always build in RSA and DSA. ok deraadt miod

diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index 3f159ee..1ad65ba 100644 (file)
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -925,10 +925,8 @@ dtls1_send_client_key_exchange(SSL *s)
        unsigned char *p, *d;
        int n;
        unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
        unsigned char *q;
        EVP_PKEY *pkey = NULL;
-#endif
 #ifndef OPENSSL_NO_KRB5
        KSSL_ERR kssl_err;
 #endif /* OPENSSL_NO_KRB5 */
@@ -950,7 +948,6 @@ dtls1_send_client_key_exchange(SSL *s)
                /* Fool emacs indentation */
                if (0) {
                }
-#ifndef OPENSSL_NO_RSA
                else if (alg_k & SSL_kRSA) {
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -1005,7 +1002,6 @@ dtls1_send_client_key_exchange(SSL *s)
                        tmp_buf, sizeof tmp_buf);
                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
                }
-#endif
 #ifndef OPENSSL_NO_KRB5
                else if (alg_k & SSL_kKRB5) {
                        krb5_error_code krb5rc;
@@ -1474,13 +1470,9 @@ dtls1_send_client_verify(SSL *s)
        unsigned char *p, *d;
        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
        unsigned u = 0;
-#endif
        unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
        int j;
-#endif
 
        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
                d = (unsigned char *)s->init_buf->data;
@@ -1490,7 +1482,6 @@ dtls1_send_client_verify(SSL *s)
                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
                    &(data[MD5_DIGEST_LENGTH]));
 
-#ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA) {
                        s->method->ssl3_enc->cert_verify_mac(s,
                            NID_md5, &(data[0]));
@@ -1503,8 +1494,6 @@ dtls1_send_client_verify(SSL *s)
                        s2n(u, p);
                        n = u + 2;
                } else
-#endif
-#ifndef OPENSSL_NO_DSA
                if (pkey->type == EVP_PKEY_DSA) {
                        if (!DSA_sign(pkey->save_type,
                            &(data[MD5_DIGEST_LENGTH]),
@@ -1516,7 +1505,6 @@ dtls1_send_client_verify(SSL *s)
                        s2n(j, p);
                        n = j + 2;
                } else
-#endif
 #ifndef OPENSSL_NO_ECDSA
                if (pkey->type == EVP_PKEY_EC) {
                        if (!ECDSA_sign(pkey->save_type,

diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index ce7b243..6a10f7a 100644 (file)
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -1000,13 +1000,11 @@ dtls1_send_server_done(SSL *s)
 int
 dtls1_send_server_key_exchange(SSL *s)
 {
-#ifndef OPENSSL_NO_RSA
        unsigned char *q;
        int j, num;
        RSA *rsa;
        unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        unsigned int u;
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh = NULL, *dhp;
 #endif
@@ -1041,7 +1039,6 @@ dtls1_send_server_key_exchange(SSL *s)
 
                r[0] = r[1] = r[2] = r[3] = NULL;
                n = 0;
-#ifndef OPENSSL_NO_RSA
                if (type & SSL_kRSA) {
                        rsa = cert->rsa_tmp;
                        if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
@@ -1065,7 +1062,6 @@ dtls1_send_server_key_exchange(SSL *s)
                        r[1] = rsa->e;
                        s->s3->tmp.use_rsa_tmp = 1;
                } else
-#endif
 #ifndef OPENSSL_NO_DH
                if (type & SSL_kEDH) {
                        dhp = cert->dh_tmp;
@@ -1310,7 +1306,6 @@ dtls1_send_server_key_exchange(SSL *s)
                        /* n is the length of the params, they start at
                         * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
                         * at the end. */
-#ifndef OPENSSL_NO_RSA
                        if (pkey->type == EVP_PKEY_RSA) {
                                q = md_buf;
                                j = 0;
@@ -1338,8 +1333,6 @@ dtls1_send_server_key_exchange(SSL *s)
                                s2n(u, p);
                                n += u + 2;
                        } else
-#endif
-#if !defined(OPENSSL_NO_DSA)
                        if (pkey->type == EVP_PKEY_DSA) {
                                /* lets do DSS */
                                EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
@@ -1354,7 +1347,6 @@ dtls1_send_server_key_exchange(SSL *s)
                                s2n(i, p);
                                n += i + 2;
                        } else
-#endif
 #if !defined(OPENSSL_NO_ECDSA)
                        if (pkey->type == EVP_PKEY_EC) {
                                /* let's do ECDSA */

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 32405ea..52e2174 100644 (file)
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1183,18 +1183,14 @@ err:
 int
 ssl3_get_key_exchange(SSL *s)
 {
-#ifndef OPENSSL_NO_RSA
        unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
-#endif
        EVP_MD_CTX md_ctx;
        unsigned char *param, *p;
        int al, i, j, param_len, ok;
        long n, alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
        const EVP_MD *md = NULL;
-#ifndef OPENSSL_NO_RSA
        RSA *rsa = NULL;
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh = NULL;
 #endif
@@ -1232,12 +1228,10 @@ ssl3_get_key_exchange(SSL *s)
 
        param = p = (unsigned char *)s->init_msg;
        if (s->session->sess_cert != NULL) {
-#ifndef OPENSSL_NO_RSA
                if (s->session->sess_cert->peer_rsa_tmp != NULL) {
                        RSA_free(s->session->sess_cert->peer_rsa_tmp);
                        s->session->sess_cert->peer_rsa_tmp = NULL;
                }
-#endif
 #ifndef OPENSSL_NO_DH
                if (s->session->sess_cert->peer_dh_tmp) {
                        DH_free(s->session->sess_cert->peer_dh_tmp);
@@ -1356,20 +1350,12 @@ ssl3_get_key_exchange(SSL *s)
                n -= param_len;
 
 /* We must check if there is a certificate */
-#ifndef OPENSSL_NO_RSA
                if (alg_a & SSL_aRSA)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-               if (0)
-;
-#endif
-#ifndef OPENSSL_NO_DSA
                else if (alg_a & SSL_aDSS)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
        } else
 #endif /* !OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_RSA
        if (alg_k & SSL_kRSA) {
                if ((rsa = RSA_new()) == NULL) {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
@@ -1412,10 +1398,6 @@ ssl3_get_key_exchange(SSL *s)
                s->session->sess_cert->peer_rsa_tmp = rsa;
                rsa = NULL;
        }
-#else /* OPENSSL_NO_RSA */
-       if (0)
-;
-#endif
 #ifndef OPENSSL_NO_DH
        else if (alg_k & SSL_kEDH) {
                if ((dh = DH_new()) == NULL) {
@@ -1462,17 +1444,10 @@ ssl3_get_key_exchange(SSL *s)
                p += i;
                n -= param_len;
 
-#ifndef OPENSSL_NO_RSA
                if (alg_a & SSL_aRSA)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-               if (0)
-;
-#endif
-#ifndef OPENSSL_NO_DSA
                else if (alg_a & SSL_aDSS)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
                /* else anonymous DH, so no certificate or pkey. */
 
                s->session->sess_cert->peer_dh_tmp = dh;
@@ -1561,10 +1536,8 @@ ssl3_get_key_exchange(SSL *s)
                 * key exchange message. We do support RSA and ECDSA.
                 */
                if (0);
-#ifndef OPENSSL_NO_RSA
                else if (alg_a & SSL_aRSA)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#endif
 #ifndef OPENSSL_NO_ECDSA
                else if (alg_a & SSL_aECDSA)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
@@ -1627,7 +1600,6 @@ ssl3_get_key_exchange(SSL *s)
                        goto f_err;
                }
 
-#ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) {
                        int num;
 
@@ -1659,7 +1631,6 @@ ssl3_get_key_exchange(SSL *s)
                                goto f_err;
                        }
                } else
-#endif
                {
                        EVP_VerifyInit_ex(&md_ctx, md, NULL);
                        EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
@@ -1693,10 +1664,8 @@ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
        EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
        if (rsa != NULL)
                RSA_free(rsa);
-#endif
 #ifndef OPENSSL_NO_DH
        if (dh != NULL)
                DH_free(dh);
@@ -2042,10 +2011,8 @@ ssl3_send_client_key_exchange(SSL *s)
        unsigned char *p, *d;
        int n;
        unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
        unsigned char *q;
        EVP_PKEY *pkey = NULL;
-#endif
 #ifndef OPENSSL_NO_KRB5
        KSSL_ERR kssl_err;
 #endif /* OPENSSL_NO_KRB5 */
@@ -2067,7 +2034,6 @@ ssl3_send_client_key_exchange(SSL *s)
                /* Fool emacs indentation */
                if (0) {
                }
-#ifndef OPENSSL_NO_RSA
                else if (alg_k & SSL_kRSA) {
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -2122,7 +2088,6 @@ ssl3_send_client_key_exchange(SSL *s)
                                sizeof tmp_buf);
                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
                }
-#endif
 #ifndef OPENSSL_NO_KRB5
                else if (alg_k & SSL_kKRB5) {
                        krb5_error_code krb5rc;
@@ -2760,7 +2725,6 @@ ssl3_send_client_verify(SSL *s)
                        if (!ssl3_digest_cached_records(s))
                                goto err;
                } else
-#ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA) {
                        s->method->ssl3_enc->cert_verify_mac(
                            s, NID_md5, &(data[0]));
@@ -2773,8 +2737,6 @@ ssl3_send_client_verify(SSL *s)
                        s2n(u, p);
                        n = u + 2;
                } else
-#endif
-#ifndef OPENSSL_NO_DSA
                if (pkey->type == EVP_PKEY_DSA) {
                        if (!DSA_sign(pkey->save_type,
                            &(data[MD5_DIGEST_LENGTH]),
@@ -2786,7 +2748,6 @@ ssl3_send_client_verify(SSL *s)
                        s2n(j, p);
                        n = j + 2;
                } else
-#endif
 #ifndef OPENSSL_NO_ECDSA
                if (pkey->type == EVP_PKEY_EC) {
                        if (!ECDSA_sign(pkey->save_type,
@@ -2914,9 +2875,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
        long alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
        SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
        RSA *rsa;
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh;
 #endif
@@ -2934,9 +2893,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
                goto err;
        }
 
-#ifndef OPENSSL_NO_RSA
        rsa = s->session->sess_cert->peer_rsa_tmp;
-#endif
 #ifndef OPENSSL_NO_DH
        dh = s->session->sess_cert->peer_dh_tmp;
 #endif
@@ -2966,19 +2923,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT);
                goto f_err;
        }
-#ifndef OPENSSL_NO_DSA
        else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT);
                goto f_err;
        }
-#endif
-#ifndef OPENSSL_NO_RSA
        if ((alg_k & SSL_kRSA) &&
            !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
                goto f_err;
        }
-#endif
 #ifndef OPENSSL_NO_DH
        if ((alg_k & SSL_kEDH) &&
            !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
@@ -2988,16 +2941,13 @@ ssl3_check_cert_and_algorithm(SSL *s)
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT);
                goto f_err;
        }
-#ifndef OPENSSL_NO_DSA
        else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT);
                goto f_err;
        }
-#endif
 #endif
 
        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) {
-#ifndef OPENSSL_NO_RSA
                if (alg_k & SSL_kRSA) {
                        if (rsa == NULL ||
                            RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
@@ -3005,7 +2955,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
                                goto f_err;
                        }
                } else
-#endif
 #ifndef OPENSSL_NO_DH
                if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
                        if (dh == NULL ||

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 8df07a1..288d885 100644 (file)
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -3098,23 +3098,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 {
        int ret = 0;
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-       if (
-#ifndef OPENSSL_NO_RSA
-       cmd == SSL_CTRL_SET_TMP_RSA ||
-       cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
-       cmd == SSL_CTRL_SET_TMP_DH ||
-       cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
-       0) {
+       if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+           cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
                if (!ssl_cert_inst(&s->cert)) {
                        SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
                        return (0);
                }
        }
-#endif
 
        switch (cmd) {
        case SSL_CTRL_GET_SESSION_REUSED:
@@ -3135,7 +3125,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
        case SSL_CTRL_GET_FLAGS:
                ret = (int)(s->s3->flags);
                break;
-#ifndef OPENSSL_NO_RSA
        case SSL_CTRL_NEED_TMP_RSA:
                if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
                   ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -3165,7 +3154,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        return (ret);
                }
                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case SSL_CTRL_SET_TMP_DH:
                {
@@ -3331,30 +3319,19 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 {
        int ret = 0;
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-       if (
-#ifndef OPENSSL_NO_RSA
-       cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
-       cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
-       0) {
+       if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) {
                if (!ssl_cert_inst(&s->cert)) {
                        SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
                        return (0);
                }
        }
-#endif
 
        switch (cmd) {
-#ifndef OPENSSL_NO_RSA
        case SSL_CTRL_SET_TMP_RSA_CB:
                {
                        s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
                }
                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case SSL_CTRL_SET_TMP_DH_CB:
                {
@@ -3389,7 +3366,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
        cert = ctx->cert;
 
        switch (cmd) {
-#ifndef OPENSSL_NO_RSA
        case SSL_CTRL_NEED_TMP_RSA:
                if ((cert->rsa_tmp == NULL) &&
                    ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -3429,7 +3405,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                        return (0);
                }
                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case SSL_CTRL_SET_TMP_DH:
                {
@@ -3599,13 +3574,11 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        cert = ctx->cert;
 
        switch (cmd) {
-#ifndef OPENSSL_NO_RSA
        case SSL_CTRL_SET_TMP_RSA_CB:
                {
                        cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
                }
                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case SSL_CTRL_SET_TMP_DH_CB:
                {
@@ -3962,29 +3935,17 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 #ifndef OPENSSL_NO_DH
        if (alg_k & (SSL_kDHr|SSL_kEDH)) {
-#  ifndef OPENSSL_NO_RSA
                p[ret++] = SSL3_CT_RSA_FIXED_DH;
-#  endif
-#  ifndef OPENSSL_NO_DSA
                p[ret++] = SSL3_CT_DSS_FIXED_DH;
-#  endif
        }
        if ((s->version == SSL3_VERSION) &&
                (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
-#  ifndef OPENSSL_NO_RSA
                p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
-#  endif
-#  ifndef OPENSSL_NO_DSA
                p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
-#  endif
        }
 #endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
        p[ret++] = SSL3_CT_RSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_DSA
        p[ret++] = SSL3_CT_DSS_SIGN;
-#endif
 #ifndef OPENSSL_NO_ECDH
        if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
                p[ret++] = TLS_CT_RSA_FIXED_ECDH;

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 927b0d7..19e0495 100644 (file)
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1554,13 +1554,11 @@ ssl3_send_server_done(SSL *s)
 int
 ssl3_send_server_key_exchange(SSL *s)
 {
-#ifndef OPENSSL_NO_RSA
        unsigned char *q;
        int j, num;
        RSA *rsa;
        unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        unsigned int u;
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh = NULL, *dhp;
 #endif
@@ -1596,7 +1594,6 @@ ssl3_send_server_key_exchange(SSL *s)
 
                r[0] = r[1] = r[2] = r[3] = NULL;
                n = 0;
-#ifndef OPENSSL_NO_RSA
                if (type & SSL_kRSA) {
                        rsa = cert->rsa_tmp;
                        if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
@@ -1623,7 +1620,6 @@ ssl3_send_server_key_exchange(SSL *s)
                        r[1] = rsa->e;
                        s->s3->tmp.use_rsa_tmp = 1;
                } else
-#endif
 #ifndef OPENSSL_NO_DH
                if (type & SSL_kEDH) {
                        dhp = cert->dh_tmp;
@@ -1913,7 +1909,6 @@ ssl3_send_server_key_exchange(SSL *s)
                         * n is the length of the params, they start at &(d[4])
                         * and p points to the space at the end.
                         */
-#ifndef OPENSSL_NO_RSA
                        if (pkey->type == EVP_PKEY_RSA
                                && TLS1_get_version(s) < TLS1_2_VERSION) {
                                q = md_buf;
@@ -1946,7 +1941,6 @@ ssl3_send_server_key_exchange(SSL *s)
                                s2n(u, p);
                                n += u + 2;
                        } else
-#endif
                        if (md) {
                                /* 
                                 * For TLS1.2 and later send signature
@@ -2120,10 +2114,8 @@ ssl3_get_client_key_exchange(SSL *s)
        long n;
        unsigned long alg_k;
        unsigned char *p;
-#ifndef OPENSSL_NO_RSA
        RSA *rsa = NULL;
        EVP_PKEY *pkey = NULL;
-#endif
 #ifndef OPENSSL_NO_DH
        BIGNUM *pub = NULL;
        DH *dh_srvr;
@@ -2149,7 +2141,6 @@ ssl3_get_client_key_exchange(SSL *s)
 
        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
-#ifndef OPENSSL_NO_RSA
        if (alg_k & SSL_kRSA) {
                /* FIX THIS UP EAY EAY EAY EAY */
                if (s->s3->tmp.use_rsa_tmp) {
@@ -2259,7 +2250,6 @@ ssl3_get_client_key_exchange(SSL *s)
                    p, i);
                OPENSSL_cleanse(p, i);
        } else
-#endif
 #ifndef OPENSSL_NO_DH
        if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
                n2s(p, i);
@@ -2851,9 +2841,7 @@ ssl3_get_client_key_exchange(SSL *s)
        return (1);
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
 err:
-#endif
 #ifndef OPENSSL_NO_ECDH
        EVP_PKEY_free(clnt_pub_pkey);
        EC_POINT_free(clnt_ecpoint);
@@ -3010,7 +2998,6 @@ ssl3_get_cert_verify(SSL *s)
                        goto f_err;
                }
        } else
-#ifndef OPENSSL_NO_RSA 
        if (pkey->type == EVP_PKEY_RSA) {
                i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
                    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
@@ -3028,8 +3015,6 @@ ssl3_get_cert_verify(SSL *s)
                        goto f_err;
                }
        } else
-#endif
-#ifndef OPENSSL_NO_DSA
        if (pkey->type == EVP_PKEY_DSA) {
                j = DSA_verify(pkey->save_type,
                    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
@@ -3042,7 +3027,6 @@ ssl3_get_cert_verify(SSL *s)
                        goto f_err;
                }
        } else
-#endif
 #ifndef OPENSSL_NO_ECDSA
        if (pkey->type == EVP_PKEY_EC) {
                j = ECDSA_verify(pkey->save_type,

diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index 3f159ee..1ad65ba 100644 (file)
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c
@@ -925,10 +925,8 @@ dtls1_send_client_key_exchange(SSL *s)
        unsigned char *p, *d;
        int n;
        unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
        unsigned char *q;
        EVP_PKEY *pkey = NULL;
-#endif
 #ifndef OPENSSL_NO_KRB5
        KSSL_ERR kssl_err;
 #endif /* OPENSSL_NO_KRB5 */
@@ -950,7 +948,6 @@ dtls1_send_client_key_exchange(SSL *s)
                /* Fool emacs indentation */
                if (0) {
                }
-#ifndef OPENSSL_NO_RSA
                else if (alg_k & SSL_kRSA) {
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -1005,7 +1002,6 @@ dtls1_send_client_key_exchange(SSL *s)
                        tmp_buf, sizeof tmp_buf);
                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
                }
-#endif
 #ifndef OPENSSL_NO_KRB5
                else if (alg_k & SSL_kKRB5) {
                        krb5_error_code krb5rc;
@@ -1474,13 +1470,9 @@ dtls1_send_client_verify(SSL *s)
        unsigned char *p, *d;
        unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
        unsigned u = 0;
-#endif
        unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
        int j;
-#endif
 
        if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
                d = (unsigned char *)s->init_buf->data;
@@ -1490,7 +1482,6 @@ dtls1_send_client_verify(SSL *s)
                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
                    &(data[MD5_DIGEST_LENGTH]));
 
-#ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA) {
                        s->method->ssl3_enc->cert_verify_mac(s,
                            NID_md5, &(data[0]));
@@ -1503,8 +1494,6 @@ dtls1_send_client_verify(SSL *s)
                        s2n(u, p);
                        n = u + 2;
                } else
-#endif
-#ifndef OPENSSL_NO_DSA
                if (pkey->type == EVP_PKEY_DSA) {
                        if (!DSA_sign(pkey->save_type,
                            &(data[MD5_DIGEST_LENGTH]),
@@ -1516,7 +1505,6 @@ dtls1_send_client_verify(SSL *s)
                        s2n(j, p);
                        n = j + 2;
                } else
-#endif
 #ifndef OPENSSL_NO_ECDSA
                if (pkey->type == EVP_PKEY_EC) {
                        if (!ECDSA_sign(pkey->save_type,

diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index ce7b243..6a10f7a 100644 (file)
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c
@@ -1000,13 +1000,11 @@ dtls1_send_server_done(SSL *s)
 int
 dtls1_send_server_key_exchange(SSL *s)
 {
-#ifndef OPENSSL_NO_RSA
        unsigned char *q;
        int j, num;
        RSA *rsa;
        unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        unsigned int u;
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh = NULL, *dhp;
 #endif
@@ -1041,7 +1039,6 @@ dtls1_send_server_key_exchange(SSL *s)
 
                r[0] = r[1] = r[2] = r[3] = NULL;
                n = 0;
-#ifndef OPENSSL_NO_RSA
                if (type & SSL_kRSA) {
                        rsa = cert->rsa_tmp;
                        if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
@@ -1065,7 +1062,6 @@ dtls1_send_server_key_exchange(SSL *s)
                        r[1] = rsa->e;
                        s->s3->tmp.use_rsa_tmp = 1;
                } else
-#endif
 #ifndef OPENSSL_NO_DH
                if (type & SSL_kEDH) {
                        dhp = cert->dh_tmp;
@@ -1310,7 +1306,6 @@ dtls1_send_server_key_exchange(SSL *s)
                        /* n is the length of the params, they start at
                         * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
                         * at the end. */
-#ifndef OPENSSL_NO_RSA
                        if (pkey->type == EVP_PKEY_RSA) {
                                q = md_buf;
                                j = 0;
@@ -1338,8 +1333,6 @@ dtls1_send_server_key_exchange(SSL *s)
                                s2n(u, p);
                                n += u + 2;
                        } else
-#endif
-#if !defined(OPENSSL_NO_DSA)
                        if (pkey->type == EVP_PKEY_DSA) {
                                /* lets do DSS */
                                EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
@@ -1354,7 +1347,6 @@ dtls1_send_server_key_exchange(SSL *s)
                                s2n(i, p);
                                n += i + 2;
                        } else
-#endif
 #if !defined(OPENSSL_NO_ECDSA)
                        if (pkey->type == EVP_PKEY_EC) {
                                /* let's do ECDSA */

diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 32405ea..52e2174 100644 (file)
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1183,18 +1183,14 @@ err:
 int
 ssl3_get_key_exchange(SSL *s)
 {
-#ifndef OPENSSL_NO_RSA
        unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
-#endif
        EVP_MD_CTX md_ctx;
        unsigned char *param, *p;
        int al, i, j, param_len, ok;
        long n, alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
        const EVP_MD *md = NULL;
-#ifndef OPENSSL_NO_RSA
        RSA *rsa = NULL;
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh = NULL;
 #endif
@@ -1232,12 +1228,10 @@ ssl3_get_key_exchange(SSL *s)
 
        param = p = (unsigned char *)s->init_msg;
        if (s->session->sess_cert != NULL) {
-#ifndef OPENSSL_NO_RSA
                if (s->session->sess_cert->peer_rsa_tmp != NULL) {
                        RSA_free(s->session->sess_cert->peer_rsa_tmp);
                        s->session->sess_cert->peer_rsa_tmp = NULL;
                }
-#endif
 #ifndef OPENSSL_NO_DH
                if (s->session->sess_cert->peer_dh_tmp) {
                        DH_free(s->session->sess_cert->peer_dh_tmp);
@@ -1356,20 +1350,12 @@ ssl3_get_key_exchange(SSL *s)
                n -= param_len;
 
 /* We must check if there is a certificate */
-#ifndef OPENSSL_NO_RSA
                if (alg_a & SSL_aRSA)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-               if (0)
-;
-#endif
-#ifndef OPENSSL_NO_DSA
                else if (alg_a & SSL_aDSS)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
        } else
 #endif /* !OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_RSA
        if (alg_k & SSL_kRSA) {
                if ((rsa = RSA_new()) == NULL) {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
@@ -1412,10 +1398,6 @@ ssl3_get_key_exchange(SSL *s)
                s->session->sess_cert->peer_rsa_tmp = rsa;
                rsa = NULL;
        }
-#else /* OPENSSL_NO_RSA */
-       if (0)
-;
-#endif
 #ifndef OPENSSL_NO_DH
        else if (alg_k & SSL_kEDH) {
                if ((dh = DH_new()) == NULL) {
@@ -1462,17 +1444,10 @@ ssl3_get_key_exchange(SSL *s)
                p += i;
                n -= param_len;
 
-#ifndef OPENSSL_NO_RSA
                if (alg_a & SSL_aRSA)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-               if (0)
-;
-#endif
-#ifndef OPENSSL_NO_DSA
                else if (alg_a & SSL_aDSS)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
                /* else anonymous DH, so no certificate or pkey. */
 
                s->session->sess_cert->peer_dh_tmp = dh;
@@ -1561,10 +1536,8 @@ ssl3_get_key_exchange(SSL *s)
                 * key exchange message. We do support RSA and ECDSA.
                 */
                if (0);
-#ifndef OPENSSL_NO_RSA
                else if (alg_a & SSL_aRSA)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#endif
 #ifndef OPENSSL_NO_ECDSA
                else if (alg_a & SSL_aECDSA)
                        pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
@@ -1627,7 +1600,6 @@ ssl3_get_key_exchange(SSL *s)
                        goto f_err;
                }
 
-#ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) {
                        int num;
 
@@ -1659,7 +1631,6 @@ ssl3_get_key_exchange(SSL *s)
                                goto f_err;
                        }
                } else
-#endif
                {
                        EVP_VerifyInit_ex(&md_ctx, md, NULL);
                        EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
@@ -1693,10 +1664,8 @@ f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
        EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
        if (rsa != NULL)
                RSA_free(rsa);
-#endif
 #ifndef OPENSSL_NO_DH
        if (dh != NULL)
                DH_free(dh);
@@ -2042,10 +2011,8 @@ ssl3_send_client_key_exchange(SSL *s)
        unsigned char *p, *d;
        int n;
        unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
        unsigned char *q;
        EVP_PKEY *pkey = NULL;
-#endif
 #ifndef OPENSSL_NO_KRB5
        KSSL_ERR kssl_err;
 #endif /* OPENSSL_NO_KRB5 */
@@ -2067,7 +2034,6 @@ ssl3_send_client_key_exchange(SSL *s)
                /* Fool emacs indentation */
                if (0) {
                }
-#ifndef OPENSSL_NO_RSA
                else if (alg_k & SSL_kRSA) {
                        RSA *rsa;
                        unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -2122,7 +2088,6 @@ ssl3_send_client_key_exchange(SSL *s)
                                sizeof tmp_buf);
                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
                }
-#endif
 #ifndef OPENSSL_NO_KRB5
                else if (alg_k & SSL_kKRB5) {
                        krb5_error_code krb5rc;
@@ -2760,7 +2725,6 @@ ssl3_send_client_verify(SSL *s)
                        if (!ssl3_digest_cached_records(s))
                                goto err;
                } else
-#ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA) {
                        s->method->ssl3_enc->cert_verify_mac(
                            s, NID_md5, &(data[0]));
@@ -2773,8 +2737,6 @@ ssl3_send_client_verify(SSL *s)
                        s2n(u, p);
                        n = u + 2;
                } else
-#endif
-#ifndef OPENSSL_NO_DSA
                if (pkey->type == EVP_PKEY_DSA) {
                        if (!DSA_sign(pkey->save_type,
                            &(data[MD5_DIGEST_LENGTH]),
@@ -2786,7 +2748,6 @@ ssl3_send_client_verify(SSL *s)
                        s2n(j, p);
                        n = j + 2;
                } else
-#endif
 #ifndef OPENSSL_NO_ECDSA
                if (pkey->type == EVP_PKEY_EC) {
                        if (!ECDSA_sign(pkey->save_type,
@@ -2914,9 +2875,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
        long alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
        SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
        RSA *rsa;
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh;
 #endif
@@ -2934,9 +2893,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
                goto err;
        }
 
-#ifndef OPENSSL_NO_RSA
        rsa = s->session->sess_cert->peer_rsa_tmp;
-#endif
 #ifndef OPENSSL_NO_DH
        dh = s->session->sess_cert->peer_dh_tmp;
 #endif
@@ -2966,19 +2923,15 @@ ssl3_check_cert_and_algorithm(SSL *s)
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT);
                goto f_err;
        }
-#ifndef OPENSSL_NO_DSA
        else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT);
                goto f_err;
        }
-#endif
-#ifndef OPENSSL_NO_RSA
        if ((alg_k & SSL_kRSA) &&
            !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
                goto f_err;
        }
-#endif
 #ifndef OPENSSL_NO_DH
        if ((alg_k & SSL_kEDH) &&
            !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
@@ -2988,16 +2941,13 @@ ssl3_check_cert_and_algorithm(SSL *s)
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT);
                goto f_err;
        }
-#ifndef OPENSSL_NO_DSA
        else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT);
                goto f_err;
        }
-#endif
 #endif
 
        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) {
-#ifndef OPENSSL_NO_RSA
                if (alg_k & SSL_kRSA) {
                        if (rsa == NULL ||
                            RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
@@ -3005,7 +2955,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
                                goto f_err;
                        }
                } else
-#endif
 #ifndef OPENSSL_NO_DH
                if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
                        if (dh == NULL ||

diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index 8df07a1..288d885 100644 (file)
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -3098,23 +3098,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 {
        int ret = 0;
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-       if (
-#ifndef OPENSSL_NO_RSA
-       cmd == SSL_CTRL_SET_TMP_RSA ||
-       cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
-       cmd == SSL_CTRL_SET_TMP_DH ||
-       cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
-       0) {
+       if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+           cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
                if (!ssl_cert_inst(&s->cert)) {
                        SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
                        return (0);
                }
        }
-#endif
 
        switch (cmd) {
        case SSL_CTRL_GET_SESSION_REUSED:
@@ -3135,7 +3125,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
        case SSL_CTRL_GET_FLAGS:
                ret = (int)(s->s3->flags);
                break;
-#ifndef OPENSSL_NO_RSA
        case SSL_CTRL_NEED_TMP_RSA:
                if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
                   ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -3165,7 +3154,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        return (ret);
                }
                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case SSL_CTRL_SET_TMP_DH:
                {
@@ -3331,30 +3319,19 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 {
        int ret = 0;
 
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-       if (
-#ifndef OPENSSL_NO_RSA
-       cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
-       cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
-       0) {
+       if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) {
                if (!ssl_cert_inst(&s->cert)) {
                        SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
                        return (0);
                }
        }
-#endif
 
        switch (cmd) {
-#ifndef OPENSSL_NO_RSA
        case SSL_CTRL_SET_TMP_RSA_CB:
                {
                        s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
                }
                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case SSL_CTRL_SET_TMP_DH_CB:
                {
@@ -3389,7 +3366,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
        cert = ctx->cert;
 
        switch (cmd) {
-#ifndef OPENSSL_NO_RSA
        case SSL_CTRL_NEED_TMP_RSA:
                if ((cert->rsa_tmp == NULL) &&
                    ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -3429,7 +3405,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                        return (0);
                }
                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case SSL_CTRL_SET_TMP_DH:
                {
@@ -3599,13 +3574,11 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        cert = ctx->cert;
 
        switch (cmd) {
-#ifndef OPENSSL_NO_RSA
        case SSL_CTRL_SET_TMP_RSA_CB:
                {
                        cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
                }
                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case SSL_CTRL_SET_TMP_DH_CB:
                {
@@ -3962,29 +3935,17 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 #ifndef OPENSSL_NO_DH
        if (alg_k & (SSL_kDHr|SSL_kEDH)) {
-#  ifndef OPENSSL_NO_RSA
                p[ret++] = SSL3_CT_RSA_FIXED_DH;
-#  endif
-#  ifndef OPENSSL_NO_DSA
                p[ret++] = SSL3_CT_DSS_FIXED_DH;
-#  endif
        }
        if ((s->version == SSL3_VERSION) &&
                (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
-#  ifndef OPENSSL_NO_RSA
                p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
-#  endif
-#  ifndef OPENSSL_NO_DSA
                p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
-#  endif
        }
 #endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
        p[ret++] = SSL3_CT_RSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_DSA
        p[ret++] = SSL3_CT_DSS_SIGN;
-#endif
 #ifndef OPENSSL_NO_ECDH
        if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
                p[ret++] = TLS_CT_RSA_FIXED_ECDH;

diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 927b0d7..19e0495 100644 (file)
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1554,13 +1554,11 @@ ssl3_send_server_done(SSL *s)
 int
 ssl3_send_server_key_exchange(SSL *s)
 {
-#ifndef OPENSSL_NO_RSA
        unsigned char *q;
        int j, num;
        RSA *rsa;
        unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        unsigned int u;
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh = NULL, *dhp;
 #endif
@@ -1596,7 +1594,6 @@ ssl3_send_server_key_exchange(SSL *s)
 
                r[0] = r[1] = r[2] = r[3] = NULL;
                n = 0;
-#ifndef OPENSSL_NO_RSA
                if (type & SSL_kRSA) {
                        rsa = cert->rsa_tmp;
                        if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
@@ -1623,7 +1620,6 @@ ssl3_send_server_key_exchange(SSL *s)
                        r[1] = rsa->e;
                        s->s3->tmp.use_rsa_tmp = 1;
                } else
-#endif
 #ifndef OPENSSL_NO_DH
                if (type & SSL_kEDH) {
                        dhp = cert->dh_tmp;
@@ -1913,7 +1909,6 @@ ssl3_send_server_key_exchange(SSL *s)
                         * n is the length of the params, they start at &(d[4])
                         * and p points to the space at the end.
                         */
-#ifndef OPENSSL_NO_RSA
                        if (pkey->type == EVP_PKEY_RSA
                                && TLS1_get_version(s) < TLS1_2_VERSION) {
                                q = md_buf;
@@ -1946,7 +1941,6 @@ ssl3_send_server_key_exchange(SSL *s)
                                s2n(u, p);
                                n += u + 2;
                        } else
-#endif
                        if (md) {
                                /* 
                                 * For TLS1.2 and later send signature
@@ -2120,10 +2114,8 @@ ssl3_get_client_key_exchange(SSL *s)
        long n;
        unsigned long alg_k;
        unsigned char *p;
-#ifndef OPENSSL_NO_RSA
        RSA *rsa = NULL;
        EVP_PKEY *pkey = NULL;
-#endif
 #ifndef OPENSSL_NO_DH
        BIGNUM *pub = NULL;
        DH *dh_srvr;
@@ -2149,7 +2141,6 @@ ssl3_get_client_key_exchange(SSL *s)
 
        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 
-#ifndef OPENSSL_NO_RSA
        if (alg_k & SSL_kRSA) {
                /* FIX THIS UP EAY EAY EAY EAY */
                if (s->s3->tmp.use_rsa_tmp) {
@@ -2259,7 +2250,6 @@ ssl3_get_client_key_exchange(SSL *s)
                    p, i);
                OPENSSL_cleanse(p, i);
        } else
-#endif
 #ifndef OPENSSL_NO_DH
        if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
                n2s(p, i);
@@ -2851,9 +2841,7 @@ ssl3_get_client_key_exchange(SSL *s)
        return (1);
 f_err:
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
 err:
-#endif
 #ifndef OPENSSL_NO_ECDH
        EVP_PKEY_free(clnt_pub_pkey);
        EC_POINT_free(clnt_ecpoint);
@@ -3010,7 +2998,6 @@ ssl3_get_cert_verify(SSL *s)
                        goto f_err;
                }
        } else
-#ifndef OPENSSL_NO_RSA 
        if (pkey->type == EVP_PKEY_RSA) {
                i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
                    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
@@ -3028,8 +3015,6 @@ ssl3_get_cert_verify(SSL *s)
                        goto f_err;
                }
        } else
-#endif
-#ifndef OPENSSL_NO_DSA
        if (pkey->type == EVP_PKEY_DSA) {
                j = DSA_verify(pkey->save_type,
                    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
@@ -3042,7 +3027,6 @@ ssl3_get_cert_verify(SSL *s)
                        goto f_err;
                }
        } else
-#endif
 #ifndef OPENSSL_NO_ECDSA
        if (pkey->type == EVP_PKEY_EC) {
                j = ECDSA_verify(pkey->save_type,

diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index cefee61..ef82979 100644 (file)
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -1690,9 +1690,7 @@ int       (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
 void   SSL_set_verify(SSL *s, int mode,
            int (*callback)(int ok, X509_STORE_CTX *ctx));
 void   SSL_set_verify_depth(SSL *s, int depth);
-#ifndef OPENSSL_NO_RSA
 int    SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
 int    SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int    SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int    SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
@@ -1765,9 +1763,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
     int (*callback)(int, X509_STORE_CTX *));
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
-#ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
@@ -1963,13 +1959,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
 
 /* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
     RSA *(*cb)(SSL *ssl, int is_export, int keylength));
 
 void SSL_set_tmp_rsa_callback(SSL *ssl,
     RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-#endif
 #ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
     DH *(*dh)(SSL *ssl, int is_export, int keylength));

diff --git a/lib/libssl/src/ssl/ssl_algs.c b/lib/libssl/src/ssl/ssl_algs.c
index 463bf8a..aaecb2d 100644 (file)
--- a/lib/libssl/src/ssl/ssl_algs.c
+++ b/lib/libssl/src/ssl/ssl_algs.c
@@ -111,12 +111,10 @@ SSL_library_init(void)
        EVP_add_digest(EVP_sha256());
        EVP_add_digest(EVP_sha384());
        EVP_add_digest(EVP_sha512());
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
        EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
        EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
        EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
        EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-#endif
 #ifndef OPENSSL_NO_ECDSA
        EVP_add_digest(EVP_ecdsa());
 #endif

diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c
index cf5cfb9..a823c16 100644 (file)
--- a/lib/libssl/src/ssl/ssl_cert.c
+++ b/lib/libssl/src/ssl/ssl_cert.c
@@ -163,13 +163,9 @@ static void
 ssl_cert_set_default_md(CERT *cert)
 {
        /* Set digest values to defaults */
-#ifndef OPENSSL_NO_DSA
        cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_RSA
        cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
        cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-#endif
 #ifndef OPENSSL_NO_ECDSA
        cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
@@ -217,13 +213,11 @@ CERT
        ret->export_mask_k = cert->export_mask_k;
        ret->export_mask_a = cert->export_mask_a;
 
-#ifndef OPENSSL_NO_RSA
        if (cert->rsa_tmp != NULL) {
                RSA_up_ref(cert->rsa_tmp);
                ret->rsa_tmp = cert->rsa_tmp;
        }
        ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
 
 #ifndef OPENSSL_NO_DH
        if (cert->dh_tmp != NULL) {
@@ -319,10 +313,8 @@ CERT
 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
-#ifndef OPENSSL_NO_RSA
        if (ret->rsa_tmp != NULL)
                RSA_free(ret->rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
        if (ret->dh_tmp != NULL)
                DH_free(ret->dh_tmp);
@@ -355,10 +347,8 @@ ssl_cert_free(CERT *c)
        if (i > 0)
                return;
 
-#ifndef OPENSSL_NO_RSA
        if (c->rsa_tmp)
                RSA_free(c->rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
        if (c->dh_tmp)
                DH_free(c->dh_tmp);
@@ -452,10 +442,8 @@ ssl_sess_cert_free(SESS_CERT *sc)
 #endif
        }
 
-#ifndef OPENSSL_NO_RSA
        if (sc->peer_rsa_tmp != NULL)
                RSA_free(sc->peer_rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
        if (sc->peer_dh_tmp != NULL)
                DH_free(sc->peer_dh_tmp);

diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index b56a93d..140a00c 100644 (file)
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -696,13 +696,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
        *mac = 0;
        *ssl = 0;
 
-#ifdef OPENSSL_NO_RSA
-       *mkey |= SSL_kRSA;
-       *auth |= SSL_aRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
-       *auth |= SSL_aDSS;
-#endif
        *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
        *auth |= SSL_aDH;
 #ifdef OPENSSL_NO_DH

diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 3ab652a..37fff3a 100644 (file)
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1978,13 +1978,9 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 
        kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
 
-#ifndef OPENSSL_NO_RSA
        rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
        rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
        (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
-       rsa_tmp = rsa_tmp_export = 0;
-#endif
 #ifndef OPENSSL_NO_DH
        dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
        dh_tmp_export = (c->dh_tmp_cb != NULL ||
@@ -2990,7 +2986,6 @@ SSL_want(const SSL *s)
  * \param cb the callback
  */
 
-#ifndef OPENSSL_NO_RSA
 void
 SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,
     int is_export,
@@ -3006,7 +3001,6 @@ int keylength))
 {
        SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
 }
-#endif
 
 #ifdef DOXYGEN
 /*!

diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 4837237..5767c1d 100644 (file)
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -159,12 +159,8 @@
 #endif
 #include <openssl/bio.h>
 #include <openssl/stack.h>
-#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
-#endif
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
@@ -500,10 +496,8 @@ typedef struct cert_st {
        unsigned long mask_a;
        unsigned long export_mask_k;
        unsigned long export_mask_a;
-#ifndef OPENSSL_NO_RSA
        RSA *rsa_tmp;
        RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh_tmp;
        DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
@@ -531,9 +525,7 @@ typedef struct sess_cert_st {
        /* Obviously we don't have the private keys of these,
         * so maybe we shouldn't even use the CERT_PKEY type here. */
 
-#ifndef OPENSSL_NO_RSA
        RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
 #ifndef OPENSSL_NO_DH
        DH *peer_dh_tmp; /* not used for SSL 2 */
 #endif

diff --git a/lib/libssl/src/ssl/ssl_rsa.c b/lib/libssl/src/ssl/ssl_rsa.c
index 078df55..05d18de 100644 (file)
--- a/lib/libssl/src/ssl/ssl_rsa.c
+++ b/lib/libssl/src/ssl/ssl_rsa.c
@@ -142,7 +142,6 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
        return (ret);
 }
 
-#ifndef OPENSSL_NO_RSA
 int
 SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 {
@@ -169,7 +168,6 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
        EVP_PKEY_free(pkey);
        return (ret);
 }
-#endif
 
 static int
 ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
@@ -189,14 +187,12 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
                EVP_PKEY_free(pktmp);
                ERR_clear_error();
 
-#ifndef OPENSSL_NO_RSA
                /* Don't check the public/private key, this is mostly
                 * for smart cards. */
                if ((pkey->type == EVP_PKEY_RSA) &&
                        (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
 ;
                else
-#endif
                if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
                        X509_free(c->pkeys[i].x509);
                        c->pkeys[i].x509 = NULL;
@@ -214,7 +210,6 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
        return (1);
 }
 
-#ifndef OPENSSL_NO_RSA
 #ifndef OPENSSL_NO_STDIO
 int
 SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
@@ -274,7 +269,6 @@ SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
        RSA_free(rsa);
        return (ret);
 }
-#endif /* !OPENSSL_NO_RSA */
 
 int
 SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
@@ -390,7 +384,6 @@ ssl_set_cert(CERT *c, X509 *x)
                EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
                ERR_clear_error();
 
-#ifndef OPENSSL_NO_RSA
                /* Don't check the public/private key, this is mostly
                 * for smart cards. */
                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
@@ -398,7 +391,6 @@ ssl_set_cert(CERT *c, X509 *x)
                RSA_METHOD_FLAG_NO_CHECK))
 ;
                else
-#endif /* OPENSSL_NO_RSA */
                if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
                        /* don't fail for a cert/key mismatch, just free
                         * current private key (when switching to a different
@@ -485,7 +477,6 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
        return (ret);
 }
 
-#ifndef OPENSSL_NO_RSA
 int
 SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 {
@@ -572,7 +563,6 @@ SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
        RSA_free(rsa);
        return (ret);
 }
-#endif /* !OPENSSL_NO_RSA */
 
 int
 SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)

diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c
index a8228fb..1ce08c9 100644 (file)
--- a/lib/libssl/src/ssl/ssltest.c
+++ b/lib/libssl/src/ssl/ssltest.c
@@ -173,12 +173,8 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
-#endif
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -203,10 +199,8 @@
 #define COMP_ZLIB      1
 
 static int verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
 static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
 static void free_tmp_rsa(void);
-#endif
 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
 #define APP_CALLBACK_STRING "Test Callback Argument"
 struct app_verify_arg {
@@ -363,22 +357,18 @@ print_details(SSL *c_ssl, const char *prefix)
                if (pkey != NULL) {
                        if (0)
 ;
-#ifndef OPENSSL_NO_RSA
                        else if (pkey->type == EVP_PKEY_RSA &&
                            pkey->pkey.rsa != NULL &&
                            pkey->pkey.rsa->n != NULL) {
                                BIO_printf(bio_stdout, ", %d bit RSA",
                                BN_num_bits(pkey->pkey.rsa->n));
                        }
-#endif
-#ifndef OPENSSL_NO_DSA
                        else if (pkey->type == EVP_PKEY_DSA &&
                            pkey->pkey.dsa != NULL &&
                            pkey->pkey.dsa->p != NULL) {
                                BIO_printf(bio_stdout, ", %d bit DSA",
                                BN_num_bits(pkey->pkey.dsa->p));
                        }
-#endif
                        EVP_PKEY_free(pkey);
                }
                X509_free(cert);
@@ -837,9 +827,7 @@ bad:
        (void)no_ecdhe;
 #endif
 
-#ifndef OPENSSL_NO_RSA
        SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
-#endif
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
        SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
@@ -997,9 +985,7 @@ end:
        if (bio_stdout != NULL)
                BIO_free(bio_stdout);
 
-#ifndef OPENSSL_NO_RSA
        free_tmp_rsa();
-#endif
 #ifndef OPENSSL_NO_ENGINE
        ENGINE_cleanup();
 #endif
@@ -2087,7 +2073,6 @@ app_verify_callback(X509_STORE_CTX *ctx, void *arg)
        return (ok);
 }
 
-#ifndef OPENSSL_NO_RSA
 static RSA *rsa_tmp = NULL;
 
 static RSA
@@ -2125,7 +2110,6 @@ free_tmp_rsa(void)
                rsa_tmp = NULL;
        }
 }
-#endif
 
 #ifndef OPENSSL_NO_DH
 /* These DH parameters have been generated as follows:

diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index 304140d..6ee2289 100644 (file)
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -310,17 +310,9 @@ tls1_ec_nid2curve_id(int nid)
  * customisable at some point, for now include everything we support.
  */
 
-#ifdef OPENSSL_NO_RSA
-#define tlsext_sigalg_rsa(md) /* */
-#else
 #define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
-#endif
 
-#ifdef OPENSSL_NO_DSA
-#define tlsext_sigalg_dsa(md) /* */
-#else
 #define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
-#endif
 
 #ifdef OPENSSL_NO_ECDSA
 #define tlsext_sigalg_ecdsa(md) /* */
@@ -2202,12 +2194,8 @@ static tls12_lookup tls12_md[] = {
 };
 
 static tls12_lookup tls12_sig[] = {
-#ifndef OPENSSL_NO_RSA
        {EVP_PKEY_RSA, TLSEXT_signature_rsa},
-#endif
-#ifndef OPENSSL_NO_DSA
        {EVP_PKEY_DSA, TLSEXT_signature_dsa},
-#endif
 #ifndef OPENSSL_NO_ECDSA
        {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
 #endif
@@ -2307,16 +2295,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
                unsigned char hash_alg = data[i], sig_alg = data[i + 1];
 
                switch (sig_alg) {
-#ifndef OPENSSL_NO_RSA
                case TLSEXT_signature_rsa:
                        idx = SSL_PKEY_RSA_SIGN;
                        break;
-#endif
-#ifndef OPENSSL_NO_DSA
                case TLSEXT_signature_dsa:
                        idx = SSL_PKEY_DSA_SIGN;
                        break;
-#endif
 #ifndef OPENSSL_NO_ECDSA
                case TLSEXT_signature_ecdsa:
                        idx = SSL_PKEY_ECC;
@@ -2341,16 +2325,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
        /* Set any remaining keys to default values. NOTE: if alg is not
         * supported it stays as NULL.
         */
-#ifndef OPENSSL_NO_DSA
        if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
                c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_RSA
        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
                c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
                c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
        }
-#endif
 #ifndef OPENSSL_NO_ECDSA
        if (!c->pkeys[SSL_PKEY_ECC].digest)
                c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index cefee61..ef82979 100644 (file)
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1690,9 +1690,7 @@ int       (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
 void   SSL_set_verify(SSL *s, int mode,
            int (*callback)(int ok, X509_STORE_CTX *ctx));
 void   SSL_set_verify_depth(SSL *s, int depth);
-#ifndef OPENSSL_NO_RSA
 int    SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
 int    SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int    SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int    SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
@@ -1765,9 +1763,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
     int (*callback)(int, X509_STORE_CTX *));
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
-#ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
@@ -1963,13 +1959,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
 
 /* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
     RSA *(*cb)(SSL *ssl, int is_export, int keylength));
 
 void SSL_set_tmp_rsa_callback(SSL *ssl,
     RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-#endif
 #ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
     DH *(*dh)(SSL *ssl, int is_export, int keylength));

diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c
index 463bf8a..aaecb2d 100644 (file)
--- a/lib/libssl/ssl_algs.c
+++ b/lib/libssl/ssl_algs.c
@@ -111,12 +111,10 @@ SSL_library_init(void)
        EVP_add_digest(EVP_sha256());
        EVP_add_digest(EVP_sha384());
        EVP_add_digest(EVP_sha512());
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
        EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
        EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
        EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
        EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-#endif
 #ifndef OPENSSL_NO_ECDSA
        EVP_add_digest(EVP_ecdsa());
 #endif

diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index cf5cfb9..a823c16 100644 (file)
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -163,13 +163,9 @@ static void
 ssl_cert_set_default_md(CERT *cert)
 {
        /* Set digest values to defaults */
-#ifndef OPENSSL_NO_DSA
        cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_RSA
        cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
        cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-#endif
 #ifndef OPENSSL_NO_ECDSA
        cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
@@ -217,13 +213,11 @@ CERT
        ret->export_mask_k = cert->export_mask_k;
        ret->export_mask_a = cert->export_mask_a;
 
-#ifndef OPENSSL_NO_RSA
        if (cert->rsa_tmp != NULL) {
                RSA_up_ref(cert->rsa_tmp);
                ret->rsa_tmp = cert->rsa_tmp;
        }
        ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
 
 #ifndef OPENSSL_NO_DH
        if (cert->dh_tmp != NULL) {
@@ -319,10 +313,8 @@ CERT
 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
-#ifndef OPENSSL_NO_RSA
        if (ret->rsa_tmp != NULL)
                RSA_free(ret->rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
        if (ret->dh_tmp != NULL)
                DH_free(ret->dh_tmp);
@@ -355,10 +347,8 @@ ssl_cert_free(CERT *c)
        if (i > 0)
                return;
 
-#ifndef OPENSSL_NO_RSA
        if (c->rsa_tmp)
                RSA_free(c->rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
        if (c->dh_tmp)
                DH_free(c->dh_tmp);
@@ -452,10 +442,8 @@ ssl_sess_cert_free(SESS_CERT *sc)
 #endif
        }
 
-#ifndef OPENSSL_NO_RSA
        if (sc->peer_rsa_tmp != NULL)
                RSA_free(sc->peer_rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
        if (sc->peer_dh_tmp != NULL)
                DH_free(sc->peer_dh_tmp);

diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index b56a93d..140a00c 100644 (file)
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -696,13 +696,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
        *mac = 0;
        *ssl = 0;
 
-#ifdef OPENSSL_NO_RSA
-       *mkey |= SSL_kRSA;
-       *auth |= SSL_aRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
-       *auth |= SSL_aDSS;
-#endif
        *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
        *auth |= SSL_aDH;
 #ifdef OPENSSL_NO_DH

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 3ab652a..37fff3a 100644 (file)
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1978,13 +1978,9 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 
        kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
 
-#ifndef OPENSSL_NO_RSA
        rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
        rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
        (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
-       rsa_tmp = rsa_tmp_export = 0;
-#endif
 #ifndef OPENSSL_NO_DH
        dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
        dh_tmp_export = (c->dh_tmp_cb != NULL ||
@@ -2990,7 +2986,6 @@ SSL_want(const SSL *s)
  * \param cb the callback
  */
 
-#ifndef OPENSSL_NO_RSA
 void
 SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,
     int is_export,
@@ -3006,7 +3001,6 @@ int keylength))
 {
        SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
 }
-#endif
 
 #ifdef DOXYGEN
 /*!

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 4837237..5767c1d 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -159,12 +159,8 @@
 #endif
 #include <openssl/bio.h>
 #include <openssl/stack.h>
-#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
-#endif
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
@@ -500,10 +496,8 @@ typedef struct cert_st {
        unsigned long mask_a;
        unsigned long export_mask_k;
        unsigned long export_mask_a;
-#ifndef OPENSSL_NO_RSA
        RSA *rsa_tmp;
        RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
-#endif
 #ifndef OPENSSL_NO_DH
        DH *dh_tmp;
        DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
@@ -531,9 +525,7 @@ typedef struct sess_cert_st {
        /* Obviously we don't have the private keys of these,
         * so maybe we shouldn't even use the CERT_PKEY type here. */
 
-#ifndef OPENSSL_NO_RSA
        RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
 #ifndef OPENSSL_NO_DH
        DH *peer_dh_tmp; /* not used for SSL 2 */
 #endif

diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c
index 078df55..05d18de 100644 (file)
--- a/lib/libssl/ssl_rsa.c
+++ b/lib/libssl/ssl_rsa.c
@@ -142,7 +142,6 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
        return (ret);
 }
 
-#ifndef OPENSSL_NO_RSA
 int
 SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 {
@@ -169,7 +168,6 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
        EVP_PKEY_free(pkey);
        return (ret);
 }
-#endif
 
 static int
 ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
@@ -189,14 +187,12 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
                EVP_PKEY_free(pktmp);
                ERR_clear_error();
 
-#ifndef OPENSSL_NO_RSA
                /* Don't check the public/private key, this is mostly
                 * for smart cards. */
                if ((pkey->type == EVP_PKEY_RSA) &&
                        (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
 ;
                else
-#endif
                if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
                        X509_free(c->pkeys[i].x509);
                        c->pkeys[i].x509 = NULL;
@@ -214,7 +210,6 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
        return (1);
 }
 
-#ifndef OPENSSL_NO_RSA
 #ifndef OPENSSL_NO_STDIO
 int
 SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
@@ -274,7 +269,6 @@ SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
        RSA_free(rsa);
        return (ret);
 }
-#endif /* !OPENSSL_NO_RSA */
 
 int
 SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
@@ -390,7 +384,6 @@ ssl_set_cert(CERT *c, X509 *x)
                EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
                ERR_clear_error();
 
-#ifndef OPENSSL_NO_RSA
                /* Don't check the public/private key, this is mostly
                 * for smart cards. */
                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
@@ -398,7 +391,6 @@ ssl_set_cert(CERT *c, X509 *x)
                RSA_METHOD_FLAG_NO_CHECK))
 ;
                else
-#endif /* OPENSSL_NO_RSA */
                if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
                        /* don't fail for a cert/key mismatch, just free
                         * current private key (when switching to a different
@@ -485,7 +477,6 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
        return (ret);
 }
 
-#ifndef OPENSSL_NO_RSA
 int
 SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 {
@@ -572,7 +563,6 @@ SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
        RSA_free(rsa);
        return (ret);
 }
-#endif /* !OPENSSL_NO_RSA */
 
 int
 SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)

diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 304140d..6ee2289 100644 (file)
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -310,17 +310,9 @@ tls1_ec_nid2curve_id(int nid)
  * customisable at some point, for now include everything we support.
  */
 
-#ifdef OPENSSL_NO_RSA
-#define tlsext_sigalg_rsa(md) /* */
-#else
 #define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
-#endif
 
-#ifdef OPENSSL_NO_DSA
-#define tlsext_sigalg_dsa(md) /* */
-#else
 #define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
-#endif
 
 #ifdef OPENSSL_NO_ECDSA
 #define tlsext_sigalg_ecdsa(md) /* */
@@ -2202,12 +2194,8 @@ static tls12_lookup tls12_md[] = {
 };
 
 static tls12_lookup tls12_sig[] = {
-#ifndef OPENSSL_NO_RSA
        {EVP_PKEY_RSA, TLSEXT_signature_rsa},
-#endif
-#ifndef OPENSSL_NO_DSA
        {EVP_PKEY_DSA, TLSEXT_signature_dsa},
-#endif
 #ifndef OPENSSL_NO_ECDSA
        {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
 #endif
@@ -2307,16 +2295,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
                unsigned char hash_alg = data[i], sig_alg = data[i + 1];
 
                switch (sig_alg) {
-#ifndef OPENSSL_NO_RSA
                case TLSEXT_signature_rsa:
                        idx = SSL_PKEY_RSA_SIGN;
                        break;
-#endif
-#ifndef OPENSSL_NO_DSA
                case TLSEXT_signature_dsa:
                        idx = SSL_PKEY_DSA_SIGN;
                        break;
-#endif
 #ifndef OPENSSL_NO_ECDSA
                case TLSEXT_signature_ecdsa:
                        idx = SSL_PKEY_ECC;
@@ -2341,16 +2325,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
        /* Set any remaining keys to default values. NOTE: if alg is not
         * supported it stays as NULL.
         */
-#ifndef OPENSSL_NO_DSA
        if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
                c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_RSA
        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
                c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
                c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
        }
-#endif
 #ifndef OPENSSL_NO_ECDSA
        if (!c->pkeys[SSL_PKEY_ECC].digest)
                c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();