Amend: Allow for conditional compilation of SSL 3.0 protocol

This patch makes conditional several more SSL 3.0-only parts of codebase.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-05-20 14:54:38 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-05-20 14:54:38 +0200
commit: 369a364007a141c73831e95b60be4cd81eec0d63 (patch)
tree: cf53ab4952fa42a08ee27ecaa2f4e235ecc95f56 /lib
parent: 1445215a1210df12df28fe0faf48972d0c095857 (diff)
download: gnutls-369a364007a141c73831e95b60be4cd81eec0d63.tar.gz
6 files changed, 26 insertions, 5 deletions
diff --git a/lib/cipher.c b/lib/cipher.c
index 04507d12e6..50096df6c4 100644
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -265,7 +265,10 @@ make_preamble(uint8_t * uint64_data, uint8_t type, unsigned int length,
 	p += 8;
 	*p = type;
 	p++;
-	if (ver->id != GNUTLS_SSL3) {	/* TLS protocols */
+#ifdef ENABLE_SSL3
+	if (ver->id != GNUTLS_SSL3)
+#endif
+	{	/* TLS protocols */
 		*p = ver->major;
 		p++;
 		*p = ver->minor;
@@ -739,7 +742,9 @@ ciphertext_to_compressed(gnutls_session_t session,
 			 * Note that we access all 256 bytes of ciphertext for padding check
 			 * because there is a timing channel in that memory access (in certain CPUs).
 			 */
+#ifdef ENABLE_SSL3
 			if (ver->id != GNUTLS_SSL3)
+#endif
 				for (i = 2; i <= MIN(256, ciphertext->size); i++) {
 					tmp_pad_failed |=
 					    (compressed->
diff --git a/lib/cipher_int.c b/lib/cipher_int.c
index 4e3e50373a..6482e00bc5 100644
--- a/lib/cipher_int.c
+++ b/lib/cipher_int.c
@@ -173,7 +173,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
 			     const mac_entry_st * me,
 			     const gnutls_datum_t * mac_key,
 			     unsigned etm,
+#ifdef ENABLE_SSL3
 			     unsigned ssl_hmac,
+#endif
 			     int enc)
 {
 	int ret;
diff --git a/lib/cipher_int.h b/lib/cipher_int.h
index a7415757b5..26175dc3bd 100644
--- a/lib/cipher_int.h
+++ b/lib/cipher_int.h
@@ -208,7 +208,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
 			     const mac_entry_st * me,
 			     const gnutls_datum_t * mac_key,
 			     unsigned etm,
+#ifdef ENABLE_SSL3
 			     unsigned ssl_hmac,
+#endif
 			     int enc);
 
 int _gnutls_auth_cipher_add_auth(auth_cipher_hd_st * handle,
diff --git a/lib/constate.c b/lib/constate.c
index 4c4fa3dfc5..16ca0ae791 100644
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -211,7 +211,9 @@ _gnutls_init_record_state(record_parameters_st * params,
 				       params->cipher, &state->key, iv,
 				       params->mac, &state->mac_secret,
 				       params->etm,
+#ifdef ENABLE_SSL3
 				       (ver->id == GNUTLS_SSL3) ? 1 : 0,
+#endif
 				       1 - read /*1==encrypt */ );
 	if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
 		return gnutls_assert_val(ret);
diff --git a/lib/kx.c b/lib/kx.c
index 568f877a52..dc0bef847e 100644
--- a/lib/kx.c
+++ b/lib/kx.c
@@ -192,8 +192,10 @@ generate_normal_master(gnutls_session_t session,
 		ret = _gnutls_handshake_get_session_hash(session, &shash);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
+#ifdef ENABLE_SSL3
 		if (get_num_version(session) == GNUTLS_SSL3)
 			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+#endif
 
 		ret =
 		    _gnutls_PRF(session, premaster->data, premaster->size,
@@ -413,7 +415,10 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
 	_gnutls_buffer_init(&data);
 
 	if (again == 0) {
-		if (get_num_version(session) != GNUTLS_SSL3 ||
+		if (
+#ifdef ENABLE_SSL3
+		    get_num_version(session) != GNUTLS_SSL3 ||
+#endif
 		    session->internals.selected_cert_list_length > 0) {
 			/* TLS 1.0 or SSL 3.0 with a valid certificate 
 			 */
@@ -429,6 +434,7 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
 		}
 	}
 
+#ifdef ENABLE_SSL3
 	/* In the SSL 3.0 protocol we need to send a
 	 * no certificate alert instead of an
 	 * empty certificate.
@@ -439,11 +445,11 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again)
 		    gnutls_alert_send(session, GNUTLS_AL_WARNING,
 				      GNUTLS_A_SSL3_NO_CERTIFICATE);
 
-	} else {		/* TLS 1.0 or SSL 3.0 with a valid certificate 
-				 */
+	} else		/* TLS 1.0 or SSL 3.0 with a valid certificate 
+			 */
+#endif
 		ret = send_handshake(session, data.data, data.length,
 				     GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
-	}
 
       cleanup:
 	_gnutls_buffer_clear(&data);
@@ -617,6 +623,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session)
 		 * a warning alert instead of an empty certificate to indicate
 		 * no certificate.
 		 */
+#ifdef ENABLE_SSL3
 		if (optional != 0 &&
 		    ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
 		    get_num_version(session) == GNUTLS_SSL3 &&
@@ -629,6 +636,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session)
 			gnutls_assert();
 			return 0;
 		}
+#endif
 
 		/* certificate was required 
 		 */
diff --git a/lib/range.c b/lib/range.c
index a29c3bfee1..c12d98e0d9 100644
--- a/lib/range.c
+++ b/lib/range.c
@@ -106,8 +106,10 @@ int gnutls_record_can_use_length_hiding(gnutls_session_t session)
 	int ret;
 	record_parameters_st *record_params;
 
+#ifdef ENABLE_SSL3
 	if (get_num_version(session) == GNUTLS_SSL3)
 		return 0;
+#endif
 
 	ret =
 	    _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-05-20 14:54:38 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-05-20 14:54:38 +0200
commit	369a364007a141c73831e95b60be4cd81eec0d63 (patch)
tree	cf53ab4952fa42a08ee27ecaa2f4e235ecc95f56 /lib
parent	1445215a1210df12df28fe0faf48972d0c095857 (diff)
download	gnutls-369a364007a141c73831e95b60be4cd81eec0d63.tar.gz