From 5b64ce89b0859956387cda1d56718d2a5f09d928 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 13 Jan 2021 12:39:40 +0000 Subject: Remove OPENSSL_NO_DH guards from libssl This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that libssl is entirely using the EVP APIs and implementations can be plugged in via providers it is no longer needed to disable DH at compile time in libssl. Instead it should detect at runtime whether DH is available from the loaded providers. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13916) --- ssl/ssl_lib.c | 23 ----------------------- 1 file changed, 23 deletions(-) (limited to 'ssl/ssl_lib.c') diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5adc6f71a9..a87da32c62 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3505,9 +3505,7 @@ void ssl_set_masks(SSL *s) return; dh_tmp = (c->dh_tmp != NULL -#ifndef OPENSSL_NO_DH || c->dh_tmp_cb != NULL -#endif || c->dh_tmp_auto); rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID; @@ -4483,27 +4481,6 @@ int SSL_want(const SSL *s) return s->rwstate; } -/** - * \brief Set the callback for generating temporary DH keys. - * \param ctx the SSL context. - * \param dh the callback - */ - -#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh) (SSL *ssl, int is_export, - int keylength)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); -} - -void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, - int keylength)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh); -} -#endif - #ifndef OPENSSL_NO_PSK int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { -- cgit v1.2.3