[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Wed Mar 11 13:29:59 UTC 2015
The branch master has been updated
via 10bf4fc2c3da332a54247da1f3c0dcb44944f7ff (commit)
from ac5a110621ca48f0bebd5b4d76d081de403da29e (commit)
- Log -----------------------------------------------------------------
commit 10bf4fc2c3da332a54247da1f3c0dcb44944f7ff
Author: Rich Salz <rsalz at akamai.com>
Date: Tue Mar 10 19:09:27 2015 -0400
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj at cisco.com>.
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 37 +++++++++++++----------
apps/req.c | 2 +-
apps/s_cb.c | 2 +-
apps/s_server.c | 6 ++--
apps/speed.c | 74 ++++++++++++---------------------------------
crypto/ec/ec_pmeth.c | 7 ++---
crypto/ecdh/ecdh.h | 2 +-
crypto/ecdh/ecdhtest.c | 4 +--
crypto/ecdsa/ecdsa.h | 2 +-
crypto/ecdsa/ecdsatest.c | 4 +--
crypto/engine/eng_fat.c | 8 ++---
crypto/engine/eng_list.c | 4 +--
crypto/engine/eng_openssl.c | 4 +--
crypto/engine/engine.h | 4 +--
crypto/err/err_all.c | 8 +----
crypto/evp/c_alld.c | 2 +-
crypto/evp/evp.h | 2 +-
crypto/x509/x509.h | 6 ----
ssl/s3_clnt.c | 24 +++++++--------
ssl/s3_lib.c | 39 +++++++++++-------------
ssl/s3_srvr.c | 10 +++---
ssl/ssl.h | 2 +-
ssl/ssl_algs.c | 2 +-
ssl/ssl_cert.c | 8 ++---
ssl/ssl_ciph.c | 9 ++----
ssl/ssl_conf.c | 4 +--
ssl/ssl_lib.c | 18 +++--------
ssl/ssl_locl.h | 10 +++---
ssl/ssltest.c | 12 ++++----
ssl/t1_lib.c | 17 +++++------
util/mk1mf.pl | 6 ----
31 files changed, 129 insertions(+), 210 deletions(-)
diff --git a/CHANGES b/CHANGES
index 8fcfcce..8d6fcaf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -41,28 +41,33 @@
[Rich Salz]
*) Remove various unsupported platforms:
- Sony NEWS4
- BEOS and BEOS_R5
- NeXT
- SUNOS
- MPE/iX
- Sinix/ReliantUNIX RM400
- DGUX
- NCR
- Tandem
- Cray
- 16-bit platforms such as WIN16
+ Sony NEWS4
+ BEOS and BEOS_R5
+ NeXT
+ SUNOS
+ MPE/iX
+ Sinix/ReliantUNIX RM400
+ DGUX
+ NCR
+ Tandem
+ Cray
+ 16-bit platforms such as WIN16
[Rich Salz]
- *) Start cleaning up OPENSSL_NO_xxx #define's
- OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
- OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
- Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
+ *) Clean up OPENSSL_NO_xxx #define's
+ Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
+ OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
+ OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
+ OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
+ Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
+ OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
+ OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
+ OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
Remove MS_STATIC; it's a relic from platforms <32 bits.
[Rich Salz]
- *) Start cleaning up dead code
+ *) Cleaned up dead code
Remove all but one '#ifdef undef' which is to be looked at.
[Rich Salz]
diff --git a/apps/req.c b/apps/req.c
index 6d06ed7..231535b 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -398,7 +398,7 @@ int MAIN(int argc, char **argv)
" -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err,
" -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
BIO_printf(bio_err,
" -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
#endif
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 12f7b8c..8a66c9a 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -521,7 +521,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
diff --git a/apps/s_server.c b/apps/s_server.c
index 42088d0..874b402 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -486,7 +486,7 @@ static void sv_usage(void)
" -dhparam arg - DH parameter file to use, in cert file if not specified\n");
BIO_printf(bio_err,
" or a default set of parameters is used\n");
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
BIO_printf(bio_err,
" -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
" Use \"openssl ecparam -list_curves\" for all names\n"
@@ -545,7 +545,7 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_DH
BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n");
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n");
#endif
BIO_printf(bio_err,
@@ -1677,7 +1677,7 @@ int MAIN(int argc, char *argv[])
bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
}
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
if (nocert)
#endif
{
diff --git a/apps/speed.c b/apps/speed.c
index 57b53ce..44c276a 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -172,10 +172,8 @@
# include <openssl/dsa.h>
# include "./testdsa.h"
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
# include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
# include <openssl/ecdh.h>
#endif
#include <openssl/modes.h>
@@ -242,14 +240,12 @@ static double rsa_results[RSA_NUM][2];
#ifndef OPENSSL_NO_DSA
static double dsa_results[DSA_NUM][2];
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
static double ecdsa_results[EC_NUM][2];
-#endif
-#ifndef OPENSSL_NO_ECDH
static double ecdh_results[EC_NUM][1];
#endif
-#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+#if defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_EC)
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
static int rnd_fake = 0;
@@ -330,7 +326,7 @@ static double Time_F(int s)
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
size_t *outlen)
@@ -340,7 +336,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
*outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
}
-#endif /* OPENSSL_NO_ECDH */
+#endif /* OPENSSL_NO_EC */
static void multiblock_speed(const EVP_CIPHER *evp_cipher);
@@ -595,30 +591,23 @@ int MAIN(int argc, char **argv)
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
unsigned char ecdsasig[256];
unsigned int ecdsasiglen;
EC_KEY *ecdsa[EC_NUM];
long ecdsa_c[EC_NUM][2];
-#endif
-
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
int secret_size_a, secret_size_b;
int ecdh_checks = 0;
int secret_idx = 0;
long ecdh_c[EC_NUM][2];
+ int ecdsa_doit[EC_NUM];
+ int ecdh_doit[EC_NUM];
#endif
int rsa_doit[RSA_NUM];
int dsa_doit[DSA_NUM];
-#ifndef OPENSSL_NO_ECDSA
- int ecdsa_doit[EC_NUM];
-#endif
-#ifndef OPENSSL_NO_ECDH
- int ecdh_doit[EC_NUM];
-#endif
int doit[ALGOR_NUM];
int pr_header = 0;
const EVP_CIPHER *evp_cipher = NULL;
@@ -639,11 +628,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_DSA
memset(dsa_key, 0, sizeof(dsa_key));
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
ecdsa[i] = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++) {
ecdh_a[i] = NULL;
ecdh_b[i] = NULL;
@@ -689,11 +676,9 @@ int MAIN(int argc, char **argv)
rsa_doit[i] = 0;
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 0;
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 0;
#endif
@@ -986,7 +971,7 @@ int MAIN(int argc, char **argv)
dsa_doit[R_DSA_2048] = 1;
} else
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
if (strcmp(*argv, "ecdsap160") == 0)
ecdsa_doit[R_EC_P160] = 2;
else if (strcmp(*argv, "ecdsap192") == 0)
@@ -1022,10 +1007,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "ecdsa") == 0) {
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
- } else
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (strcmp(*argv, "ecdhp160") == 0)
+ } else if (strcmp(*argv, "ecdhp160") == 0)
ecdh_doit[R_EC_P160] = 2;
else if (strcmp(*argv, "ecdhp192") == 0)
ecdh_doit[R_EC_P192] = 2;
@@ -1135,7 +1117,7 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_DSA
BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
"ecdsap256 ecdsap384 ecdsap521\n");
BIO_printf(bio_err,
@@ -1143,8 +1125,6 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
BIO_printf(bio_err, "ecdsa\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
"ecdhp256 ecdhp384 ecdhp521\n");
BIO_printf(bio_err,
@@ -1234,11 +1214,9 @@ int MAIN(int argc, char **argv)
rsa_doit[i] = 1;
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 1;
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
-#endif
-#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 1;
#endif
@@ -1428,7 +1406,7 @@ int MAIN(int argc, char **argv)
}
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
ecdsa_c[R_EC_P160][0] = count / 1000;
ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
for (i = R_EC_P192; i <= R_EC_P521; i++) {
@@ -1471,9 +1449,6 @@ int MAIN(int argc, char **argv)
}
}
}
-# endif
-
-# ifndef OPENSSL_NO_ECDH
ecdh_c[R_EC_P160][0] = count / 1000;
ecdh_c[R_EC_P160][1] = count / 1000;
for (i = R_EC_P192; i <= R_EC_P521; i++) {
@@ -2144,7 +2119,7 @@ int MAIN(int argc, char **argv)
RAND_cleanup();
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
@@ -2236,9 +2211,6 @@ int MAIN(int argc, char **argv)
}
if (rnd_fake)
RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
@@ -2423,7 +2395,7 @@ int MAIN(int argc, char **argv)
1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
}
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
j = 1;
for (k = 0; k < EC_NUM; k++) {
if (!ecdsa_doit[k])
@@ -2445,9 +2417,6 @@ int MAIN(int argc, char **argv)
ecdsa_results[k][0], ecdsa_results[k][1],
1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
}
-#endif
-
-#ifndef OPENSSL_NO_ECDH
j = 1;
for (k = 0; k < EC_NUM; k++) {
if (!ecdh_doit[k])
@@ -2488,12 +2457,10 @@ int MAIN(int argc, char **argv)
DSA_free(dsa_key[i]);
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
for (i = 0; i < EC_NUM; i++)
if (ecdsa[i] != NULL)
EC_KEY_free(ecdsa[i]);
-#endif
-#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++) {
if (ecdh_a[i] != NULL)
EC_KEY_free(ecdh_a[i]);
@@ -2697,7 +2664,7 @@ static int do_multi(int multi)
dsa_results[k][1] = d;
}
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
else if (!strncmp(buf, "+F4:", 4)) {
int k;
double d;
@@ -2720,9 +2687,6 @@ static int do_multi(int multi)
else
ecdsa_results[k][1] = d;
}
-# endif
-
-# ifndef OPENSSL_NO_ECDH
else if (!strncmp(buf, "+F5:", 4)) {
int k;
double d;
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 0437dcf..d789e7e 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -203,7 +203,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
return ret;
}
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
@@ -302,7 +302,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
return 1;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
if (p1 == -2) {
if (dctx->cofactor_mode != -1)
@@ -519,12 +519,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
0, 0,
0,
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
pkey_ec_kdf_derive,
#else
0,
#endif
-
pkey_ec_ctrl,
pkey_ec_ctrl_str
};
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
index 0d643a3..25ccdc9 100644
--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -71,7 +71,7 @@
# include <openssl/opensslconf.h>
-# ifdef OPENSSL_NO_ECDH
+# ifdef OPENSSL_NO_EC
# error ECDH is disabled.
# endif
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index 41725f6..578de31 100644
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -73,7 +73,7 @@
#include "../e_os.h"
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_EC */
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
@@ -82,7 +82,7 @@
#include <openssl/sha.h>
#include <openssl/err.h>
-#ifdef OPENSSL_NO_ECDH
+#ifdef OPENSSL_NO_EC
int main(int argc, char *argv[])
{
printf("No ECDH support\n");
diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h
index 86cafe2..3876004 100644
--- a/crypto/ecdsa/ecdsa.h
+++ b/crypto/ecdsa/ecdsa.h
@@ -61,7 +61,7 @@
# include <openssl/opensslconf.h>
-# ifdef OPENSSL_NO_ECDSA
+# ifdef OPENSSL_NO_EC
# error ECDSA is disabled.
# endif
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index d58490f..31d9c84 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -73,9 +73,9 @@
#include <stdlib.h>
#include <string.h>
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
-#ifdef OPENSSL_NO_ECDSA
+#ifdef OPENSSL_NO_EC
int main(int argc, char *argv[])
{
puts("Elliptic curves are disabled.");
diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
index 4279dd9..af353bd 100644
--- a/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c
@@ -79,11 +79,9 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
return 0;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
return 0;
-#endif
-#ifndef OPENSSL_NO_ECDSA
if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
return 0;
#endif
@@ -159,10 +157,8 @@ int ENGINE_register_complete(ENGINE *e)
#ifndef OPENSSL_NO_DH
ENGINE_register_DH(e);
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
ENGINE_register_ECDH(e);
-#endif
-#ifndef OPENSSL_NO_ECDSA
ENGINE_register_ECDSA(e);
#endif
ENGINE_register_RAND(e);
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index c69e8a7..9e80eaf 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -300,10 +300,8 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
#ifndef OPENSSL_NO_DH
dest->dh_meth = src->dh_meth;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
dest->ecdh_meth = src->ecdh_meth;
-#endif
-#ifndef OPENSSL_NO_ECDSA
dest->ecdsa_meth = src->ecdsa_meth;
#endif
dest->rand_meth = src->rand_meth;
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 3e12ecf..78fa3c8 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -149,10 +149,8 @@ static int bind_helper(ENGINE *e)
# ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
# endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
-# endif
-# ifndef OPENSSL_NO_ECDSA
|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
# endif
# ifndef OPENSSL_NO_DH
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index c931907..e2f3e5c 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -82,10 +82,8 @@
# ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
# endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
# include <openssl/ecdh.h>
-# endif
-# ifndef OPENSSL_NO_ECDSA
# include <openssl/ecdsa.h>
# endif
# include <openssl/rand.h>
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 1363fb0..b844167 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -76,10 +76,8 @@
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
# include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
# include <openssl/ecdh.h>
#endif
#include <openssl/evp.h>
@@ -138,11 +136,7 @@ void ERR_load_crypto_strings(void)
# endif
# ifndef OPENSSL_NO_EC
ERR_load_EC_strings();
-# endif
-# ifndef OPENSSL_NO_ECDSA
ERR_load_ECDSA_strings();
-# endif
-# ifndef OPENSSL_NO_ECDH
ERR_load_ECDH_strings();
# endif
/* skip ERR_load_SSL_strings() because it is not in this library */
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index 0d4278b..94039ef 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -80,7 +80,7 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
EVP_add_digest(EVP_ecdsa());
# endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 2e9f83f..0d26fd3 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -234,7 +234,7 @@ typedef int evp_verify_method(int type, const unsigned char *m,
# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
(evp_verify_method *)ECDSA_verify, \
{EVP_PKEY_EC,0,0,0}
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 1e78e30..9835be5 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -75,13 +75,7 @@
# ifndef OPENSSL_NO_EC
# include <openssl/ec.h>
-# endif
-
-# ifndef OPENSSL_NO_ECDSA
# include <openssl/ecdsa.h>
-# endif
-
-# ifndef OPENSSL_NO_ECDH
# include <openssl/ecdh.h>
# endif
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 750217f..1e611c4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1321,7 +1321,7 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_DH
DH *dh = NULL;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *srvr_ecpoint = NULL;
@@ -1385,7 +1385,7 @@ int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_dh_tmp = NULL;
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (s->session->sess_cert->peer_ecdh_tmp) {
EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
s->session->sess_cert->peer_ecdh_tmp = NULL;
@@ -1724,7 +1724,7 @@ int ssl3_get_key_exchange(SSL *s)
}
#endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
else if (alg_k & SSL_kECDHE) {
EC_GROUP *ngroup;
const EC_GROUP *group;
@@ -1822,7 +1822,7 @@ int ssl3_get_key_exchange(SSL *s)
X509_get_pubkey(s->session->
sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
else if (alg_a & SSL_aECDSA)
pkey =
X509_get_pubkey(s->session->
@@ -1841,7 +1841,7 @@ int ssl3_get_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
-#endif /* !OPENSSL_NO_ECDH */
+#endif /* !OPENSSL_NO_EC */
/* p points to the next byte, there are 'n' bytes left */
@@ -1961,7 +1961,7 @@ int ssl3_get_key_exchange(SSL *s)
if (dh != NULL)
DH_free(dh);
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
EC_POINT_free(srvr_ecpoint);
if (ecdh != NULL)
@@ -2299,7 +2299,7 @@ int ssl3_send_client_key_exchange(SSL *s)
#ifndef OPENSSL_NO_KRB5
KSSL_ERR kssl_err;
#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
EC_KEY *clnt_ecdh = NULL;
const EC_POINT *srvr_ecpoint = NULL;
EVP_PKEY *srvr_pub_pkey = NULL;
@@ -2597,7 +2597,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
@@ -2768,7 +2768,7 @@ int ssl3_send_client_key_exchange(SSL *s)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
}
-#endif /* !OPENSSL_NO_ECDH */
+#endif /* !OPENSSL_NO_EC */
else if (alg_k & SSL_kGOST) {
/* GOST key exchange message creation */
EVP_PKEY_CTX *pkey_ctx;
@@ -3054,7 +3054,7 @@ int ssl3_send_client_key_exchange(SSL *s)
OPENSSL_free(pms);
s->cert->pms = NULL;
}
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
if (encodedPoint != NULL)
OPENSSL_free(encodedPoint);
@@ -3156,7 +3156,7 @@ int ssl3_send_client_verify(SSL *s)
n = j + 2;
} else
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC) {
if (!ECDSA_sign(pkey->save_type,
&(data[MD5_DIGEST_LENGTH]),
@@ -3365,7 +3365,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
/* This is the passed certificate */
idx = sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (idx == SSL_PKEY_ECC) {
if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) {
/* check failed */
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 20ce112..f4369eb 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2051,7 +2051,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
},
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
/* Cipher C001 */
{
1,
@@ -2451,7 +2451,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
-#endif /* OPENSSL_NO_ECDH */
+#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_SRP
/* Cipher C01A */
@@ -2598,7 +2598,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
#endif /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@@ -2973,7 +2973,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256},
# endif /* OPENSSL_NO_CAMELLIA */
-#endif /* OPENSSL_NO_ECDH */
+#endif /* OPENSSL_NO_EC */
#ifdef TEMP_GOST_TLS
/* Cipher FF00 */
@@ -3138,7 +3138,7 @@ void ssl3_free(SSL *s)
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (s->s3->tmp.ecdh != NULL)
EC_KEY_free(s->s3->tmp.ecdh);
#endif
@@ -3183,7 +3183,7 @@ void ssl3_clear(SSL *s)
s->s3->tmp.dh = NULL;
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (s->s3->tmp.ecdh != NULL) {
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;
@@ -3357,7 +3357,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
s->cert->dh_tmp_auto = larg;
return 1;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
@@ -3389,7 +3389,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
}
-#endif /* !OPENSSL_NO_ECDH */
+#endif /* !OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
@@ -3558,7 +3558,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_ECDH_AUTO:
s->cert->ecdh_tmp_auto = larg;
return 1;
@@ -3629,7 +3629,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
EVP_PKEY *ptmp;
int rv = 0;
sc = s->session->sess_cert;
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
return 0;
#endif
@@ -3645,7 +3645,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
else if (sc->peer_dh_tmp)
rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
else if (sc->peer_ecdh_tmp)
rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
#endif
@@ -3736,7 +3736,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
}
break;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH_CB:
{
s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
@@ -3847,7 +3847,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
ctx->cert->dh_tmp_auto = larg;
return 1;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
@@ -3881,7 +3881,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
-#endif /* !OPENSSL_NO_ECDH */
+#endif /* !OPENSSL_NO_EC */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg;
@@ -3955,7 +3955,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
parg);
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_ECDH_AUTO:
ctx->cert->ecdh_tmp_auto = larg;
return 1;
@@ -4059,7 +4059,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
}
break;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH_CB:
{
cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
@@ -4251,14 +4251,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
-# ifndef OPENSSL_NO_ECDH
/*
* if we are considering an ECC cipher suite that uses an ephemeral
* EC key check it
*/
if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
-# endif /* OPENSSL_NO_ECDH */
# endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
@@ -4346,16 +4344,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
if (!(alg_a & SSL_aDSS))
p[ret++] = SSL3_CT_DSS_SIGN;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
if (nostrict || !(alg_a & SSL_aRSA))
p[ret++] = TLS_CT_RSA_FIXED_ECDH;
if (nostrict || !(alg_a & SSL_aECDSA))
p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
}
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
/*
* ECDSA certs can be used with RSA cipher suites as well so we don't
* need to check for SSL_kECDH or SSL_kECDHE
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 39c1574..ee66a5a 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1532,7 +1532,7 @@ int ssl3_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_DH
DH *dh = NULL, *dhp;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL, *ecdhp;
unsigned char *encodedPoint = NULL;
int encodedlen = 0;
@@ -1654,7 +1654,7 @@ int ssl3_send_server_key_exchange(SSL *s)
r[2] = dh->pub_key;
} else
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (type & SSL_kECDHE) {
const EC_GROUP *group;
@@ -1782,7 +1782,7 @@ int ssl3_send_server_key_exchange(SSL *s)
r[2] = NULL;
r[3] = NULL;
} else
-#endif /* !OPENSSL_NO_ECDH */
+#endif /* !OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
/*
@@ -1853,7 +1853,7 @@ int ssl3_send_server_key_exchange(SSL *s)
p += nr[i];
}
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (type & SSL_kECDHE) {
/*
* XXX: For now, we only support named (not generic) curves. In
@@ -3001,7 +3001,7 @@ int ssl3_get_cert_verify(SSL *s)
}
} else
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC) {
j = ECDSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 160d37c..56eb7ba 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1760,7 +1760,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
DH *(*dh) (SSL *ssl, int is_export,
int keylength));
# endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
EC_KEY *(*ecdh) (SSL *ssl, int is_export,
int keylength));
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 3843aef..504e4d7 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -122,7 +122,7 @@ int SSL_library_init(void)
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
EVP_add_digest(EVP_ecdsa());
#endif
#ifndef OPENSSL_NO_COMP
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9742599..fa0c693 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -175,7 +175,7 @@ void ssl_cert_set_default_md(CERT *cert)
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#endif
}
@@ -261,7 +261,7 @@ CERT *ssl_cert_dup(CERT *cert)
ret->dh_tmp_auto = cert->dh_tmp_auto;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (cert->ecdh_tmp) {
ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
if (ret->ecdh_tmp == NULL) {
@@ -450,7 +450,7 @@ void ssl_cert_free(CERT *c)
if (c->dh_tmp)
DH_free(c->dh_tmp);
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (c->ecdh_tmp)
EC_KEY_free(c->ecdh_tmp);
#endif
@@ -683,7 +683,7 @@ void ssl_sess_cert_free(SESS_CERT *sc)
if (sc->peer_dh_tmp != NULL)
DH_free(sc->peer_dh_tmp);
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (sc->peer_ecdh_tmp != NULL)
EC_KEY_free(sc->peer_ecdh_tmp);
#endif
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 12820b6..f220e8e 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -748,12 +748,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
*mkey |= SSL_kKRB5;
*auth |= SSL_aKRB5;
#endif
-#ifdef OPENSSL_NO_ECDSA
- *auth |= SSL_aECDSA;
-#endif
-#ifdef OPENSSL_NO_ECDH
+#ifdef OPENSSL_NO_EC
*mkey |= SSL_kECDHe | SSL_kECDHr;
- *auth |= SSL_aECDH;
+ *auth |= SSL_aECDSA | SSL_aECDH;
#endif
#ifdef OPENSSL_NO_PSK
*mkey |= SSL_kPSK;
@@ -1437,7 +1434,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
return 0;
}
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
switch (suiteb_flags) {
case SSL_CERT_FLAG_SUITEB_128_LOS:
if (suiteb_comb2)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 354f218..cfed40d 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -257,7 +257,7 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
return rv > 0;
}
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
/* ECDH temporary parameters */
static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
{
@@ -447,7 +447,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"),
SSL_CONF_CMD_STRING(Curves, "curves"),
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"),
#endif
SSL_CONF_CMD_STRING(CipherString, "cipher"),
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c535a42..3bce4cf 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2153,13 +2153,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
int rsa_enc_export, dh_rsa_export, dh_dsa_export;
int rsa_tmp_export, dh_tmp_export, kl;
unsigned long mask_k, mask_a, emask_k, emask_a;
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
-#endif
-#ifndef OPENSSL_NO_ECDH
int have_ecdh_tmp, ecdh_ok;
-#endif
-#ifndef OPENSSL_NO_EC
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
int signature_nid = 0, pk_nid = 0, md_nid = 0;
@@ -2185,7 +2181,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
dh_tmp = dh_tmp_export = 0;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
#endif
cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
@@ -2283,10 +2279,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
x = cpk->x509;
/* This call populates extension flags (ex_flags) */
X509_check_purpose(x, -1, 0);
-# ifndef OPENSSL_NO_ECDH
ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
(x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
-# endif
ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
(x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
if (!(cpk->valid_flags & CERT_PKEY_SIGN))
@@ -2298,7 +2292,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
}
-# ifndef OPENSSL_NO_ECDH
if (ecdh_ok) {
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
@@ -2319,17 +2312,14 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
}
}
}
-# endif
-# ifndef OPENSSL_NO_ECDSA
if (ecdsa_ok) {
mask_a |= SSL_aECDSA;
emask_a |= SSL_aECDSA;
}
-# endif
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (have_ecdh_tmp) {
mask_k |= SSL_kECDHE;
emask_k |= SSL_kECDHE;
@@ -3267,7 +3257,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
}
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
EC_KEY *(*ecdh) (SSL *ssl, int is_export,
int keylength))
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7a8a303..a16ad08 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1350,7 +1350,7 @@ typedef struct ssl3_state_st {
# ifndef OPENSSL_NO_DH
DH *dh;
# endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
EC_KEY *ecdh; /* holds short lived ECDH key */
# endif
/* used when SSL_ST_FLUSH_DATA is entered */
@@ -1662,7 +1662,7 @@ typedef struct cert_st {
DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
int dh_tmp_auto;
# endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
EC_KEY *ecdh_tmp;
/* Callback for generating ephemeral ECDH keys */
EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
@@ -1760,7 +1760,7 @@ typedef struct sess_cert_st {
# ifndef OPENSSL_NO_DH
DH *peer_dh_tmp; /* not used for SSL 2 */
# endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
EC_KEY *peer_ecdh_tmp;
# endif
int references; /* actually always 1 at the moment */
@@ -2317,7 +2317,7 @@ int tls1_alert_code(int code);
int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
# endif
@@ -2332,9 +2332,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
int *curves, size_t ncurves);
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str);
-# ifndef OPENSSL_NO_ECDH
int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
-# endif /* OPENSSL_NO_ECDH */
# endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_TLSEXT
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 89fb44a..7a157a6 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -774,7 +774,7 @@ static void sv_usage(void)
" -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr, " -no_dhe - disable DHE\n");
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
#endif
#ifndef OPENSSL_NO_PSK
@@ -803,7 +803,7 @@ static void sv_usage(void)
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
fprintf(stderr, " -rle - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
fprintf(stderr,
" -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
" Use \"openssl ecparam -list_curves\" for all names\n"
@@ -967,7 +967,7 @@ int main(int argc, char *argv[])
char *server_key = NULL;
char *client_cert = TEST_CLIENT_CERT;
char *client_key = NULL;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
char *named_curve = NULL;
#endif
SSL_CTX *s_ctx = NULL;
@@ -980,7 +980,7 @@ int main(int argc, char *argv[])
DH *dh;
int dhe1024 = 0, dhe1024dsa = 0;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL;
#endif
#ifndef OPENSSL_NO_SRP
@@ -1206,7 +1206,7 @@ int main(int argc, char *argv[])
else if (strcmp(*argv, "-named_curve") == 0) {
if (--argc < 1)
goto bad;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
named_curve = *(++argv);
#else
fprintf(stderr,
@@ -1470,7 +1470,7 @@ int main(int argc, char *argv[])
(void)no_dhe;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (!no_ecdhe) {
int nid;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c91b761..8296ea1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -798,7 +798,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
return rv;
}
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
/* Check EC temporary key is compatible with client extensions */
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
{
@@ -863,7 +863,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
return tls1_check_ec_key(s, curve_id, NULL);
# endif
}
-# endif /* OPENSSL_NO_ECDH */
+# endif /* OPENSSL_NO_EC */
#else
@@ -893,9 +893,8 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
# endif
-# ifdef OPENSSL_NO_ECDSA
-# define tlsext_sigalg_ecdsa(md)
- /* */
+# ifdef OPENSSL_NO_EC
+# define tlsext_sigalg_ecdsa(md) /* */
# else
# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
# endif
@@ -913,7 +912,7 @@ static const unsigned char tls12_sigalgs[] = {
tlsext_sigalg(TLSEXT_hash_sha1)
};
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
static const unsigned char suiteb_sigalgs[] = {
tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
@@ -3246,7 +3245,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
case TLSEXT_signature_dsa:
return SSL_PKEY_DSA_SIGN;
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
case TLSEXT_signature_ecdsa:
return SSL_PKEY_ECC;
# endif
@@ -3326,7 +3325,7 @@ void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op)
have_dsa = 1;
break;
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
case TLSEXT_signature_ecdsa:
if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs))
have_ecdsa = 1;
@@ -3521,7 +3520,7 @@ int tls1_process_sigalgs(SSL *s)
c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
}
# endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
# endif
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 809e9b3..d3379d2 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -142,8 +142,6 @@ and [options] can be one of
no-krb5 - No KRB5
no-srp - No SRP
no-ec - No EC
- no-ecdsa - No ECDSA
- no-ecdh - No ECDH
no-engine - No engine
no-hw - No hw
nasm - Use NASM for x86 asm
@@ -298,8 +296,6 @@ $cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
-$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
-$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
@@ -1427,8 +1423,6 @@ sub read_options
"no-sock" => \$no_sock,
"no-krb5" => \$no_krb5,
"no-ec" => \$no_ec,
- "no-ecdsa" => \$no_ecdsa,
- "no-ecdh" => \$no_ecdh,
"no-gost" => \$no_gost,
"no-engine" => \$no_engine,
"no-hw" => \$no_hw,
More information about the openssl-commits
mailing list