diff options
| author | Matt Caswell <matt@openssl.org> | 2018-11-12 14:23:07 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-11-14 11:28:01 +0000 |
| commit | 65d2c16cbe0da8efed2f285f59930297326fb435 (patch) | |
| tree | 9eace2e0557186ee94a44b9435db515983c600e8 /ssl | |
| parent | 2dc37bc2b4c678462a24d2904604e58c0c5ac1cb (diff) | |
| download | openssl-65d2c16cbe0da8efed2f285f59930297326fb435.zip openssl-65d2c16cbe0da8efed2f285f59930297326fb435.tar.gz openssl-65d2c16cbe0da8efed2f285f59930297326fb435.tar.bz2 | |
Fix no-ec and no-tls1_2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7620)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_locl.h | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 9 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 2 |
3 files changed, 12 insertions, 1 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e9c5c5c..70e5a17 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2572,7 +2572,9 @@ __owur int tls1_process_sigalgs(SSL *s); __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd); __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); +# ifndef OPENSSL_NO_EC __owur int tls_check_sigalg_curve(const SSL *s, int curve); +# endif __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); __owur int ssl_set_client_disabled(SSL *s); __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 95c2206..4324896 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1506,8 +1506,11 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) */ static int is_tls13_capable(const SSL *s) { - int i, curve; + int i; +#ifndef OPENSSL_NO_EC + int curve; EC_KEY *eckey; +#endif #ifndef OPENSSL_NO_PSK if (s->psk_server_callback != NULL) @@ -1530,6 +1533,7 @@ static int is_tls13_capable(const SSL *s) } if (!ssl_has_cert(s, i)) continue; +#ifndef OPENSSL_NO_EC if (i != SSL_PKEY_ECC) return 1; /* @@ -1543,6 +1547,9 @@ static int is_tls13_capable(const SSL *s) curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey)); if (tls_check_sigalg_curve(s, curve)) return 1; +#else + return 1; +#endif } return 0; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index fe13a39..3415c63 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -949,6 +949,7 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs) } } +#ifndef OPENSSL_NO_EC /* * Called by servers only. Checks that we have a sig alg that supports the * specified EC curve. @@ -979,6 +980,7 @@ int tls_check_sigalg_curve(const SSL *s, int curve) return 0; } +#endif /* * Check signature algorithm is consistent with sent supported signature |