Amend: Allow for conditional compilation of SSL 3.0 protocol

This patch makes conditional several more SSL 3.0-only parts of codebase.

diff --git a/lib/cipher.c b/lib/cipher.c
index 04507d12e6cd5fb01cbd9ebedfef5bffba7dd419..50096df6c43d8bb632dde12e62087d2b1fcd69e8 100644 (file)
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -265,7 +265,10 @@ make_preamble(uint8_t * uint64_data, uint8_t type, unsigned int length,
        p += 8;
        *p = type;
        p++;
-       if (ver->id != GNUTLS_SSL3) {   /* TLS protocols */
+#ifdef ENABLE_SSL3
+       if (ver->id != GNUTLS_SSL3)
+#endif
+       {       /* TLS protocols */
                *p = ver->major;
                p++;
                *p = ver->minor;
@@ -739,7 +742,9 @@ ciphertext_to_compressed(gnutls_session_t session,
                         * Note that we access all 256 bytes of ciphertext for padding check
                         * because there is a timing channel in that memory access (in certain CPUs).
                         */
+#ifdef ENABLE_SSL3
                        if (ver->id != GNUTLS_SSL3)
+#endif
                                for (i = 2; i <= MIN(256, ciphertext->size); i++) {
                                        tmp_pad_failed |=
                                            (compressed->

diff --git a/lib/cipher_int.c b/lib/cipher_int.c
index 4e3e50373aebc3d9a1c96a8b953a6baf2a056415..6482e00bc590b726ab33a1b65e283664c1d2ac01 100644 (file)
--- a/lib/cipher_int.c
+++ b/lib/cipher_int.c
@@ -173,7 +173,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
                             const mac_entry_st * me,
                             const gnutls_datum_t * mac_key,
                             unsigned etm,
+#ifdef ENABLE_SSL3
                             unsigned ssl_hmac,
+#endif
                             int enc)
 {
        int ret;

diff --git a/lib/cipher_int.h b/lib/cipher_int.h
index a7415757b5385817911a328942969ad09ab0a209..26175dc3bda13c3b4cf36798c04d987041c246c8 100644 (file)
--- a/lib/cipher_int.h
+++ b/lib/cipher_int.h
@@ -208,7 +208,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
                             const mac_entry_st * me,
                             const gnutls_datum_t * mac_key,
                             unsigned etm,
+#ifdef ENABLE_SSL3
                             unsigned ssl_hmac,
+#endif
                             int enc);
 
 int _gnutls_auth_cipher_add_auth(auth_cipher_hd_st * handle,

diff --git a/lib/constate.c b/lib/constate.c
index 4c4fa3dfc5c02fdfe6467d771ea6e26048427e3f..16ca0ae7915d2efe0a15ad0cdfb311cbe1f7a4a5 100644 (file)
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -211,7 +211,9 @@ _gnutls_init_record_state(record_parameters_st * params,
                                       params->cipher, &state->key, iv,
                                       params->mac, &state->mac_secret,
                                       params->etm,
+#ifdef ENABLE_SSL3
                                       (ver->id == GNUTLS_SSL3) ? 1 : 0,
+#endif
                                       1 - read /*1==encrypt */ );
        if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
                return gnutls_assert_val(ret);

diff --git a/lib/kx.c b/lib/kx.c
index 568f877a52fb9ee84a3e41ce6cc0b84b639b444a..dc0bef847e890b796c9d1099639eee1f7aae5af3 100644 (file)
--- a/lib/kx.c
+++ b/lib/kx.c
@@ -192,8 +192,10 @@ generate_normal_master(gnutls_session_t session,
                ret = _gnutls_handshake_get_session_hash(session, &shash);
                if (ret < 0)
                        return gnutls_assert_val(ret);
+#ifdef ENABLE_SSL3
                if (get_num_version(session) == GNUTLS_SSL3)
                        return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+#endif
 
                ret =
                    _gnutls_PRF(session, premaster->data, premaster->size,
@@ -413,7 +415,10 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
        _gnutls_buffer_init(&data);
 
        if (again == 0) {
-               if (get_num_version(session) != GNUTLS_SSL3 ||
+               if (
+#ifdef ENABLE_SSL3
+                   get_num_version(session) != GNUTLS_SSL3 ||
+#endif
                    session->internals.selected_cert_list_length > 0) {
                        /* TLS 1.0 or SSL 3.0 with a valid certificate 
                         */
@@ -429,6 +434,7 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
                }
        }
 
+#ifdef ENABLE_SSL3
        /* In the SSL 3.0 protocol we need to send a
         * no certificate alert instead of an
         * empty certificate.
@@ -439,11 +445,11 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
                    gnutls_alert_send(session, GNUTLS_AL_WARNING,
                                      GNUTLS_A_SSL3_NO_CERTIFICATE);
 
-       } else {                /* TLS 1.0 or SSL 3.0 with a valid certificate 
-                                */
+       } else          /* TLS 1.0 or SSL 3.0 with a valid certificate 
+                        */
+#endif
                ret = send_handshake(session, data.data, data.length,
                                     GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
-       }
 
       cleanup:
        _gnutls_buffer_clear(&data);
@@ -617,6 +623,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session)
                 * a warning alert instead of an empty certificate to indicate
                 * no certificate.
                 */
+#ifdef ENABLE_SSL3
                if (optional != 0 &&
                    ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
                    get_num_version(session) == GNUTLS_SSL3 &&
@@ -629,6 +636,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session)
                        gnutls_assert();
                        return 0;
                }
+#endif
 
                /* certificate was required 
                 */

diff --git a/lib/range.c b/lib/range.c
index a29c3bfee1a1b663e840b90f66f79e9c418f491d..c12d98e0d9d526ca2efb8dd1c1e900b2bab36baf 100644 (file)
--- a/lib/range.c
+++ b/lib/range.c
@@ -106,8 +106,10 @@ int gnutls_record_can_use_length_hiding(gnutls_session_t session)
        int ret;
        record_parameters_st *record_params;
 
+#ifdef ENABLE_SSL3
        if (get_num_version(session) == GNUTLS_SSL3)
                return 0;
+#endif
 
        ret =
            _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,