Add OPENSSL_NO_ECDH guards (a38ae11c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/ec/ec_pmeth.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -213,6 +213,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
		return ret;
		}

		#ifndef OPENSSL_NO_ECDH
		static int pkey_ec_derive(EVP_PKEY_CTX ctx, unsigned char key, size_t *keylen)
		{
		int ret;
		@@ -288,6 +289,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
		}
		return rv;
		}
		#endif

		static int pkey_ec_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
		{
		@@ -316,6 +318,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
		EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
		return 1;

		#ifndef OPENSSL_NO_ECDH
		case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
		if (p1 == -2)
		{
		@@ -357,6 +360,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
		dctx->co_key = NULL;
		}
		return 1;
		#endif

		case EVP_PKEY_CTRL_EC_KDF_TYPE:
		if (p1 == -2)
		@@ -556,7 +560,11 @@ const EVP_PKEY_METHOD ec_pkey_meth =
		0,0,

		0,
		#ifndef OPENSSL_NO_ECDH
		pkey_ec_kdf_derive,
		#else
		0,
		#endif

		pkey_ec_ctrl,
		pkey_ec_ctrl_str

ssl/s3_lib.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -3484,9 +3484,11 @@ long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
		case SSL_CTRL_GET_SHARED_CURVE:
		return tls1_shared_curve(s, larg);

		#ifndef OPENSSL_NO_ECDH
		case SSL_CTRL_SET_ECDH_AUTO:
		s->cert->ecdh_tmp_auto = larg;
		return 1;
		#endif
		#endif
		case SSL_CTRL_SET_SIGALGS:
		return tls1_set_sigalgs(s->cert, parg, larg, 0);
		@@ -3558,7 +3560,7 @@ long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
		EVP_PKEY *ptmp;
		int rv = 0;
		sc = s->session->sess_cert;
		#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
		#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
		if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
		&& !sc->peer_ecdh_tmp)
		return 0;
		@@ -3899,9 +3901,11 @@ long ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
		return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
		&ctx->tlsext_ellipticcurvelist_length,
		parg);
		#ifndef OPENSSL_NO_ECDH
		case SSL_CTRL_SET_ECDH_AUTO:
		ctx->cert->ecdh_tmp_auto = larg;
		return 1;
		#endif
		#endif
		case SSL_CTRL_SET_SIGALGS:
		return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
		@@ -4200,10 +4204,12 @@ SSL_CIPHER ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) *clnt,

		#ifndef OPENSSL_NO_TLSEXT
		#ifndef OPENSSL_NO_EC
		#ifndef OPENSSL_NO_ECDH
		/* if we are considering an ECC cipher suite that uses
		* an ephemeral EC key check it */
		if (alg_k & SSL_kEECDH)
		ok = ok && tls1_check_ec_tmp_key(s, c->id);
		#endif /* OPENSSL_NO_ECDH */
		#endif /* OPENSSL_NO_EC */
		#endif /* OPENSSL_NO_TLSEXT */

ssl/ssl_ciph.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -1420,6 +1420,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD meth, CERT c,
		return 0;
		}

		#ifndef OPENSSL_NO_ECDH
		switch(suiteb_flags)
		{
		case SSL_CERT_FLAG_SUITEB_128_LOS:
		@@ -1438,6 +1439,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD meth, CERT c,
		/* Set auto ECDH parameter determination */
		c->ecdh_tmp_auto = 1;
		return 1;
		#else
		SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
		return 0;
		#endif
		}
		#endif

ssl/ssl_lib.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -2355,8 +2355,10 @@ void ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher)
		x = cpk->x509;
		/* This call populates extension flags (ex_flags) */
		X509_check_purpose(x, -1, 0);
		#ifndef OPENSSL_NO_ECDH
		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
		(x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
		#endif
		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
		(x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
		if (!(cpk->valid_flags & CERT_PKEY_SIGN))

ssl/ssl_locl.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -1301,7 +1301,9 @@ int tls1_set_curves(unsigned char *pext, size_t pextlen,
		int *curves, size_t ncurves);
		int tls1_set_curves_list(unsigned char *pext, size_t pextlen,
		const char *str);
		#ifndef OPENSSL_NO_ECDH
		int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
		#endif /* OPENSSL_NO_ECDH */
		#endif /* OPENSSL_NO_EC */

		#ifndef OPENSSL_NO_TLSEXT