diff options
author | Richard Levitte <levitte@openssl.org> | 2020-12-17 21:37:15 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-12-20 12:19:42 +0100 |
commit | 3a1ee3c1993c588a22cb80f1d0eb6237f83a1560 (patch) | |
tree | 3e915497790f85855ef9730b2d36bc97a688a9f4 /ssl | |
parent | e3577adddf6bc4f0d9d202621a2c576d982d6f0a (diff) | |
download | openssl-3a1ee3c1993c588a22cb80f1d0eb6237f83a1560.tar.gz |
Drop OPENSSL_NO_RSA everywhere
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 4 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 7 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
4 files changed, 0 insertions, 21 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c2bdef6eae..298efdc1cb 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4386,20 +4386,16 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { #ifndef OPENSSL_NO_DH -# ifndef OPENSSL_NO_RSA if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) return 0; -# endif # ifndef OPENSSL_NO_DSA if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) return 0; # endif #endif /* !OPENSSL_NO_DH */ } -#ifndef OPENSSL_NO_RSA if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) return 0; -#endif #ifndef OPENSSL_NO_DSA if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN)) return 0; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b1d3f7919e..64ecc543ba 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -354,10 +354,6 @@ int ssl_load_ciphers(SSL_CTX *ctx) ctx->disabled_mkey_mask = 0; ctx->disabled_auth_mask = 0; -#ifdef OPENSSL_NO_RSA - ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; - dctx->isabled_auth_mask |= SSL_aRSA; -#endif #ifdef OPENSSL_NO_DSA ctx->disabled_auth_mask |= SSL_aDSS; #endif diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 277998f954..875ea59589 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2808,7 +2808,6 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) { -#ifndef OPENSSL_NO_RSA unsigned char *encdata = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pctx = NULL; @@ -2886,10 +2885,6 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) EVP_PKEY_CTX_free(pctx); return 0; -#else - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; -#endif } static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) @@ -3556,13 +3551,11 @@ int ssl3_check_cert_and_algorithm(SSL *s) return 0; } #endif -#ifndef OPENSSL_NO_RSA if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_MISSING_RSA_ENCRYPTING_CERT); return 0; } -#endif #ifndef OPENSSL_NO_DH if ((alg_k & SSL_kDHE) && (s->s3.peer_tmp == NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 16bd24d103..cc09a23960 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2856,7 +2856,6 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) static int tls_process_cke_rsa(SSL *s, PACKET *pkt) { -#ifndef OPENSSL_NO_RSA size_t outlen; PACKET enc_premaster; EVP_PKEY *rsa = NULL; @@ -2950,11 +2949,6 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt) OPENSSL_free(rsa_decrypt); EVP_PKEY_CTX_free(ctx); return ret; -#else - /* Should never happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; -#endif } static int tls_process_cke_dhe(SSL *s, PACKET *pkt) |