diff options
| author | Matt Caswell <matt@openssl.org> | 2020-10-16 16:35:44 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-11-18 14:14:52 +0000 |
| commit | 13c453728c076d5c1a65a5fd9424e15a9964d755 (patch) | |
| tree | 2adfcc10718f85bab39f1ffcbdb5dff63efe6b69 /ssl/statem | |
| parent | 163f6dc1f70f30de46a68137c36e70cae4d95cd8 (diff) | |
Only disabled what we need to in a no-dh build
no-dh disables the low level API for DH. However, since we're now using
the high level EVP API in most places we don't need to disable quite so
much.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b6baff28ea..c478c5a7e8 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2418,9 +2418,7 @@ int tls_construct_server_done(SSL *s, WPACKET *pkt) int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) { -#ifndef OPENSSL_NO_DH EVP_PKEY *pkdh = NULL; -#endif #ifndef OPENSSL_NO_EC unsigned char *encodedPoint = NULL; size_t encodedlen = 0; @@ -2453,7 +2451,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) if (type & (SSL_kPSK | SSL_kRSAPSK)) { } else #endif /* !OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_DH if (type & (SSL_kDHE | SSL_kDHEPSK)) { CERT *cert = s->cert; EVP_PKEY *pkdhp = NULL; @@ -2468,7 +2465,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } else { pkdhp = cert->dh_tmp; } -#ifndef OPENSSL_NO_DEPRECATED_3_0 +#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(s, 0, 1024)); if (pkdh == NULL) { @@ -2513,7 +2510,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } } else -#endif #ifndef OPENSSL_NO_EC if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { |