Remove OPENSSL_NO_EC guards from libssl

author Matt Caswell <matt@openssl.org>

Fri, 15 Jan 2021 16:54:28 +0000 (16:54 +0000)

committer Matt Caswell <matt@openssl.org>

Fri, 5 Feb 2021 15:22:43 +0000 (15:22 +0000)
author Matt Caswell <matt@openssl.org>
Fri, 15 Jan 2021 16:54:28 +0000 (16:54 +0000)
committer Matt Caswell <matt@openssl.org>
Fri, 5 Feb 2021 15:22:43 +0000 (15:22 +0000)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt

index b8064ea678bff94ece2420c4b33babe6ee811161..c1a0f1d0bdb6325911032e68717750a05b8d3569 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1264,6 +1264,7 @@ SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong
  SSL_R_BN_LIB:130:bn lib
  SSL_R_CALLBACK_FAILED:234:callback failed
  SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher
+SSL_R_CANNOT_GET_GROUP_NAME:299:cannot get group name
  SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch
  SSL_R_CA_KEY_TOO_SMALL:397:ca key too small
  SSL_R_CA_MD_TOO_WEAK:398:ca md too weak
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h

index d69055cf3d41b04d0ad28e306f7913941c292dca..7fea8a87b77aafa877bc67ced3a6206a4e2df430 100644 (file)
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -66,6 +66,7 @@
  # define SSL_R_BN_LIB                                     130
  # define SSL_R_CALLBACK_FAILED                            234
  # define SSL_R_CANNOT_CHANGE_CIPHER                       109
+# define SSL_R_CANNOT_GET_GROUP_NAME                      299
  # define SSL_R_CA_DN_LENGTH_MISMATCH                      131
  # define SSL_R_CA_KEY_TOO_SMALL                           397
  # define SSL_R_CA_MD_TOO_WEAK                             398
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 4e0eeed02805590f4b8fbebb3d671acc6a1f0216..12876add7f89088fd39a207e4d89afef64032cd5 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3484,7 +3484,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                                             &s->ext.supportedgroups_len,
                                             parg);
          }
-#endif
+#endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
      case SSL_CTRL_SET_TLSEXT_HOSTNAME:
          /*
           * This API is only used for a client to set what SNI it will request
@@ -3718,7 +3718,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
              return 1;
          }
  
-#ifndef OPENSSL_NO_EC
      case SSL_CTRL_GET_EC_POINT_FORMATS:
          {
              const unsigned char **pformat = parg;
@@ -3728,7 +3727,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
              *pformat = s->ext.peer_ecpointformats;
              return (int)s->ext.peer_ecpointformats_len;
          }
-#endif
  
      default:
          break;
@@ -3801,7 +3799,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                                             &ctx->ext.supportedgroups_len,
                                             parg);
          }
-#endif
+#endif                          /* !OPENSSL_NO_DEPRECATED_3_0 */
      case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
          ctx->ext.servername_arg = parg;
          break;
@@ -4266,14 +4264,12 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                          "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
                          ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
  
-#ifndef OPENSSL_NO_EC
              /*
               * if we are considering an ECC cipher suite that uses an ephemeral
               * EC key check it
               */
              if (alg_k & SSL_kECDHE)
                  ok = ok && tls1_check_ec_tmp_key(s, c->id);
-#endif                          /* OPENSSL_NO_EC */
  
              if (!ok)
                  continue;
@@ -4284,14 +4280,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
              if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
                                c->strength_bits, 0, (void *)c))
                  continue;
-#if !defined(OPENSSL_NO_EC)
+
              if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
                  && s->s3.is_probably_safari) {
                  if (!ret)
                      ret = sk_SSL_CIPHER_value(allow, ii);
                  continue;
              }
-#endif
+
              if (prefer_sha256) {
                  const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
  
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 398e4616ed379cb7227e67859cc0186cbafd5428..43dcf2d6fea60f2959712c5002db53cc06a79ae8 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1245,7 +1245,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
      return retval;
  }
  
-#ifndef OPENSSL_NO_EC
  static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                                      const char **prule_str)
  {
@@ -1276,7 +1275,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
          ERR_raise(ERR_LIB_SSL, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE);
          return 0;
      }
-# ifndef OPENSSL_NO_EC
+
      switch (suiteb_flags) {
      case SSL_CERT_FLAG_SUITEB_128_LOS:
          if (suiteb_comb2)
@@ -1293,12 +1292,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
          break;
      }
      return 1;
-# else
-    ERR_raise(ERR_LIB_SSL, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
-    return 0;
-# endif
  }
-#endif
  
  static int ciphersuite_cb(const char *elem, int len, void *arg)
  {
@@ -1446,10 +1440,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
       */
      if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
          return NULL;
-#ifndef OPENSSL_NO_EC
+
      if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
          return NULL;
-#endif
  
      /*
       * To reduce the work to do we only want to process the compiled
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c

index 09e2ee2e3ef696d0db8784469357e42b1707e72f..edd3fd76407fef3d19df964f74597d69db32de6a 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -221,7 +221,6 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
      return cmd_Groups(cctx, value);
  }
  
-#ifndef OPENSSL_NO_EC
  /* ECDH temporary parameters */
  static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
  {
@@ -236,20 +235,18 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
          strcmp(value, "auto") == 0)
          return 1;
  
-    nid = EC_curve_nist2nid(value);
-    if (nid == NID_undef)
-        nid = OBJ_sn2nid(value);
-    if (nid == 0)
+    /* ECDHParameters accepts a single group name */
+    if (strstr(value, ":") != NULL)
          return 0;
  
      if (cctx->ctx)
-        rv = SSL_CTX_set1_groups(cctx->ctx, &nid, 1);
+        rv = SSL_CTX_set1_groups_list(cctx->ctx, value);
      else if (cctx->ssl)
-        rv = SSL_set1_groups(cctx->ssl, &nid, 1);
+        rv = SSL_set1_groups_list(cctx->ssl, value);
  
      return rv > 0;
  }
-#endif
+
  static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
  {
      int rv = 1;
@@ -700,9 +697,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
      SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
      SSL_CONF_CMD_STRING(Curves, "curves", 0),
      SSL_CONF_CMD_STRING(Groups, "groups", 0),
-#ifndef OPENSSL_NO_EC
      SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
-#endif
      SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
      SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0),
      SSL_CONF_CMD_STRING(Protocol, NULL, 0),
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c

index d6d0c671a259d74753c7adf3743d675d3c0662ef..357cfc7d94a48624af8bf244ea0d1c7067332c61 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -74,6 +74,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER),
      "cannot change cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_GET_GROUP_NAME),
+    "cannot get group name"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH),
      "ca dn length mismatch"},
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index daba82ebfe893a26a7e1bc5154f71f105b3fc04d..554fc3533d8189aad281634869692c56124fa80e 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -768,7 +768,6 @@ SSL *SSL_new(SSL_CTX *ctx)
      s->ext.ocsp.resp_len = 0;
      SSL_CTX_up_ref(ctx);
      s->session_ctx = ctx;
-#ifndef OPENSSL_NO_EC
      if (ctx->ext.ecpointformats) {
          s->ext.ecpointformats =
              OPENSSL_memdup(ctx->ext.ecpointformats,
@@ -778,7 +777,6 @@ SSL *SSL_new(SSL_CTX *ctx)
          s->ext.ecpointformats_len =
              ctx->ext.ecpointformats_len;
      }
-#endif
      if (ctx->ext.supportedgroups) {
          s->ext.supportedgroups =
              OPENSSL_memdup(ctx->ext.supportedgroups,
@@ -1212,10 +1210,8 @@ void SSL_free(SSL *s)
  
      OPENSSL_free(s->ext.hostname);
      SSL_CTX_free(s->session_ctx);
-#ifndef OPENSSL_NO_EC
      OPENSSL_free(s->ext.ecpointformats);
      OPENSSL_free(s->ext.peer_ecpointformats);
-#endif                          /* OPENSSL_NO_EC */
      OPENSSL_free(s->ext.supportedgroups);
      OPENSSL_free(s->ext.peer_supportedgroups);
      sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
@@ -3392,9 +3388,7 @@ void SSL_CTX_free(SSL_CTX *a)
      tls_engine_finish(a->client_cert_engine);
  #endif
  
-#ifndef OPENSSL_NO_EC
      OPENSSL_free(a->ext.ecpointformats);
-#endif
      OPENSSL_free(a->ext.supportedgroups);
      OPENSSL_free(a->ext.supported_groups_default);
      OPENSSL_free(a->ext.alpn);
@@ -3499,9 +3493,8 @@ void ssl_set_masks(SSL *s)
      uint32_t *pvalid = s->s3.tmp.valid_flags;
      int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
      unsigned long mask_k, mask_a;
-#ifndef OPENSSL_NO_EC
      int have_ecc_cert, ecdsa_ok;
-#endif
+
      if (c == NULL)
          return;
  
@@ -3512,9 +3505,7 @@ void ssl_set_masks(SSL *s)
      rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
      rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
      dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
-#ifndef OPENSSL_NO_EC
      have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
-#endif
      mask_k = 0;
      mask_a = 0;
  
@@ -3562,7 +3553,6 @@ void ssl_set_masks(SSL *s)
       * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
       * depending on the key usage extension.
       */
-#ifndef OPENSSL_NO_EC
      if (have_ecc_cert) {
          uint32_t ex_kusage;
          ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
@@ -3583,11 +3573,8 @@ void ssl_set_masks(SSL *s)
              && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
              && TLS1_get_version(s) == TLS1_2_VERSION)
              mask_a |= SSL_aECDSA;
-#endif
  
-#ifndef OPENSSL_NO_EC
      mask_k |= SSL_kECDHE;
-#endif
  
  #ifndef OPENSSL_NO_PSK
      mask_k |= SSL_kPSK;
@@ -3604,8 +3591,6 @@ void ssl_set_masks(SSL *s)
      s->s3.tmp.mask_a = mask_a;
  }
  
-#ifndef OPENSSL_NO_EC
-
  int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
  {
      if (s->s3.tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
@@ -3618,8 +3603,6 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
      return 1;                   /* all checks are ok */
  }
  
-#endif
-
  int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
                                     size_t *serverinfo_length)
  {
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h

index 87a4f428f876eba557a506d7be17b6dfa2b770de..5956b6c834ec81fc20521ef0ac1a793d0ffa9182 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -1051,11 +1051,9 @@ struct ssl_ctx_st {
          /* RFC 4366 Maximum Fragment Length Negotiation */
          uint8_t max_fragment_len_mode;
  
-# ifndef OPENSSL_NO_EC
          /* EC extension values inherited by SSL structure */
          size_t ecpointformats_len;
          unsigned char *ecpointformats;
-# endif                         /* OPENSSL_NO_EC */
  
          size_t supportedgroups_len;
          uint16_t *supportedgroups;
@@ -1407,14 +1405,12 @@ struct ssl_st {
          /* used by the client to know if it actually sent alpn */
          int alpn_sent;
  
-# ifndef OPENSSL_NO_EC
          /*
           * This is set to true if we believe that this is a version of Safari
           * running on OS X 10.6 or newer. We wish to know this because Safari on
           * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
           */
          char is_probably_safari;
-# endif                         /* !OPENSSL_NO_EC */
  
          /* For clients: peer temporary key */
          /* The group_id for the key exchange key */
@@ -1595,7 +1591,6 @@ struct ssl_st {
          int ticket_expected;
          /* TLS 1.3 tickets requested by the application. */
          int extra_tickets_expected;
-# ifndef OPENSSL_NO_EC
          size_t ecpointformats_len;
          /* our list */
          unsigned char *ecpointformats;
@@ -1603,7 +1598,6 @@ struct ssl_st {
          size_t peer_ecpointformats_len;
          /* peer's list */
          unsigned char *peer_ecpointformats;
-# endif                         /* OPENSSL_NO_EC */
          size_t supportedgroups_len;
          /* our list */
          uint16_t *supportedgroups;
@@ -1929,14 +1923,12 @@ typedef struct dtls1_state_st {
  
  } DTLS1_STATE;
  
-# ifndef OPENSSL_NO_EC
  /*
   * From ECC-TLS draft, used in encoding the curve type in ECParameters
   */
  #  define EXPLICIT_PRIME_CURVE_TYPE  1
  #  define EXPLICIT_CHAR2_CURVE_TYPE  2
  #  define NAMED_CURVE_TYPE           3
-# endif                         /* OPENSSL_NO_EC */
  
  struct cert_pkey_st {
      X509 *x509;
@@ -2644,9 +2636,7 @@ __owur int tls1_alert_code(int code);
  __owur int tls13_alert_code(int code);
  __owur int ssl3_alert_code(int code);
  
-#  ifndef OPENSSL_NO_EC
  __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
-#  endif
  
  SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
  
@@ -2663,11 +2653,9 @@ __owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
  __owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion,
                             int maxversion, int isec, int *okfortls13);
  __owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id);
-#  ifndef OPENSSL_NO_EC
  void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
                           size_t *num_formats);
  __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
-#  endif                        /* OPENSSL_NO_EC */
  
  __owur int tls_group_allowed(SSL *s, uint16_t curve, int op);
  void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
@@ -2719,9 +2707,7 @@ __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
  __owur int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu,
                            const EVP_MD **pmd);
  __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
-#  ifndef OPENSSL_NO_EC
  __owur int tls_check_sigalg_curve(const SSL *s, int curve);
-#  endif
  __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
  __owur int ssl_set_client_disabled(SSL *s);
  __owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c

index 7c64a994e89ca6aee75f3b90a864a89bc962fcbe..b78d75181865a1aa3e035cf648749fe7c3274e14 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -239,12 +239,12 @@ static int ssl_set_cert(CERT *c, X509 *x)
          ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
          return 0;
      }
-#ifndef OPENSSL_NO_EC
+
      if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
          ERR_raise(ERR_LIB_SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
          return 0;
      }
-#endif
+
      if (c->pkeys[i].privatekey != NULL) {
          /*
           * The return code from EVP_PKEY_copy_parameters is deliberately
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c

index 6bd7a693645344a9607e5238b535a7926f097670..13e5f5a8e5d2ce7dd3b0037190df5583dbcbac64 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -17,9 +17,7 @@
  static int final_renegotiate(SSL *s, unsigned int context, int sent);
  static int init_server_name(SSL *s, unsigned int context);
  static int final_server_name(SSL *s, unsigned int context, int sent);
-#ifndef OPENSSL_NO_EC
  static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
-#endif
  static int init_session_ticket(SSL *s, unsigned int context);
  #ifndef OPENSSL_NO_OCSP
  static int init_status_request(SSL *s, unsigned int context);
@@ -151,7 +149,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
  #else
      INVALID_EXTENSION,
  #endif
-#ifndef OPENSSL_NO_EC
      {
          TLSEXT_TYPE_ec_point_formats,
          SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
@@ -160,9 +157,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
          tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
          final_ec_pt_formats
      },
-#else
-    INVALID_EXTENSION,
-#endif
      {
          /*
           * "supported_groups" is spread across several specifications.
@@ -1008,7 +1002,6 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
      }
  }
  
-#ifndef OPENSSL_NO_EC
  static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
  {
      unsigned long alg_k, alg_a;
@@ -1046,7 +1039,6 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
  
      return 1;
  }
-#endif
  
  static int init_session_ticket(SSL *s, unsigned int context)
  {
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index cc958aa1b0e44bedebfc623d0b53ede5dc3fbbf0..3e4353b90e196edd58df8c8c8e581ffc1b4a1db1 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -151,7 +151,6 @@ static int use_ecc(SSL *s, int min_version, int max_version)
      return 0;
  }
  
-#ifndef OPENSSL_NO_EC
  EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
                                              unsigned int context, X509 *x,
                                              size_t chainidx)
@@ -182,7 +181,6 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
  
      return EXT_RETURN_SENT;
  }
-#endif
  
  EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
                                                 unsigned int context, X509 *x,
@@ -1312,7 +1310,6 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
      return 1;
  }
  
-#ifndef OPENSSL_NO_EC
  int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx)
  {
@@ -1350,7 +1347,6 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
  
      return 1;
  }
-#endif
  
  int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx)
diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c

index 2bc17db1bf2f44a4789e4476604522cecde7fcf7..738051e1da9aeb722619c639157a93e25117beb8 100644 (file)
--- a/ssl/statem/extensions_cust.c
+++ b/ssl/statem/extensions_cust.c
@@ -488,11 +488,9 @@ int SSL_extension_supported(unsigned int ext_type)
      switch (ext_type) {
          /* Internally supported extensions. */
      case TLSEXT_TYPE_application_layer_protocol_negotiation:
-#ifndef OPENSSL_NO_EC
      case TLSEXT_TYPE_ec_point_formats:
      case TLSEXT_TYPE_supported_groups:
      case TLSEXT_TYPE_key_share:
-#endif
  #ifndef OPENSSL_NO_NEXTPROTONEG
      case TLSEXT_TYPE_next_proto_neg:
  #endif
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c

index 42fd6ee7d3096bf4dda8ab4fde5a134b97d9d6f1..56fcbd03c1824e090acc2da03e1b7ee249c40360 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -228,7 +228,6 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
  }
  #endif
  
-#ifndef OPENSSL_NO_EC
  int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx)
  {
@@ -251,7 +250,6 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
  
      return 1;
  }
-#endif                          /* OPENSSL_NO_EC */
  
  int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx)
@@ -1303,7 +1301,6 @@ EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
      return EXT_RETURN_SENT;
  }
  
-#ifndef OPENSSL_NO_EC
  EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
                                              unsigned int context, X509 *x,
                                              size_t chainidx)
@@ -1329,7 +1326,6 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
  
      return EXT_RETURN_SENT;
  }
-#endif
  
  EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
                                                 unsigned int context, X509 *x,
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c

index e4007b37debed98e99b749c14c0ac4fb504eb04e..cff522604fa42a10ed4e3f87bb79e70dfb740af5 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2111,7 +2111,6 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
  
  static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
  {
-#ifndef OPENSSL_NO_EC
      PACKET encoded_pt;
      unsigned int curve_type, curve_id;
  
@@ -2164,10 +2163,6 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
      /* else anonymous ECDH, so no certificate or pkey. */
  
      return 1;
-#else
-    SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-    return 0;
-#endif
  }
  
  MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
@@ -2959,7 +2954,6 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
  
  static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)
  {
-#ifndef OPENSSL_NO_EC
      unsigned char *encodedPoint = NULL;
      size_t encoded_pt_len = 0;
      EVP_PKEY *ckey = NULL, *skey = NULL;
@@ -3000,10 +2994,6 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)
      OPENSSL_free(encodedPoint);
      EVP_PKEY_free(ckey);
      return ret;
-#else
-    SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-    return 0;
-#endif
  }
  
  static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
@@ -3550,14 +3540,13 @@ int ssl3_check_cert_and_algorithm(SSL *s)
          return 0;
      }
  
-#ifndef OPENSSL_NO_EC
      if (clu->amask & SSL_aECDSA) {
          if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s))
              return 1;
          SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_ECC_CERT);
          return 0;
      }
-#endif
+
      if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) {
          SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
                   SSL_R_MISSING_RSA_ENCRYPTING_CERT);
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c

index d5def193a093d7140fbb94b19d074b9e73db22ec..6e491c978a1c85b191be8c0c8e9d73a4a22322bb 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1521,9 +1521,7 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
  static int is_tls13_capable(const SSL *s)
  {
      int i;
-#ifndef OPENSSL_NO_EC
      int curve;
-#endif
  
      if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
          return 0;
@@ -1557,7 +1555,6 @@ static int is_tls13_capable(const SSL *s)
          }
          if (!ssl_has_cert(s, i))
              continue;
-#ifndef OPENSSL_NO_EC
          if (i != SSL_PKEY_ECC)
              return 1;
          /*
@@ -1568,9 +1565,6 @@ static int is_tls13_capable(const SSL *s)
          curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
          if (tls_check_sigalg_curve(s, curve))
              return 1;
-#else
-        return 1;
-#endif
      }
  
      return 0;
diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h

index 839a7010c9ff93015770a414735e7c7dfa602ccb..c277a8e9c5510c74185122c2b41c8f2dee298986 100644 (file)
--- a/ssl/statem/statem_local.h
+++ b/ssl/statem/statem_local.h
@@ -205,10 +205,8 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
  #endif
  int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
                                X509 *x, size_t chainidx);
-#ifndef OPENSSL_NO_EC
  int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx);
-#endif
  int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
                                      X509 *x, size_t chainidxl);
  int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
@@ -258,11 +256,9 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
  EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
                                               unsigned int context, X509 *x,
                                               size_t chainidx);
-#ifndef OPENSSL_NO_EC
  EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
                                              unsigned int context, X509 *x,
                                              size_t chainidx);
-#endif
  EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
                                                 unsigned int context, X509 *x,
                                                 size_t chainidx);
@@ -319,11 +315,9 @@ EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int
  EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
                             size_t chainidx);
  #endif
-#ifndef OPENSSL_NO_EC
  EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
                                              unsigned int context, X509 *x,
                                              size_t chainidx);
-#endif
  EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
                                                 unsigned int context, X509 *x,
                                                 size_t chainidx);
@@ -387,10 +381,8 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
                                X509 *x, size_t chainidx);
  int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx);
-#ifndef OPENSSL_NO_EC
  int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx);
-#endif
  int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx);
  #ifndef OPENSSL_NO_OCSP
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c

index 03c4d2ba810e635b56425e0989ec119f13e21823..956348613b017961ed445925cee16120b6585ab8 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1306,7 +1306,6 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
      return 1;
  }
  
-#ifndef OPENSSL_NO_EC
  /*-
   * ssl_check_for_safari attempts to fingerprint Safari using OS X
   * SecureTransport using the TLS extension block in |hello|.
@@ -1368,7 +1367,6 @@ static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello)
      s->s3.is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
                                               ext_len);
  }
-#endif                          /* !OPENSSL_NO_EC */
  
  MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
  {
@@ -1853,10 +1851,8 @@ static int tls_early_post_process_client_hello(SSL *s)
          goto err;
      }
  
-#ifndef OPENSSL_NO_EC
      if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
          ssl_check_for_safari(s, clienthello);
-#endif                          /* !OPENSSL_NO_EC */
  
      /* TLS extensions */
      if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO,
@@ -2420,11 +2416,9 @@ int tls_construct_server_done(SSL *s, WPACKET *pkt)
  int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
  {
      EVP_PKEY *pkdh = NULL;
-#ifndef OPENSSL_NO_EC
      unsigned char *encodedPoint = NULL;
      size_t encodedlen = 0;
      int curve_id = 0;
-#endif
      const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg;
      int i;
      unsigned long type;
@@ -2510,9 +2504,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
              SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
              goto err;
          }
-    } else
-#ifndef OPENSSL_NO_EC
-    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+    } else if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
  
          if (s->s3.tmp.pkey != NULL) {
              SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -2550,7 +2542,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
          r[2] = NULL;
          r[3] = NULL;
      } else
-#endif                          /* !OPENSSL_NO_EC */
  #ifndef OPENSSL_NO_SRP
      if (type & SSL_kSRP) {
          if ((s->srp_ctx.N == NULL) ||
@@ -2638,7 +2629,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
          BN_bn2bin(r[i], binval);
      }
  
-#ifndef OPENSSL_NO_EC
      if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
          /*
           * We only support named (not generic) curves. In this situation, the
@@ -2656,7 +2646,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
          OPENSSL_free(encodedPoint);
          encodedPoint = NULL;
      }
-#endif
  
      /* not anonymous */
      if (lu != NULL) {
@@ -2717,9 +2706,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
      ret = 1;
   err:
      EVP_PKEY_free(pkdh);
-#ifndef OPENSSL_NO_EC
      OPENSSL_free(encodedPoint);
-#endif
      EVP_MD_CTX_free(md_ctx);
      if (freer) {
          BN_free(r[0]);
@@ -3004,7 +2991,6 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
  
  static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
  {
-#ifndef OPENSSL_NO_EC
      EVP_PKEY *skey = s->s3.tmp.pkey;
      EVP_PKEY *ckey = NULL;
      int ret = 0;
@@ -3057,11 +3043,6 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
      EVP_PKEY_free(ckey);
  
      return ret;
-#else
-    /* Should never happen */
-    SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-    return 0;
-#endif
  }
  
  static int tls_process_cke_srp(SSL *s, PACKET *pkt)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 9eb86a9336ec08402611979e9d69ec9e67981069..5101c7a4da3a84ed634f5df67edd78341b5c109b 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -185,13 +185,11 @@ static struct {
      {NID_ffdhe8192, OSSL_TLS_GROUP_ID_ffdhe8192}
  };
  
-#ifndef OPENSSL_NO_EC
  static const unsigned char ecformats_default[] = {
      TLSEXT_ECPOINTFORMAT_uncompressed,
      TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
      TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
  };
-#endif /* !defined(OPENSSL_NO_EC) */
  
  /* The default curves */
  static const uint16_t supported_groups_default[] = {
@@ -214,12 +212,10 @@ static const uint16_t supported_groups_default[] = {
      0x104,                   /* ffdhe8192 (0x104) */
  };
  
-#ifndef OPENSSL_NO_EC
  static const uint16_t suiteb_curves[] = {
      TLSEXT_curve_P_256,
      TLSEXT_curve_P_384
  };
-#endif
  
  struct provider_group_data_st {
      SSL_CTX *ctx;
@@ -427,16 +423,6 @@ int ssl_load_groups(SSL_CTX *ctx)
  static uint16_t tls1_group_name2id(SSL_CTX *ctx, const char *name)
  {
      size_t i;
-    int nid = NID_undef;
-
-    /* See if we can identify a nid for this name */
-#ifndef OPENSSL_NO_EC
-    nid = EC_curve_nist2nid(name);
-#endif
-    if (nid == NID_undef)
-        nid = OBJ_sn2nid(name);
-    if (nid == NID_undef)
-        nid = OBJ_ln2nid(name);
  
      for (i = 0; i < ctx->group_list_len; i++) {
          if (strcmp(ctx->group_list[i].tlsname, name) == 0
@@ -506,7 +492,6 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
  {
      /* For Suite B mode only include P-256, P-384 */
      switch (tls1_suiteb(s)) {
-# ifndef OPENSSL_NO_EC
      case SSL_CERT_FLAG_SUITEB_128_LOS:
          *pgroups = suiteb_curves;
          *pgroupslen = OSSL_NELEM(suiteb_curves);
@@ -521,7 +506,6 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
          *pgroups = suiteb_curves + 1;
          *pgroupslen = 1;
          break;
-# endif
  
      default:
          if (s->ext.supportedgroups == NULL) {
@@ -821,7 +805,6 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
      return tls1_in_list(group_id, groups, groups_len);
  }
  
-#ifndef OPENSSL_NO_EC
  void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
                           size_t *num_formats)
  {
@@ -974,24 +957,13 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
      return 0;
  }
  
-#else
-
-static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
-{
-    return 1;
-}
-
-#endif                          /* OPENSSL_NO_EC */
-
  /* Default sigalg schemes */
  static const uint16_t tls12_sigalgs[] = {
-#ifndef OPENSSL_NO_EC
      TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
      TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
      TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
      TLSEXT_SIGALG_ed25519,
      TLSEXT_SIGALG_ed448,
-#endif
  
      TLSEXT_SIGALG_rsa_pss_pss_sha256,
      TLSEXT_SIGALG_rsa_pss_pss_sha384,
@@ -1004,10 +976,9 @@ static const uint16_t tls12_sigalgs[] = {
      TLSEXT_SIGALG_rsa_pkcs1_sha384,
      TLSEXT_SIGALG_rsa_pkcs1_sha512,
  
-#ifndef OPENSSL_NO_EC
      TLSEXT_SIGALG_ecdsa_sha224,
      TLSEXT_SIGALG_ecdsa_sha1,
-#endif
+
      TLSEXT_SIGALG_rsa_pkcs1_sha224,
      TLSEXT_SIGALG_rsa_pkcs1_sha1,
  #ifndef OPENSSL_NO_DSA
@@ -1027,15 +998,13 @@ static const uint16_t tls12_sigalgs[] = {
  #endif
  };
  
-#ifndef OPENSSL_NO_EC
+
  static const uint16_t suiteb_sigalgs[] = {
      TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
      TLSEXT_SIGALG_ecdsa_secp384r1_sha384
  };
-#endif
  
  static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
-#ifndef OPENSSL_NO_EC
      {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
       NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
       NID_ecdsa_with_SHA256, NID_X9_62_prime256v1, 1},
@@ -1057,7 +1026,6 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
      {NULL, TLSEXT_SIGALG_ecdsa_sha1,
       NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
       NID_ecdsa_with_SHA1, NID_undef, 1},
-#endif
      {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256,
       NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
       NID_undef, NID_undef, 1},
@@ -1362,7 +1330,6 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
       * If Suite B mode use Suite B sigalgs only, ignore any other
       * preferences.
       */
-#ifndef OPENSSL_NO_EC
      switch (tls1_suiteb(s)) {
      case SSL_CERT_FLAG_SUITEB_128_LOS:
          *psigs = suiteb_sigalgs;
@@ -1376,7 +1343,6 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
          *psigs = suiteb_sigalgs + 1;
          return 1;
      }
-#endif
      /*
       *  We use client_sigalgs (if not NULL) if we're a server
       *  and sending a certificate request or if we're a client and
@@ -1394,7 +1360,6 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
      }
  }
  
-#ifndef OPENSSL_NO_EC
  /*
   * Called by servers only. Checks that we have a sig alg that supports the
   * specified EC curve.
@@ -1425,7 +1390,6 @@ int tls_check_sigalg_curve(const SSL *s, int curve)
  
      return 0;
  }
-#endif
  
  /*
   * Return the number of security bits for the signature algorithm, or 0 on
@@ -1518,7 +1482,6 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
          return 0;
      }
  
-#ifndef OPENSSL_NO_EC
      if (pkeyid == EVP_PKEY_EC) {
  
          /* Check point compression is permitted */
@@ -1557,7 +1520,6 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
          SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
          return 0;
      }
-#endif
  
      /* Check signature matches a type we sent */
      sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c

index 58695a0b6946798a0ee4d945167535b60d9ae193..19ec1eabf5cc9073dda6bd2e6d38ed86db7697fd 100644 (file)
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1181,7 +1181,6 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl,
              return 0;
          break;
  
-# ifndef OPENSSL_NO_EC
      case SSL_kECDHE:
      case SSL_kECDHEPSK:
          if (msglen < 1)
@@ -1207,7 +1206,6 @@ static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl,
              return 0;
          }
          break;
-# endif
  
      case SSL_kPSK:
      case SSL_kRSAPSK:
author	Matt Caswell <matt@openssl.org>
	Fri, 15 Jan 2021 16:54:28 +0000 (16:54 +0000)
committer	Matt Caswell <matt@openssl.org>
	Fri, 5 Feb 2021 15:22:43 +0000 (15:22 +0000)
crypto/err/openssl.txt		patch \| blob \| blame \| history
include/openssl/sslerr.h		patch \| blob \| blame \| history
ssl/s3_lib.c		patch \| blob \| blame \| history
ssl/ssl_ciph.c		patch \| blob \| blame \| history
ssl/ssl_conf.c		patch \| blob \| blame \| history
ssl/ssl_err.c		patch \| blob \| blame \| history
ssl/ssl_lib.c		patch \| blob \| blame \| history
ssl/ssl_local.h		patch \| blob \| blame \| history
ssl/ssl_rsa.c		patch \| blob \| blame \| history
ssl/statem/extensions.c		patch \| blob \| blame \| history
ssl/statem/extensions_clnt.c		patch \| blob \| blame \| history
ssl/statem/extensions_cust.c		patch \| blob \| blame \| history
ssl/statem/extensions_srvr.c		patch \| blob \| blame \| history
ssl/statem/statem_clnt.c		patch \| blob \| blame \| history
ssl/statem/statem_lib.c		patch \| blob \| blame \| history
ssl/statem/statem_local.h		patch \| blob \| blame \| history
ssl/statem/statem_srvr.c		patch \| blob \| blame \| history
ssl/t1_lib.c		patch \| blob \| blame \| history
ssl/t1_trce.c		patch \| blob \| blame \| history