Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC

The apps, the CMS library and the X.509 library are primarly affected. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)
2025-04-06 20:20:50 +08:00 · 2020-12-02 18:27:03 +01:00 · 2020-12-02 18:27:03 +01:00 · c2403f362e
commit c2403f362e
parent 565b33990c
10 changed files with 8 additions and 56 deletions
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -1252,9 +1252,7 @@ int s_server_main(int argc, char *argv[])
            s_chain_file = opt_arg();
            break;
        case OPT_DHPARAM:
-#ifndef OPENSSL_NO_DH
            dhfile = opt_arg();
-#endif
            break;
        case OPT_DCERTFORM:
            if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_dcert_format))
@ -1826,10 +1824,7 @@ int s_server_main(int argc, char *argv[])
                bio_s_out = dup_bio_out(FORMAT_TEXT);
        }
    }
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
-    if (nocert)
-#endif
-    {
+    if (nocert) {
        s_cert_file = NULL;
        s_key_file = NULL;
        s_dcert_file = NULL;
--- a/crypto/cms/build.info
+++ b/crypto/cms/build.info
@ -2,11 +2,4 @@ LIBS=../../libcrypto
 SOURCE[../../libcrypto]= \
        cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
        cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
-        cms_pwri.c cms_kari.c cms_rsa.c
-
-IF[{- !$disabled{dh} -}]
-  SOURCE[../../libcrypto]=cms_dh.c
-ENDIF
-IF[{- !$disabled{ec} || !$disabled{dsa}-}]
-  SOURCE[../../libcrypto]=cms_ec.c
-ENDIF
+        cms_pwri.c cms_kari.c cms_rsa.c cms_dh.c cms_ec.c
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@ -148,13 +148,13 @@ static int dh_cms_decrypt(CMS_RecipientInfo *ri)
        if (alg ==  NULL || pubkey == NULL)
            return 0;
        if (!dh_cms_set_peerkey(pctx, alg, pubkey)) {
-            ERR_raise(ERR_LIB_DH, DH_R_PEER_KEY_ERROR);
+            ERR_raise(ERR_LIB_CMS, CMS_R_PEER_KEY_ERROR);
            return 0;
        }
    }
    /* Set DH derivation parameters and initialise unwrap context */
    if (!dh_cms_set_shared_info(pctx, ri)) {
-        ERR_raise(ERR_LIB_DH, DH_R_SHARED_INFO_ERROR);
+        ERR_raise(ERR_LIB_CMS, CMS_R_SHARED_INFO_ERROR);
        return 0;
    }
    return 1;
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@ -14,7 +14,6 @@
 #include "cms_local.h"
 #include "crypto/evp.h"

-#ifndef OPENSSL_NO_EC
 static EVP_PKEY *pkey_type2param(int ptype, const void *pval,
                                 OSSL_LIB_CTX *libctx, const char *propq)
 {
@ -384,7 +383,6 @@ int cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt)
    ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
    return 0;
 }
-#endif

 /* ECDSA and DSA implementation is the same */
 int cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify)
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@ -115,17 +115,11 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
    } else
        return 0;

-#ifndef OPENSSL_NO_DH
    if (EVP_PKEY_is_a(pkey, "DHX"))
        return cms_dh_envelope(ri, cmd);
-    else
-#endif
-#ifndef OPENSSL_NO_EC
-    if (EVP_PKEY_is_a(pkey, "EC"))
+    else if (EVP_PKEY_is_a(pkey, "EC"))
        return cms_ecdh_envelope(ri, cmd);
-    else
-#endif
-    if (EVP_PKEY_is_a(pkey, "RSA"))
+    else if (EVP_PKEY_is_a(pkey, "RSA"))
        return cms_rsa_envelope(ri, cmd);

    /* Something else? We'll give engines etc a chance to handle this */
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@ -232,12 +232,9 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
    EVP_PKEY *pkey = si->pkey;
    int i;

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
    if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
        return cms_ecdsa_dsa_sign(si, cmd);
-    else
-#endif
-    if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
+    else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
        return cms_rsa_sign(si, cmd);

    /* Something else? We'll give engines etc a chance to handle this */
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@ -94,12 +94,8 @@ EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
        goto err;
    }

-# ifndef OPENSSL_NO_EC
-    if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) {
-        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+    if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0)
        goto err;
-    }
-# endif

    EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
    return ctx;
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@ -1008,20 +1008,16 @@ int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)

        /* Could be a legacy key, try and convert to a ctrl */
        if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) {
-# ifndef OPENSSL_NO_DH
            if (ctx->pmeth->pkey_id == EVP_PKEY_DH)
                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH,
                                         EVP_PKEY_OP_PARAMGEN
                                         | EVP_PKEY_OP_KEYGEN,
                                         EVP_PKEY_CTRL_DH_NID, nid, NULL);
-# endif
-# ifndef OPENSSL_NO_EC
            if (ctx->pmeth->pkey_id == EVP_PKEY_EC)
                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
                                         EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
                                         EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
                                         nid, NULL);
-# endif
        }
 #endif
        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@ -1266,7 +1266,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
                return EVP_PKEY_CTX_set_dh_rfc5114(ctx, p1);
        }
    }
-# ifndef OPENSSL_NO_DSA
    if (keytype == EVP_PKEY_DSA) {
        switch (cmd) {
        case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
@ -1277,7 +1276,6 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
            return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, p2);
        }
    }
-# endif
    if (keytype == EVP_PKEY_EC) {
        switch (cmd) {
        case EVP_PKEY_CTRL_EC_PARAM_ENC:
@ -1543,14 +1541,12 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
        name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
    else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0)
        name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
-# ifndef OPENSSL_NO_DSA
    else if (strcmp(name, "dsa_paramgen_bits") == 0)
        name = OSSL_PKEY_PARAM_FFC_PBITS;
    else if (strcmp(name, "dsa_paramgen_q_bits") == 0)
        name = OSSL_PKEY_PARAM_FFC_QBITS;
    else if (strcmp(name, "dsa_paramgen_md") == 0)
        name = OSSL_PKEY_PARAM_FFC_DIGEST;
-# endif
    else if (strcmp(name, "dh_paramgen_generator") == 0)
        name = OSSL_PKEY_PARAM_DH_GENERATOR;
    else if (strcmp(name, "dh_paramgen_prime_len") == 0)
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@ -96,19 +96,6 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
        ERR_raise(ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH);
        break;
    case -2:
-#ifndef OPENSSL_NO_EC
-        if (EVP_PKEY_id(k) == EVP_PKEY_EC) {
-            ERR_raise(ERR_LIB_X509, ERR_R_EC_LIB);
-            break;
-        }
-#endif
-#ifndef OPENSSL_NO_DH
-        if (EVP_PKEY_id(k) == EVP_PKEY_DH) {
-            /* No idea */
-            ERR_raise(ERR_LIB_X509, X509_R_CANT_CHECK_DH_KEY);
-            break;
-        }
-#endif
        ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE);
    }