[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Wed Mar 11 13:29:59 UTC 2015


The branch master has been updated
       via  10bf4fc2c3da332a54247da1f3c0dcb44944f7ff (commit)
      from  ac5a110621ca48f0bebd5b4d76d081de403da29e (commit)


- Log -----------------------------------------------------------------
commit 10bf4fc2c3da332a54247da1f3c0dcb44944f7ff
Author: Rich Salz <rsalz at akamai.com>
Date:   Tue Mar 10 19:09:27 2015 -0400

    Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
    
    Suggested by John Foley <foleyj at cisco.com>.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                     | 37 +++++++++++++----------
 apps/req.c                  |  2 +-
 apps/s_cb.c                 |  2 +-
 apps/s_server.c             |  6 ++--
 apps/speed.c                | 74 ++++++++++++---------------------------------
 crypto/ec/ec_pmeth.c        |  7 ++---
 crypto/ecdh/ecdh.h          |  2 +-
 crypto/ecdh/ecdhtest.c      |  4 +--
 crypto/ecdsa/ecdsa.h        |  2 +-
 crypto/ecdsa/ecdsatest.c    |  4 +--
 crypto/engine/eng_fat.c     |  8 ++---
 crypto/engine/eng_list.c    |  4 +--
 crypto/engine/eng_openssl.c |  4 +--
 crypto/engine/engine.h      |  4 +--
 crypto/err/err_all.c        |  8 +----
 crypto/evp/c_alld.c         |  2 +-
 crypto/evp/evp.h            |  2 +-
 crypto/x509/x509.h          |  6 ----
 ssl/s3_clnt.c               | 24 +++++++--------
 ssl/s3_lib.c                | 39 +++++++++++-------------
 ssl/s3_srvr.c               | 10 +++---
 ssl/ssl.h                   |  2 +-
 ssl/ssl_algs.c              |  2 +-
 ssl/ssl_cert.c              |  8 ++---
 ssl/ssl_ciph.c              |  9 ++----
 ssl/ssl_conf.c              |  4 +--
 ssl/ssl_lib.c               | 18 +++--------
 ssl/ssl_locl.h              | 10 +++---
 ssl/ssltest.c               | 12 ++++----
 ssl/t1_lib.c                | 17 +++++------
 util/mk1mf.pl               |  6 ----
 31 files changed, 129 insertions(+), 210 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8fcfcce..8d6fcaf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -41,28 +41,33 @@
      [Rich Salz]
 
   *) Remove various unsupported platforms:
-	Sony NEWS4
-	BEOS and BEOS_R5
-	NeXT
-	SUNOS
-	MPE/iX
-	Sinix/ReliantUNIX RM400
-	DGUX
-	NCR
-	Tandem
-	Cray
-	16-bit platforms such as WIN16
+        Sony NEWS4
+        BEOS and BEOS_R5
+        NeXT
+        SUNOS
+        MPE/iX
+        Sinix/ReliantUNIX RM400
+        DGUX
+        NCR
+        Tandem
+        Cray
+        16-bit platforms such as WIN16
      [Rich Salz]
 
-  *) Start cleaning up OPENSSL_NO_xxx #define's
-	OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
-	OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
-	Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
+  *) Clean up OPENSSL_NO_xxx #define's
+        Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
         Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
+        OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
+        OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
+        OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
+        Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
+        OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
+        OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
+        OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
         Remove MS_STATIC; it's a relic from platforms <32 bits.
      [Rich Salz]
 
-  *) Start cleaning up dead code
+  *) Cleaned up dead code
         Remove all but one '#ifdef undef' which is to be looked at.
      [Rich Salz]
 
diff --git a/apps/req.c b/apps/req.c
index 6d06ed7..231535b 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -398,7 +398,7 @@ int MAIN(int argc, char **argv)
                    " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
         BIO_printf(bio_err,
                    " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
         BIO_printf(bio_err,
                    " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
 #endif
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 12f7b8c..8a66c9a 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -521,7 +521,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
     case EVP_PKEY_DH:
         BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
         break;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case EVP_PKEY_EC:
         {
             EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
diff --git a/apps/s_server.c b/apps/s_server.c
index 42088d0..874b402 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -486,7 +486,7 @@ static void sv_usage(void)
                " -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
     BIO_printf(bio_err,
                "                 or a default set of parameters is used\n");
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     BIO_printf(bio_err,
                " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n"
                "                 Use \"openssl ecparam -list_curves\" for all names\n"
@@ -545,7 +545,7 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_DH
     BIO_printf(bio_err, " -no_dhe       - Disable ephemeral DH\n");
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     BIO_printf(bio_err, " -no_ecdhe     - Disable ephemeral ECDH\n");
 #endif
     BIO_printf(bio_err,
@@ -1677,7 +1677,7 @@ int MAIN(int argc, char *argv[])
                 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
         }
     }
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
     if (nocert)
 #endif
     {
diff --git a/apps/speed.c b/apps/speed.c
index 57b53ce..44c276a 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -172,10 +172,8 @@
 # include <openssl/dsa.h>
 # include "./testdsa.h"
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
 # include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
 # include <openssl/ecdh.h>
 #endif
 #include <openssl/modes.h>
@@ -242,14 +240,12 @@ static double rsa_results[RSA_NUM][2];
 #ifndef OPENSSL_NO_DSA
 static double dsa_results[DSA_NUM][2];
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
 static double ecdsa_results[EC_NUM][2];
-#endif
-#ifndef OPENSSL_NO_ECDH
 static double ecdh_results[EC_NUM][1];
 #endif
 
-#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+#if defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_EC)
 static const char rnd_seed[] =
     "string to make the random number generator think it has entropy";
 static int rnd_fake = 0;
@@ -330,7 +326,7 @@ static double Time_F(int s)
 }
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
 static const int KDF1_SHA1_len = 20;
 static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
                        size_t *outlen)
@@ -340,7 +336,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
     *outlen = SHA_DIGEST_LENGTH;
     return SHA1(in, inlen, out);
 }
-#endif                         /* OPENSSL_NO_ECDH */
+#endif                         /* OPENSSL_NO_EC */
 
 static void multiblock_speed(const EVP_CIPHER *evp_cipher);
 
@@ -595,30 +591,23 @@ int MAIN(int argc, char **argv)
 
 #endif
 
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     unsigned char ecdsasig[256];
     unsigned int ecdsasiglen;
     EC_KEY *ecdsa[EC_NUM];
     long ecdsa_c[EC_NUM][2];
-#endif
-
-#ifndef OPENSSL_NO_ECDH
     EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
     unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
     int secret_size_a, secret_size_b;
     int ecdh_checks = 0;
     int secret_idx = 0;
     long ecdh_c[EC_NUM][2];
+    int ecdsa_doit[EC_NUM];
+    int ecdh_doit[EC_NUM];
 #endif
 
     int rsa_doit[RSA_NUM];
     int dsa_doit[DSA_NUM];
-#ifndef OPENSSL_NO_ECDSA
-    int ecdsa_doit[EC_NUM];
-#endif
-#ifndef OPENSSL_NO_ECDH
-    int ecdh_doit[EC_NUM];
-#endif
     int doit[ALGOR_NUM];
     int pr_header = 0;
     const EVP_CIPHER *evp_cipher = NULL;
@@ -639,11 +628,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
     memset(dsa_key, 0, sizeof(dsa_key));
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     for (i = 0; i < EC_NUM; i++)
         ecdsa[i] = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
     for (i = 0; i < EC_NUM; i++) {
         ecdh_a[i] = NULL;
         ecdh_b[i] = NULL;
@@ -689,11 +676,9 @@ int MAIN(int argc, char **argv)
         rsa_doit[i] = 0;
     for (i = 0; i < DSA_NUM; i++)
         dsa_doit[i] = 0;
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     for (i = 0; i < EC_NUM; i++)
         ecdsa_doit[i] = 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
     for (i = 0; i < EC_NUM; i++)
         ecdh_doit[i] = 0;
 #endif
@@ -986,7 +971,7 @@ int MAIN(int argc, char **argv)
             dsa_doit[R_DSA_2048] = 1;
         } else
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
         if (strcmp(*argv, "ecdsap160") == 0)
             ecdsa_doit[R_EC_P160] = 2;
         else if (strcmp(*argv, "ecdsap192") == 0)
@@ -1022,10 +1007,7 @@ int MAIN(int argc, char **argv)
         else if (strcmp(*argv, "ecdsa") == 0) {
             for (i = 0; i < EC_NUM; i++)
                 ecdsa_doit[i] = 1;
-        } else
-#endif
-#ifndef OPENSSL_NO_ECDH
-        if (strcmp(*argv, "ecdhp160") == 0)
+        } else if (strcmp(*argv, "ecdhp160") == 0)
             ecdh_doit[R_EC_P160] = 2;
         else if (strcmp(*argv, "ecdhp192") == 0)
             ecdh_doit[R_EC_P192] = 2;
@@ -1135,7 +1117,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_DSA
             BIO_printf(bio_err, "dsa512   dsa1024  dsa2048\n");
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
             BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
                        "ecdsap256 ecdsap384 ecdsap521\n");
             BIO_printf(bio_err,
@@ -1143,8 +1125,6 @@ int MAIN(int argc, char **argv)
             BIO_printf(bio_err,
                        "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
             BIO_printf(bio_err, "ecdsa\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
             BIO_printf(bio_err, "ecdhp160  ecdhp192  ecdhp224 "
                        "ecdhp256  ecdhp384  ecdhp521\n");
             BIO_printf(bio_err,
@@ -1234,11 +1214,9 @@ int MAIN(int argc, char **argv)
             rsa_doit[i] = 1;
         for (i = 0; i < DSA_NUM; i++)
             dsa_doit[i] = 1;
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
         for (i = 0; i < EC_NUM; i++)
             ecdsa_doit[i] = 1;
-#endif
-#ifndef OPENSSL_NO_ECDH
         for (i = 0; i < EC_NUM; i++)
             ecdh_doit[i] = 1;
 #endif
@@ -1428,7 +1406,7 @@ int MAIN(int argc, char **argv)
     }
 #  endif
 
-#  ifndef OPENSSL_NO_ECDSA
+#  ifndef OPENSSL_NO_EC
     ecdsa_c[R_EC_P160][0] = count / 1000;
     ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
     for (i = R_EC_P192; i <= R_EC_P521; i++) {
@@ -1471,9 +1449,6 @@ int MAIN(int argc, char **argv)
             }
         }
     }
-#  endif
-
-#  ifndef OPENSSL_NO_ECDH
     ecdh_c[R_EC_P160][0] = count / 1000;
     ecdh_c[R_EC_P160][1] = count / 1000;
     for (i = R_EC_P192; i <= R_EC_P521; i++) {
@@ -2144,7 +2119,7 @@ int MAIN(int argc, char **argv)
         RAND_cleanup();
 #endif
 
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     if (RAND_status() != 1) {
         RAND_seed(rnd_seed, sizeof rnd_seed);
         rnd_fake = 1;
@@ -2236,9 +2211,6 @@ int MAIN(int argc, char **argv)
     }
     if (rnd_fake)
         RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDH
     if (RAND_status() != 1) {
         RAND_seed(rnd_seed, sizeof rnd_seed);
         rnd_fake = 1;
@@ -2423,7 +2395,7 @@ int MAIN(int argc, char **argv)
                     1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
     }
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     j = 1;
     for (k = 0; k < EC_NUM; k++) {
         if (!ecdsa_doit[k])
@@ -2445,9 +2417,6 @@ int MAIN(int argc, char **argv)
                     ecdsa_results[k][0], ecdsa_results[k][1],
                     1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
     }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
     j = 1;
     for (k = 0; k < EC_NUM; k++) {
         if (!ecdh_doit[k])
@@ -2488,12 +2457,10 @@ int MAIN(int argc, char **argv)
             DSA_free(dsa_key[i]);
 #endif
 
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     for (i = 0; i < EC_NUM; i++)
         if (ecdsa[i] != NULL)
             EC_KEY_free(ecdsa[i]);
-#endif
-#ifndef OPENSSL_NO_ECDH
     for (i = 0; i < EC_NUM; i++) {
         if (ecdh_a[i] != NULL)
             EC_KEY_free(ecdh_a[i]);
@@ -2697,7 +2664,7 @@ static int do_multi(int multi)
                     dsa_results[k][1] = d;
             }
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
             else if (!strncmp(buf, "+F4:", 4)) {
                 int k;
                 double d;
@@ -2720,9 +2687,6 @@ static int do_multi(int multi)
                 else
                     ecdsa_results[k][1] = d;
             }
-# endif
-
-# ifndef OPENSSL_NO_ECDH
             else if (!strncmp(buf, "+F5:", 4)) {
                 int k;
                 double d;
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 0437dcf..d789e7e 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -203,7 +203,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
     return ret;
 }
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
 static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                           size_t *keylen)
 {
@@ -302,7 +302,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
         return 1;
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
         if (p1 == -2) {
             if (dctx->cofactor_mode != -1)
@@ -519,12 +519,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
     0, 0,
 
     0,
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     pkey_ec_kdf_derive,
 #else
     0,
 #endif
-
     pkey_ec_ctrl,
     pkey_ec_ctrl_str
 };
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
index 0d643a3..25ccdc9 100644
--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -71,7 +71,7 @@
 
 # include <openssl/opensslconf.h>
 
-# ifdef OPENSSL_NO_ECDH
+# ifdef OPENSSL_NO_EC
 #  error ECDH is disabled.
 # endif
 
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index 41725f6..578de31 100644
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -73,7 +73,7 @@
 
 #include "../e_os.h"
 
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_EC */
 #include <openssl/crypto.h>
 #include <openssl/bio.h>
 #include <openssl/bn.h>
@@ -82,7 +82,7 @@
 #include <openssl/sha.h>
 #include <openssl/err.h>
 
-#ifdef OPENSSL_NO_ECDH
+#ifdef OPENSSL_NO_EC
 int main(int argc, char *argv[])
 {
     printf("No ECDH support\n");
diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h
index 86cafe2..3876004 100644
--- a/crypto/ecdsa/ecdsa.h
+++ b/crypto/ecdsa/ecdsa.h
@@ -61,7 +61,7 @@
 
 # include <openssl/opensslconf.h>
 
-# ifdef OPENSSL_NO_ECDSA
+# ifdef OPENSSL_NO_EC
 #  error ECDSA is disabled.
 # endif
 
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index d58490f..31d9c84 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -73,9 +73,9 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
 
-#ifdef OPENSSL_NO_ECDSA
+#ifdef OPENSSL_NO_EC
 int main(int argc, char *argv[])
 {
     puts("Elliptic curves are disabled.");
diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
index 4279dd9..af353bd 100644
--- a/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c
@@ -79,11 +79,9 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
     if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
         return 0;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
         return 0;
-#endif
-#ifndef OPENSSL_NO_ECDSA
     if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
         return 0;
 #endif
@@ -159,10 +157,8 @@ int ENGINE_register_complete(ENGINE *e)
 #ifndef OPENSSL_NO_DH
     ENGINE_register_DH(e);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     ENGINE_register_ECDH(e);
-#endif
-#ifndef OPENSSL_NO_ECDSA
     ENGINE_register_ECDSA(e);
 #endif
     ENGINE_register_RAND(e);
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index c69e8a7..9e80eaf 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -300,10 +300,8 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
 #ifndef OPENSSL_NO_DH
     dest->dh_meth = src->dh_meth;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     dest->ecdh_meth = src->ecdh_meth;
-#endif
-#ifndef OPENSSL_NO_ECDSA
     dest->ecdsa_meth = src->ecdsa_meth;
 #endif
     dest->rand_meth = src->rand_meth;
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 3e12ecf..78fa3c8 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -149,10 +149,8 @@ static int bind_helper(ENGINE *e)
 # ifndef OPENSSL_NO_DSA
         || !ENGINE_set_DSA(e, DSA_get_default_method())
 # endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
         || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
-# endif
-# ifndef OPENSSL_NO_ECDSA
         || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
 # endif
 # ifndef OPENSSL_NO_DH
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index c931907..e2f3e5c 100644
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -82,10 +82,8 @@
 #  ifndef OPENSSL_NO_DH
 #   include <openssl/dh.h>
 #  endif
-#  ifndef OPENSSL_NO_ECDH
+#  ifndef OPENSSL_NO_EC
 #   include <openssl/ecdh.h>
-#  endif
-#  ifndef OPENSSL_NO_ECDSA
 #   include <openssl/ecdsa.h>
 #  endif
 #  include <openssl/rand.h>
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 1363fb0..b844167 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -76,10 +76,8 @@
 #ifndef OPENSSL_NO_DSA
 # include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
 # include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
 # include <openssl/ecdh.h>
 #endif
 #include <openssl/evp.h>
@@ -138,11 +136,7 @@ void ERR_load_crypto_strings(void)
 # endif
 # ifndef OPENSSL_NO_EC
     ERR_load_EC_strings();
-# endif
-# ifndef OPENSSL_NO_ECDSA
     ERR_load_ECDSA_strings();
-# endif
-# ifndef OPENSSL_NO_ECDH
     ERR_load_ECDH_strings();
 # endif
     /* skip ERR_load_SSL_strings() because it is not in this library */
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index 0d4278b..94039ef 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -80,7 +80,7 @@ void OpenSSL_add_all_digests(void)
     EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
     EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
     EVP_add_digest(EVP_ecdsa());
 # endif
 #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 2e9f83f..0d26fd3 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -234,7 +234,7 @@ typedef int evp_verify_method(int type, const unsigned char *m,
 #   define EVP_PKEY_DSA_method     EVP_PKEY_NULL_method
 #  endif
 
-#  ifndef OPENSSL_NO_ECDSA
+#  ifndef OPENSSL_NO_EC
 #   define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \
                                 (evp_verify_method *)ECDSA_verify, \
                                  {EVP_PKEY_EC,0,0,0}
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 1e78e30..9835be5 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -75,13 +75,7 @@
 
 # ifndef OPENSSL_NO_EC
 #  include <openssl/ec.h>
-# endif
-
-# ifndef OPENSSL_NO_ECDSA
 #  include <openssl/ecdsa.h>
-# endif
-
-# ifndef OPENSSL_NO_ECDH
 #  include <openssl/ecdh.h>
 # endif
 
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 750217f..1e611c4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1321,7 +1321,7 @@ int ssl3_get_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_DH
     DH *dh = NULL;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     EC_KEY *ecdh = NULL;
     BN_CTX *bn_ctx = NULL;
     EC_POINT *srvr_ecpoint = NULL;
@@ -1385,7 +1385,7 @@ int ssl3_get_key_exchange(SSL *s)
             s->session->sess_cert->peer_dh_tmp = NULL;
         }
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
         if (s->session->sess_cert->peer_ecdh_tmp) {
             EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
             s->session->sess_cert->peer_ecdh_tmp = NULL;
@@ -1724,7 +1724,7 @@ int ssl3_get_key_exchange(SSL *s)
     }
 #endif                          /* !OPENSSL_NO_DH */
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     else if (alg_k & SSL_kECDHE) {
         EC_GROUP *ngroup;
         const EC_GROUP *group;
@@ -1822,7 +1822,7 @@ int ssl3_get_key_exchange(SSL *s)
                 X509_get_pubkey(s->session->
                                 sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
         else if (alg_a & SSL_aECDSA)
             pkey =
                 X509_get_pubkey(s->session->
@@ -1841,7 +1841,7 @@ int ssl3_get_key_exchange(SSL *s)
         SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
         goto f_err;
     }
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
 
     /* p points to the next byte, there are 'n' bytes left */
 
@@ -1961,7 +1961,7 @@ int ssl3_get_key_exchange(SSL *s)
     if (dh != NULL)
         DH_free(dh);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     BN_CTX_free(bn_ctx);
     EC_POINT_free(srvr_ecpoint);
     if (ecdh != NULL)
@@ -2299,7 +2299,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_KRB5
     KSSL_ERR kssl_err;
 #endif                          /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     EC_KEY *clnt_ecdh = NULL;
     const EC_POINT *srvr_ecpoint = NULL;
     EVP_PKEY *srvr_pub_pkey = NULL;
@@ -2597,7 +2597,7 @@ int ssl3_send_client_key_exchange(SSL *s)
         }
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
         else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) {
             const EC_GROUP *srvr_group = NULL;
             EC_KEY *tkey;
@@ -2768,7 +2768,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                 EC_KEY_free(clnt_ecdh);
             EVP_PKEY_free(srvr_pub_pkey);
         }
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
         else if (alg_k & SSL_kGOST) {
             /* GOST key exchange message creation */
             EVP_PKEY_CTX *pkey_ctx;
@@ -3054,7 +3054,7 @@ int ssl3_send_client_key_exchange(SSL *s)
         OPENSSL_free(pms);
         s->cert->pms = NULL;
     }
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     BN_CTX_free(bn_ctx);
     if (encodedPoint != NULL)
         OPENSSL_free(encodedPoint);
@@ -3156,7 +3156,7 @@ int ssl3_send_client_verify(SSL *s)
             n = j + 2;
         } else
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
         if (pkey->type == EVP_PKEY_EC) {
             if (!ECDSA_sign(pkey->save_type,
                             &(data[MD5_DIGEST_LENGTH]),
@@ -3365,7 +3365,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
     /* This is the passed certificate */
 
     idx = sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (idx == SSL_PKEY_ECC) {
         if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) {
             /* check failed */
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 20ce112..f4369eb 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2051,7 +2051,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      },
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     /* Cipher C001 */
     {
      1,
@@ -2451,7 +2451,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      256,
      256,
      },
-#endif                          /* OPENSSL_NO_ECDH */
+#endif                          /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_SRP
     /* Cipher C01A */
@@ -2598,7 +2598,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      256,
      },
 #endif                          /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
 
     /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
 
@@ -2973,7 +2973,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      256,
      256},
 # endif                         /* OPENSSL_NO_CAMELLIA */
-#endif                          /* OPENSSL_NO_ECDH */
+#endif                          /* OPENSSL_NO_EC */
 
 #ifdef TEMP_GOST_TLS
 /* Cipher FF00 */
@@ -3138,7 +3138,7 @@ void ssl3_free(SSL *s)
     if (s->s3->tmp.dh != NULL)
         DH_free(s->s3->tmp.dh);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (s->s3->tmp.ecdh != NULL)
         EC_KEY_free(s->s3->tmp.ecdh);
 #endif
@@ -3183,7 +3183,7 @@ void ssl3_clear(SSL *s)
         s->s3->tmp.dh = NULL;
     }
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (s->s3->tmp.ecdh != NULL) {
         EC_KEY_free(s->s3->tmp.ecdh);
         s->s3->tmp.ecdh = NULL;
@@ -3357,7 +3357,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         s->cert->dh_tmp_auto = larg;
         return 1;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH:
         {
             EC_KEY *ecdh = NULL;
@@ -3389,7 +3389,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
             return (ret);
         }
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_TLSEXT
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
         if (larg == TLSEXT_NAMETYPE_host_name) {
@@ -3558,7 +3558,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
     case SSL_CTRL_GET_SHARED_CURVE:
         return tls1_shared_curve(s, larg);
 
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_ECDH_AUTO:
         s->cert->ecdh_tmp_auto = larg;
         return 1;
@@ -3629,7 +3629,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             EVP_PKEY *ptmp;
             int rv = 0;
             sc = s->session->sess_cert;
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
             if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
                 return 0;
 #endif
@@ -3645,7 +3645,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             else if (sc->peer_dh_tmp)
                 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
             else if (sc->peer_ecdh_tmp)
                 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
 #endif
@@ -3736,7 +3736,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
         }
         break;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH_CB:
         {
             s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
@@ -3847,7 +3847,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         ctx->cert->dh_tmp_auto = larg;
         return 1;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH:
         {
             EC_KEY *ecdh = NULL;
@@ -3881,7 +3881,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
             return (0);
         }
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_TLSEXT
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
         ctx->tlsext_servername_arg = parg;
@@ -3955,7 +3955,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
                                     &ctx->tlsext_ellipticcurvelist_length,
                                     parg);
-#  ifndef OPENSSL_NO_ECDH
+#  ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_ECDH_AUTO:
         ctx->cert->ecdh_tmp_auto = larg;
         return 1;
@@ -4059,7 +4059,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
         }
         break;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH_CB:
         {
             cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
@@ -4251,14 +4251,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 
 #ifndef OPENSSL_NO_TLSEXT
 # ifndef OPENSSL_NO_EC
-#  ifndef OPENSSL_NO_ECDH
         /*
          * if we are considering an ECC cipher suite that uses an ephemeral
          * EC key check it
          */
         if (alg_k & SSL_kECDHE)
             ok = ok && tls1_check_ec_tmp_key(s, c->id);
-#  endif                        /* OPENSSL_NO_ECDH */
 # endif                         /* OPENSSL_NO_EC */
 #endif                          /* OPENSSL_NO_TLSEXT */
 
@@ -4346,16 +4344,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
     if (!(alg_a & SSL_aDSS))
         p[ret++] = SSL3_CT_DSS_SIGN;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
         if (nostrict || !(alg_a & SSL_aRSA))
             p[ret++] = TLS_CT_RSA_FIXED_ECDH;
         if (nostrict || !(alg_a & SSL_aECDSA))
             p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
     }
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
     /*
      * ECDSA certs can be used with RSA cipher suites as well so we don't
      * need to check for SSL_kECDH or SSL_kECDHE
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 39c1574..ee66a5a 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1532,7 +1532,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_DH
     DH *dh = NULL, *dhp;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     EC_KEY *ecdh = NULL, *ecdhp;
     unsigned char *encodedPoint = NULL;
     int encodedlen = 0;
@@ -1654,7 +1654,7 @@ int ssl3_send_server_key_exchange(SSL *s)
             r[2] = dh->pub_key;
         } else
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
         if (type & SSL_kECDHE) {
             const EC_GROUP *group;
 
@@ -1782,7 +1782,7 @@ int ssl3_send_server_key_exchange(SSL *s)
             r[2] = NULL;
             r[3] = NULL;
         } else
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_PSK
         if (type & SSL_kPSK) {
             /*
@@ -1853,7 +1853,7 @@ int ssl3_send_server_key_exchange(SSL *s)
             p += nr[i];
         }
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
         if (type & SSL_kECDHE) {
             /*
              * XXX: For now, we only support named (not generic) curves. In
@@ -3001,7 +3001,7 @@ int ssl3_get_cert_verify(SSL *s)
         }
     } else
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     if (pkey->type == EVP_PKEY_EC) {
         j = ECDSA_verify(pkey->save_type,
                          &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 160d37c..56eb7ba 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1760,7 +1760,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl,
                              DH *(*dh) (SSL *ssl, int is_export,
                                         int keylength));
 # endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
                                    EC_KEY *(*ecdh) (SSL *ssl, int is_export,
                                                     int keylength));
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 3843aef..504e4d7 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -122,7 +122,7 @@ int SSL_library_init(void)
     EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
     EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     EVP_add_digest(EVP_ecdsa());
 #endif
 #ifndef OPENSSL_NO_COMP
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9742599..fa0c693 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -175,7 +175,7 @@ void ssl_cert_set_default_md(CERT *cert)
     cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
     cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
 }
@@ -261,7 +261,7 @@ CERT *ssl_cert_dup(CERT *cert)
     ret->dh_tmp_auto = cert->dh_tmp_auto;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (cert->ecdh_tmp) {
         ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
         if (ret->ecdh_tmp == NULL) {
@@ -450,7 +450,7 @@ void ssl_cert_free(CERT *c)
     if (c->dh_tmp)
         DH_free(c->dh_tmp);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (c->ecdh_tmp)
         EC_KEY_free(c->ecdh_tmp);
 #endif
@@ -683,7 +683,7 @@ void ssl_sess_cert_free(SESS_CERT *sc)
     if (sc->peer_dh_tmp != NULL)
         DH_free(sc->peer_dh_tmp);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (sc->peer_ecdh_tmp != NULL)
         EC_KEY_free(sc->peer_ecdh_tmp);
 #endif
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 12820b6..f220e8e 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -748,12 +748,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
     *mkey |= SSL_kKRB5;
     *auth |= SSL_aKRB5;
 #endif
-#ifdef OPENSSL_NO_ECDSA
-    *auth |= SSL_aECDSA;
-#endif
-#ifdef OPENSSL_NO_ECDH
+#ifdef OPENSSL_NO_EC
     *mkey |= SSL_kECDHe | SSL_kECDHr;
-    *auth |= SSL_aECDH;
+    *auth |= SSL_aECDSA | SSL_aECDH;
 #endif
 #ifdef OPENSSL_NO_PSK
     *mkey |= SSL_kPSK;
@@ -1437,7 +1434,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                    SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
         return 0;
     }
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     switch (suiteb_flags) {
     case SSL_CERT_FLAG_SUITEB_128_LOS:
         if (suiteb_comb2)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 354f218..cfed40d 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -257,7 +257,7 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
     return rv > 0;
 }
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
 /* ECDH temporary parameters */
 static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
@@ -447,7 +447,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"),
     SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"),
     SSL_CONF_CMD_STRING(Curves, "curves"),
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"),
 #endif
     SSL_CONF_CMD_STRING(CipherString, "cipher"),
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c535a42..3bce4cf 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2153,13 +2153,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
     int rsa_enc_export, dh_rsa_export, dh_dsa_export;
     int rsa_tmp_export, dh_tmp_export, kl;
     unsigned long mask_k, mask_a, emask_k, emask_a;
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
-#endif
-#ifndef OPENSSL_NO_ECDH
     int have_ecdh_tmp, ecdh_ok;
-#endif
-#ifndef OPENSSL_NO_EC
     X509 *x = NULL;
     EVP_PKEY *ecc_pkey = NULL;
     int signature_nid = 0, pk_nid = 0, md_nid = 0;
@@ -2185,7 +2181,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
     dh_tmp = dh_tmp_export = 0;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
 #endif
     cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
@@ -2283,10 +2279,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
         x = cpk->x509;
         /* This call populates extension flags (ex_flags) */
         X509_check_purpose(x, -1, 0);
-# ifndef OPENSSL_NO_ECDH
         ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
             (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
-# endif
         ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
             (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
         if (!(cpk->valid_flags & CERT_PKEY_SIGN))
@@ -2298,7 +2292,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
             signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
             OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
         }
-# ifndef OPENSSL_NO_ECDH
         if (ecdh_ok) {
 
             if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
@@ -2319,17 +2312,14 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
                 }
             }
         }
-# endif
-# ifndef OPENSSL_NO_ECDSA
         if (ecdsa_ok) {
             mask_a |= SSL_aECDSA;
             emask_a |= SSL_aECDSA;
         }
-# endif
     }
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (have_ecdh_tmp) {
         mask_k |= SSL_kECDHE;
         emask_k |= SSL_kECDHE;
@@ -3267,7 +3257,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
 }
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
                                    EC_KEY *(*ecdh) (SSL *ssl, int is_export,
                                                     int keylength))
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7a8a303..a16ad08 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1350,7 +1350,7 @@ typedef struct ssl3_state_st {
 #  ifndef OPENSSL_NO_DH
         DH *dh;
 #  endif
-#  ifndef OPENSSL_NO_ECDH
+#  ifndef OPENSSL_NO_EC
         EC_KEY *ecdh;           /* holds short lived ECDH key */
 #  endif
         /* used when SSL_ST_FLUSH_DATA is entered */
@@ -1662,7 +1662,7 @@ typedef struct cert_st {
     DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
     int dh_tmp_auto;
 # endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     EC_KEY *ecdh_tmp;
     /* Callback for generating ephemeral ECDH keys */
     EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
@@ -1760,7 +1760,7 @@ typedef struct sess_cert_st {
 # ifndef OPENSSL_NO_DH
     DH *peer_dh_tmp;            /* not used for SSL 2 */
 # endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     EC_KEY *peer_ecdh_tmp;
 # endif
     int references;             /* actually always 1 at the moment */
@@ -2317,7 +2317,7 @@ int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
 
-#  ifndef OPENSSL_NO_ECDH
+#  ifndef OPENSSL_NO_EC
 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
 #  endif
 
@@ -2332,9 +2332,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
                     int *curves, size_t ncurves);
 int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
                          const char *str);
-#   ifndef OPENSSL_NO_ECDH
 int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
-#   endif                       /* OPENSSL_NO_ECDH */
 #  endif                        /* OPENSSL_NO_EC */
 
 #  ifndef OPENSSL_NO_TLSEXT
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 89fb44a..7a157a6 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -774,7 +774,7 @@ static void sv_usage(void)
             " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
     fprintf(stderr, " -no_dhe       - disable DHE\n");
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
 #endif
 #ifndef OPENSSL_NO_PSK
@@ -803,7 +803,7 @@ static void sv_usage(void)
             " -time         - measure processor time used by client and server\n");
     fprintf(stderr, " -zlib         - use zlib compression\n");
     fprintf(stderr, " -rle          - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     fprintf(stderr,
             " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n"
             "                 Use \"openssl ecparam -list_curves\" for all names\n"
@@ -967,7 +967,7 @@ int main(int argc, char *argv[])
     char *server_key = NULL;
     char *client_cert = TEST_CLIENT_CERT;
     char *client_key = NULL;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     char *named_curve = NULL;
 #endif
     SSL_CTX *s_ctx = NULL;
@@ -980,7 +980,7 @@ int main(int argc, char *argv[])
     DH *dh;
     int dhe1024 = 0, dhe1024dsa = 0;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     EC_KEY *ecdh = NULL;
 #endif
 #ifndef OPENSSL_NO_SRP
@@ -1206,7 +1206,7 @@ int main(int argc, char *argv[])
         else if (strcmp(*argv, "-named_curve") == 0) {
             if (--argc < 1)
                 goto bad;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
             named_curve = *(++argv);
 #else
             fprintf(stderr,
@@ -1470,7 +1470,7 @@ int main(int argc, char *argv[])
     (void)no_dhe;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (!no_ecdhe) {
         int nid;
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c91b761..8296ea1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -798,7 +798,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
     return rv;
 }
 
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
 /* Check EC temporary key is compatible with client extensions */
 int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
 {
@@ -863,7 +863,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
     return tls1_check_ec_key(s, curve_id, NULL);
 #  endif
 }
-# endif                         /* OPENSSL_NO_ECDH */
+# endif                         /* OPENSSL_NO_EC */
 
 #else
 
@@ -893,9 +893,8 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
 #  define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
 # endif
 
-# ifdef OPENSSL_NO_ECDSA
-#  define tlsext_sigalg_ecdsa(md)
-                                /* */
+# ifdef OPENSSL_NO_EC
+#  define tlsext_sigalg_ecdsa(md) /* */
 # else
 #  define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
 # endif
@@ -913,7 +912,7 @@ static const unsigned char tls12_sigalgs[] = {
         tlsext_sigalg(TLSEXT_hash_sha1)
 };
 
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
 static const unsigned char suiteb_sigalgs[] = {
     tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
         tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
@@ -3246,7 +3245,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
     case TLSEXT_signature_dsa:
         return SSL_PKEY_DSA_SIGN;
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
     case TLSEXT_signature_ecdsa:
         return SSL_PKEY_ECC;
 # endif
@@ -3326,7 +3325,7 @@ void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op)
                 have_dsa = 1;
             break;
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
         case TLSEXT_signature_ecdsa:
             if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs))
                 have_ecdsa = 1;
@@ -3521,7 +3520,7 @@ int tls1_process_sigalgs(SSL *s)
             c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
         }
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
         if (!c->pkeys[SSL_PKEY_ECC].digest)
             c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 # endif
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 809e9b3..d3379d2 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -142,8 +142,6 @@ and [options] can be one of
 	no-krb5					- No KRB5
 	no-srp					- No SRP
 	no-ec					- No EC
-	no-ecdsa				- No ECDSA
-	no-ecdh					- No ECDH
 	no-engine				- No engine
 	no-hw					- No hw
 	nasm 					- Use NASM for x86 asm
@@ -298,8 +296,6 @@ $cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
 $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
 $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
 $cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
-$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
-$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
 $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
 $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
 $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
@@ -1427,8 +1423,6 @@ sub read_options
 		"no-sock" => \$no_sock,
 		"no-krb5" => \$no_krb5,
 		"no-ec" => \$no_ec,
-		"no-ecdsa" => \$no_ecdsa,
-		"no-ecdh" => \$no_ecdh,
 		"no-gost" => \$no_gost,
 		"no-engine" => \$no_engine,
 		"no-hw" => \$no_hw,


More information about the openssl-commits mailing list