ssl3_cleanup_key_block(s);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3.peer_tmp);
s->s3.peer_tmp = NULL;
EVP_PKEY_free(s->s3.tmp.pkey);
s->s3.tmp.pkey = NULL;
-#endif
ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
ssl_evp_md_free(s->s3.tmp.new_hash);
OPENSSL_free(s->s3.tmp.peer_sigalgs);
OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3.tmp.pkey);
EVP_PKEY_free(s->s3.peer_tmp);
-#endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s);
case SSL_CTRL_GET_FLAGS:
ret = (int)(s->s3.flags);
break;
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH:
{
EVP_PKEY *pkdh = NULL;
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
return 1;
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
if (parg == NULL) {
}
return ssl_cert_set_current(s->cert, larg);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_GET_GROUPS:
{
uint16_t *clist;
case SSL_CTRL_GET_NEGOTIATED_GROUP:
ret = tls1_group_id2nid(s->s3.group_id, 1);
break;
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
return 1;
case SSL_CTRL_GET_PEER_TMP_KEY:
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3.peer_tmp == NULL) {
return 0;
} else {
*(EVP_PKEY **)parg = s->s3.peer_tmp;
return 1;
}
-#else
- return 0;
-#endif
case SSL_CTRL_GET_TMP_KEY:
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3.tmp.pkey == NULL) {
return 0;
} else {
*(EVP_PKEY **)parg = s->s3.tmp.pkey;
return 1;
}
-#else
- return 0;
-#endif
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
int ret = 0;
switch (cmd) {
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
ret = 1;
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
switch (cmd) {
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH:
{
EVP_PKEY *pkdh = NULL;
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return 1;
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
if (parg == NULL) {
break;
#endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_SET_GROUPS:
return tls1_set_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
parg);
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
switch (cmd) {
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
{
ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
goto err;
}
-#ifndef OPENSSL_NO_DH
- if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
+ if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
EVP_PKEY_CTX_set_dh_pad(pctx, 1);
-#endif
pms = OPENSSL_malloc(pmslen);
if (pms == NULL) {
return;
dh_tmp = (c->dh_tmp != NULL
-#ifndef OPENSSL_NO_DH
|| c->dh_tmp_cb != NULL
-#endif
|| c->dh_tmp_auto);
rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
return s->rwstate;
}
-/**
- * \brief Set the callback for generating temporary DH keys.
- * \param ctx the SSL context.
- * \param dh the callback
- */
-
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*dh) (SSL *ssl, int is_export,
- int keylength))
-{
- SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
-}
-
-void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
- int keylength))
-{
- SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
-}
-#endif
-
#ifndef OPENSSL_NO_PSK
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
{
}
/* Some deprecated public APIs pass DH objects */
-# ifndef OPENSSL_NO_DH
EVP_PKEY *ssl_dh_to_pkey(DH *dh)
{
+# ifndef OPENSSL_NO_DH
EVP_PKEY *ret;
if (dh == NULL)
return NULL;
}
return ret;
-}
+# else
+ return NULL;
# endif
+}
/* Some deprecated public APIs pass EC_KEY objects */
-# ifndef OPENSSL_NO_EC
int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
void *key)
{
+# ifndef OPENSSL_NO_EC
const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
int nid;
if (nid == NID_undef)
return 0;
return tls1_set_groups(pext, pextlen, &nid, 1);
+# else
+ return 0;
+# endif
+}
+
+/*
+ * Set the callback for generating temporary DH keys.
+ * ctx: the SSL context.
+ * dh: the callback
+ */
+# if !defined(OPENSSL_NO_DH)
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+
+void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
}
# endif
-#endif
+#endif /* OPENSSL_NO_DEPRECATED */