diff options
| author | Matt Caswell <matt@openssl.org> | 2020-11-27 09:55:36 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-11-30 10:50:13 +0000 |
| commit | cbb85bda0c0849ce962e1cf232689d6351e4a217 (patch) | |
| tree | 34a01fc626584b740ffa0e6b98ae73458992a1d3 /ssl | |
| parent | 9327b5c9c9e3a1b18e5b52491dc438d1e28b5e40 (diff) | |
| download | openssl-new-cbb85bda0c0849ce962e1cf232689d6351e4a217.tar.gz | |
Fix builds that specify both no-dh and no-ec
Various sections of code assumed that at least one of dh or ec would be
available. We also now also need to handle cases where a provider has
a key exchange algorithm and TLS-GROUP that we don't know about.
Fixes #13536
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13549)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_local.h | 8 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 11 |
2 files changed, 4 insertions, 15 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 3bcf6e7551..d0fd8b926b 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1301,9 +1301,7 @@ struct ssl_st { int message_type; /* used to hold the new cipher we are going to use */ const SSL_CIPHER *new_cipher; -# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - EVP_PKEY *pkey; /* holds short lived DH/ECDH key */ -# endif + EVP_PKEY *pkey; /* holds short lived key exchange key */ /* used for certificate requests */ int cert_req; /* Certificate types in certificate request message. */ @@ -1415,11 +1413,9 @@ struct ssl_st { # endif /* !OPENSSL_NO_EC */ /* For clients: peer temporary key */ -# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - /* The group_id for the DH/ECDH key */ + /* The group_id for the key exchange key */ uint16_t group_id; EVP_PKEY *peer_tmp; -# endif } s3; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a39fc44c97..d88b460c7b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -136,7 +136,6 @@ int tls1_clear(SSL *s) return 1; } -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) /* Legacy NID to group_id mapping. Only works for groups we know about */ static struct { int nid; @@ -185,7 +184,6 @@ static struct { {NID_ffdhe6144, OSSL_TLS_GROUP_ID_ffdhe6144}, {NID_ffdhe8192, OSSL_TLS_GROUP_ID_ffdhe8192} }; -#endif #ifndef OPENSSL_NO_EC static const unsigned char ecformats_default[] = { @@ -421,7 +419,8 @@ static uint16_t tls1_group_name2id(SSL_CTX *ctx, const char *name) if (strcmp(ctx->group_list[i].tlsname, name) == 0 || (nid != NID_undef && nid == tls1_group_id2nid(ctx->group_list[i].group_id, - 0))) + 0)) + ) return ctx->group_list[i].group_id; } @@ -440,7 +439,6 @@ const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t group_id) return NULL; } -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) int tls1_group_id2nid(uint16_t group_id, int include_unknown) { size_t i; @@ -478,7 +476,6 @@ static uint16_t tls1_nid2group_id(int nid) return 0; } -#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ /* * Set *pgroups to the supported groups list and *pgroupslen to @@ -644,7 +641,6 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) int tls1_set_groups(uint16_t **pext, size_t *pextlen, int *groups, size_t ngroups) { -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) uint16_t *glist; size_t i; /* @@ -683,9 +679,6 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen, err: OPENSSL_free(glist); return 0; -#else - return 0; -#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ } /* TODO(3.0): An arbitrary amount for now. Take another look at this */ |