Remove compile time guard checking from ssl3_get_req_cert_type

With 3.0 we need to know whether algs are available at run time not
at compile time. Actually the code as written is sufficient to do this,
so we can simply remove the guards.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4152ef5dcb290c10ad5eb4215497e6126c516bbe..4e0eeed02805590f4b8fbebb3d671acc6a1f0216 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4346,22 +4346,17 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
 #endif
 
     if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
-#ifndef OPENSSL_NO_DH
         if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
             return 0;
-# ifndef OPENSSL_NO_DSA
-        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
+        if (!(alg_a & SSL_aDSS)
+                && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
             return 0;
-# endif
-#endif                          /* !OPENSSL_NO_DH */
     }
     if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
         return 0;
-#ifndef OPENSSL_NO_DSA
     if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
         return 0;
-#endif
-#ifndef OPENSSL_NO_EC
+
     /*
      * ECDSA certs can be used with RSA cipher suites too so we don't
      * need to check for SSL_kECDH or SSL_kECDHE
@@ -4370,7 +4365,7 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
             && !(alg_a & SSL_aECDSA)
             && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
         return 0;
-#endif
+
     return 1;
 }