quick pass at removing ability to disable sha256 and sha512. ok miod
authortedu <tedu@openbsd.org>
Thu, 17 Apr 2014 20:34:24 +0000 (20:34 +0000)
committertedu <tedu@openbsd.org>
Thu, 17 Apr 2014 20:34:24 +0000 (20:34 +0000)
lib/libssl/s3_cbc.c
lib/libssl/s3_clnt.c
lib/libssl/src/ssl/s3_cbc.c
lib/libssl/src/ssl/s3_clnt.c
lib/libssl/src/ssl/ssl_algs.c
lib/libssl/src/ssl/ssl_locl.h
lib/libssl/src/ssl/t1_lib.c
lib/libssl/ssl_algs.c
lib/libssl/ssl_locl.h
lib/libssl/t1_lib.c

index 964266e..e8f7df5 100644 (file)
@@ -351,7 +351,6 @@ tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
 }
 #define LARGEST_DIGEST_CTX SHA_CTX
 
-#ifndef OPENSSL_NO_SHA256
 static void
 tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
 {
@@ -364,9 +363,7 @@ tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
 }
 #undef  LARGEST_DIGEST_CTX
 #define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
 
-#ifndef OPENSSL_NO_SHA512
 static void
 tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
 {
@@ -379,7 +376,6 @@ tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
 }
 #undef  LARGEST_DIGEST_CTX
 #define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
 
 /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
  * which ssl3_cbc_digest_record supports. */
@@ -389,14 +385,10 @@ ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
        switch (EVP_MD_CTX_type(ctx)) {
        case NID_md5:
        case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
        case NID_sha224:
        case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
        case NID_sha384:
        case NID_sha512:
-#endif
                return 1;
        default:
                return 0;
@@ -469,7 +461,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
                md_size = 20;
                break;
-#ifndef OPENSSL_NO_SHA256
        case NID_sha224:
                SHA224_Init((SHA256_CTX*)md_state.c);
                md_final_raw = tls1_sha256_final_raw;
@@ -482,8 +473,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
                md_size = 32;
                break;
-#endif
-#ifndef OPENSSL_NO_SHA512
        case NID_sha384:
                SHA384_Init((SHA512_CTX*)md_state.c);
                md_final_raw = tls1_sha512_final_raw;
@@ -500,7 +489,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
                md_block_size = 128;
                md_length_size = 16;
                break;
-#endif
        default:
                /* ssl3_cbc_record_digest_supported should have been
                 * called first to check that the hash function is
index 26bdef6..32405ea 100644 (file)
@@ -1940,11 +1940,7 @@ ssl3_get_new_session_ticket(SSL *s)
         */ 
        EVP_Digest(p, ticklen,
        s->session->session_id, &s->session->session_id_length,
-#ifndef OPENSSL_NO_SHA256
        EVP_sha256(), NULL);
-#else
-       EVP_sha1(), NULL);
-#endif
        ret = 1;
        return (ret);
 f_err:
index 964266e..e8f7df5 100644 (file)
@@ -351,7 +351,6 @@ tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
 }
 #define LARGEST_DIGEST_CTX SHA_CTX
 
-#ifndef OPENSSL_NO_SHA256
 static void
 tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
 {
@@ -364,9 +363,7 @@ tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
 }
 #undef  LARGEST_DIGEST_CTX
 #define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
 
-#ifndef OPENSSL_NO_SHA512
 static void
 tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
 {
@@ -379,7 +376,6 @@ tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
 }
 #undef  LARGEST_DIGEST_CTX
 #define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
 
 /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
  * which ssl3_cbc_digest_record supports. */
@@ -389,14 +385,10 @@ ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
        switch (EVP_MD_CTX_type(ctx)) {
        case NID_md5:
        case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
        case NID_sha224:
        case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
        case NID_sha384:
        case NID_sha512:
-#endif
                return 1;
        default:
                return 0;
@@ -469,7 +461,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
                md_size = 20;
                break;
-#ifndef OPENSSL_NO_SHA256
        case NID_sha224:
                SHA224_Init((SHA256_CTX*)md_state.c);
                md_final_raw = tls1_sha256_final_raw;
@@ -482,8 +473,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
                md_size = 32;
                break;
-#endif
-#ifndef OPENSSL_NO_SHA512
        case NID_sha384:
                SHA384_Init((SHA512_CTX*)md_state.c);
                md_final_raw = tls1_sha512_final_raw;
@@ -500,7 +489,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
                md_block_size = 128;
                md_length_size = 16;
                break;
-#endif
        default:
                /* ssl3_cbc_record_digest_supported should have been
                 * called first to check that the hash function is
index 26bdef6..32405ea 100644 (file)
@@ -1940,11 +1940,7 @@ ssl3_get_new_session_ticket(SSL *s)
         */ 
        EVP_Digest(p, ticklen,
        s->session->session_id, &s->session->session_id_length,
-#ifndef OPENSSL_NO_SHA256
        EVP_sha256(), NULL);
-#else
-       EVP_sha1(), NULL);
-#endif
        ret = 1;
        return (ret);
 f_err:
index 76644bd..9297386 100644 (file)
@@ -116,14 +116,10 @@ SSL_library_init(void)
        EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
        EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
 #endif
-#ifndef OPENSSL_NO_SHA256
        EVP_add_digest(EVP_sha224());
        EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
        EVP_add_digest(EVP_sha384());
        EVP_add_digest(EVP_sha512());
-#endif
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
        EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
        EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
index c539b12..4837237 100644 (file)
@@ -1061,11 +1061,7 @@ int ssl_check_clienthello_tlsext_early(SSL *s);
 int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 
-#ifdef OPENSSL_NO_SHA256
-#define tlsext_tick_md EVP_sha1
-#else
 #define tlsext_tick_md EVP_sha256
-#endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
     const unsigned char *limit, SSL_SESSION **ret);
 
index 7ecf7e0..b88b356 100644 (file)
@@ -334,14 +334,10 @@ tls1_ec_nid2curve_id(int nid)
                tlsext_sigalg_ecdsa(md)
 
 static unsigned char tls12_sigalgs[] = {
-#ifndef OPENSSL_NO_SHA512
        tlsext_sigalg(TLSEXT_hash_sha512)
        tlsext_sigalg(TLSEXT_hash_sha384)
-#endif
-#ifndef OPENSSL_NO_SHA256
        tlsext_sigalg(TLSEXT_hash_sha256)
        tlsext_sigalg(TLSEXT_hash_sha224)
-#endif
 #ifndef OPENSSL_NO_SHA
        tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
@@ -2205,14 +2201,10 @@ static tls12_lookup tls12_md[] = {
 #ifndef OPENSSL_NO_SHA
        {NID_sha1, TLSEXT_hash_sha1},
 #endif
-#ifndef OPENSSL_NO_SHA256
        {NID_sha224, TLSEXT_hash_sha224},
        {NID_sha256, TLSEXT_hash_sha256},
-#endif
-#ifndef OPENSSL_NO_SHA512
        {NID_sha384, TLSEXT_hash_sha384},
        {NID_sha512, TLSEXT_hash_sha512}
-#endif
 };
 
 static tls12_lookup tls12_sig[] = {
@@ -2283,20 +2275,16 @@ const EVP_MD
        case TLSEXT_hash_sha1:
                return EVP_sha1();
 #endif
-#ifndef OPENSSL_NO_SHA256
        case TLSEXT_hash_sha224:
                return EVP_sha224();
 
        case TLSEXT_hash_sha256:
                return EVP_sha256();
-#endif
-#ifndef OPENSSL_NO_SHA512
        case TLSEXT_hash_sha384:
                return EVP_sha384();
 
        case TLSEXT_hash_sha512:
                return EVP_sha512();
-#endif
        default:
                return NULL;
 
index 76644bd..9297386 100644 (file)
@@ -116,14 +116,10 @@ SSL_library_init(void)
        EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
        EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
 #endif
-#ifndef OPENSSL_NO_SHA256
        EVP_add_digest(EVP_sha224());
        EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
        EVP_add_digest(EVP_sha384());
        EVP_add_digest(EVP_sha512());
-#endif
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
        EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
        EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
index c539b12..4837237 100644 (file)
@@ -1061,11 +1061,7 @@ int ssl_check_clienthello_tlsext_early(SSL *s);
 int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 
-#ifdef OPENSSL_NO_SHA256
-#define tlsext_tick_md EVP_sha1
-#else
 #define tlsext_tick_md EVP_sha256
-#endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
     const unsigned char *limit, SSL_SESSION **ret);
 
index 7ecf7e0..b88b356 100644 (file)
@@ -334,14 +334,10 @@ tls1_ec_nid2curve_id(int nid)
                tlsext_sigalg_ecdsa(md)
 
 static unsigned char tls12_sigalgs[] = {
-#ifndef OPENSSL_NO_SHA512
        tlsext_sigalg(TLSEXT_hash_sha512)
        tlsext_sigalg(TLSEXT_hash_sha384)
-#endif
-#ifndef OPENSSL_NO_SHA256
        tlsext_sigalg(TLSEXT_hash_sha256)
        tlsext_sigalg(TLSEXT_hash_sha224)
-#endif
 #ifndef OPENSSL_NO_SHA
        tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
@@ -2205,14 +2201,10 @@ static tls12_lookup tls12_md[] = {
 #ifndef OPENSSL_NO_SHA
        {NID_sha1, TLSEXT_hash_sha1},
 #endif
-#ifndef OPENSSL_NO_SHA256
        {NID_sha224, TLSEXT_hash_sha224},
        {NID_sha256, TLSEXT_hash_sha256},
-#endif
-#ifndef OPENSSL_NO_SHA512
        {NID_sha384, TLSEXT_hash_sha384},
        {NID_sha512, TLSEXT_hash_sha512}
-#endif
 };
 
 static tls12_lookup tls12_sig[] = {
@@ -2283,20 +2275,16 @@ const EVP_MD
        case TLSEXT_hash_sha1:
                return EVP_sha1();
 #endif
-#ifndef OPENSSL_NO_SHA256
        case TLSEXT_hash_sha224:
                return EVP_sha224();
 
        case TLSEXT_hash_sha256:
                return EVP_sha256();
-#endif
-#ifndef OPENSSL_NO_SHA512
        case TLSEXT_hash_sha384:
                return EVP_sha384();
 
        case TLSEXT_hash_sha512:
                return EVP_sha512();
-#endif
        default:
                return NULL;