Commit 59b9c67f authored by Dr. Matthias St. Pierre's avatar Dr. Matthias St. Pierre
Browse files

Fix 'no-ecdh' build 



Fixes #3302

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7606)
parent f1e5009c

ssl/ssl_ciph.c

+7 −1
Original line number Diff line number Diff line
@@ -1406,11 +1406,17 @@ static int ssl_cipher_process_rulestr(const char *rule_str, 
static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,

                                    const char **prule_str)

{

    unsigned int suiteb_flags = 0, suiteb_comb2 = 0;

    unsigned int suiteb_flags = 0;

# ifndef OPENSSL_NO_ECDH

    unsigned int suiteb_comb2 = 0;

#endif



    if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {

        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;

    } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {

# ifndef OPENSSL_NO_ECDH

        suiteb_comb2 = 1;

# endif

        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;

    } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {

        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;

ssl/ssl_lib.c

+5 −3
Original line number Diff line number Diff line
@@ -2259,10 +2259,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 
    int rsa_tmp_export, dh_tmp_export, kl;

    unsigned long mask_k, mask_a, emask_k, emask_a;

#ifndef OPENSSL_NO_ECDSA

    int have_ecc_cert, ecdsa_ok, ecc_pkey_size;

    int have_ecc_cert, ecdsa_ok;

#endif

#ifndef OPENSSL_NO_ECDH

    int have_ecdh_tmp, ecdh_ok;

    int have_ecdh_tmp, ecdh_ok, ecc_pkey_size;

#endif

#ifndef OPENSSL_NO_EC

    X509 *x = NULL;
@@ -2405,7 +2405,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 
        if (!(cpk->valid_flags & CERT_PKEY_SIGN))

            ecdsa_ok = 0;

        ecc_pkey = X509_get_pubkey(x);

# ifndef OPENSSL_NO_ECDH

        ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;

# endif

        EVP_PKEY_free(ecc_pkey);

        if ((x->sig_alg) && (x->sig_alg->algorithm)) {

            signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
@@ -2467,7 +2469,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 
#define ku_reject(x, usage) \

        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))



#ifndef OPENSSL_NO_EC

#ifndef OPENSSL_NO_ECDH



int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)

{

ssl/t1_lib.c

+5 −1
Original line number Diff line number Diff line
@@ -500,7 +500,11 @@ static int tls1_get_curvelist(SSL *s, int sess, 
            } else

# endif

            {

                if (!s->server || s->cert->ecdh_tmp_auto) {

                if (!s->server

# ifndef OPENSSL_NO_ECDH

                        || s->cert->ecdh_tmp_auto

# endif

                    ) {

                    *pcurves = eccurves_auto;

                    pcurveslen = sizeof(eccurves_auto);

                } else {