remove encrypt then mac ifdefs

Reviewed-by: N Rich Salz <rsalz@openssl.org>

remove encrypt then mac ifdefs
Reviewed-by: N Rich Salz <rsalz@openssl.org>
77ab2b01 · Dr. Stephen Henson · f3fcd4d5 · 77ab2b01 · 77ab2b01
隐藏空白更改
内联并排

Showing with 0 addition and 16 deletion

ssl/ssl_locl.h ssl/ssl_locl.h +0 -4

ssl/t1_lib.c ssl/t1_lib.c +0 -12

未找到文件。
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -363,11 +363,7 @@
 # define SSL_CLIENT_USE_SIGALGS(s)        \
    SSL_CLIENT_USE_TLS1_2_CIPHERS(s)

-# ifdef TLSEXT_TYPE_encrypt_then_mac
 #  define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC)
-# else
-#  define SSL_USE_ETM(s) (0)
-# endif

 /* Mostly for SSLv3 */
 # define SSL_PKEY_RSA_ENC        0

--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1367,10 +1367,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
    /* Add custom TLS Extensions to ClientHello */
    if (!custom_ext_add(s, 0, &ret, limit, al))
        return NULL;
-#ifdef TLSEXT_TYPE_encrypt_then_mac
    s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
    s2n(0, ret);
-#endif
 #ifndef OPENSSL_NO_CT
    if (s->ct_validation_callback != NULL) {
        s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret);
@@ -1597,7 +1595,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
 #endif
    if (!custom_ext_add(s, 1, &ret, limit, al))
        return NULL;
-#ifdef TLSEXT_TYPE_encrypt_then_mac
    if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) {
        /*
         * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
@@ -1613,7 +1610,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
            s2n(0, ret);
        }
    }
-#endif
    if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
        s2n(TLSEXT_TYPE_extended_master_secret, ret);
        s2n(0, ret);
@@ -1826,9 +1822,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
    /* Clear any signature algorithms extension received */
    OPENSSL_free(s->s3->tmp.peer_sigalgs);
    s->s3->tmp.peer_sigalgs = NULL;
-#ifdef TLSEXT_TYPE_encrypt_then_mac
    s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
-#endif

 #ifndef OPENSSL_NO_SRP
    OPENSSL_free(s->srp_ctx.login);
@@ -2165,10 +2159,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
                return 0;
        }
 #endif
-#ifdef TLSEXT_TYPE_encrypt_then_mac
        else if (type == TLSEXT_TYPE_encrypt_then_mac)
            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
-#endif
        /*
         * Note: extended master secret extension handled in
         * tls_check_serverhello_tlsext_early()
@@ -2268,9 +2260,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
                             SSL_DTLSEXT_HB_DONT_SEND_REQUESTS);
 #endif

-#ifdef TLSEXT_TYPE_encrypt_then_mac
    s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
-#endif

    s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;

@@ -2482,14 +2472,12 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
                return 0;
        }
 #endif
-#ifdef TLSEXT_TYPE_encrypt_then_mac
        else if (type == TLSEXT_TYPE_encrypt_then_mac) {
            /* Ignore if inappropriate ciphersuite */
            if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
                && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4)
                s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
        }
-#endif
        else if (type == TLSEXT_TYPE_extended_master_secret) {
            s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
            if (!s->hit)