From 36abfd12740be4329b29e295bfcee8fe22c637d4 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Thu, 29 May 2014 18:11:13 +0000
Subject: unidef DH, ECDH, and ECDSA. there's no purpose to a libssl without
 them. ok deraadt jsing

---
 src/lib/libssl/ssl_lib.c | 20 --------------------
 1 file changed, 20 deletions(-)

(limited to 'src/lib/libssl/ssl_lib.c')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6cc02c8d7a..d134a4f22a 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -149,9 +149,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
 #include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
-#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -2002,9 +2000,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 	int		 rsa_tmp_export, dh_tmp_export, kl;
 	unsigned long	 mask_k, mask_a, emask_k, emask_a;
 	int		 have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
-#ifndef OPENSSL_NO_ECDH
 	int		 have_ecdh_tmp;
-#endif
 	X509		*x = NULL;
 	EVP_PKEY	*ecc_pkey = NULL;
 	int		 signature_nid = 0, pk_nid = 0, md_nid = 0;
@@ -2017,17 +2013,11 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 	rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
 	rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
 	(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#ifndef OPENSSL_NO_DH
 	dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
 	dh_tmp_export = (c->dh_tmp_cb != NULL ||
 	(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
-#else
-	dh_tmp = dh_tmp_export = 0;
-#endif
 
-#ifndef OPENSSL_NO_ECDH
 	have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
-#endif
 	cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
 	rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
 	rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
@@ -2128,7 +2118,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
 			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
 		}
-#ifndef OPENSSL_NO_ECDH
 		if (ecdh_ok) {
 
 			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
@@ -2149,21 +2138,16 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 				}
 			}
 		}
-#endif
-#ifndef OPENSSL_NO_ECDSA
 		if (ecdsa_ok) {
 			mask_a|=SSL_aECDSA;
 			emask_a|=SSL_aECDSA;
 		}
-#endif
 	}
 
-#ifndef OPENSSL_NO_ECDH
 	if (have_ecdh_tmp) {
 		mask_k|=SSL_kEECDH;
 		emask_k|=SSL_kEECDH;
 	}
-#endif
 
 #ifndef OPENSSL_NO_PSK
 	mask_k |= SSL_kPSK;
@@ -3072,7 +3056,6 @@ cb(SSL *ssl, int is_export, int keylength)
  * \param dh the callback
  */
 
-#ifndef OPENSSL_NO_DH
 void
 SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
     int keylength))
@@ -3086,9 +3069,7 @@ SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
 {
 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
 }
-#endif
 
-#ifndef OPENSSL_NO_ECDH
 void
 SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
     int is_export, int keylength))
@@ -3103,7 +3084,6 @@ SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
 {
 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
 }
-#endif
 
 #ifndef OPENSSL_NO_PSK
 int
-- 
cgit v1.2.3-55-g6feb