diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-20 14:54:38 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-20 14:54:38 +0200 |
commit | 369a364007a141c73831e95b60be4cd81eec0d63 (patch) | |
tree | cf53ab4952fa42a08ee27ecaa2f4e235ecc95f56 /lib | |
parent | 1445215a1210df12df28fe0faf48972d0c095857 (diff) | |
download | gnutls-369a364007a141c73831e95b60be4cd81eec0d63.tar.gz |
Amend: Allow for conditional compilation of SSL 3.0 protocol
This patch makes conditional several more SSL 3.0-only parts of codebase.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/cipher.c | 7 | ||||
-rw-r--r-- | lib/cipher_int.c | 2 | ||||
-rw-r--r-- | lib/cipher_int.h | 2 | ||||
-rw-r--r-- | lib/constate.c | 2 | ||||
-rw-r--r-- | lib/kx.c | 16 | ||||
-rw-r--r-- | lib/range.c | 2 |
6 files changed, 26 insertions, 5 deletions
diff --git a/lib/cipher.c b/lib/cipher.c index 04507d12e6..50096df6c4 100644 --- a/lib/cipher.c +++ b/lib/cipher.c @@ -265,7 +265,10 @@ make_preamble(uint8_t * uint64_data, uint8_t type, unsigned int length, p += 8; *p = type; p++; - if (ver->id != GNUTLS_SSL3) { /* TLS protocols */ +#ifdef ENABLE_SSL3 + if (ver->id != GNUTLS_SSL3) +#endif + { /* TLS protocols */ *p = ver->major; p++; *p = ver->minor; @@ -739,7 +742,9 @@ ciphertext_to_compressed(gnutls_session_t session, * Note that we access all 256 bytes of ciphertext for padding check * because there is a timing channel in that memory access (in certain CPUs). */ +#ifdef ENABLE_SSL3 if (ver->id != GNUTLS_SSL3) +#endif for (i = 2; i <= MIN(256, ciphertext->size); i++) { tmp_pad_failed |= (compressed-> diff --git a/lib/cipher_int.c b/lib/cipher_int.c index 4e3e50373a..6482e00bc5 100644 --- a/lib/cipher_int.c +++ b/lib/cipher_int.c @@ -173,7 +173,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle, const mac_entry_st * me, const gnutls_datum_t * mac_key, unsigned etm, +#ifdef ENABLE_SSL3 unsigned ssl_hmac, +#endif int enc) { int ret; diff --git a/lib/cipher_int.h b/lib/cipher_int.h index a7415757b5..26175dc3bd 100644 --- a/lib/cipher_int.h +++ b/lib/cipher_int.h @@ -208,7 +208,9 @@ int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle, const mac_entry_st * me, const gnutls_datum_t * mac_key, unsigned etm, +#ifdef ENABLE_SSL3 unsigned ssl_hmac, +#endif int enc); int _gnutls_auth_cipher_add_auth(auth_cipher_hd_st * handle, diff --git a/lib/constate.c b/lib/constate.c index 4c4fa3dfc5..16ca0ae791 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -211,7 +211,9 @@ _gnutls_init_record_state(record_parameters_st * params, params->cipher, &state->key, iv, params->mac, &state->mac_secret, params->etm, +#ifdef ENABLE_SSL3 (ver->id == GNUTLS_SSL3) ? 1 : 0, +#endif 1 - read /*1==encrypt */ ); if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL) return gnutls_assert_val(ret); @@ -192,8 +192,10 @@ generate_normal_master(gnutls_session_t session, ret = _gnutls_handshake_get_session_hash(session, &shash); if (ret < 0) return gnutls_assert_val(ret); +#ifdef ENABLE_SSL3 if (get_num_version(session) == GNUTLS_SSL3) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); +#endif ret = _gnutls_PRF(session, premaster->data, premaster->size, @@ -413,7 +415,10 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) _gnutls_buffer_init(&data); if (again == 0) { - if (get_num_version(session) != GNUTLS_SSL3 || + if ( +#ifdef ENABLE_SSL3 + get_num_version(session) != GNUTLS_SSL3 || +#endif session->internals.selected_cert_list_length > 0) { /* TLS 1.0 or SSL 3.0 with a valid certificate */ @@ -429,6 +434,7 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) } } +#ifdef ENABLE_SSL3 /* In the SSL 3.0 protocol we need to send a * no certificate alert instead of an * empty certificate. @@ -439,11 +445,11 @@ int _gnutls_send_client_certificate(gnutls_session_t session, int again) gnutls_alert_send(session, GNUTLS_AL_WARNING, GNUTLS_A_SSL3_NO_CERTIFICATE); - } else { /* TLS 1.0 or SSL 3.0 with a valid certificate - */ + } else /* TLS 1.0 or SSL 3.0 with a valid certificate + */ +#endif ret = send_handshake(session, data.data, data.length, GNUTLS_HANDSHAKE_CERTIFICATE_PKT); - } cleanup: _gnutls_buffer_clear(&data); @@ -617,6 +623,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session) * a warning alert instead of an empty certificate to indicate * no certificate. */ +#ifdef ENABLE_SSL3 if (optional != 0 && ret == GNUTLS_E_WARNING_ALERT_RECEIVED && get_num_version(session) == GNUTLS_SSL3 && @@ -629,6 +636,7 @@ int _gnutls_recv_client_certificate(gnutls_session_t session) gnutls_assert(); return 0; } +#endif /* certificate was required */ diff --git a/lib/range.c b/lib/range.c index a29c3bfee1..c12d98e0d9 100644 --- a/lib/range.c +++ b/lib/range.c @@ -106,8 +106,10 @@ int gnutls_record_can_use_length_hiding(gnutls_session_t session) int ret; record_parameters_st *record_params; +#ifdef ENABLE_SSL3 if (get_num_version(session) == GNUTLS_SSL3) return 0; +#endif ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, |