Fix 'no-ecdh' build

author Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Fri, 9 Nov 2018 20:37:38 +0000 (21:37 +0100)

committer Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Fri, 9 Nov 2018 23:45:24 +0000 (00:45 +0100)
author Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Fri, 9 Nov 2018 20:37:38 +0000 (21:37 +0100)
committer Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Fri, 9 Nov 2018 23:45:24 +0000 (00:45 +0100)
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index ccdf00fa1b3f83a3c4b769de2d18917c06dd959e..e5a500d7298f7988743d6ba02b44a2c7e2801b01 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1406,11 +1406,17 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
  static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                                      const char **prule_str)
  {
-    unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
+    unsigned int suiteb_flags = 0;
+# ifndef OPENSSL_NO_ECDH
+    unsigned int suiteb_comb2 = 0;
+#endif
+
      if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
          suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
      } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
+# ifndef OPENSSL_NO_ECDH
          suiteb_comb2 = 1;
+# endif
          suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
      } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
          suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index aa0cbdb987201134b644326e77a2fc650dd969d4..cfcfe76b9ce182e14311d7a379d101f85a28161e 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2259,10 +2259,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
      int rsa_tmp_export, dh_tmp_export, kl;
      unsigned long mask_k, mask_a, emask_k, emask_a;
  #ifndef OPENSSL_NO_ECDSA
-    int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
+    int have_ecc_cert, ecdsa_ok;
  #endif
  #ifndef OPENSSL_NO_ECDH
-    int have_ecdh_tmp, ecdh_ok;
+    int have_ecdh_tmp, ecdh_ok, ecc_pkey_size;
  #endif
  #ifndef OPENSSL_NO_EC
      X509 *x = NULL;
@@ -2405,7 +2405,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
          if (!(cpk->valid_flags & CERT_PKEY_SIGN))
              ecdsa_ok = 0;
          ecc_pkey = X509_get_pubkey(x);
+# ifndef OPENSSL_NO_ECDH
          ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;
+# endif
          EVP_PKEY_free(ecc_pkey);
          if ((x->sig_alg) && (x->sig_alg->algorithm)) {
              signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
@@ -2467,7 +2469,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
  #define ku_reject(x, usage) \
          (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
  
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_ECDH
  
  int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
  {
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 8cb8816f9b13ffa03d0ad011151dd6530f3ca538..55f918d10851b782373ec2e239552e615c17a4d6 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -500,7 +500,11 @@ static int tls1_get_curvelist(SSL *s, int sess,
              } else
  # endif
              {
-                if (!s->server || s->cert->ecdh_tmp_auto) {
+                if (!s->server
+# ifndef OPENSSL_NO_ECDH
+                        || s->cert->ecdh_tmp_auto
+# endif
+                    ) {
                      *pcurves = eccurves_auto;
                      pcurveslen = sizeof(eccurves_auto);
                  } else {
author	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
	Fri, 9 Nov 2018 20:37:38 +0000 (21:37 +0100)
committer	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
	Fri, 9 Nov 2018 23:45:24 +0000 (00:45 +0100)
ssl/ssl_ciph.c		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history