Remove compile time guard checking from ssl3_get_req_cert_type

With 3.0 we need to know whether algs are available at run time not at compile time. Actually the code as written is sufficient to do this, so we can simply remove the guards. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
2025-02-23 14:42:15 +08:00 · 2021-01-15 16:10:52 +00:00 · 2021-01-15 16:10:52 +00:00 · 3de751e7f0
commit 3de751e7f0
parent 05b4b85d4b
1 changed files with 4 additions and 9 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -4346,22 +4346,17 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
 #endif

    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
-#ifndef OPENSSL_NO_DH
        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
            return 0;
-# ifndef OPENSSL_NO_DSA
-        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
+        if (!(alg_a & SSL_aDSS)
+                && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
            return 0;
-# endif
-#endif                          /* !OPENSSL_NO_DH */
    }
    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
        return 0;
-#ifndef OPENSSL_NO_DSA
    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
        return 0;
-#endif
-#ifndef OPENSSL_NO_EC
+
    /*
     * ECDSA certs can be used with RSA cipher suites too so we don't
     * need to check for SSL_kECDH or SSL_kECDHE
@ -4370,7 +4365,7 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
            && !(alg_a & SSL_aECDSA)
            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
        return 0;
-#endif
+
    return 1;
 }