifndef OPENSSL_NO_EC
if (using_ecc)
{
const unsigned char *plist;
@@ -1332,7 +1302,6 @@
}
/* Currently the server should not respond with a SupportedCurves extension */
-#endif /* OPENSSL_NO_EC */
if (s->tlsext_ticket_expected
&& !(SSL_get_options(s) & SSL_OP_NO_TICKET))
@@ -1368,7 +1337,6 @@
ret+=el;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_seen = s->s3->next_proto_neg_seen;
s->s3->next_proto_neg_seen = 0;
if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb)
@@ -1388,7 +1356,6 @@
s->s3->next_proto_neg_seen = 1;
}
}
-#endif
if (s->s3->alpn_selected)
{
@@ -1486,9 +1453,7 @@
s->servername_done = 0;
s->tlsext_status_type = -1;
-#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
-#endif
if (s->s3->alpn_selected)
{
@@ -1660,7 +1625,6 @@
}
}
-#ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats)
{
CBS ec_point_format_list;
@@ -1729,7 +1693,6 @@
s->session->tlsext_ellipticcurvelist_length = num_curves;
}
}
-#endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket)
{
if (s->tls_session_ticket_ext_cb &&
@@ -1895,7 +1858,6 @@
}
#endif
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg &&
s->s3->tmp.finish_md_len == 0 &&
s->s3->alpn_selected == NULL)
@@ -1924,7 +1886,6 @@
* Finished message could have been computed.) */
s->s3->next_proto_neg_seen = 1;
}
-#endif
else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
s->ctx->alpn_select_cb &&
@@ -1932,10 +1893,8 @@
{
if (!tls1_alpn_handle_client_hello(s, &extension, out_alert))
return 0;
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* ALPN takes precedence over NPN. */
s->s3->next_proto_neg_seen = 0;
-#endif
}
else if (type == TLSEXT_TYPE_channel_id &&
@@ -2009,7 +1968,6 @@
return 1;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
* elements of zero length are allowed and the set of elements must exactly fill
* the length of the block. */
@@ -2028,7 +1986,6 @@
}
return 1;
}
-#endif
static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert)
{
@@ -2036,9 +1993,7 @@
int renegotiate_seen = 0;
CBS extensions;
-#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
-#endif
s->tlsext_ticket_expected = 0;
@@ -2097,7 +2052,6 @@
}
tlsext_servername = 1;
}
-#ifndef OPENSSL_NO_EC
else if (type == TLSEXT_TYPE_ec_point_formats)
{
CBS ec_point_format_list;
@@ -2120,7 +2074,6 @@
}
}
}
-#endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket)
{
if (s->tls_session_ticket_ext_cb &&
@@ -2156,7 +2109,6 @@
/* Set a flag to expect a CertificateStatus message */
s->tlsext_status_expected = 1;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (type == TLSEXT_TYPE_next_proto_neg && s->s3->tmp.finish_md_len == 0) {
unsigned char *selected;
unsigned char selected_len;
@@ -2192,7 +2144,6 @@
s->next_proto_negotiated_len = selected_len;
s->s3->next_proto_neg_seen = 1;
}
-#endif
else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation)
{
CBS protocol_name_list, protocol_name;
@@ -2335,14 +2286,12 @@
int ret=SSL_TLSEXT_ERR_NOACK;
int al = SSL_AD_UNRECOGNIZED_NAME;
-#ifndef OPENSSL_NO_EC
/* The handling of the ECPointFormats extension is done elsewhere, namely in
* ssl3_choose_cipher in s3_lib.c.
*/
/* The handling of the EllipticCurves extension is done elsewhere, namely in
* ssl3_choose_cipher in s3_lib.c.
*/
-#endif
if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
@@ -2436,7 +2385,6 @@
int ret=SSL_TLSEXT_ERR_NOACK;
int al = SSL_AD_UNRECOGNIZED_NAME;
-#ifndef OPENSSL_NO_EC
/* If we are client and using an elliptic curve cryptography cipher
* suite, then if server returns an EC point formats lists extension
* it must contain uncompressed.
@@ -2467,7 +2415,6 @@
}
}
ret = SSL_TLSEXT_ERR_OK;
-#endif /* OPENSSL_NO_EC */
if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
@@ -2812,14 +2759,10 @@
{
switch(hash_alg)
{
-#ifndef OPENSSL_NO_MD5
case TLSEXT_hash_md5:
return EVP_md5();
-#endif
-#ifndef OPENSSL_NO_SHA
case TLSEXT_hash_sha1:
return EVP_sha1();
-#endif
case TLSEXT_hash_sha224:
return EVP_sha224();
@@ -2842,10 +2785,8 @@
{
case TLSEXT_signature_rsa:
return SSL_PKEY_RSA_SIGN;
-#ifndef OPENSSL_NO_ECDSA
case TLSEXT_signature_ecdsa:
return SSL_PKEY_ECC;
-#endif
}
return -1;
}
@@ -3050,10 +2991,8 @@
c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
}
-#ifndef OPENSSL_NO_ECDSA
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
-#endif
}
return 1;
}
