diff options
author | Richard Levitte <levitte@openssl.org> | 2020-12-02 18:27:03 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-12-16 11:56:38 +0100 |
commit | c2403f362efc519e473269d183adc7cceddb8c54 (patch) | |
tree | 356a5fce1a987659345a60cf0abb30d8412b73e2 /crypto | |
parent | EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available (diff) | |
download | openssl-c2403f362efc519e473269d183adc7cceddb8c54.tar.xz openssl-c2403f362efc519e473269d183adc7cceddb8c54.zip |
Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
The apps, the CMS library and the X.509 library are primarly affected.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cms/build.info | 9 | ||||
-rw-r--r-- | crypto/cms/cms_dh.c | 4 | ||||
-rw-r--r-- | crypto/cms/cms_ec.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_env.c | 10 | ||||
-rw-r--r-- | crypto/cms/cms_sd.c | 5 | ||||
-rw-r--r-- | crypto/evp/digest.c | 6 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 4 | ||||
-rw-r--r-- | crypto/evp/pmeth_lib.c | 4 | ||||
-rw-r--r-- | crypto/x509/x509_req.c | 13 |
9 files changed, 7 insertions, 50 deletions
diff --git a/crypto/cms/build.info b/crypto/cms/build.info index c7579f78c1..5fabea7c53 100644 --- a/crypto/cms/build.info +++ b/crypto/cms/build.info @@ -2,11 +2,4 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]= \ cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \ cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \ - cms_pwri.c cms_kari.c cms_rsa.c - -IF[{- !$disabled{dh} -}] - SOURCE[../../libcrypto]=cms_dh.c -ENDIF -IF[{- !$disabled{ec} || !$disabled{dsa}-}] - SOURCE[../../libcrypto]=cms_ec.c -ENDIF + cms_pwri.c cms_kari.c cms_rsa.c cms_dh.c cms_ec.c diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index 90b439dd35..9cba6364d1 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -148,13 +148,13 @@ static int dh_cms_decrypt(CMS_RecipientInfo *ri) if (alg == NULL || pubkey == NULL) return 0; if (!dh_cms_set_peerkey(pctx, alg, pubkey)) { - ERR_raise(ERR_LIB_DH, DH_R_PEER_KEY_ERROR); + ERR_raise(ERR_LIB_CMS, CMS_R_PEER_KEY_ERROR); return 0; } } /* Set DH derivation parameters and initialise unwrap context */ if (!dh_cms_set_shared_info(pctx, ri)) { - ERR_raise(ERR_LIB_DH, DH_R_SHARED_INFO_ERROR); + ERR_raise(ERR_LIB_CMS, CMS_R_SHARED_INFO_ERROR); return 0; } return 1; diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c index 8cb41dfdef..8ae912c9c3 100644 --- a/crypto/cms/cms_ec.c +++ b/crypto/cms/cms_ec.c @@ -14,7 +14,6 @@ #include "cms_local.h" #include "crypto/evp.h" -#ifndef OPENSSL_NO_EC static EVP_PKEY *pkey_type2param(int ptype, const void *pval, OSSL_LIB_CTX *libctx, const char *propq) { @@ -384,7 +383,6 @@ int cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt) ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); return 0; } -#endif /* ECDSA and DSA implementation is the same */ int cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index cedabe1f3c..15ebe1b86b 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -115,17 +115,11 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) } else return 0; -#ifndef OPENSSL_NO_DH if (EVP_PKEY_is_a(pkey, "DHX")) return cms_dh_envelope(ri, cmd); - else -#endif -#ifndef OPENSSL_NO_EC - if (EVP_PKEY_is_a(pkey, "EC")) + else if (EVP_PKEY_is_a(pkey, "EC")) return cms_ecdh_envelope(ri, cmd); - else -#endif - if (EVP_PKEY_is_a(pkey, "RSA")) + else if (EVP_PKEY_is_a(pkey, "RSA")) return cms_rsa_envelope(ri, cmd); /* Something else? We'll give engines etc a chance to handle this */ diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 1020227c54..96b92bdc63 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -232,12 +232,9 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) EVP_PKEY *pkey = si->pkey; int i; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC")) return cms_ecdsa_dsa_sign(si, cmd); - else -#endif - if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) + else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) return cms_rsa_sign(si, cmd); /* Something else? We'll give engines etc a chance to handle this */ diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index b0ce61f935..1d16c52060 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -94,12 +94,8 @@ EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, goto err; } -# ifndef OPENSSL_NO_EC - if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); + if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) goto err; - } -# endif EVP_MD_CTX_set_pkey_ctx(ctx, pctx); return ctx; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 7947d05907..48fa330ac3 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -1008,20 +1008,16 @@ int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name) /* Could be a legacy key, try and convert to a ctrl */ if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) { -# ifndef OPENSSL_NO_DH if (ctx->pmeth->pkey_id == EVP_PKEY_DH) return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_DH_NID, nid, NULL); -# endif -# ifndef OPENSSL_NO_EC if (ctx->pmeth->pkey_id == EVP_PKEY_EC) return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL); -# endif } #endif ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 3823855008..f817173555 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1266,7 +1266,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, return EVP_PKEY_CTX_set_dh_rfc5114(ctx, p1); } } -# ifndef OPENSSL_NO_DSA if (keytype == EVP_PKEY_DSA) { switch (cmd) { case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: @@ -1277,7 +1276,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, p2); } } -# endif if (keytype == EVP_PKEY_EC) { switch (cmd) { case EVP_PKEY_CTRL_EC_PARAM_ENC: @@ -1543,14 +1541,12 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST; else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0) name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN; -# ifndef OPENSSL_NO_DSA else if (strcmp(name, "dsa_paramgen_bits") == 0) name = OSSL_PKEY_PARAM_FFC_PBITS; else if (strcmp(name, "dsa_paramgen_q_bits") == 0) name = OSSL_PKEY_PARAM_FFC_QBITS; else if (strcmp(name, "dsa_paramgen_md") == 0) name = OSSL_PKEY_PARAM_FFC_DIGEST; -# endif else if (strcmp(name, "dh_paramgen_generator") == 0) name = OSSL_PKEY_PARAM_DH_GENERATOR; else if (strcmp(name, "dh_paramgen_prime_len") == 0) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 3d59026832..f3764e4179 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -96,19 +96,6 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) ERR_raise(ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH); break; case -2: -#ifndef OPENSSL_NO_EC - if (EVP_PKEY_id(k) == EVP_PKEY_EC) { - ERR_raise(ERR_LIB_X509, ERR_R_EC_LIB); - break; - } -#endif -#ifndef OPENSSL_NO_DH - if (EVP_PKEY_id(k) == EVP_PKEY_DH) { - /* No idea */ - ERR_raise(ERR_LIB_X509, X509_R_CANT_CHECK_DH_KEY); - break; - } -#endif ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE); } |