summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2014-05-29 18:11:14 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2014-05-29 18:11:14 +0000
commitda169a89eaba91f35cf947a988eb7481a0448dc6 (patch)
treefd14bcda7b1d92878c1727bd08e7f6cd8770a08a /lib/libssl
parent5bf5321b1646ba5f8f5019c8591b89ed7ddab822 (diff)
unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without them.
ok deraadt jsing
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/d1_clnt.c12
-rw-r--r--lib/libssl/d1_srvr.c16
-rw-r--r--lib/libssl/s3_clnt.c40
-rw-r--r--lib/libssl/s3_lib.c36
-rw-r--r--lib/libssl/s3_srvr.c30
-rw-r--r--lib/libssl/ssl.h4
-rw-r--r--lib/libssl/ssl3.h4
-rw-r--r--lib/libssl/ssl_algs.c2
-rw-r--r--lib/libssl/ssl_cert.c22
-rw-r--r--lib/libssl/ssl_ciph.c11
-rw-r--r--lib/libssl/ssl_lib.c20
-rw-r--r--lib/libssl/ssl_locl.h10
-rw-r--r--lib/libssl/t1_lib.c10
13 files changed, 0 insertions, 217 deletions
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index d82b099e083..4b8a11426f2 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -121,9 +121,7 @@
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#endif
static const SSL_METHOD *dtls1_get_client_method(int ver);
static int dtls1_get_hello_verify(SSL *s);
@@ -958,14 +956,12 @@ dtls1_send_client_key_exchange(SSL *s)
unsigned long alg_k;
unsigned char *q;
EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_ECDH
EC_KEY *clnt_ecdh = NULL;
const EC_POINT *srvr_ecpoint = NULL;
EVP_PKEY *srvr_pub_pkey = NULL;
unsigned char *encodedPoint = NULL;
int encoded_pt_len = 0;
BN_CTX * bn_ctx = NULL;
-#endif
if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
d = (unsigned char *)s->init_buf->data;
@@ -1021,7 +1017,6 @@ dtls1_send_client_key_exchange(SSL *s)
tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
}
-#ifndef OPENSSL_NO_DH
else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
DH *dh_srvr, *dh_clnt;
@@ -1071,8 +1066,6 @@ dtls1_send_client_key_exchange(SSL *s)
/* perhaps clean things up a bit EAY EAY EAY EAY*/
}
-#endif
-#ifndef OPENSSL_NO_ECDH
else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
@@ -1236,7 +1229,6 @@ dtls1_send_client_key_exchange(SSL *s)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
}
-#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
else if (alg_k & SSL_kPSK) {
@@ -1340,13 +1332,11 @@ psk_err:
/* SSL3_ST_CW_KEY_EXCH_B */
return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
err:
-#ifndef OPENSSL_NO_ECDH
BN_CTX_free(bn_ctx);
free(encodedPoint);
if (clnt_ecdh != NULL)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
-#endif
return (-1);
}
@@ -1391,7 +1381,6 @@ dtls1_send_client_verify(SSL *s)
s2n(j, p);
n = j + 2;
} else
-#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC) {
if (!ECDSA_sign(pkey->save_type,
&(data[MD5_DIGEST_LENGTH]),
@@ -1404,7 +1393,6 @@ dtls1_send_client_verify(SSL *s)
s2n(j, p);
n = j + 2;
} else
-#endif
{
SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
goto err;
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index c8bfc1b03d2..3f872de48b1 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -122,9 +122,7 @@
#include <openssl/x509.h>
#include <openssl/md5.h>
#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#endif
static const SSL_METHOD *dtls1_get_server_method(int ver);
static int dtls1_send_hello_verify_request(SSL *s);
@@ -1036,17 +1034,13 @@ dtls1_send_server_key_exchange(SSL *s)
RSA *rsa;
unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
unsigned int u;
-#ifndef OPENSSL_NO_DH
DH *dh = NULL, *dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL, *ecdhp;
unsigned char *encodedPoint = NULL;
int encodedlen = 0;
int curve_id = 0;
BN_CTX *bn_ctx = NULL;
-#endif
#ifndef OPENSSL_NO_PSK
size_t pskhintlen = 0;
#endif
@@ -1093,7 +1087,6 @@ dtls1_send_server_key_exchange(SSL *s)
r[1] = rsa->e;
s->s3->tmp.use_rsa_tmp = 1;
} else
-#ifndef OPENSSL_NO_DH
if (type & SSL_kEDH) {
dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
@@ -1138,8 +1131,6 @@ dtls1_send_server_key_exchange(SSL *s)
r[1] = dh->g;
r[2] = dh->pub_key;
} else
-#endif
-#ifndef OPENSSL_NO_ECDH
if (type & SSL_kEECDH) {
const EC_GROUP *group;
@@ -1252,7 +1243,6 @@ dtls1_send_server_key_exchange(SSL *s)
r[2] = NULL;
r[3] = NULL;
} else
-#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
pskhintlen = strlen(s->ctx->psk_identity_hint);
@@ -1296,7 +1286,6 @@ dtls1_send_server_key_exchange(SSL *s)
p += nr[i];
}
-#ifndef OPENSSL_NO_ECDH
if (type & SSL_kEECDH) {
/* XXX: For now, we only support named (not generic) curves.
* In this situation, the serverKeyExchange message has:
@@ -1318,7 +1307,6 @@ dtls1_send_server_key_exchange(SSL *s)
encodedPoint = NULL;
p += encodedlen;
}
-#endif
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
@@ -1376,7 +1364,6 @@ dtls1_send_server_key_exchange(SSL *s)
s2n(i, p);
n += i + 2;
} else
-#if !defined(OPENSSL_NO_ECDSA)
if (pkey->type == EVP_PKEY_EC) {
/* let's do ECDSA */
EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
@@ -1391,7 +1378,6 @@ dtls1_send_server_key_exchange(SSL *s)
s2n(i, p);
n += i + 2;
} else
-#endif
{
/* Is this error check actually needed? */
al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1418,10 +1404,8 @@ dtls1_send_server_key_exchange(SSL *s)
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
-#ifndef OPENSSL_NO_ECDH
free(encodedPoint);
BN_CTX_free(bn_ctx);
-#endif
EVP_MD_CTX_cleanup(&md_ctx);
return (-1);
}
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 602ab03fe1f..4df299de9dd 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -155,9 +155,7 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
@@ -1263,16 +1261,12 @@ ssl3_get_key_exchange(SSL *s)
EVP_PKEY *pkey = NULL;
const EVP_MD *md = NULL;
RSA *rsa = NULL;
-#ifndef OPENSSL_NO_DH
DH *dh = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *srvr_ecpoint = NULL;
int curve_nid = 0;
int encoded_pt_len = 0;
-#endif
/*
* Use same message size as in ssl3_get_certificate_request()
@@ -1306,18 +1300,14 @@ ssl3_get_key_exchange(SSL *s)
RSA_free(s->session->sess_cert->peer_rsa_tmp);
s->session->sess_cert->peer_rsa_tmp = NULL;
}
-#ifndef OPENSSL_NO_DH
if (s->session->sess_cert->peer_dh_tmp) {
DH_free(s->session->sess_cert->peer_dh_tmp);
s->session->sess_cert->peer_dh_tmp = NULL;
}
-#endif
-#ifndef OPENSSL_NO_ECDH
if (s->session->sess_cert->peer_ecdh_tmp) {
EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
s->session->sess_cert->peer_ecdh_tmp = NULL;
}
-#endif
} else {
s->session->sess_cert = ssl_sess_cert_new();
}
@@ -1424,7 +1414,6 @@ ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_rsa_tmp = rsa;
rsa = NULL;
}
-#ifndef OPENSSL_NO_DH
else if (alg_k & SSL_kEDH) {
if ((dh = DH_new()) == NULL) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1495,9 +1484,7 @@ ssl3_get_key_exchange(SSL *s)
SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
goto f_err;
}
-#endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_ECDH
else if (alg_k & SSL_kEECDH) {
EC_GROUP *ngroup;
const EC_GROUP *group;
@@ -1585,12 +1572,10 @@ ssl3_get_key_exchange(SSL *s)
pkey = X509_get_pubkey(
s->session->sess_cert->peer_pkeys[
SSL_PKEY_RSA_ENC].x509);
-#ifndef OPENSSL_NO_ECDSA
else if (alg_a & SSL_aECDSA)
pkey = X509_get_pubkey(
s->session->sess_cert->peer_pkeys[
SSL_PKEY_ECC].x509);
-#endif
/* Else anonymous ECDH, so no certificate or pkey. */
EC_KEY_set_public_key(ecdh, srvr_ecpoint);
s->session->sess_cert->peer_ecdh_tmp = ecdh;
@@ -1605,7 +1590,6 @@ ssl3_get_key_exchange(SSL *s)
SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
-#endif /* !OPENSSL_NO_ECDH */
/* p points to the next byte, there are 'n' bytes left */
@@ -1731,16 +1715,12 @@ ssl3_get_key_exchange(SSL *s)
EVP_PKEY_free(pkey);
if (rsa != NULL)
RSA_free(rsa);
-#ifndef OPENSSL_NO_DH
if (dh != NULL)
DH_free(dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
BN_CTX_free(bn_ctx);
EC_POINT_free(srvr_ecpoint);
if (ecdh != NULL)
EC_KEY_free(ecdh);
-#endif
EVP_MD_CTX_cleanup(&md_ctx);
return (-1);
}
@@ -2084,14 +2064,12 @@ ssl3_send_client_key_exchange(SSL *s)
unsigned long alg_k;
unsigned char *q;
EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_ECDH
EC_KEY *clnt_ecdh = NULL;
const EC_POINT *srvr_ecpoint = NULL;
EVP_PKEY *srvr_pub_pkey = NULL;
unsigned char *encodedPoint = NULL;
int encoded_pt_len = 0;
BN_CTX *bn_ctx = NULL;
-#endif
if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
d = (unsigned char *)s->init_buf->data;
@@ -2151,7 +2129,6 @@ ssl3_send_client_key_exchange(SSL *s)
s, s->session->master_key, tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
}
-#ifndef OPENSSL_NO_DH
else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
DH *dh_srvr, *dh_clnt;
@@ -2217,9 +2194,7 @@ ssl3_send_client_key_exchange(SSL *s)
/* perhaps clean things up a bit EAY EAY EAY EAY*/
}
-#endif
-#ifndef OPENSSL_NO_ECDH
else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
@@ -2399,7 +2374,6 @@ ssl3_send_client_key_exchange(SSL *s)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
}
-#endif /* !OPENSSL_NO_ECDH */
else if (alg_k & SSL_kGOST) {
/* GOST key exchange message creation */
EVP_PKEY_CTX *pkey_ctx;
@@ -2608,13 +2582,11 @@ ssl3_send_client_key_exchange(SSL *s)
/* SSL3_ST_CW_KEY_EXCH_B */
return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
err:
-#ifndef OPENSSL_NO_ECDH
BN_CTX_free(bn_ctx);
free(encodedPoint);
if (clnt_ecdh != NULL)
EC_KEY_free(clnt_ecdh);
EVP_PKEY_free(srvr_pub_pkey);
-#endif
return (-1);
}
@@ -2703,7 +2675,6 @@ ssl3_send_client_verify(SSL *s)
s2n(j, p);
n = j + 2;
} else
-#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC) {
if (!ECDSA_sign(pkey->save_type,
&(data[MD5_DIGEST_LENGTH]),
@@ -2716,7 +2687,6 @@ ssl3_send_client_verify(SSL *s)
s2n(j, p);
n = j + 2;
} else
-#endif
if (pkey->type == NID_id_GostR3410_94 ||
pkey->type == NID_id_GostR3410_2001) {
unsigned char signbuf[64];
@@ -2836,9 +2806,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
EVP_PKEY *pkey = NULL;
SESS_CERT *sc;
RSA *rsa;
-#ifndef OPENSSL_NO_DH
DH *dh;
-#endif
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -2855,14 +2823,11 @@ ssl3_check_cert_and_algorithm(SSL *s)
}
rsa = s->session->sess_cert->peer_rsa_tmp;
-#ifndef OPENSSL_NO_DH
dh = s->session->sess_cert->peer_dh_tmp;
-#endif
/* This is the passed certificate. */
idx = sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
if (idx == SSL_PKEY_ECC) {
if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
s) == 0)
@@ -2874,7 +2839,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
return (1);
}
}
-#endif
pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
EVP_PKEY_free(pkey);
@@ -2897,7 +2861,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
SSL_R_MISSING_RSA_ENCRYPTING_CERT);
goto f_err;
}
-#ifndef OPENSSL_NO_DH
if ((alg_k & SSL_kEDH) &&
!(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
@@ -2913,7 +2876,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
SSL_R_MISSING_DH_DSA_CERT);
goto f_err;
}
-#endif
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
!has_bits(i, EVP_PKT_EXP)) {
@@ -2925,7 +2887,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
goto f_err;
}
} else
-#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
if (dh == NULL || DH_size(dh) * 8 >
SSL_C_EXPORT_PKEYLENGTH(
@@ -2936,7 +2897,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
goto f_err;
}
} else
-#endif
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index e3770bd0aec..2c15a87269b 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -157,9 +157,7 @@
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#endif
const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
@@ -1523,7 +1521,6 @@ SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256,
},
-#ifndef OPENSSL_NO_ECDH
/* Cipher C001 */
{
.valid = 1,
@@ -1923,9 +1920,7 @@ SSL_CIPHER ssl3_ciphers[] = {
.strength_bits = 256,
.alg_bits = 256,
},
-#endif /* OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_ECDH
/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
@@ -2187,7 +2182,6 @@ SSL_CIPHER ssl3_ciphers[] = {
.alg_bits = 256,
},
-#endif /* OPENSSL_NO_ECDH */
#ifdef TEMP_GOST_TLS
@@ -2343,14 +2337,10 @@ ssl3_free(SSL *s)
if (s->s3->wbuf.buf != NULL)
ssl3_release_write_buffer(s);
free(s->s3->rrec.comp);
-#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL)
EC_KEY_free(s->s3->tmp.ecdh);
-#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
@@ -2385,18 +2375,14 @@ ssl3_clear(SSL *s)
free(s->s3->rrec.comp);
s->s3->rrec.comp = NULL;
-#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL) {
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
}
-#endif
-#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL) {
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;
}
-#endif
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
s->s3->is_probably_safari = 0;
@@ -2505,7 +2491,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (ret);
}
break;
-#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *dh = (DH *)parg;
@@ -2540,8 +2525,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (ret);
}
break;
-#endif
-#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
@@ -2578,7 +2561,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (ret);
}
break;
-#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
@@ -2701,21 +2683,17 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
-#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
-#endif
-#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH_CB:
{
s->cert->ecdh_tmp_cb =
(EC_KEY *(*)(SSL *, int, int))fp;
}
break;
-#endif
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->tlsext_debug_cb = (void (*)(SSL *, int , int,
@@ -2777,7 +2755,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return (0);
}
break;
-#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *new = NULL, *dh;
@@ -2809,8 +2786,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return (0);
}
break;
-#endif
-#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH:
{
EC_KEY *ecdh = NULL;
@@ -2849,7 +2824,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return (0);
}
break;
-#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg;
@@ -2932,20 +2906,16 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
}
break;
-#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
-#endif
-#ifndef OPENSSL_NO_ECDH
case SSL_CTRL_SET_TMP_ECDH_CB:
{
cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
}
break;
-#endif
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
ctx->tlsext_servername_callback =
@@ -3255,7 +3225,6 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
}
#endif
-#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kDHr|SSL_kEDH)) {
p[ret++] = SSL3_CT_RSA_FIXED_DH;
p[ret++] = SSL3_CT_DSS_FIXED_DH;
@@ -3265,17 +3234,13 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
}
-#endif /* !OPENSSL_NO_DH */
p[ret++] = SSL3_CT_RSA_SIGN;
p[ret++] = SSL3_CT_DSS_SIGN;
-#ifndef OPENSSL_NO_ECDH
if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
p[ret++] = TLS_CT_RSA_FIXED_ECDH;
p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
}
-#endif
-#ifndef OPENSSL_NO_ECDSA
/*
* ECDSA certs can be used with RSA cipher suites as well
* so we don't need to check for SSL_kECDH or SSL_kEECDH
@@ -3283,7 +3248,6 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
if (s->version >= TLS1_VERSION) {
p[ret++] = TLS_CT_ECDSA_SIGN;
}
-#endif
return (ret);
}
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index c16f7bb2ef7..b53f27a47d8 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -159,9 +159,7 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#endif
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -881,18 +879,14 @@ ssl3_check_client_hello(SSL *s)
* which will now be aborted. (A full SSL_clear would be too
* much.)
*/
-#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL) {
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
}
-#endif
-#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL) {
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;
}
-#endif
s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
return (2);
}
@@ -1509,17 +1503,13 @@ ssl3_send_server_key_exchange(SSL *s)
RSA *rsa;
unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
unsigned int u;
-#ifndef OPENSSL_NO_DH
DH *dh = NULL, *dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL, *ecdhp;
unsigned char *encodedPoint = NULL;
int encodedlen = 0;
int curve_id = 0;
BN_CTX *bn_ctx = NULL;
-#endif
#ifndef OPENSSL_NO_PSK
size_t pskhintlen = 0;
#endif
@@ -1570,7 +1560,6 @@ ssl3_send_server_key_exchange(SSL *s)
r[1] = rsa->e;
s->s3->tmp.use_rsa_tmp = 1;
} else
-#ifndef OPENSSL_NO_DH
if (type & SSL_kEDH) {
dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
@@ -1620,8 +1609,6 @@ ssl3_send_server_key_exchange(SSL *s)
r[1] = dh->g;
r[2] = dh->pub_key;
} else
-#endif
-#ifndef OPENSSL_NO_ECDH
if (type & SSL_kEECDH) {
const EC_GROUP *group;
@@ -1747,7 +1734,6 @@ ssl3_send_server_key_exchange(SSL *s)
r[2] = NULL;
r[3] = NULL;
} else
-#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
pskhintlen = strlen(s->ctx->psk_identity_hint);
@@ -1793,7 +1779,6 @@ ssl3_send_server_key_exchange(SSL *s)
p += nr[i];
}
-#ifndef OPENSSL_NO_ECDH
if (type & SSL_kEECDH) {
/*
* XXX: For now, we only support named (not generic)
@@ -1817,7 +1802,6 @@ ssl3_send_server_key_exchange(SSL *s)
encodedPoint = NULL;
p += encodedlen;
}
-#endif
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
@@ -1926,10 +1910,8 @@ ssl3_send_server_key_exchange(SSL *s)
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
-#ifndef OPENSSL_NO_ECDH
free(encodedPoint);
BN_CTX_free(bn_ctx);
-#endif
EVP_MD_CTX_cleanup(&md_ctx);
return (-1);
}
@@ -2042,18 +2024,14 @@ ssl3_get_client_key_exchange(SSL *s)
unsigned char *p;
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_DH
BIGNUM *pub = NULL;
DH *dh_srvr;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *srvr_ecdh = NULL;
EVP_PKEY *clnt_pub_pkey = NULL;
EC_POINT *clnt_ecpoint = NULL;
BN_CTX *bn_ctx = NULL;
-#endif
n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE,
@@ -2173,7 +2151,6 @@ ssl3_get_client_key_exchange(SSL *s)
p, i);
OPENSSL_cleanse(p, i);
} else
-#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
n2s(p, i);
if (n != i + 2) {
@@ -2229,9 +2206,7 @@ ssl3_get_client_key_exchange(SSL *s)
s, s->session->master_key, p, i);
OPENSSL_cleanse(p, i);
} else
-#endif
-#ifndef OPENSSL_NO_ECDH
if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
int ret = 1;
int field_size = 0;
@@ -2375,7 +2350,6 @@ ssl3_get_client_key_exchange(SSL *s)
OPENSSL_cleanse(p, i);
return (ret);
} else
-#endif
#ifndef OPENSSL_NO_PSK
if (alg_k & SSL_kPSK) {
unsigned char *t = NULL;
@@ -2542,13 +2516,11 @@ ssl3_get_client_key_exchange(SSL *s)
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
-#ifndef OPENSSL_NO_ECDH
EVP_PKEY_free(clnt_pub_pkey);
EC_POINT_free(clnt_ecpoint);
if (srvr_ecdh != NULL)
EC_KEY_free(srvr_ecdh);
BN_CTX_free(bn_ctx);
-#endif
return (-1);
}
@@ -2722,7 +2694,6 @@ ssl3_get_cert_verify(SSL *s)
goto f_err;
}
} else
-#ifndef OPENSSL_NO_ECDSA
if (pkey->type == EVP_PKEY_EC) {
j = ECDSA_verify(pkey->save_type,
&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
@@ -2735,7 +2706,6 @@ ssl3_get_cert_verify(SSL *s)
goto f_err;
}
} else
-#endif
if (pkey->type == NID_id_GostR3410_94 ||
pkey->type == NID_id_GostR3410_2001) {
unsigned char signature[64];
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 6765e3560ae..69c0bb00e27 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1875,18 +1875,14 @@ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
void SSL_set_tmp_rsa_callback(SSL *ssl,
RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-#ifndef OPENSSL_NO_DH
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
DH *(*dh)(SSL *ssl, int is_export, int keylength));
void SSL_set_tmp_dh_callback(SSL *ssl,
DH *(*dh)(SSL *ssl, int is_export, int keylength));
-#endif
-#ifndef OPENSSL_NO_ECDH
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
void SSL_set_tmp_ecdh_callback(SSL *ssl,
EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-#endif
#ifndef OPENSSL_NO_COMP
const COMP_METHOD *SSL_get_current_compression(SSL *s);
diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h
index 2b041d7e2f9..2840b1320fa 100644
--- a/lib/libssl/ssl3.h
+++ b/lib/libssl/ssl3.h
@@ -490,13 +490,9 @@ typedef struct ssl3_state_st {
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
-#ifndef OPENSSL_NO_DH
DH *dh;
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh; /* holds short lived ECDH key */
-#endif
/* used when SSL_ST_FLUSH_DATA is entered */
int next_state;
diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c
index 46b3c413511..84f44889b58 100644
--- a/lib/libssl/ssl_algs.c
+++ b/lib/libssl/ssl_algs.c
@@ -111,9 +111,7 @@ SSL_library_init(void)
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
-#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
-#endif
#ifndef OPENSSL_NO_COMP
/* This will initialise the built-in compression algorithms.
The value returned is a STACK_OF(SSL_COMP), but that can
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index d8b94b1285c..f506ae685ff 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -125,9 +125,7 @@
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#endif
#include <openssl/bn.h>
#include "ssl_locl.h"
@@ -165,9 +163,7 @@ ssl_cert_set_default_md(CERT *cert)
cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-#ifndef OPENSSL_NO_ECDSA
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
-#endif
}
CERT *
@@ -214,7 +210,6 @@ ssl_cert_dup(CERT *cert)
}
ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#ifndef OPENSSL_NO_DH
if (cert->dh_tmp != NULL) {
ret->dh_tmp = DHparams_dup(cert->dh_tmp);
if (ret->dh_tmp == NULL) {
@@ -239,9 +234,7 @@ ssl_cert_dup(CERT *cert)
}
}
ret->dh_tmp_cb = cert->dh_tmp_cb;
-#endif
-#ifndef OPENSSL_NO_ECDH
if (cert->ecdh_tmp) {
ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
if (ret->ecdh_tmp == NULL) {
@@ -250,7 +243,6 @@ ssl_cert_dup(CERT *cert)
}
}
ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
-#endif
for (i = 0; i < SSL_PKEY_NUM; i++) {
if (cert->pkeys[i].x509 != NULL) {
@@ -305,19 +297,13 @@ ssl_cert_dup(CERT *cert)
return (ret);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
err:
-#endif
if (ret->rsa_tmp != NULL)
RSA_free(ret->rsa_tmp);
-#ifndef OPENSSL_NO_DH
if (ret->dh_tmp != NULL)
DH_free(ret->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
if (ret->ecdh_tmp != NULL)
EC_KEY_free(ret->ecdh_tmp);
-#endif
for (i = 0; i < SSL_PKEY_NUM; i++) {
if (ret->pkeys[i].x509 != NULL)
@@ -344,14 +330,10 @@ ssl_cert_free(CERT *c)
if (c->rsa_tmp)
RSA_free(c->rsa_tmp);
-#ifndef OPENSSL_NO_DH
if (c->dh_tmp)
DH_free(c->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
if (c->ecdh_tmp)
EC_KEY_free(c->ecdh_tmp);
-#endif
for (i = 0; i < SSL_PKEY_NUM; i++) {
if (c->pkeys[i].x509 != NULL)
@@ -437,14 +419,10 @@ ssl_sess_cert_free(SESS_CERT *sc)
if (sc->peer_rsa_tmp != NULL)
RSA_free(sc->peer_rsa_tmp);
-#ifndef OPENSSL_NO_DH
if (sc->peer_dh_tmp != NULL)
DH_free(sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
if (sc->peer_ecdh_tmp != NULL)
EC_KEY_free(sc->peer_ecdh_tmp);
-#endif
free(sc);
}
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index 5e93a4cde1d..72061035aa2 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -708,19 +708,8 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long
*mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
*auth |= SSL_aDH;
-#ifdef OPENSSL_NO_DH
- *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
- *auth |= SSL_aDH;
-#endif
*mkey |= SSL_kKRB5;
*auth |= SSL_aKRB5;
-#ifdef OPENSSL_NO_ECDSA
- *auth |= SSL_aECDSA;
-#endif
-#ifdef OPENSSL_NO_ECDH
- *mkey |= SSL_kECDHe|SSL_kECDHr;
- *auth |= SSL_aECDH;
-#endif
#ifdef OPENSSL_NO_PSK
*mkey |= SSL_kPSK;
*auth |= SSL_aPSK;
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 6cc02c8d7a1..d134a4f22a6 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -149,9 +149,7 @@
#include <openssl/x509v3.h>
#include <openssl/rand.h>
#include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
-#endif
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -2002,9 +2000,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
int rsa_tmp_export, dh_tmp_export, kl;
unsigned long mask_k, mask_a, emask_k, emask_a;
int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
-#ifndef OPENSSL_NO_ECDH
int have_ecdh_tmp;
-#endif
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
int signature_nid = 0, pk_nid = 0, md_nid = 0;
@@ -2017,17 +2013,11 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#ifndef OPENSSL_NO_DH
dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
dh_tmp_export = (c->dh_tmp_cb != NULL ||
(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
-#else
- dh_tmp = dh_tmp_export = 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
-#endif
cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
@@ -2128,7 +2118,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
}
-#ifndef OPENSSL_NO_ECDH
if (ecdh_ok) {
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
@@ -2149,21 +2138,16 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
}
}
}
-#endif
-#ifndef OPENSSL_NO_ECDSA
if (ecdsa_ok) {
mask_a|=SSL_aECDSA;
emask_a|=SSL_aECDSA;
}
-#endif
}
-#ifndef OPENSSL_NO_ECDH
if (have_ecdh_tmp) {
mask_k|=SSL_kEECDH;
emask_k|=SSL_kEECDH;
}
-#endif
#ifndef OPENSSL_NO_PSK
mask_k |= SSL_kPSK;
@@ -3072,7 +3056,6 @@ cb(SSL *ssl, int is_export, int keylength)
* \param dh the callback
*/
-#ifndef OPENSSL_NO_DH
void
SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
int keylength))
@@ -3086,9 +3069,7 @@ SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
{
SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
}
-#endif
-#ifndef OPENSSL_NO_ECDH
void
SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
int is_export, int keylength))
@@ -3103,7 +3084,6 @@ SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
{
SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
}
-#endif
#ifndef OPENSSL_NO_PSK
int
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 11250ba4682..d80bf958fda 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -479,15 +479,11 @@ typedef struct cert_st {
unsigned long export_mask_a;
RSA *rsa_tmp;
RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
-#ifndef OPENSSL_NO_DH
DH *dh_tmp;
DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh_tmp;
/* Callback for generating ephemeral ECDH keys */
EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
-#endif
CERT_PKEY pkeys[SSL_PKEY_NUM];
@@ -507,12 +503,8 @@ typedef struct sess_cert_st {
* so maybe we shouldn't even use the CERT_PKEY type here. */
RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#ifndef OPENSSL_NO_DH
DH *peer_dh_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_ECDH
EC_KEY *peer_ecdh_tmp;
-#endif
int references; /* actually always 1 at the moment */
} SESS_CERT;
@@ -836,9 +828,7 @@ int tls1_alert_code(int code);
int ssl3_alert_code(int code);
int ssl_ok(SSL *s);
-#ifndef OPENSSL_NO_ECDH
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
-#endif
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 1424eab6e66..b15465d5500 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -364,11 +364,7 @@ tls1_ec_nid2curve_id(int nid)
#define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
-#ifdef OPENSSL_NO_ECDSA
-#define tlsext_sigalg_ecdsa(md) /* */
-#else
#define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
-#endif
#define tlsext_sigalg(md) \
tlsext_sigalg_rsa(md) \
@@ -2221,9 +2217,7 @@ static tls12_lookup tls12_md[] = {
static tls12_lookup tls12_sig[] = {
{EVP_PKEY_RSA, TLSEXT_signature_rsa},
{EVP_PKEY_DSA, TLSEXT_signature_dsa},
-#ifndef OPENSSL_NO_ECDSA
{EVP_PKEY_EC, TLSEXT_signature_ecdsa}
-#endif
};
static int
@@ -2324,11 +2318,9 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
case TLSEXT_signature_dsa:
idx = SSL_PKEY_DSA_SIGN;
break;
-#ifndef OPENSSL_NO_ECDSA
case TLSEXT_signature_ecdsa:
idx = SSL_PKEY_ECC;
break;
-#endif
default:
continue;
}
@@ -2353,10 +2345,8 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
}
-#ifndef OPENSSL_NO_ECDSA
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
-#endif
return 1;
}