wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make no-ec compilation work.

Browse source 
(cherry picked from commit 14536c8c9c)
This commit is contained in:
Dr. Stephen Henson 2013-08-17 17:40:08 +01:00
parent 171c4da568
commit 5b430cfc44
8 changed files with 75 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
apps/s_cb.c
View file

@ -423,7 +423,7 @@ int ssl_print_sigalgs(BIO *out, SSL *s)
BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid)); BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
return 1; return 1;
} }
#ifndef OPENSSL_NO_EC
int ssl_print_point_formats(BIO *out, SSL *s) int ssl_print_point_formats(BIO *out, SSL *s)
{ {
int i, nformats; int i, nformats;
@ -515,7 +515,7 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared)
BIO_puts(out, "\n"); BIO_puts(out, "\n");
return 1; return 1;
} }
#endif
int ssl_print_tmp_key(BIO *out, SSL *s) int ssl_print_tmp_key(BIO *out, SSL *s)
{ {
EVP_PKEY *key; EVP_PKEY *key;
@ -531,7 +531,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
case EVP_PKEY_DH: case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break; break;
#ifndef OPENSSL_NO_ECDH
case EVP_PKEY_EC: case EVP_PKEY_EC:
{ {
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
@ -545,6 +545,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
BIO_printf(out, "ECDH, %s, %d bits\n", BIO_printf(out, "ECDH, %s, %d bits\n",
cname, EVP_PKEY_bits(key)); cname, EVP_PKEY_bits(key));
} }
#endif
} }
EVP_PKEY_free(key); EVP_PKEY_free(key);
return 1; return 1;

5
apps/s_server.c
View file

@ -2555,7 +2555,10 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con); ssl_print_sigalgs(bio_s_out, con);
#ifndef OPENSSL_NO_EC
ssl_print_point_formats(bio_s_out, con);
ssl_print_curves(bio_s_out, con, 0); ssl_print_curves(bio_s_out, con, 0);
#endif
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
@ -2875,7 +2878,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
BIO_puts(io,"\n"); BIO_puts(io,"\n");
} }
ssl_print_sigalgs(io, con); ssl_print_sigalgs(io, con);
#ifndef OPENSSL_NO_EC
ssl_print_curves(io, con, 0); ssl_print_curves(io, con, 0);
#endif
BIO_printf(io,(SSL_cache_hit(con) BIO_printf(io,(SSL_cache_hit(con)
?"---\nReused, " ?"---\nReused, "
:"---\nNew, ")); :"---\nNew, "));

16
crypto/x509/x509_cmp.c
View file

@ -349,6 +349,8 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
* flags. * flags.
*/ */
#ifndef OPENSSL_NO_EC
static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
{ {
const EC_GROUP *grp = NULL; const EC_GROUP *grp = NULL;
@ -465,6 +467,20 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);
return check_suite_b(pk, sign_nid, &flags); return check_suite_b(pk, sign_nid, &flags);
} }
#else
int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
unsigned long flags)
{
return 0;
}
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
{
return 0;
}
#endif
/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference /* Not strictly speaking an "up_ref" as a STACK doesn't have a reference
* count but it has the same effect by duping the STACK and upping the ref * count but it has the same effect by duping the STACK and upping the ref
* of each X509 structure. * of each X509 structure.

20
ssl/s3_lib.c
View file

@ -3397,6 +3397,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
else else
return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg); return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_CURVES: case SSL_CTRL_GET_CURVES:
{ {
unsigned char *clist; unsigned char *clist;
@ -3439,7 +3440,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_ECDH_AUTO: case SSL_CTRL_SET_ECDH_AUTO:
s->cert->ecdh_tmp_auto = larg; s->cert->ecdh_tmp_auto = larg;
return 1; return 1;
#endif
case SSL_CTRL_SET_SIGALGS: case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0); return tls1_set_sigalgs(s->cert, parg, larg, 0);
@ -3510,9 +3511,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
EVP_PKEY *ptmp; EVP_PKEY *ptmp;
int rv = 0; int rv = 0;
sc = s->session->sess_cert; sc = s->session->sess_cert;
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
&& !sc->peer_ecdh_tmp) && !sc->peer_ecdh_tmp)
return 0; return 0;
#endif
ptmp = EVP_PKEY_new(); ptmp = EVP_PKEY_new();
if (!ptmp) if (!ptmp)
return 0; return 0;
@ -3537,7 +3540,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
EVP_PKEY_free(ptmp); EVP_PKEY_free(ptmp);
return 0; return 0;
} }
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS: case SSL_CTRL_GET_EC_POINT_FORMATS:
{ {
SSL_SESSION *sess = s->session; SSL_SESSION *sess = s->session;
@ -3547,7 +3550,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
*pformat = sess->tlsext_ecpointformatlist; *pformat = sess->tlsext_ecpointformatlist;
return (int)sess->tlsext_ecpointformatlist_length; return (int)sess->tlsext_ecpointformatlist_length;
} }
#endif
default: default:
break; break;
} }
@ -3812,6 +3815,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
break; break;
#endif #endif
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_CURVES: case SSL_CTRL_SET_CURVES:
return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length, &ctx->tlsext_ellipticcurvelist_length,
@ -3824,7 +3828,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_SET_ECDH_AUTO: case SSL_CTRL_SET_ECDH_AUTO:
ctx->cert->ecdh_tmp_auto = larg; ctx->cert->ecdh_tmp_auto = larg;
return 1; return 1;
#endif
case SSL_CTRL_SET_SIGALGS: case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0); return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
@ -4137,7 +4141,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
int ret=0; int ret=0;
const unsigned char *sig; const unsigned char *sig;
size_t i, siglen; size_t i, siglen;
int have_rsa_sign = 0, have_dsa_sign = 0, have_ecdsa_sign = 0; int have_rsa_sign = 0, have_dsa_sign = 0;
#ifndef OPENSSL_NO_ECDSA
int have_ecdsa_sign = 0;
#endif
int nostrict = 1; int nostrict = 1;
unsigned long alg_k; unsigned long alg_k;
@ -4162,10 +4169,11 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
case TLSEXT_signature_dsa: case TLSEXT_signature_dsa:
have_dsa_sign = 1; have_dsa_sign = 1;
break; break;
#ifndef OPENSSL_NO_ECDSA
case TLSEXT_signature_ecdsa: case TLSEXT_signature_ecdsa:
have_ecdsa_sign = 1; have_ecdsa_sign = 1;
break; break;
#endif
} }
} }

7
ssl/ssl_ciph.c
View file

@ -1350,7 +1350,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
return(retval); return(retval);
} }
#ifndef OPENSSL_NO_EC
static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
const char **prule_str) const char **prule_str)
{ {
@ -1405,6 +1405,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
c->ecdh_tmp_auto = 1; c->ecdh_tmp_auto = 1;
return 1; return 1;
} }
#endif
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@ -1424,10 +1425,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/ */
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
return NULL; return NULL;
#ifndef OPENSSL_NO_EC
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
return NULL; return NULL;
#endif
/* /*
* To reduce the work to do we only want to process the compiled * To reduce the work to do we only want to process the compiled

6
ssl/ssl_conf.c
View file

@ -253,7 +253,7 @@ static int cmd_curves(SSL_CONF_CTX *cctx, const char *value)
rv = SSL_CTX_set1_curves_list(cctx->ctx, value); rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
return rv > 0; return rv > 0;
} }
#ifndef OPENSSL_NO_ECDH
/* ECDH temporary parameters */ /* ECDH temporary parameters */
static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value) static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
{ {
@ -314,7 +314,7 @@ static int cmd_ecdhparam(SSL_CONF_CTX *cctx, const char *value)
return rv > 0; return rv > 0;
} }
#endif
static int cmd_cipher_list(SSL_CONF_CTX *cctx, const char *value) static int cmd_cipher_list(SSL_CONF_CTX *cctx, const char *value)
{ {
int rv = 1; int rv = 1;
@ -378,7 +378,9 @@ static ssl_conf_cmd_tbl ssl_conf_cmds[] = {
{cmd_sigalgs, "SignatureAlgorithms", "sigalgs"}, {cmd_sigalgs, "SignatureAlgorithms", "sigalgs"},
{cmd_client_sigalgs, "ClientSignatureAlgorithms", "client_sigalgs"}, {cmd_client_sigalgs, "ClientSignatureAlgorithms", "client_sigalgs"},
{cmd_curves, "Curves", "curves"}, {cmd_curves, "Curves", "curves"},
#ifndef OPENSSL_NO_ECDH
{cmd_ecdhparam, "ECDHParameters", "named_curve"}, {cmd_ecdhparam, "ECDHParameters", "named_curve"},
#endif
{cmd_cipher_list, "CipherString", "cipher"}, {cmd_cipher_list, "CipherString", "cipher"},
{cmd_protocol, "Protocol", NULL}, {cmd_protocol, "Protocol", NULL},
{cmd_options, "Options", NULL}, {cmd_options, "Options", NULL},

17
ssl/ssl_lib.c
View file

@ -1186,8 +1186,10 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
{ {
switch (cmd) switch (cmd)
{ {
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_CURVES_LIST: case SSL_CTRL_SET_CURVES_LIST:
return tls1_set_curves_list(NULL, NULL, parg); return tls1_set_curves_list(NULL, NULL, parg);
#endif
case SSL_CTRL_SET_SIGALGS_LIST: case SSL_CTRL_SET_SIGALGS_LIST:
case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
return tls1_set_sigalgs_list(NULL, parg, 0); return tls1_set_sigalgs_list(NULL, parg, 0);
@ -2179,14 +2181,17 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
int rsa_enc_export,dh_rsa_export,dh_dsa_export; int rsa_enc_export,dh_rsa_export,dh_dsa_export;
int rsa_tmp_export,dh_tmp_export,kl; int rsa_tmp_export,dh_tmp_export,kl;
unsigned long mask_k,mask_a,emask_k,emask_a; unsigned long mask_k,mask_a,emask_k,emask_a;
int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; #ifndef OPENSSL_NO_ECDSA
#ifndef OPENSSL_NO_ECDH int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
int have_ecdh_tmp;
#endif #endif
#ifndef OPENSSL_NO_ECDH
int have_ecdh_tmp, ecdh_ok;
#endif
#ifndef OPENSSL_NO_EC
X509 *x = NULL; X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL; EVP_PKEY *ecc_pkey = NULL;
int signature_nid = 0, pk_nid = 0, md_nid = 0; int signature_nid = 0, pk_nid = 0, md_nid = 0;
#endif
if (c == NULL) return; if (c == NULL) return;
kl=SSL_C_EXPORT_PKEYLENGTH(cipher); kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
@ -2224,7 +2229,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
dh_dsa= cpk->valid_flags & CERT_PKEY_VALID; dh_dsa= cpk->valid_flags & CERT_PKEY_VALID;
dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_ECC]); cpk= &(c->pkeys[SSL_PKEY_ECC]);
#ifndef OPENSSL_NO_EC
have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID; have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
#endif
mask_k=0; mask_k=0;
mask_a=0; mask_a=0;
emask_k=0; emask_k=0;
@ -2304,6 +2311,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
/* An ECC certificate may be usable for ECDH and/or /* An ECC certificate may be usable for ECDH and/or
* ECDSA cipher suites depending on the key usage extension. * ECDSA cipher suites depending on the key usage extension.
*/ */
#ifndef OPENSSL_NO_EC
if (have_ecc_cert) if (have_ecc_cert)
{ {
cpk = &c->pkeys[SSL_PKEY_ECC]; cpk = &c->pkeys[SSL_PKEY_ECC];
@ -2360,6 +2368,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
} }
#endif #endif
} }
#endif
#ifndef OPENSSL_NO_ECDH #ifndef OPENSSL_NO_ECDH
if (have_ecdh_tmp) if (have_ecdh_tmp)

19
ssl/t1_lib.c
View file

@ -769,6 +769,13 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
#endif #endif
} }
#else
static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
{
return 1;
}
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
@ -816,17 +823,18 @@ static unsigned char tls12_sigalgs[] = {
tlsext_sigalg_rsa(TLSEXT_hash_md5) tlsext_sigalg_rsa(TLSEXT_hash_md5)
#endif #endif
}; };
#ifndef OPENSSL_NO_ECDSA
static unsigned char suiteb_sigalgs[] = { static unsigned char suiteb_sigalgs[] = {
tlsext_sigalg_ecdsa(TLSEXT_hash_sha256) tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
}; };
#endif
size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
{ {
/* If Suite B mode use Suite B sigalgs only, ignore any other /* If Suite B mode use Suite B sigalgs only, ignore any other
* preferences. * preferences.
*/ */
#ifndef OPENSSL_NO_EC
switch (tls1_suiteb(s)) switch (tls1_suiteb(s))
{ {
case SSL_CERT_FLAG_SUITEB_128_LOS: case SSL_CERT_FLAG_SUITEB_128_LOS:
@ -841,7 +849,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
*psigs = suiteb_sigalgs + 2; *psigs = suiteb_sigalgs + 2;
return 2; return 2;
} }
#endif
/* If server use client authentication sigalgs if not NULL */ /* If server use client authentication sigalgs if not NULL */
if (s->server && s->cert->client_sigalgs) if (s->server && s->cert->client_sigalgs)
{ {
@ -883,6 +891,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,SSL_R_WRONG_SIGNATURE_TYPE); SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,SSL_R_WRONG_SIGNATURE_TYPE);
return 0; return 0;
} }
#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC) if (pkey->type == EVP_PKEY_EC)
{ {
unsigned char curve_id[2], comp_id; unsigned char curve_id[2], comp_id;
@ -923,6 +932,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
} }
else if (tls1_suiteb(s)) else if (tls1_suiteb(s))
return 0; return 0;
#endif
/* Check signature matches a type we sent */ /* Check signature matches a type we sent */
sent_sigslen = tls12_get_psigalgs(s, &sent_sigs); sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
@ -1448,11 +1458,12 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen; int next_proto_neg_seen;
#endif #endif
#ifndef OPENSSL_NO_EC
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
#endif
/* don't add extensions for SSLv3, unless doing secure renegotiation */ /* don't add extensions for SSLv3, unless doing secure renegotiation */
if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
return p; return p;