diff options
author | Matt Caswell <matt@openssl.org> | 2014-11-18 16:54:07 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-12-16 14:13:45 +0000 |
commit | af6e2d51bfeabbae827030d4c9d58a8f7477c4a0 (patch) | |
tree | c1850f479f5f20ad94fa1c6d99ca943ac0be410c /ssl | |
parent | 55e530265a7ea8f264717a4e37338cc04eca2007 (diff) | |
download | openssl-af6e2d51bfeabbae827030d4c9d58a8f7477c4a0.tar.gz |
Add OPENSSL_NO_ECDH guards
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 8 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 5 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 2 | ||||
-rw-r--r-- | ssl/t1_lib.c | 2 |
5 files changed, 18 insertions, 1 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 51a4ec3e89..0cd08bd4f0 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3810,10 +3810,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_SHARED_CURVE: return tls1_shared_curve(s, larg); +#ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_ECDH_AUTO: s->cert->ecdh_tmp_auto = larg; return 1; #endif +#endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); @@ -3884,7 +3886,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY *ptmp; int rv = 0; sc = s->session->sess_cert; -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH) if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) return 0; @@ -4237,10 +4239,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, parg); +#ifndef OPENSSL_NO_ECDH case SSL_CTRL_SET_ECDH_AUTO: ctx->cert->ecdh_tmp_auto = larg; return 1; #endif +#endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); @@ -4543,10 +4547,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECDH /* if we are considering an ECC cipher suite that uses * an ephemeral EC key check it */ if (alg_k & SSL_kECDHE) ok = ok && tls1_check_ec_tmp_key(s, c->id); +#endif /* OPENSSL_NO_ECDH */ #endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_TLSEXT */ diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 133d9d9b2f..60e5772639 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1436,6 +1436,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, return 0; } +#ifndef OPENSSL_NO_ECDH switch(suiteb_flags) { case SSL_CERT_FLAG_SUITEB_128_LOS: @@ -1454,6 +1455,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, /* Set auto ECDH parameter determination */ c->ecdh_tmp_auto = 1; return 1; +#else + SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + return 0; +#endif } #endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a4d565fb4a..ea271fb4f5 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2361,8 +2361,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) x = cpk->x509; /* This call populates extension flags (ex_flags) */ X509_check_purpose(x, -1, 0); +#ifndef OPENSSL_NO_ECDH ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; +#endif ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; if (!(cpk->valid_flags & CERT_PKEY_SIGN)) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 4e307e44c1..2e598e3ac5 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1250,7 +1250,9 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str); +#ifndef OPENSSL_NO_ECDH int tls1_check_ec_tmp_key(SSL *s, unsigned long id); +#endif /* OPENSSL_NO_ECDH */ #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8d5fd12903..f0291b115f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -828,6 +828,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) } return rv; } +#ifndef OPENSSL_NO_ECDH /* Check EC temporary key is compatible with client extensions */ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) { @@ -894,6 +895,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) return tls1_check_ec_key(s, curve_id, NULL); #endif } +#endif /* OPENSSL_NO_ECDH */ #else |