static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
const char **prule_str)
{
- unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
+ unsigned int suiteb_flags = 0;
+# ifndef OPENSSL_NO_ECDH
+ unsigned int suiteb_comb2 = 0;
+#endif
+
if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
} else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
+# ifndef OPENSSL_NO_ECDH
suiteb_comb2 = 1;
+# endif
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
} else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
int rsa_tmp_export, dh_tmp_export, kl;
unsigned long mask_k, mask_a, emask_k, emask_a;
#ifndef OPENSSL_NO_ECDSA
- int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
+ int have_ecc_cert, ecdsa_ok;
#endif
#ifndef OPENSSL_NO_ECDH
- int have_ecdh_tmp, ecdh_ok;
+ int have_ecdh_tmp, ecdh_ok, ecc_pkey_size;
#endif
#ifndef OPENSSL_NO_EC
X509 *x = NULL;
if (!(cpk->valid_flags & CERT_PKEY_SIGN))
ecdsa_ok = 0;
ecc_pkey = X509_get_pubkey(x);
+# ifndef OPENSSL_NO_ECDH
ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;
+# endif
EVP_PKEY_free(ecc_pkey);
if ((x->sig_alg) && (x->sig_alg->algorithm)) {
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
#define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_ECDH
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
} else
# endif
{
- if (!s->server || s->cert->ecdh_tmp_auto) {
+ if (!s->server
+# ifndef OPENSSL_NO_ECDH
+ || s->cert->ecdh_tmp_auto
+# endif
+ ) {
*pcurves = eccurves_auto;
pcurveslen = sizeof(eccurves_auto);
} else {
projects / thirdparty / openssl.git / commitdiff
