Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg

We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availability of crypto algorithms should be determined at runtime based on what providers have been loaded. Fixes #13616 Reviewed-by: N Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)

Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg
We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availability of crypto algorithms should be determined at runtime based on what providers have been loaded. Fixes #13616 Reviewed-by: N Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
e376242d · Matt Caswell · 462f4f4b · e376242d · e376242d · e376242d
6 changed file
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -194,14 +194,9 @@ extern "C" {
 * DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites()
 * Update both macro and function simultaneously
 */
-#  if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
-#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
-                                    "TLS_CHACHA20_POLY1305_SHA256:" \
-                                    "TLS_AES_128_GCM_SHA256"
-#  else
-#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                   "TLS_CHACHA20_POLY1305_SHA256:" \
                                   "TLS_AES_128_GCM_SHA256"
-#  endif
 # endif
 /*
 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always

--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -297,10 +297,8 @@ int ssl3_setup_key_block(SSL *s)
            if (s->session->cipher->algorithm_enc == SSL_eNULL)
                s->s3.need_empty_fragments = 0;

-#ifndef OPENSSL_NO_RC4
            if (s->session->cipher->algorithm_enc == SSL_RC4)
                s->s3.need_empty_fragments = 0;
-#endif
        }
    }


--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -66,7 +66,6 @@ static SSL_CIPHER tls13_ciphers[] = {
        256,
        256,
    },
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
    {
        1,
        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
@@ -83,7 +82,6 @@ static SSL_CIPHER tls13_ciphers[] = {
        256,
        256,
    },
-#endif
    {
        1,
        TLS1_3_RFC_AES_128_CCM_SHA256,
@@ -2036,7 +2034,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
     256,
     },

-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
    {
     1,
     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
@@ -2149,10 +2146,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     256,
     256,
     },
-#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
-                                 * !defined(OPENSSL_NO_POLY1305) */

-#ifndef OPENSSL_NO_CAMELLIA
    {
     1,
     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@@ -2601,7 +2595,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
     256,
     256,
     },
-#endif                          /* OPENSSL_NO_CAMELLIA */

 #ifndef OPENSSL_NO_GOST
    {
@@ -2718,7 +2711,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
     },
 #endif                          /* OPENSSL_NO_GOST */

-#ifndef OPENSSL_NO_IDEA
    {
     1,
     SSL3_TXT_RSA_IDEA_128_SHA,
@@ -2735,9 +2727,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
     128,
     128,
     },
-#endif

-#ifndef OPENSSL_NO_SEED
    {
     1,
     TLS1_TXT_RSA_WITH_SEED_SHA,
@@ -2802,7 +2792,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
     128,
     128,
     },
-#endif                          /* OPENSSL_NO_SEED */

 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
    {
@@ -2967,7 +2956,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
     },
 #endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */

-#ifndef OPENSSL_NO_ARIA
    {
     1,
     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
@@ -3224,7 +3212,6 @@ static SSL_CIPHER ssl3_ciphers[] = {
     256,
     256,
     },
-#endif /* OPENSSL_NO_ARIA */
 };

 /*
@@ -4120,9 +4107,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
    STACK_OF(SSL_CIPHER) *prio, *allow;
    int i, ii, ok, prefer_sha256 = 0;
    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
-#ifndef OPENSSL_NO_CHACHA
    STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
-#endif

    /* Let's see which ciphers we can support */

@@ -4155,7 +4140,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
        prio = srvr;
        allow = clnt;
-#ifndef OPENSSL_NO_CHACHA
+
        /* If ChaCha20 is at the top of the client preference list,
           and there are ChaCha20 ciphers in the server list, then
           temporarily prioritize all ChaCha20 ciphers in the servers list. */
@@ -4194,7 +4179,6 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                }
            }
        }
-# endif
    } else {
        prio = clnt;
        allow = srvr;
@@ -4308,9 +4292,9 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
            break;
        }
    }
-#ifndef OPENSSL_NO_CHACHA
+
    sk_SSL_CIPHER_free(prio_chacha);
-#endif
+
    return ret;
 }


--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -2215,8 +2215,6 @@ const char *OSSL_default_cipher_list(void)
 const char *OSSL_default_ciphersuites(void)
 {
    return "TLS_AES_256_GCM_SHA384:"
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
           "TLS_CHACHA20_POLY1305_SHA256:"
-#endif
           "TLS_AES_128_GCM_SHA256";
 }
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -597,10 +597,8 @@ int tls1_setup_key_block(SSL *s)
            if (s->session->cipher->algorithm_enc == SSL_eNULL)
                s->s3.need_empty_fragments = 0;

-#ifndef OPENSSL_NO_RC4
            if (s->session->cipher->algorithm_enc == SSL_RC4)
                s->s3.need_empty_fragments = 0;
-#endif
        }
    }


--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -981,14 +981,14 @@ static const uint16_t tls12_sigalgs[] = {

    TLSEXT_SIGALG_rsa_pkcs1_sha224,
    TLSEXT_SIGALG_rsa_pkcs1_sha1,
-#ifndef OPENSSL_NO_DSA
+
    TLSEXT_SIGALG_dsa_sha224,
    TLSEXT_SIGALG_dsa_sha1,

    TLSEXT_SIGALG_dsa_sha256,
    TLSEXT_SIGALG_dsa_sha384,
    TLSEXT_SIGALG_dsa_sha512,
-#endif
+
 #ifndef OPENSSL_NO_GOST
    TLSEXT_SIGALG_gostr34102012_256_intrinsic,
    TLSEXT_SIGALG_gostr34102012_512_intrinsic,
@@ -1059,7 +1059,6 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
    {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
     NID_sha1WithRSAEncryption, NID_undef, 1},
-#ifndef OPENSSL_NO_DSA
    {NULL, TLSEXT_SIGALG_dsa_sha256,
     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
     NID_dsa_with_SHA256, NID_undef, 1},
@@ -1075,7 +1074,6 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
    {NULL, TLSEXT_SIGALG_dsa_sha1,
     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
     NID_dsaWithSHA1, NID_undef, 1},
-#endif
 #ifndef OPENSSL_NO_GOST
    {NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic,
     NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,