diff options
| -rw-r--r-- | apps/s_server.c | 6 | ||||
| -rw-r--r-- | crypto/bn/bn_dh.c | 3 | ||||
| -rw-r--r-- | crypto/bn/build.info | 8 | ||||
| -rw-r--r-- | include/openssl/bn.h | 2 | ||||
| -rw-r--r-- | ssl/s3_lib.c | 4 | ||||
| -rw-r--r-- | ssl/ssl_cert.c | 7 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 6 | ||||
| -rw-r--r-- | ssl/ssl_local.h | 7 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 6 | ||||
| -rw-r--r-- | util/libcrypto.num | 16 |
10 files changed, 20 insertions, 45 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 839d9320ff..1e4bb4f639 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -980,9 +980,7 @@ const OPTIONS s_server_options[] = { {"use_srtp", OPT_SRTP_PROFILES, 's', "Offer SRTP key management with a colon-separated profile list"}, #endif -#ifndef OPENSSL_NO_DH {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, -#endif #ifndef OPENSSL_NO_NEXTPROTONEG {"nextprotoneg", OPT_NEXTPROTONEG, 's', "Set the advertised protocols for the NPN extension (comma-separated list)"}, @@ -1028,10 +1026,8 @@ int s_server_main(int argc, char *argv[]) #endif do_server_cb server_cb; int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; -#ifndef OPENSSL_NO_DH char *dhfile = NULL; int no_dhe = 0; -#endif int nocert = 0, ret = 1; int noCApath = 0, noCAfile = 0, noCAstore = 0; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; @@ -1440,9 +1436,7 @@ int s_server_main(int argc, char *argv[]) s_quiet = s_brief = verify_args.quiet = 1; break; case OPT_NO_DHE: -#ifndef OPENSSL_NO_DH no_dhe = 1; -#endif break; case OPT_NO_RESUME_EPHEMERAL: no_resume_ephemeral = 1; diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c index 74ce024004..9f5b80cb8e 100644 --- a/crypto/bn/bn_dh.c +++ b/crypto/bn/bn_dh.c @@ -10,7 +10,6 @@ #include "bn_local.h" #include "internal/nelem.h" -#ifndef OPENSSL_NO_DH # include <openssl/dh.h> # include "crypto/bn_dh.h" @@ -1051,5 +1050,3 @@ make_dh_bn(modp_6144_p) make_dh_bn(modp_6144_q) make_dh_bn(modp_8192_p) make_dh_bn(modp_8192_q) - -#endif /* OPENSSL_NO_DH */ diff --git a/crypto/bn/build.info b/crypto/bn/build.info index 093cbcc7f1..6164bba8c7 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -101,18 +101,12 @@ IF[{- !$disabled{asm} -}] ENDIF ENDIF -IF[{- !$disabled{dh} -}] - $BNDH=bn_const.c -ELSE - $BNDH= -ENDIF - $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \ bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ bn_x931p.c bn_intern.c bn_dh.c \ - bn_rsa_fips186_4.c $BNDH + bn_rsa_fips186_4.c bn_const.c SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c IF[{- !$disabled{'deprecated-3.0'} -}] SOURCE[../../libcrypto]=bn_depr.c diff --git a/include/openssl/bn.h b/include/openssl/bn.h index f3c8ab956b..9f019ba86e 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -527,7 +527,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, const unsigned char *message, size_t message_len, BN_CTX *ctx); -# ifndef OPENSSL_NO_DH /* Primes from RFC 2409 */ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); @@ -550,7 +549,6 @@ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); # define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 # define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 # endif -# endif int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 8a572b8dd3..d67aa31d46 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3451,8 +3451,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_FLAGS: ret = (int)(s->s3.flags); break; -#ifndef OPENSSL_NO_DH -# ifndef OPENSSL_NO_DEPRECATED_3_0 +#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_DH: { EVP_PKEY *pkdh = NULL; @@ -3477,7 +3476,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_DH_AUTO: s->cert->dh_tmp_auto = larg; return 1; -#endif #ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index ee56e681b4..4f085dd7e6 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -90,14 +90,15 @@ CERT *ssl_cert_dup(CERT *cert) OPENSSL_free(ret); return NULL; } -#ifndef OPENSSL_NO_DH + if (cert->dh_tmp != NULL) { ret->dh_tmp = cert->dh_tmp; EVP_PKEY_up_ref(ret->dh_tmp); } +#ifndef OPENSSL_NO_DH ret->dh_tmp_cb = cert->dh_tmp_cb; - ret->dh_tmp_auto = cert->dh_tmp_auto; #endif + ret->dh_tmp_auto = cert->dh_tmp_auto; for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = cert->pkeys + i; @@ -232,9 +233,7 @@ void ssl_cert_free(CERT *c) return; REF_ASSERT_ISNT(i < 0); -#ifndef OPENSSL_NO_DH EVP_PKEY_free(c->dh_tmp); -#endif ssl_cert_clear_certs(c); OPENSSL_free(c->conf_sigalgs); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8f6771da3d..bb0eec9b5f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3504,11 +3504,11 @@ void ssl_set_masks(SSL *s) if (c == NULL) return; + dh_tmp = (c->dh_tmp != NULL #ifndef OPENSSL_NO_DH - dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto); -#else - dh_tmp = 0; + || c->dh_tmp_cb != NULL #endif + || c->dh_tmp_auto); rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 67bb0a8d52..a14d97b8e9 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2004,11 +2004,12 @@ typedef struct cert_st { * an index, not a pointer. */ CERT_PKEY *key; -# ifndef OPENSSL_NO_DH + EVP_PKEY *dh_tmp; +#ifndef OPENSSL_NO_DH DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); +#endif int dh_tmp_auto; -# endif /* Flags related to certificates */ uint32_t cert_flags; CERT_PKEY pkeys[SSL_PKEY_NUM]; @@ -2692,9 +2693,7 @@ void tls1_set_cert_validity(SSL *s); __owur int ssl_validate_ct(SSL *s); # endif -# ifndef OPENSSL_NO_DH __owur EVP_PKEY *ssl_get_auto_dh(SSL *s); -# endif __owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee); __owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b6baff28ea..c478c5a7e8 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2418,9 +2418,7 @@ int tls_construct_server_done(SSL *s, WPACKET *pkt) int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) { -#ifndef OPENSSL_NO_DH EVP_PKEY *pkdh = NULL; -#endif #ifndef OPENSSL_NO_EC unsigned char *encodedPoint = NULL; size_t encodedlen = 0; @@ -2453,7 +2451,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) if (type & (SSL_kPSK | SSL_kRSAPSK)) { } else #endif /* !OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_DH if (type & (SSL_kDHE | SSL_kDHEPSK)) { CERT *cert = s->cert; EVP_PKEY *pkdhp = NULL; @@ -2468,7 +2465,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } else { pkdhp = cert->dh_tmp; } -#ifndef OPENSSL_NO_DEPRECATED_3_0 +#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(s, 0, 1024)); if (pkdh == NULL) { @@ -2513,7 +2510,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } } else -#endif #ifndef OPENSSL_NO_EC if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { diff --git a/util/libcrypto.num b/util/libcrypto.num index 0f7dcb2b26..a5baf503e1 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -214,7 +214,7 @@ s2i_ASN1_OCTET_STRING 217 3_0_0 EXIST::FUNCTION: POLICYINFO_it 218 3_0_0 EXIST::FUNCTION: OBJ_create 219 3_0_0 EXIST::FUNCTION: d2i_NOTICEREF 220 3_0_0 EXIST::FUNCTION: -BN_get_rfc2409_prime_768 221 3_0_0 EXIST::FUNCTION:DH +BN_get_rfc2409_prime_768 221 3_0_0 EXIST::FUNCTION: PEM_read_bio_PKCS8 222 3_0_0 EXIST::FUNCTION: X509_ATTRIBUTE_new 223 3_0_0 EXIST::FUNCTION: ASN1_STRING_TABLE_cleanup 224 3_0_0 EXIST::FUNCTION: @@ -483,7 +483,7 @@ BN_GF2m_mod_sqr_arr 492 3_0_0 EXIST::FUNCTION:EC2M ASN1_PRINTABLESTRING_it 493 3_0_0 EXIST::FUNCTION: BIO_f_cipher 494 3_0_0 EXIST::FUNCTION: UI_destroy_method 495 3_0_0 EXIST::FUNCTION: -BN_get_rfc3526_prime_3072 496 3_0_0 EXIST::FUNCTION:DH +BN_get_rfc3526_prime_3072 496 3_0_0 EXIST::FUNCTION: X509_INFO_new 497 3_0_0 EXIST::FUNCTION: OCSP_RESPDATA_it 498 3_0_0 EXIST::FUNCTION:OCSP X509_CRL_print 499 3_0_0 EXIST::FUNCTION: @@ -618,7 +618,7 @@ d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DSA,STDIO OCSP_REQ_CTX_nbio_d2i 634 3_0_0 EXIST::FUNCTION: d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH -BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:DH +BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION: X509_REVOKED_it 638 3_0_0 EXIST::FUNCTION: CRYPTO_THREAD_write_lock 639 3_0_0 EXIST::FUNCTION: X509V3_NAME_from_section 640 3_0_0 EXIST::FUNCTION: @@ -888,7 +888,7 @@ EVP_read_pw_string 909 3_0_0 EXIST::FUNCTION: i2d_ASN1_NULL 910 3_0_0 EXIST::FUNCTION: DES_encrypt1 911 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES BN_mod_lshift1_quick 912 3_0_0 EXIST::FUNCTION: -BN_get_rfc3526_prime_6144 913 3_0_0 EXIST::FUNCTION:DH +BN_get_rfc3526_prime_6144 913 3_0_0 EXIST::FUNCTION: OBJ_obj2txt 914 3_0_0 EXIST::FUNCTION: UI_set_result 915 3_0_0 EXIST::FUNCTION: EVP_EncodeUpdate 916 3_0_0 EXIST::FUNCTION: @@ -2129,7 +2129,7 @@ TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS NETSCAPE_SPKI_get_pubkey 2175 3_0_0 EXIST::FUNCTION: ECDSA_do_sign_ex 2176 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OCSP_ONEREQ_get_ext 2177 3_0_0 EXIST::FUNCTION:OCSP -BN_get_rfc3526_prime_4096 2179 3_0_0 EXIST::FUNCTION:DH +BN_get_rfc3526_prime_4096 2179 3_0_0 EXIST::FUNCTION: d2i_PKCS7_fp 2180 3_0_0 EXIST::FUNCTION:STDIO PEM_write_bio_NETSCAPE_CERT_SEQUENCE 2181 3_0_0 EXIST::FUNCTION: PKCS12_AUTHSAFES_it 2182 3_0_0 EXIST::FUNCTION: @@ -2471,7 +2471,7 @@ BN_GF2m_mod_div 2522 3_0_0 EXIST::FUNCTION:EC2M i2d_USERNOTICE 2523 3_0_0 EXIST::FUNCTION: d2i_NETSCAPE_SPKI 2524 3_0_0 EXIST::FUNCTION: CRYPTO_mem_leaks 2525 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 -BN_get_rfc3526_prime_1536 2526 3_0_0 EXIST::FUNCTION:DH +BN_get_rfc3526_prime_1536 2526 3_0_0 EXIST::FUNCTION: DSA_sign 2527 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA RAND_egd 2528 3_0_0 EXIST::FUNCTION:EGD ASN1_d2i_bio 2529 3_0_0 EXIST::FUNCTION: @@ -2579,7 +2579,7 @@ ASIdentifierChoice_it 2633 3_0_0 EXIST::FUNCTION:RFC3779 CMS_RecipientEncryptedKey_cert_cmp 2634 3_0_0 EXIST::FUNCTION:CMS EVP_PKEY_CTX_get_app_data 2635 3_0_0 EXIST::FUNCTION: EC_GROUP_clear_free 2636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -BN_get_rfc2409_prime_1024 2637 3_0_0 EXIST::FUNCTION:DH +BN_get_rfc2409_prime_1024 2637 3_0_0 EXIST::FUNCTION: CRYPTO_set_mem_functions 2638 3_0_0 EXIST::FUNCTION: i2d_ASN1_VISIBLESTRING 2639 3_0_0 EXIST::FUNCTION: d2i_PBKDF2PARAM 2640 3_0_0 EXIST::FUNCTION: @@ -3374,7 +3374,7 @@ EVP_EncodeFinal 3444 3_0_0 EXIST::FUNCTION: X509_set_ex_data 3445 3_0_0 EXIST::FUNCTION: ERR_get_next_error_library 3446 3_0_0 EXIST::FUNCTION: OCSP_RESPONSE_print 3447 3_0_0 EXIST::FUNCTION:OCSP -BN_get_rfc3526_prime_2048 3448 3_0_0 EXIST::FUNCTION:DH +BN_get_rfc3526_prime_2048 3448 3_0_0 EXIST::FUNCTION: BIO_new_bio_pair 3449 3_0_0 EXIST::FUNCTION: EC_GFp_nistp256_method 3450 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128 BIO_method_type 3451 3_0_0 EXIST::FUNCTION: |