From 79df9d62721467927c81f1fa91568340e873ee9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Tue, 27 Apr 1999 03:19:12 +0000 Subject: [PATCH] New Configure option no- (rsa, idea, rc5, ...). --- Configure | 2 +- crypto/rsa/rsa_eay.c | 4 ++++ crypto/rsa/rsa_oaep.c | 2 ++ rsaref/rsaref.c | 3 ++- rsaref/rsaref.h | 2 ++ ssl/s23_clnt.c | 8 +++++++- ssl/s23_srvr.c | 8 +++++++- ssl/s2_clnt.c | 3 ++- ssl/s2_lib.c | 3 ++- ssl/s2_meth.c | 3 ++- ssl/s2_srvr.c | 3 ++- ssl/s3_clnt.c | 22 +++++++++++++++++++--- ssl/s3_srvr.c | 2 ++ ssl/ssl.h | 12 ++++++++++-- ssl/ssl3.h | 3 ++- ssl/ssl_lib.c | 14 ++++++++++---- ssl/ssl_locl.h | 7 +++++-- ssl/ssltest.c | 14 +++++++++----- 18 files changed, 90 insertions(+), 25 deletions(-) diff --git a/Configure b/Configure index 4ea12475d5..349bc7f7f7 100755 --- a/Configure +++ b/Configure @@ -20,7 +20,7 @@ my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no # rsaref use RSAref # no-asm do not use assembler # 386 generate 80386 code -# no-CIPHER build without specified algorithm +# no- build without specified algorithm (rsa, idea, rc5, ...) # -D, -L, -l, -f, -K: compiler options are passed through # # DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index ebe4ed273c..4525e6676c 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -115,9 +115,11 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from, case RSA_PKCS1_PADDING: i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); break; +#ifndef NO_SHA case RSA_PKCS1_OAEP_PADDING: i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); break; +#endif case RSA_SSLV23_PADDING: i=RSA_padding_add_SSLv23(buf,num,from,flen); break; @@ -299,9 +301,11 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, case RSA_PKCS1_PADDING: r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); break; +#ifndef NO_SHA case RSA_PKCS1_OAEP_PADDING: r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); break; +#endif case RSA_SSLV23_PADDING: r=RSA_padding_check_SSLv23(to,num,buf,j,num); break; diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 1b70011226..e3c7444ac4 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -4,6 +4,7 @@ /* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ +#ifndef NO_SHA #include #include "cryptlib.h" #include @@ -156,3 +157,4 @@ int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) } return (0); } +#endif diff --git a/rsaref/rsaref.c b/rsaref/rsaref.c index 0b4fb77232..b070c5684c 100644 --- a/rsaref/rsaref.c +++ b/rsaref/rsaref.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#ifndef NO_RSA #include #include "cryptlib.h" #include @@ -296,4 +297,4 @@ err: memset(&rnd,0,sizeof(rnd)); return(outlen); } - +#endif diff --git a/rsaref/rsaref.h b/rsaref/rsaref.h index bbc314fbbd..817c6cec75 100644 --- a/rsaref/rsaref.h +++ b/rsaref/rsaref.h @@ -59,6 +59,7 @@ #ifndef HEADER_RSAREF_H #define HEADER_RSAREF_H +#ifndef NO_RSA #include /* RSAeuro */ @@ -128,6 +129,7 @@ int R_RandomFinal(RSARandomState *rnd); void ERR_load_RSAREF_strings(void ); RSA_METHOD *RSA_PKCS1_RSAref(void ); +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index fc263d1e23..36f609bd09 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -68,9 +68,11 @@ static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); static SSL_METHOD *ssl23_get_client_method(int ver) { +#ifndef NO_RSA if (ver == SSL2_VERSION) return(SSLv2_client_method()); - else if (ver == SSL3_VERSION) +#endif + if (ver == SSL3_VERSION) return(SSLv3_client_method()); else if (ver == TLS1_VERSION) return(TLSv1_client_method()); @@ -320,6 +322,9 @@ static int ssl23_get_server_hello(SSL *s) if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && (p[5] == 0x00) && (p[6] == 0x02)) { +#ifdef NO_RSA + goto err; +#else /* we are talking sslv2 */ /* we need to clean up the SSLv3 setup and put in the * sslv2 stuff. */ @@ -375,6 +380,7 @@ static int ssl23_get_server_hello(SSL *s) s->method=SSLv2_client_method(); s->handshake_func=s->method->ssl_connect; +#endif } else if ((p[0] == SSL3_RT_HANDSHAKE) && (p[1] == SSL3_VERSION_MAJOR) && diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 9825367062..e74e019f1d 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -67,9 +67,11 @@ static SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); static SSL_METHOD *ssl23_get_server_method(int ver) { +#ifndef NO_RSA if (ver == SSL2_VERSION) return(SSLv2_server_method()); - else if (ver == SSL3_VERSION) +#endif + if (ver == SSL3_VERSION) return(SSLv3_server_method()); else if (ver == TLS1_VERSION) return(TLSv1_server_method()); @@ -404,6 +406,9 @@ next_bit: if (type == 1) { +#ifdef NO_RSA + goto err; +#else /* we are talking sslv2 */ /* we need to clean up the SSLv3/TLSv1 setup and put in the * sslv2 stuff. */ @@ -442,6 +447,7 @@ next_bit: s->method=SSLv2_server_method(); s->handshake_func=s->method->ssl_accept; +#endif } if ((type == 2) || (type == 3)) diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 7818d683ce..e2e6a2b45f 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#ifndef NO_RSA #include #include #include @@ -963,4 +964,4 @@ end: EVP_PKEY_free(pkey); return(i); } - +#endif diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index ad23ce1dc5..e56901bacf 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#ifndef NO_RSA #include #include #include @@ -414,4 +415,4 @@ int ssl2_shutdown(SSL *s) s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return(1); } - +#endif diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index 9d03c83cb4..e2add164dd 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#ifndef NO_RSA #include #include #include "ssl_locl.h" @@ -85,4 +86,4 @@ SSL_METHOD *SSLv2_method(void) } return(&SSLv2_data); } - +#endif diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 9643af65b6..e7eff6f613 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#ifndef NO_RSA #include #include #include @@ -940,4 +941,4 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); return(i); } - +#endif diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 603de04273..327c4dd134 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -828,7 +828,9 @@ static int ssl3_get_key_exchange(SSL *s) int al,i,j,param_len,ok; long n,alg; EVP_PKEY *pkey=NULL; +#ifndef NO_RSA RSA *rsa=NULL; +#endif #ifndef NO_DH DH *dh=NULL; #endif @@ -1287,10 +1289,13 @@ static int ssl3_get_server_done(SSL *s) static int ssl3_send_client_key_exchange(SSL *s) { - unsigned char *p,*q,*d; + unsigned char *p,*d; int n; unsigned long l; +#ifndef NO_RSA + unsigned char *q; EVP_PKEY *pkey=NULL; +#endif if (s->state == SSL3_ST_CW_KEY_EXCH_A) { @@ -1440,7 +1445,9 @@ static int ssl3_send_client_verify(SSL *s) unsigned char *p,*d; unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; EVP_PKEY *pkey; +#ifndef NO_RSA int i=0; +#endif unsigned long n; #ifndef NO_DSA int j; @@ -1590,8 +1597,12 @@ static int ssl3_check_cert_and_algorithm(SSL *s) long algs; EVP_PKEY *pkey=NULL; CERT *c; +#ifndef NO_RSA RSA *rsa; +#endif +#ifndef NO_DH DH *dh; +#endif c=s->session->cert; @@ -1607,8 +1618,12 @@ static int ssl3_check_cert_and_algorithm(SSL *s) if (algs & (SSL_aDH|SSL_aNULL)) return(1); +#ifndef NO_RSA rsa=s->session->cert->rsa_tmp; +#endif +#ifndef NO_DH dh=s->session->cert->dh_tmp; +#endif /* This is the passed certificate */ @@ -1631,15 +1646,16 @@ static int ssl3_check_cert_and_algorithm(SSL *s) goto f_err; } #endif - +#ifndef NO_RSA if ((algs & SSL_kRSA) && !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); goto f_err; } +#endif #ifndef NO_DH - else if ((algs & SSL_kEDH) && + if ((algs & SSL_kEDH) && !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 513f1091aa..0379cc58c5 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1183,8 +1183,10 @@ static int ssl3_get_client_key_exchange(SSL *s) long n; unsigned long l; unsigned char *p; +#ifndef NO_RSA RSA *rsa=NULL; EVP_PKEY *pkey=NULL; +#endif #ifndef NO_DH BIGNUM *pub=NULL; DH *dh_srvr; diff --git a/ssl/ssl.h b/ssl/ssl.h index 664e72e64f..768a836b2e 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -852,7 +852,9 @@ int SSL_get_verify_mode(SSL *s); int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)); +#ifndef NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +#endif int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); @@ -912,7 +914,9 @@ int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *); void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg); +#ifndef NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +#endif int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, @@ -1046,17 +1050,21 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) /* NB: the keylength is only applicable when export is true */ +#ifndef NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export, int keylength)); -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh)(SSL *ssl,int export,int keylength)); void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl,int export, int keylength)); +#endif +#ifndef NO_DH +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh)(SSL *ssl,int export,int keylength)); void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl,int export,int keylength)); +#endif #ifdef HEADER_COMP_H int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 36f135182b..2a9714fc19 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -322,8 +322,9 @@ typedef struct ssl3_ctx_st /* used to hold the new cipher we are going to use */ SSL_CIPHER *new_cipher; +#ifndef NO_DH DH *dh; - +#endif /* used when SSL_ST_FLUSH_DATA is entered */ int next_state; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3560c7c189..a237dda84a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1762,9 +1762,17 @@ int SSL_want(SSL *s) * \param cb the callback */ +#ifndef NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export, int keylength)) { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); } +#endif + +#ifndef NO_RSA +void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int export, + int keylength)) + { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); } +#endif #ifdef DOXYGEN /*! @@ -1787,17 +1795,15 @@ RSA *cb(SSL *ssl,int export,int keylength) * \param dh the callback */ +#ifndef NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export, int keylength)) { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); } -void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,int export, - int keylength)) - { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); } - void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int export, int keylength)) { SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); } +#endif #if defined(_WINDLL) && defined(WIN16) #include "../crypto/bio/bss_file.c" diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 0227486a8e..28e05615fa 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -273,15 +273,18 @@ typedef struct cert_st int valid; unsigned long mask; unsigned long export_mask; - +#ifndef NO_RSA RSA *rsa_tmp; + RSA *(*rsa_tmp_cb)(SSL *ssl,int export,int keysize); +#endif +#ifndef NO_DH DH *dh_tmp; /* FIXME: Although rsa_tmp and dh_tmp are properties of the cert, callbacks probably aren't, and besides only the context default cert's callbacks are actually used. Too close to a release to fix this now - Ben 6 Mar 1999 */ - RSA *(*rsa_tmp_cb)(SSL *ssl,int export,int keysize); DH *(*dh_tmp_cb)(SSL *ssl,int export,int keysize); +#endif CERT_PKEY pkeys[SSL_PKEY_NUM]; STACK_OF(X509) *cert_chain; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 1506a28383..54f2458345 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -70,12 +70,18 @@ #include "../crypto/bio/bss_file.c" #endif +#if defined(NO_RSA) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + #define TEST_SERVER_CERT "../apps/server.pem" #define TEST_CLIENT_CERT "../apps/client.pem" int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); +#ifndef NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength); -#ifndef NO_DSA +#endif +#ifndef NO_DH static DH *get_dh512(void); #endif BIO *bio_err=NULL; @@ -710,6 +716,7 @@ static DH *get_dh512(void) } #endif +#ifndef NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength) { static RSA *rsa_tmp=NULL; @@ -718,13 +725,10 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength) { BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); BIO_flush(bio_err); -#ifndef NO_RSA rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); -#endif BIO_printf(bio_err,"\n"); BIO_flush(bio_err); } return(rsa_tmp); } - - +#endif -- GitLab