From: tedu Date: Thu, 17 Apr 2014 21:37:37 +0000 (+0000) Subject: always build in RSA and DSA. ok deraadt miod X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f9cd3d10235bfe2564dce844f01425b5129af89a;p=openbsd always build in RSA and DSA. ok deraadt miod --- diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 3f159eed263..1ad65ba5416 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -925,10 +925,8 @@ dtls1_send_client_key_exchange(SSL *s) unsigned char *p, *d; int n; unsigned long alg_k; -#ifndef OPENSSL_NO_RSA unsigned char *q; EVP_PKEY *pkey = NULL; -#endif #ifndef OPENSSL_NO_KRB5 KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ @@ -950,7 +948,6 @@ dtls1_send_client_key_exchange(SSL *s) /* Fool emacs indentation */ if (0) { } -#ifndef OPENSSL_NO_RSA else if (alg_k & SSL_kRSA) { RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; @@ -1005,7 +1002,6 @@ dtls1_send_client_key_exchange(SSL *s) tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); } -#endif #ifndef OPENSSL_NO_KRB5 else if (alg_k & SSL_kKRB5) { krb5_error_code krb5rc; @@ -1474,13 +1470,9 @@ dtls1_send_client_verify(SSL *s) unsigned char *p, *d; unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; EVP_PKEY *pkey; -#ifndef OPENSSL_NO_RSA unsigned u = 0; -#endif unsigned long n; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) int j; -#endif if (s->state == SSL3_ST_CW_CERT_VRFY_A) { d = (unsigned char *)s->init_buf->data; @@ -1490,7 +1482,6 @@ dtls1_send_client_verify(SSL *s) s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, &(data[MD5_DIGEST_LENGTH])); -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(data[0])); @@ -1503,8 +1494,6 @@ dtls1_send_client_verify(SSL *s) s2n(u, p); n = u + 2; } else -#endif -#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { if (!DSA_sign(pkey->save_type, &(data[MD5_DIGEST_LENGTH]), @@ -1516,7 +1505,6 @@ dtls1_send_client_verify(SSL *s) s2n(j, p); n = j + 2; } else -#endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) { if (!ECDSA_sign(pkey->save_type, diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index ce7b243c2db..6a10f7a3ddb 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1000,13 +1000,11 @@ dtls1_send_server_done(SSL *s) int dtls1_send_server_key_exchange(SSL *s) { -#ifndef OPENSSL_NO_RSA unsigned char *q; int j, num; RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; -#endif #ifndef OPENSSL_NO_DH DH *dh = NULL, *dhp; #endif @@ -1041,7 +1039,6 @@ dtls1_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; -#ifndef OPENSSL_NO_RSA if (type & SSL_kRSA) { rsa = cert->rsa_tmp; if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { @@ -1065,7 +1062,6 @@ dtls1_send_server_key_exchange(SSL *s) r[1] = rsa->e; s->s3->tmp.use_rsa_tmp = 1; } else -#endif #ifndef OPENSSL_NO_DH if (type & SSL_kEDH) { dhp = cert->dh_tmp; @@ -1310,7 +1306,6 @@ dtls1_send_server_key_exchange(SSL *s) /* n is the length of the params, they start at * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space * at the end. */ -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { q = md_buf; j = 0; @@ -1338,8 +1333,6 @@ dtls1_send_server_key_exchange(SSL *s) s2n(u, p); n += u + 2; } else -#endif -#if !defined(OPENSSL_NO_DSA) if (pkey->type == EVP_PKEY_DSA) { /* lets do DSS */ EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL); @@ -1354,7 +1347,6 @@ dtls1_send_server_key_exchange(SSL *s) s2n(i, p); n += i + 2; } else -#endif #if !defined(OPENSSL_NO_ECDSA) if (pkey->type == EVP_PKEY_EC) { /* let's do ECDSA */ diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 32405eac752..52e2174f6bb 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1183,18 +1183,14 @@ err: int ssl3_get_key_exchange(SSL *s) { -#ifndef OPENSSL_NO_RSA unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; -#endif EVP_MD_CTX md_ctx; unsigned char *param, *p; int al, i, j, param_len, ok; long n, alg_k, alg_a; EVP_PKEY *pkey = NULL; const EVP_MD *md = NULL; -#ifndef OPENSSL_NO_RSA RSA *rsa = NULL; -#endif #ifndef OPENSSL_NO_DH DH *dh = NULL; #endif @@ -1232,12 +1228,10 @@ ssl3_get_key_exchange(SSL *s) param = p = (unsigned char *)s->init_msg; if (s->session->sess_cert != NULL) { -#ifndef OPENSSL_NO_RSA if (s->session->sess_cert->peer_rsa_tmp != NULL) { RSA_free(s->session->sess_cert->peer_rsa_tmp); s->session->sess_cert->peer_rsa_tmp = NULL; } -#endif #ifndef OPENSSL_NO_DH if (s->session->sess_cert->peer_dh_tmp) { DH_free(s->session->sess_cert->peer_dh_tmp); @@ -1356,20 +1350,12 @@ ssl3_get_key_exchange(SSL *s) n -= param_len; /* We must check if there is a certificate */ -#ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#else - if (0) -; -#endif -#ifndef OPENSSL_NO_DSA else if (alg_a & SSL_aDSS) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); -#endif } else #endif /* !OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { if ((rsa = RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); @@ -1412,10 +1398,6 @@ ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_rsa_tmp = rsa; rsa = NULL; } -#else /* OPENSSL_NO_RSA */ - if (0) -; -#endif #ifndef OPENSSL_NO_DH else if (alg_k & SSL_kEDH) { if ((dh = DH_new()) == NULL) { @@ -1462,17 +1444,10 @@ ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; -#ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#else - if (0) -; -#endif -#ifndef OPENSSL_NO_DSA else if (alg_a & SSL_aDSS) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); -#endif /* else anonymous DH, so no certificate or pkey. */ s->session->sess_cert->peer_dh_tmp = dh; @@ -1561,10 +1536,8 @@ ssl3_get_key_exchange(SSL *s) * key exchange message. We do support RSA and ECDSA. */ if (0); -#ifndef OPENSSL_NO_RSA else if (alg_a & SSL_aRSA) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#endif #ifndef OPENSSL_NO_ECDSA else if (alg_a & SSL_aECDSA) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); @@ -1627,7 +1600,6 @@ ssl3_get_key_exchange(SSL *s) goto f_err; } -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { int num; @@ -1659,7 +1631,6 @@ ssl3_get_key_exchange(SSL *s) goto f_err; } } else -#endif { EVP_VerifyInit_ex(&md_ctx, md, NULL); EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); @@ -1693,10 +1664,8 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: EVP_PKEY_free(pkey); -#ifndef OPENSSL_NO_RSA if (rsa != NULL) RSA_free(rsa); -#endif #ifndef OPENSSL_NO_DH if (dh != NULL) DH_free(dh); @@ -2042,10 +2011,8 @@ ssl3_send_client_key_exchange(SSL *s) unsigned char *p, *d; int n; unsigned long alg_k; -#ifndef OPENSSL_NO_RSA unsigned char *q; EVP_PKEY *pkey = NULL; -#endif #ifndef OPENSSL_NO_KRB5 KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ @@ -2067,7 +2034,6 @@ ssl3_send_client_key_exchange(SSL *s) /* Fool emacs indentation */ if (0) { } -#ifndef OPENSSL_NO_RSA else if (alg_k & SSL_kRSA) { RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; @@ -2122,7 +2088,6 @@ ssl3_send_client_key_exchange(SSL *s) sizeof tmp_buf); OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); } -#endif #ifndef OPENSSL_NO_KRB5 else if (alg_k & SSL_kKRB5) { krb5_error_code krb5rc; @@ -2760,7 +2725,6 @@ ssl3_send_client_verify(SSL *s) if (!ssl3_digest_cached_records(s)) goto err; } else -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { s->method->ssl3_enc->cert_verify_mac( s, NID_md5, &(data[0])); @@ -2773,8 +2737,6 @@ ssl3_send_client_verify(SSL *s) s2n(u, p); n = u + 2; } else -#endif -#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { if (!DSA_sign(pkey->save_type, &(data[MD5_DIGEST_LENGTH]), @@ -2786,7 +2748,6 @@ ssl3_send_client_verify(SSL *s) s2n(j, p); n = j + 2; } else -#endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) { if (!ECDSA_sign(pkey->save_type, @@ -2914,9 +2875,7 @@ ssl3_check_cert_and_algorithm(SSL *s) long alg_k, alg_a; EVP_PKEY *pkey = NULL; SESS_CERT *sc; -#ifndef OPENSSL_NO_RSA RSA *rsa; -#endif #ifndef OPENSSL_NO_DH DH *dh; #endif @@ -2934,9 +2893,7 @@ ssl3_check_cert_and_algorithm(SSL *s) goto err; } -#ifndef OPENSSL_NO_RSA rsa = s->session->sess_cert->peer_rsa_tmp; -#endif #ifndef OPENSSL_NO_DH dh = s->session->sess_cert->peer_dh_tmp; #endif @@ -2966,19 +2923,15 @@ ssl3_check_cert_and_algorithm(SSL *s) SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT); goto f_err; } -#ifndef OPENSSL_NO_DSA else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT); goto f_err; } -#endif -#ifndef OPENSSL_NO_RSA if ((alg_k & SSL_kRSA) && !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; } -#endif #ifndef OPENSSL_NO_DH if ((alg_k & SSL_kEDH) && !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { @@ -2988,16 +2941,13 @@ ssl3_check_cert_and_algorithm(SSL *s) SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); goto f_err; } -#ifndef OPENSSL_NO_DSA else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); goto f_err; } -#endif #endif if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { -#ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { if (rsa == NULL || RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { @@ -3005,7 +2955,6 @@ ssl3_check_cert_and_algorithm(SSL *s) goto f_err; } } else -#endif #ifndef OPENSSL_NO_DH if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { if (dh == NULL || diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 8df07a1e4c7..288d885d9ec 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -3098,23 +3098,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret = 0; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -#ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA || - cmd == SSL_CTRL_SET_TMP_RSA_CB || -#endif -#ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH || - cmd == SSL_CTRL_SET_TMP_DH_CB || -#endif - 0) { + if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || + cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); return (0); } } -#endif switch (cmd) { case SSL_CTRL_GET_SESSION_REUSED: @@ -3135,7 +3125,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_FLAGS: ret = (int)(s->s3->flags); break; -#ifndef OPENSSL_NO_RSA case SSL_CTRL_NEED_TMP_RSA: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || @@ -3165,7 +3154,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { @@ -3331,30 +3319,19 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { int ret = 0; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -#ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA_CB || -#endif -#ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH_CB || -#endif - 0) { + if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); return (0); } } -#endif switch (cmd) { -#ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: { s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; } break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { @@ -3389,7 +3366,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) cert = ctx->cert; switch (cmd) { -#ifndef OPENSSL_NO_RSA case SSL_CTRL_NEED_TMP_RSA: if ((cert->rsa_tmp == NULL) && ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || @@ -3429,7 +3405,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (0); } break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { @@ -3599,13 +3574,11 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) cert = ctx->cert; switch (cmd) { -#ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: { cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; } break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { @@ -3962,29 +3935,17 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) #ifndef OPENSSL_NO_DH if (alg_k & (SSL_kDHr|SSL_kEDH)) { -# ifndef OPENSSL_NO_RSA p[ret++] = SSL3_CT_RSA_FIXED_DH; -# endif -# ifndef OPENSSL_NO_DSA p[ret++] = SSL3_CT_DSS_FIXED_DH; -# endif } if ((s->version == SSL3_VERSION) && (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { -# ifndef OPENSSL_NO_RSA p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; -# endif -# ifndef OPENSSL_NO_DSA p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; -# endif } #endif /* !OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_RSA p[ret++] = SSL3_CT_RSA_SIGN; -#endif -#ifndef OPENSSL_NO_DSA p[ret++] = SSL3_CT_DSS_SIGN; -#endif #ifndef OPENSSL_NO_ECDH if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { p[ret++] = TLS_CT_RSA_FIXED_ECDH; diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 927b0d7db1e..19e0495fe63 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1554,13 +1554,11 @@ ssl3_send_server_done(SSL *s) int ssl3_send_server_key_exchange(SSL *s) { -#ifndef OPENSSL_NO_RSA unsigned char *q; int j, num; RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; -#endif #ifndef OPENSSL_NO_DH DH *dh = NULL, *dhp; #endif @@ -1596,7 +1594,6 @@ ssl3_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; -#ifndef OPENSSL_NO_RSA if (type & SSL_kRSA) { rsa = cert->rsa_tmp; if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { @@ -1623,7 +1620,6 @@ ssl3_send_server_key_exchange(SSL *s) r[1] = rsa->e; s->s3->tmp.use_rsa_tmp = 1; } else -#endif #ifndef OPENSSL_NO_DH if (type & SSL_kEDH) { dhp = cert->dh_tmp; @@ -1913,7 +1909,6 @@ ssl3_send_server_key_exchange(SSL *s) * n is the length of the params, they start at &(d[4]) * and p points to the space at the end. */ -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { q = md_buf; @@ -1946,7 +1941,6 @@ ssl3_send_server_key_exchange(SSL *s) s2n(u, p); n += u + 2; } else -#endif if (md) { /* * For TLS1.2 and later send signature @@ -2120,10 +2114,8 @@ ssl3_get_client_key_exchange(SSL *s) long n; unsigned long alg_k; unsigned char *p; -#ifndef OPENSSL_NO_RSA RSA *rsa = NULL; EVP_PKEY *pkey = NULL; -#endif #ifndef OPENSSL_NO_DH BIGNUM *pub = NULL; DH *dh_srvr; @@ -2149,7 +2141,6 @@ ssl3_get_client_key_exchange(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -#ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { /* FIX THIS UP EAY EAY EAY EAY */ if (s->s3->tmp.use_rsa_tmp) { @@ -2259,7 +2250,6 @@ ssl3_get_client_key_exchange(SSL *s) p, i); OPENSSL_cleanse(p, i); } else -#endif #ifndef OPENSSL_NO_DH if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { n2s(p, i); @@ -2851,9 +2841,7 @@ ssl3_get_client_key_exchange(SSL *s) return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP) err: -#endif #ifndef OPENSSL_NO_ECDH EVP_PKEY_free(clnt_pub_pkey); EC_POINT_free(clnt_ecpoint); @@ -3010,7 +2998,6 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } } else -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i, @@ -3028,8 +3015,6 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } } else -#endif -#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { j = DSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), @@ -3042,7 +3027,6 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } } else -#endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) { j = ECDSA_verify(pkey->save_type, diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index 3f159eed263..1ad65ba5416 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -925,10 +925,8 @@ dtls1_send_client_key_exchange(SSL *s) unsigned char *p, *d; int n; unsigned long alg_k; -#ifndef OPENSSL_NO_RSA unsigned char *q; EVP_PKEY *pkey = NULL; -#endif #ifndef OPENSSL_NO_KRB5 KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ @@ -950,7 +948,6 @@ dtls1_send_client_key_exchange(SSL *s) /* Fool emacs indentation */ if (0) { } -#ifndef OPENSSL_NO_RSA else if (alg_k & SSL_kRSA) { RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; @@ -1005,7 +1002,6 @@ dtls1_send_client_key_exchange(SSL *s) tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); } -#endif #ifndef OPENSSL_NO_KRB5 else if (alg_k & SSL_kKRB5) { krb5_error_code krb5rc; @@ -1474,13 +1470,9 @@ dtls1_send_client_verify(SSL *s) unsigned char *p, *d; unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; EVP_PKEY *pkey; -#ifndef OPENSSL_NO_RSA unsigned u = 0; -#endif unsigned long n; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) int j; -#endif if (s->state == SSL3_ST_CW_CERT_VRFY_A) { d = (unsigned char *)s->init_buf->data; @@ -1490,7 +1482,6 @@ dtls1_send_client_verify(SSL *s) s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, &(data[MD5_DIGEST_LENGTH])); -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(data[0])); @@ -1503,8 +1494,6 @@ dtls1_send_client_verify(SSL *s) s2n(u, p); n = u + 2; } else -#endif -#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { if (!DSA_sign(pkey->save_type, &(data[MD5_DIGEST_LENGTH]), @@ -1516,7 +1505,6 @@ dtls1_send_client_verify(SSL *s) s2n(j, p); n = j + 2; } else -#endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) { if (!ECDSA_sign(pkey->save_type, diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index ce7b243c2db..6a10f7a3ddb 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -1000,13 +1000,11 @@ dtls1_send_server_done(SSL *s) int dtls1_send_server_key_exchange(SSL *s) { -#ifndef OPENSSL_NO_RSA unsigned char *q; int j, num; RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; -#endif #ifndef OPENSSL_NO_DH DH *dh = NULL, *dhp; #endif @@ -1041,7 +1039,6 @@ dtls1_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; -#ifndef OPENSSL_NO_RSA if (type & SSL_kRSA) { rsa = cert->rsa_tmp; if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { @@ -1065,7 +1062,6 @@ dtls1_send_server_key_exchange(SSL *s) r[1] = rsa->e; s->s3->tmp.use_rsa_tmp = 1; } else -#endif #ifndef OPENSSL_NO_DH if (type & SSL_kEDH) { dhp = cert->dh_tmp; @@ -1310,7 +1306,6 @@ dtls1_send_server_key_exchange(SSL *s) /* n is the length of the params, they start at * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space * at the end. */ -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { q = md_buf; j = 0; @@ -1338,8 +1333,6 @@ dtls1_send_server_key_exchange(SSL *s) s2n(u, p); n += u + 2; } else -#endif -#if !defined(OPENSSL_NO_DSA) if (pkey->type == EVP_PKEY_DSA) { /* lets do DSS */ EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL); @@ -1354,7 +1347,6 @@ dtls1_send_server_key_exchange(SSL *s) s2n(i, p); n += i + 2; } else -#endif #if !defined(OPENSSL_NO_ECDSA) if (pkey->type == EVP_PKEY_EC) { /* let's do ECDSA */ diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 32405eac752..52e2174f6bb 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1183,18 +1183,14 @@ err: int ssl3_get_key_exchange(SSL *s) { -#ifndef OPENSSL_NO_RSA unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; -#endif EVP_MD_CTX md_ctx; unsigned char *param, *p; int al, i, j, param_len, ok; long n, alg_k, alg_a; EVP_PKEY *pkey = NULL; const EVP_MD *md = NULL; -#ifndef OPENSSL_NO_RSA RSA *rsa = NULL; -#endif #ifndef OPENSSL_NO_DH DH *dh = NULL; #endif @@ -1232,12 +1228,10 @@ ssl3_get_key_exchange(SSL *s) param = p = (unsigned char *)s->init_msg; if (s->session->sess_cert != NULL) { -#ifndef OPENSSL_NO_RSA if (s->session->sess_cert->peer_rsa_tmp != NULL) { RSA_free(s->session->sess_cert->peer_rsa_tmp); s->session->sess_cert->peer_rsa_tmp = NULL; } -#endif #ifndef OPENSSL_NO_DH if (s->session->sess_cert->peer_dh_tmp) { DH_free(s->session->sess_cert->peer_dh_tmp); @@ -1356,20 +1350,12 @@ ssl3_get_key_exchange(SSL *s) n -= param_len; /* We must check if there is a certificate */ -#ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#else - if (0) -; -#endif -#ifndef OPENSSL_NO_DSA else if (alg_a & SSL_aDSS) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); -#endif } else #endif /* !OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { if ((rsa = RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); @@ -1412,10 +1398,6 @@ ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_rsa_tmp = rsa; rsa = NULL; } -#else /* OPENSSL_NO_RSA */ - if (0) -; -#endif #ifndef OPENSSL_NO_DH else if (alg_k & SSL_kEDH) { if ((dh = DH_new()) == NULL) { @@ -1462,17 +1444,10 @@ ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; -#ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#else - if (0) -; -#endif -#ifndef OPENSSL_NO_DSA else if (alg_a & SSL_aDSS) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); -#endif /* else anonymous DH, so no certificate or pkey. */ s->session->sess_cert->peer_dh_tmp = dh; @@ -1561,10 +1536,8 @@ ssl3_get_key_exchange(SSL *s) * key exchange message. We do support RSA and ECDSA. */ if (0); -#ifndef OPENSSL_NO_RSA else if (alg_a & SSL_aRSA) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#endif #ifndef OPENSSL_NO_ECDSA else if (alg_a & SSL_aECDSA) pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); @@ -1627,7 +1600,6 @@ ssl3_get_key_exchange(SSL *s) goto f_err; } -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { int num; @@ -1659,7 +1631,6 @@ ssl3_get_key_exchange(SSL *s) goto f_err; } } else -#endif { EVP_VerifyInit_ex(&md_ctx, md, NULL); EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); @@ -1693,10 +1664,8 @@ f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: EVP_PKEY_free(pkey); -#ifndef OPENSSL_NO_RSA if (rsa != NULL) RSA_free(rsa); -#endif #ifndef OPENSSL_NO_DH if (dh != NULL) DH_free(dh); @@ -2042,10 +2011,8 @@ ssl3_send_client_key_exchange(SSL *s) unsigned char *p, *d; int n; unsigned long alg_k; -#ifndef OPENSSL_NO_RSA unsigned char *q; EVP_PKEY *pkey = NULL; -#endif #ifndef OPENSSL_NO_KRB5 KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ @@ -2067,7 +2034,6 @@ ssl3_send_client_key_exchange(SSL *s) /* Fool emacs indentation */ if (0) { } -#ifndef OPENSSL_NO_RSA else if (alg_k & SSL_kRSA) { RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; @@ -2122,7 +2088,6 @@ ssl3_send_client_key_exchange(SSL *s) sizeof tmp_buf); OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); } -#endif #ifndef OPENSSL_NO_KRB5 else if (alg_k & SSL_kKRB5) { krb5_error_code krb5rc; @@ -2760,7 +2725,6 @@ ssl3_send_client_verify(SSL *s) if (!ssl3_digest_cached_records(s)) goto err; } else -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { s->method->ssl3_enc->cert_verify_mac( s, NID_md5, &(data[0])); @@ -2773,8 +2737,6 @@ ssl3_send_client_verify(SSL *s) s2n(u, p); n = u + 2; } else -#endif -#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { if (!DSA_sign(pkey->save_type, &(data[MD5_DIGEST_LENGTH]), @@ -2786,7 +2748,6 @@ ssl3_send_client_verify(SSL *s) s2n(j, p); n = j + 2; } else -#endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) { if (!ECDSA_sign(pkey->save_type, @@ -2914,9 +2875,7 @@ ssl3_check_cert_and_algorithm(SSL *s) long alg_k, alg_a; EVP_PKEY *pkey = NULL; SESS_CERT *sc; -#ifndef OPENSSL_NO_RSA RSA *rsa; -#endif #ifndef OPENSSL_NO_DH DH *dh; #endif @@ -2934,9 +2893,7 @@ ssl3_check_cert_and_algorithm(SSL *s) goto err; } -#ifndef OPENSSL_NO_RSA rsa = s->session->sess_cert->peer_rsa_tmp; -#endif #ifndef OPENSSL_NO_DH dh = s->session->sess_cert->peer_dh_tmp; #endif @@ -2966,19 +2923,15 @@ ssl3_check_cert_and_algorithm(SSL *s) SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_SIGNING_CERT); goto f_err; } -#ifndef OPENSSL_NO_DSA else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DSA_SIGNING_CERT); goto f_err; } -#endif -#ifndef OPENSSL_NO_RSA if ((alg_k & SSL_kRSA) && !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; } -#endif #ifndef OPENSSL_NO_DH if ((alg_k & SSL_kEDH) && !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { @@ -2988,16 +2941,13 @@ ssl3_check_cert_and_algorithm(SSL *s) SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); goto f_err; } -#ifndef OPENSSL_NO_DSA else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); goto f_err; } -#endif #endif if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { -#ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { if (rsa == NULL || RSA_size(rsa) * 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { @@ -3005,7 +2955,6 @@ ssl3_check_cert_and_algorithm(SSL *s) goto f_err; } } else -#endif #ifndef OPENSSL_NO_DH if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { if (dh == NULL || diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 8df07a1e4c7..288d885d9ec 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -3098,23 +3098,13 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret = 0; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -#ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA || - cmd == SSL_CTRL_SET_TMP_RSA_CB || -#endif -#ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH || - cmd == SSL_CTRL_SET_TMP_DH_CB || -#endif - 0) { + if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || + cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); return (0); } } -#endif switch (cmd) { case SSL_CTRL_GET_SESSION_REUSED: @@ -3135,7 +3125,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_FLAGS: ret = (int)(s->s3->flags); break; -#ifndef OPENSSL_NO_RSA case SSL_CTRL_NEED_TMP_RSA: if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || @@ -3165,7 +3154,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { @@ -3331,30 +3319,19 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { int ret = 0; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -#ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA_CB || -#endif -#ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH_CB || -#endif - 0) { + if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); return (0); } } -#endif switch (cmd) { -#ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: { s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; } break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { @@ -3389,7 +3366,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) cert = ctx->cert; switch (cmd) { -#ifndef OPENSSL_NO_RSA case SSL_CTRL_NEED_TMP_RSA: if ((cert->rsa_tmp == NULL) && ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || @@ -3429,7 +3405,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (0); } break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { @@ -3599,13 +3574,11 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) cert = ctx->cert; switch (cmd) { -#ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: { cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; } break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { @@ -3962,29 +3935,17 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p) #ifndef OPENSSL_NO_DH if (alg_k & (SSL_kDHr|SSL_kEDH)) { -# ifndef OPENSSL_NO_RSA p[ret++] = SSL3_CT_RSA_FIXED_DH; -# endif -# ifndef OPENSSL_NO_DSA p[ret++] = SSL3_CT_DSS_FIXED_DH; -# endif } if ((s->version == SSL3_VERSION) && (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) { -# ifndef OPENSSL_NO_RSA p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; -# endif -# ifndef OPENSSL_NO_DSA p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; -# endif } #endif /* !OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_RSA p[ret++] = SSL3_CT_RSA_SIGN; -#endif -#ifndef OPENSSL_NO_DSA p[ret++] = SSL3_CT_DSS_SIGN; -#endif #ifndef OPENSSL_NO_ECDH if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { p[ret++] = TLS_CT_RSA_FIXED_ECDH; diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 927b0d7db1e..19e0495fe63 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1554,13 +1554,11 @@ ssl3_send_server_done(SSL *s) int ssl3_send_server_key_exchange(SSL *s) { -#ifndef OPENSSL_NO_RSA unsigned char *q; int j, num; RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; -#endif #ifndef OPENSSL_NO_DH DH *dh = NULL, *dhp; #endif @@ -1596,7 +1594,6 @@ ssl3_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; -#ifndef OPENSSL_NO_RSA if (type & SSL_kRSA) { rsa = cert->rsa_tmp; if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { @@ -1623,7 +1620,6 @@ ssl3_send_server_key_exchange(SSL *s) r[1] = rsa->e; s->s3->tmp.use_rsa_tmp = 1; } else -#endif #ifndef OPENSSL_NO_DH if (type & SSL_kEDH) { dhp = cert->dh_tmp; @@ -1913,7 +1909,6 @@ ssl3_send_server_key_exchange(SSL *s) * n is the length of the params, they start at &(d[4]) * and p points to the space at the end. */ -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { q = md_buf; @@ -1946,7 +1941,6 @@ ssl3_send_server_key_exchange(SSL *s) s2n(u, p); n += u + 2; } else -#endif if (md) { /* * For TLS1.2 and later send signature @@ -2120,10 +2114,8 @@ ssl3_get_client_key_exchange(SSL *s) long n; unsigned long alg_k; unsigned char *p; -#ifndef OPENSSL_NO_RSA RSA *rsa = NULL; EVP_PKEY *pkey = NULL; -#endif #ifndef OPENSSL_NO_DH BIGNUM *pub = NULL; DH *dh_srvr; @@ -2149,7 +2141,6 @@ ssl3_get_client_key_exchange(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; -#ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { /* FIX THIS UP EAY EAY EAY EAY */ if (s->s3->tmp.use_rsa_tmp) { @@ -2259,7 +2250,6 @@ ssl3_get_client_key_exchange(SSL *s) p, i); OPENSSL_cleanse(p, i); } else -#endif #ifndef OPENSSL_NO_DH if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { n2s(p, i); @@ -2851,9 +2841,7 @@ ssl3_get_client_key_exchange(SSL *s) return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP) err: -#endif #ifndef OPENSSL_NO_ECDH EVP_PKEY_free(clnt_pub_pkey); EC_POINT_free(clnt_ecpoint); @@ -3010,7 +2998,6 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } } else -#ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i, @@ -3028,8 +3015,6 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } } else -#endif -#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { j = DSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), @@ -3042,7 +3027,6 @@ ssl3_get_cert_verify(SSL *s) goto f_err; } } else -#endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) { j = ECDSA_verify(pkey->save_type, diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h index cefee6189d8..ef829797b7a 100644 --- a/lib/libssl/src/ssl/ssl.h +++ b/lib/libssl/src/ssl/ssl.h @@ -1690,9 +1690,7 @@ int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok, X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); -#ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -#endif int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); @@ -1765,9 +1763,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg); -#ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -#endif int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); @@ -1963,13 +1959,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) /* NB: the keylength is only applicable when is_export is true */ -#ifndef OPENSSL_NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); -#endif #ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, int keylength)); diff --git a/lib/libssl/src/ssl/ssl_algs.c b/lib/libssl/src/ssl/ssl_algs.c index 463bf8ad66e..aaecb2da0fa 100644 --- a/lib/libssl/src/ssl/ssl_algs.c +++ b/lib/libssl/src/ssl/ssl_algs.c @@ -111,12 +111,10 @@ SSL_library_init(void) EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -#endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c index cf5cfb97f62..a823c16edff 100644 --- a/lib/libssl/src/ssl/ssl_cert.c +++ b/lib/libssl/src/ssl/ssl_cert.c @@ -163,13 +163,9 @@ static void ssl_cert_set_default_md(CERT *cert) { /* Set digest values to defaults */ -#ifndef OPENSSL_NO_DSA cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); -#endif -#ifndef OPENSSL_NO_RSA cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); -#endif #ifndef OPENSSL_NO_ECDSA cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif @@ -217,13 +213,11 @@ CERT ret->export_mask_k = cert->export_mask_k; ret->export_mask_a = cert->export_mask_a; -#ifndef OPENSSL_NO_RSA if (cert->rsa_tmp != NULL) { RSA_up_ref(cert->rsa_tmp); ret->rsa_tmp = cert->rsa_tmp; } ret->rsa_tmp_cb = cert->rsa_tmp_cb; -#endif #ifndef OPENSSL_NO_DH if (cert->dh_tmp != NULL) { @@ -319,10 +313,8 @@ CERT #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) err: #endif -#ifndef OPENSSL_NO_RSA if (ret->rsa_tmp != NULL) RSA_free(ret->rsa_tmp); -#endif #ifndef OPENSSL_NO_DH if (ret->dh_tmp != NULL) DH_free(ret->dh_tmp); @@ -355,10 +347,8 @@ ssl_cert_free(CERT *c) if (i > 0) return; -#ifndef OPENSSL_NO_RSA if (c->rsa_tmp) RSA_free(c->rsa_tmp); -#endif #ifndef OPENSSL_NO_DH if (c->dh_tmp) DH_free(c->dh_tmp); @@ -452,10 +442,8 @@ ssl_sess_cert_free(SESS_CERT *sc) #endif } -#ifndef OPENSSL_NO_RSA if (sc->peer_rsa_tmp != NULL) RSA_free(sc->peer_rsa_tmp); -#endif #ifndef OPENSSL_NO_DH if (sc->peer_dh_tmp != NULL) DH_free(sc->peer_dh_tmp); diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index b56a93d4cbf..140a00ceca5 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -696,13 +696,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *mac = 0; *ssl = 0; -#ifdef OPENSSL_NO_RSA - *mkey |= SSL_kRSA; - *auth |= SSL_aRSA; -#endif -#ifdef OPENSSL_NO_DSA - *auth |= SSL_aDSS; -#endif *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */ *auth |= SSL_aDH; #ifdef OPENSSL_NO_DH diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c index 3ab652a6a49..37fff3a38fc 100644 --- a/lib/libssl/src/ssl/ssl_lib.c +++ b/lib/libssl/src/ssl/ssl_lib.c @@ -1978,13 +1978,9 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) kl = SSL_C_EXPORT_PKEYLENGTH(cipher); -#ifndef OPENSSL_NO_RSA rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); rsa_tmp_export = (c->rsa_tmp_cb != NULL || (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); -#else - rsa_tmp = rsa_tmp_export = 0; -#endif #ifndef OPENSSL_NO_DH dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); dh_tmp_export = (c->dh_tmp_cb != NULL || @@ -2990,7 +2986,6 @@ SSL_want(const SSL *s) * \param cb the callback */ -#ifndef OPENSSL_NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, @@ -3006,7 +3001,6 @@ int keylength)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); } -#endif #ifdef DOXYGEN /*! diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 483723736a6..5767c1dd4b1 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -159,12 +159,8 @@ #endif #include #include -#ifndef OPENSSL_NO_RSA #include -#endif -#ifndef OPENSSL_NO_DSA #include -#endif #include #include @@ -500,10 +496,8 @@ typedef struct cert_st { unsigned long mask_a; unsigned long export_mask_k; unsigned long export_mask_a; -#ifndef OPENSSL_NO_RSA RSA *rsa_tmp; RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize); -#endif #ifndef OPENSSL_NO_DH DH *dh_tmp; DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); @@ -531,9 +525,7 @@ typedef struct sess_cert_st { /* Obviously we don't have the private keys of these, * so maybe we shouldn't even use the CERT_PKEY type here. */ -#ifndef OPENSSL_NO_RSA RSA *peer_rsa_tmp; /* not used for SSL 2 */ -#endif #ifndef OPENSSL_NO_DH DH *peer_dh_tmp; /* not used for SSL 2 */ #endif diff --git a/lib/libssl/src/ssl/ssl_rsa.c b/lib/libssl/src/ssl/ssl_rsa.c index 078df55f06a..05d18de1d99 100644 --- a/lib/libssl/src/ssl/ssl_rsa.c +++ b/lib/libssl/src/ssl/ssl_rsa.c @@ -142,7 +142,6 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) return (ret); } -#ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) { @@ -169,7 +168,6 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) EVP_PKEY_free(pkey); return (ret); } -#endif static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) @@ -189,14 +187,12 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey) EVP_PKEY_free(pktmp); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA /* Don't check the public/private key, this is mostly * for smart cards. */ if ((pkey->type == EVP_PKEY_RSA) && (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ; else -#endif if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; @@ -214,7 +210,6 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return (1); } -#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_STDIO int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) @@ -274,7 +269,6 @@ SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) RSA_free(rsa); return (ret); } -#endif /* !OPENSSL_NO_RSA */ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) @@ -390,7 +384,6 @@ ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA /* Don't check the public/private key, this is mostly * for smart cards. */ if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && @@ -398,7 +391,6 @@ ssl_set_cert(CERT *c, X509 *x) RSA_METHOD_FLAG_NO_CHECK)) ; else -#endif /* OPENSSL_NO_RSA */ if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { /* don't fail for a cert/key mismatch, just free * current private key (when switching to a different @@ -485,7 +477,6 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) return (ret); } -#ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) { @@ -572,7 +563,6 @@ SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) RSA_free(rsa); return (ret); } -#endif /* !OPENSSL_NO_RSA */ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c index a8228fbfa5d..1ce08c957d4 100644 --- a/lib/libssl/src/ssl/ssltest.c +++ b/lib/libssl/src/ssl/ssltest.c @@ -173,12 +173,8 @@ #endif #include #include -#ifndef OPENSSL_NO_RSA #include -#endif -#ifndef OPENSSL_NO_DSA #include -#endif #ifndef OPENSSL_NO_DH #include #endif @@ -203,10 +199,8 @@ #define COMP_ZLIB 1 static int verify_callback(int ok, X509_STORE_CTX *ctx); -#ifndef OPENSSL_NO_RSA static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); static void free_tmp_rsa(void); -#endif static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); #define APP_CALLBACK_STRING "Test Callback Argument" struct app_verify_arg { @@ -363,22 +357,18 @@ print_details(SSL *c_ssl, const char *prefix) if (pkey != NULL) { if (0) ; -#ifndef OPENSSL_NO_RSA else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL && pkey->pkey.rsa->n != NULL) { BIO_printf(bio_stdout, ", %d bit RSA", BN_num_bits(pkey->pkey.rsa->n)); } -#endif -#ifndef OPENSSL_NO_DSA else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL && pkey->pkey.dsa->p != NULL) { BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(pkey->pkey.dsa->p)); } -#endif EVP_PKEY_free(pkey); } X509_free(cert); @@ -837,9 +827,7 @@ bad: (void)no_ecdhe; #endif -#ifndef OPENSSL_NO_RSA SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); -#endif #ifdef TLSEXT_TYPE_opaque_prf_input SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); @@ -997,9 +985,7 @@ end: if (bio_stdout != NULL) BIO_free(bio_stdout); -#ifndef OPENSSL_NO_RSA free_tmp_rsa(); -#endif #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif @@ -2087,7 +2073,6 @@ app_verify_callback(X509_STORE_CTX *ctx, void *arg) return (ok); } -#ifndef OPENSSL_NO_RSA static RSA *rsa_tmp = NULL; static RSA @@ -2125,7 +2110,6 @@ free_tmp_rsa(void) rsa_tmp = NULL; } } -#endif #ifndef OPENSSL_NO_DH /* These DH parameters have been generated as follows: diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c index 304140d7f6d..6ee2289153f 100644 --- a/lib/libssl/src/ssl/t1_lib.c +++ b/lib/libssl/src/ssl/t1_lib.c @@ -310,17 +310,9 @@ tls1_ec_nid2curve_id(int nid) * customisable at some point, for now include everything we support. */ -#ifdef OPENSSL_NO_RSA -#define tlsext_sigalg_rsa(md) /* */ -#else #define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa, -#endif -#ifdef OPENSSL_NO_DSA -#define tlsext_sigalg_dsa(md) /* */ -#else #define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, -#endif #ifdef OPENSSL_NO_ECDSA #define tlsext_sigalg_ecdsa(md) /* */ @@ -2202,12 +2194,8 @@ static tls12_lookup tls12_md[] = { }; static tls12_lookup tls12_sig[] = { -#ifndef OPENSSL_NO_RSA {EVP_PKEY_RSA, TLSEXT_signature_rsa}, -#endif -#ifndef OPENSSL_NO_DSA {EVP_PKEY_DSA, TLSEXT_signature_dsa}, -#endif #ifndef OPENSSL_NO_ECDSA {EVP_PKEY_EC, TLSEXT_signature_ecdsa} #endif @@ -2307,16 +2295,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) unsigned char hash_alg = data[i], sig_alg = data[i + 1]; switch (sig_alg) { -#ifndef OPENSSL_NO_RSA case TLSEXT_signature_rsa: idx = SSL_PKEY_RSA_SIGN; break; -#endif -#ifndef OPENSSL_NO_DSA case TLSEXT_signature_dsa: idx = SSL_PKEY_DSA_SIGN; break; -#endif #ifndef OPENSSL_NO_ECDSA case TLSEXT_signature_ecdsa: idx = SSL_PKEY_ECC; @@ -2341,16 +2325,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) /* Set any remaining keys to default values. NOTE: if alg is not * supported it stays as NULL. */ -#ifndef OPENSSL_NO_DSA if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); -#endif -#ifndef OPENSSL_NO_RSA if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); } -#endif #ifndef OPENSSL_NO_ECDSA if (!c->pkeys[SSL_PKEY_ECC].digest) c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index cefee6189d8..ef829797b7a 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1690,9 +1690,7 @@ int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok, X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); -#ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -#endif int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); @@ -1765,9 +1763,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg); -#ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -#endif int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); @@ -1963,13 +1959,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) /* NB: the keylength is only applicable when is_export is true */ -#ifndef OPENSSL_NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); -#endif #ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, int keylength)); diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c index 463bf8ad66e..aaecb2da0fa 100644 --- a/lib/libssl/ssl_algs.c +++ b/lib/libssl/ssl_algs.c @@ -111,12 +111,10 @@ SSL_library_init(void) EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -#endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index cf5cfb97f62..a823c16edff 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -163,13 +163,9 @@ static void ssl_cert_set_default_md(CERT *cert) { /* Set digest values to defaults */ -#ifndef OPENSSL_NO_DSA cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); -#endif -#ifndef OPENSSL_NO_RSA cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); -#endif #ifndef OPENSSL_NO_ECDSA cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif @@ -217,13 +213,11 @@ CERT ret->export_mask_k = cert->export_mask_k; ret->export_mask_a = cert->export_mask_a; -#ifndef OPENSSL_NO_RSA if (cert->rsa_tmp != NULL) { RSA_up_ref(cert->rsa_tmp); ret->rsa_tmp = cert->rsa_tmp; } ret->rsa_tmp_cb = cert->rsa_tmp_cb; -#endif #ifndef OPENSSL_NO_DH if (cert->dh_tmp != NULL) { @@ -319,10 +313,8 @@ CERT #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) err: #endif -#ifndef OPENSSL_NO_RSA if (ret->rsa_tmp != NULL) RSA_free(ret->rsa_tmp); -#endif #ifndef OPENSSL_NO_DH if (ret->dh_tmp != NULL) DH_free(ret->dh_tmp); @@ -355,10 +347,8 @@ ssl_cert_free(CERT *c) if (i > 0) return; -#ifndef OPENSSL_NO_RSA if (c->rsa_tmp) RSA_free(c->rsa_tmp); -#endif #ifndef OPENSSL_NO_DH if (c->dh_tmp) DH_free(c->dh_tmp); @@ -452,10 +442,8 @@ ssl_sess_cert_free(SESS_CERT *sc) #endif } -#ifndef OPENSSL_NO_RSA if (sc->peer_rsa_tmp != NULL) RSA_free(sc->peer_rsa_tmp); -#endif #ifndef OPENSSL_NO_DH if (sc->peer_dh_tmp != NULL) DH_free(sc->peer_dh_tmp); diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index b56a93d4cbf..140a00ceca5 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -696,13 +696,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *mac = 0; *ssl = 0; -#ifdef OPENSSL_NO_RSA - *mkey |= SSL_kRSA; - *auth |= SSL_aRSA; -#endif -#ifdef OPENSSL_NO_DSA - *auth |= SSL_aDSS; -#endif *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */ *auth |= SSL_aDH; #ifdef OPENSSL_NO_DH diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 3ab652a6a49..37fff3a38fc 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1978,13 +1978,9 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) kl = SSL_C_EXPORT_PKEYLENGTH(cipher); -#ifndef OPENSSL_NO_RSA rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); rsa_tmp_export = (c->rsa_tmp_cb != NULL || (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); -#else - rsa_tmp = rsa_tmp_export = 0; -#endif #ifndef OPENSSL_NO_DH dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); dh_tmp_export = (c->dh_tmp_cb != NULL || @@ -2990,7 +2986,6 @@ SSL_want(const SSL *s) * \param cb the callback */ -#ifndef OPENSSL_NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, @@ -3006,7 +3001,6 @@ int keylength)) { SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); } -#endif #ifdef DOXYGEN /*! diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 483723736a6..5767c1dd4b1 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -159,12 +159,8 @@ #endif #include #include -#ifndef OPENSSL_NO_RSA #include -#endif -#ifndef OPENSSL_NO_DSA #include -#endif #include #include @@ -500,10 +496,8 @@ typedef struct cert_st { unsigned long mask_a; unsigned long export_mask_k; unsigned long export_mask_a; -#ifndef OPENSSL_NO_RSA RSA *rsa_tmp; RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize); -#endif #ifndef OPENSSL_NO_DH DH *dh_tmp; DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); @@ -531,9 +525,7 @@ typedef struct sess_cert_st { /* Obviously we don't have the private keys of these, * so maybe we shouldn't even use the CERT_PKEY type here. */ -#ifndef OPENSSL_NO_RSA RSA *peer_rsa_tmp; /* not used for SSL 2 */ -#endif #ifndef OPENSSL_NO_DH DH *peer_dh_tmp; /* not used for SSL 2 */ #endif diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c index 078df55f06a..05d18de1d99 100644 --- a/lib/libssl/ssl_rsa.c +++ b/lib/libssl/ssl_rsa.c @@ -142,7 +142,6 @@ SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) return (ret); } -#ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) { @@ -169,7 +168,6 @@ SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) EVP_PKEY_free(pkey); return (ret); } -#endif static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) @@ -189,14 +187,12 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey) EVP_PKEY_free(pktmp); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA /* Don't check the public/private key, this is mostly * for smart cards. */ if ((pkey->type == EVP_PKEY_RSA) && (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ; else -#endif if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; @@ -214,7 +210,6 @@ ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return (1); } -#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_STDIO int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) @@ -274,7 +269,6 @@ SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) RSA_free(rsa); return (ret); } -#endif /* !OPENSSL_NO_RSA */ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) @@ -390,7 +384,6 @@ ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA /* Don't check the public/private key, this is mostly * for smart cards. */ if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && @@ -398,7 +391,6 @@ ssl_set_cert(CERT *c, X509 *x) RSA_METHOD_FLAG_NO_CHECK)) ; else -#endif /* OPENSSL_NO_RSA */ if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { /* don't fail for a cert/key mismatch, just free * current private key (when switching to a different @@ -485,7 +477,6 @@ SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) return (ret); } -#ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) { @@ -572,7 +563,6 @@ SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) RSA_free(rsa); return (ret); } -#endif /* !OPENSSL_NO_RSA */ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 304140d7f6d..6ee2289153f 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -310,17 +310,9 @@ tls1_ec_nid2curve_id(int nid) * customisable at some point, for now include everything we support. */ -#ifdef OPENSSL_NO_RSA -#define tlsext_sigalg_rsa(md) /* */ -#else #define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa, -#endif -#ifdef OPENSSL_NO_DSA -#define tlsext_sigalg_dsa(md) /* */ -#else #define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, -#endif #ifdef OPENSSL_NO_ECDSA #define tlsext_sigalg_ecdsa(md) /* */ @@ -2202,12 +2194,8 @@ static tls12_lookup tls12_md[] = { }; static tls12_lookup tls12_sig[] = { -#ifndef OPENSSL_NO_RSA {EVP_PKEY_RSA, TLSEXT_signature_rsa}, -#endif -#ifndef OPENSSL_NO_DSA {EVP_PKEY_DSA, TLSEXT_signature_dsa}, -#endif #ifndef OPENSSL_NO_ECDSA {EVP_PKEY_EC, TLSEXT_signature_ecdsa} #endif @@ -2307,16 +2295,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) unsigned char hash_alg = data[i], sig_alg = data[i + 1]; switch (sig_alg) { -#ifndef OPENSSL_NO_RSA case TLSEXT_signature_rsa: idx = SSL_PKEY_RSA_SIGN; break; -#endif -#ifndef OPENSSL_NO_DSA case TLSEXT_signature_dsa: idx = SSL_PKEY_DSA_SIGN; break; -#endif #ifndef OPENSSL_NO_ECDSA case TLSEXT_signature_ecdsa: idx = SSL_PKEY_ECC; @@ -2341,16 +2325,12 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) /* Set any remaining keys to default values. NOTE: if alg is not * supported it stays as NULL. */ -#ifndef OPENSSL_NO_DSA if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); -#endif -#ifndef OPENSSL_NO_RSA if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); } -#endif #ifndef OPENSSL_NO_ECDSA if (!c->pkeys[SSL_PKEY_ECC].digest) c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();