mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-23 18:13:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg

Browse Source 
We should no longer be relying on compile time checks in libssl for
the availability of crypto algorithms. The availability of crypto
algorithms should be determined at runtime based on what providers have
been loaded.

Fixes #13616

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
This commit is contained in:
Matt Caswell 2021-01-20 15:29:59 +00:00
parent 462f4f4bc0
commit e376242d28
6 changed files with 7 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/openssl/ssl.h.in
View File

@ -194,14 +194,9 @@ extern "C" {
* DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites()
* Update both macro and function simultaneously
*/
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
"TLS_CHACHA20_POLY1305_SHA256:" \
"TLS_AES_128_GCM_SHA256"
# else
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
"TLS_CHACHA20_POLY1305_SHA256:" \
"TLS_AES_128_GCM_SHA256"
# endif
# endif
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always

2
ssl/s3_enc.c
View File

@ -297,10 +297,8 @@ int ssl3_setup_key_block(SSL *s)
if (s->session->cipher->algorithm_enc == SSL_eNULL)
s->s3.need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3.need_empty_fragments = 0;
#endif
}
}

22
ssl/s3_lib.c
View File

@ -66,7 +66,6 @@ static SSL_CIPHER tls13_ciphers[] = {
256,
256,
},
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
1,
TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
@ -83,7 +82,6 @@ static SSL_CIPHER tls13_ciphers[] = {
256,
256,
},
#endif
{
1,
TLS1_3_RFC_AES_128_CCM_SHA256,
@ -2036,7 +2034,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
},
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
1,
TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
@ -2149,10 +2146,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#endif /* !defined(OPENSSL_NO_CHACHA) &&
* !defined(OPENSSL_NO_POLY1305) */
#ifndef OPENSSL_NO_CAMELLIA
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@ -2601,7 +2595,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_GOST
{
@ -2718,7 +2711,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
},
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_IDEA
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
@ -2735,9 +2727,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
#endif
#ifndef OPENSSL_NO_SEED
{
1,
TLS1_TXT_RSA_WITH_SEED_SHA,
@ -2802,7 +2792,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
#endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
@ -2967,7 +2956,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
},
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
#ifndef OPENSSL_NO_ARIA
{
1,
TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
@ -3224,7 +3212,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
#endif /* OPENSSL_NO_ARIA */
};
/*
@ -4120,9 +4107,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok, prefer_sha256 = 0;
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
#ifndef OPENSSL_NO_CHACHA
STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
#endif
/* Let's see which ciphers we can support */
@ -4155,7 +4140,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
} else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
prio = srvr;
allow = clnt;
#ifndef OPENSSL_NO_CHACHA
/* If ChaCha20 is at the top of the client preference list,
and there are ChaCha20 ciphers in the server list, then
temporarily prioritize all ChaCha20 ciphers in the servers list. */
@ -4194,7 +4179,6 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
}
}
# endif
} else {
prio = clnt;
allow = srvr;
@ -4308,9 +4292,9 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
break;
}
}
#ifndef OPENSSL_NO_CHACHA
sk_SSL_CIPHER_free(prio_chacha);
#endif
return ret;
}

2
ssl/ssl_ciph.c
View File

@ -2215,8 +2215,6 @@ const char *OSSL_default_cipher_list(void)
const char *OSSL_default_ciphersuites(void)
{
return "TLS_AES_256_GCM_SHA384:"
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
"TLS_CHACHA20_POLY1305_SHA256:"
#endif
"TLS_AES_128_GCM_SHA256";
}

2
ssl/t1_enc.c
View File

@ -597,10 +597,8 @@ int tls1_setup_key_block(SSL *s)
if (s->session->cipher->algorithm_enc == SSL_eNULL)
s->s3.need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4
if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3.need_empty_fragments = 0;
#endif
}
}

6
ssl/t1_lib.c
View File

@ -981,14 +981,14 @@ static const uint16_t tls12_sigalgs[] = {
TLSEXT_SIGALG_rsa_pkcs1_sha224,
TLSEXT_SIGALG_rsa_pkcs1_sha1,
#ifndef OPENSSL_NO_DSA
TLSEXT_SIGALG_dsa_sha224,
TLSEXT_SIGALG_dsa_sha1,
TLSEXT_SIGALG_dsa_sha256,
TLSEXT_SIGALG_dsa_sha384,
TLSEXT_SIGALG_dsa_sha512,
#endif
#ifndef OPENSSL_NO_GOST
TLSEXT_SIGALG_gostr34102012_256_intrinsic,
TLSEXT_SIGALG_gostr34102012_512_intrinsic,
@ -1059,7 +1059,6 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
{"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
NID_sha1WithRSAEncryption, NID_undef, 1},
#ifndef OPENSSL_NO_DSA
{NULL, TLSEXT_SIGALG_dsa_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_dsa_with_SHA256, NID_undef, 1},
@ -1075,7 +1074,6 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
{NULL, TLSEXT_SIGALG_dsa_sha1,
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_dsaWithSHA1, NID_undef, 1},
#endif
#ifndef OPENSSL_NO_GOST
{NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic,
NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,