Remove OPENSSL_NO_RSA

Building without RSA support is unreasonable. Changes were made by running find . -type f -name *.c | xargs unifdef -m -U OPENSSL_NO_RSA find . -type f -name *.h | xargs unifdef -m -U OPENSSL_NO_RSA using unifdef 2.10 and some newlines were removed manually. Change-Id: Iea559e2d4b3d1053f28a4a9cc2f7a3d1f6cabd61 Reviewed-on: https://boringssl-review.googlesource.com/1095 Reviewed-by: Adam Langley <agl@google.com>
2014-07-04 23:43:44 -04:00 · 2014-07-04 23:43:44 -04:00 · 3c5034e97c
commit 3c5034e97c
parent c6318e349a
16 changed files with 0 additions and 142 deletions
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@ -471,15 +471,11 @@ DECLARE_PEM_rw(PKCS8, X509_SIG)

 DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)

-#ifndef OPENSSL_NO_RSA
-
 DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)

 DECLARE_PEM_rw_const(RSAPublicKey, RSA)
 DECLARE_PEM_rw(RSA_PUBKEY, RSA)

-#endif
-
 #ifndef OPENSSL_NO_DSA

 DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@ -130,7 +130,6 @@ IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
 IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)


-#ifndef OPENSSL_NO_RSA

 /* We treat RSA or DSA private keys as a special case.
 *
@ -232,7 +231,6 @@ IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)

-#endif

 #ifndef OPENSSL_NO_DSA

--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@ -165,7 +165,6 @@ start:
 			pp=&(xi->crl);
 			}
 		else
-#ifndef OPENSSL_NO_RSA
 			if (strcmp(name,PEM_STRING_RSA) == 0)
 			{
 			d2i=(D2I_OF(void))d2i_RSAPrivateKey;
@ -186,7 +185,6 @@ start:
 				raw=1;
 			}
 		else
-#endif
 #ifndef OPENSSL_NO_DSA
 			if (strcmp(name,PEM_STRING_DSA) == 0)
 			{
@ -380,13 +378,11 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
 		else
 			{
 			/* Add DSA/DH */
-#ifndef OPENSSL_NO_RSA
 			/* normal optionally encrypted stuff */
 			if (PEM_write_bio_RSAPrivateKey(bp,
 				xi->x_pkey->dec_pkey->pkey.rsa,
 				enc,kstr,klen,cb,u)<=0)
 				goto err;
-#endif
 			}
 		}

--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@ -659,14 +659,12 @@ X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
 int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
 X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
 int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
 RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
 int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
-#endif
 #ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
@ -698,14 +696,12 @@ X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
 int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
 X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
 int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
 RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
 RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
 int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
-#endif
 #ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
@ -774,11 +770,9 @@ int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
 int		i2d_PUBKEY(const EVP_PKEY *a,unsigned char **pp);
 EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
 			long length);
-#ifndef OPENSSL_NO_RSA
 int		i2d_RSA_PUBKEY(const RSA *a,unsigned char **pp);
 RSA *		d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,
 			long length);
-#endif
 #ifndef OPENSSL_NO_DSA
 int		i2d_DSA_PUBKEY(const DSA *a,unsigned char **pp);
 DSA *		d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@ -233,7 +233,6 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
 	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
 	}

-#ifndef OPENSSL_NO_RSA

 #ifndef OPENSSL_NO_FP_API
 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
@ -251,7 +250,6 @@ RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
 	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
 	}

-
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
 	{
 	return ASN1_d2i_fp((void *(*)(void))
@ -300,7 +298,6 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
 	{
 	return ASN1_i2d_bio_of_const(RSA,i2d_RSA_PUBKEY,bp,rsa);
 	}
-#endif

 #ifndef OPENSSL_NO_DSA
 #ifndef OPENSSL_NO_FP_API
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@ -224,7 +224,6 @@ int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp)
 /* The following are equivalents but which return RSA and DSA
 * keys
 */
-#ifndef OPENSSL_NO_RSA
 RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
 	     long length)
 	{
@ -262,7 +261,6 @@ int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp)
 	EVP_PKEY_free(pktmp);
 	return ret;
 	}
-#endif

 #ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@ -1329,18 +1329,14 @@ err:

 int ssl3_get_key_exchange(SSL *s)
 	{
-#ifndef OPENSSL_NO_RSA
 	unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
-#endif
 	EVP_MD_CTX md_ctx;
 	unsigned char *param,*p;
 	int al,i,j,param_len,ok;
 	long n,alg_k,alg_a;
 	EVP_PKEY *pkey=NULL;
 	const EVP_MD *md = NULL;
-#ifndef OPENSSL_NO_RSA
 	RSA *rsa=NULL;
-#endif
 #ifndef OPENSSL_NO_DH
 	DH *dh=NULL;
 #endif
@ -1386,13 +1382,11 @@ int ssl3_get_key_exchange(SSL *s)
 	param=p=(unsigned char *)s->init_msg;
 	if (s->session->sess_cert != NULL)
 		{
-#ifndef OPENSSL_NO_RSA
 		if (s->session->sess_cert->peer_rsa_tmp != NULL)
 			{
 			RSA_free(s->session->sess_cert->peer_rsa_tmp);
 			s->session->sess_cert->peer_rsa_tmp=NULL;
 			}
-#endif
 #ifndef OPENSSL_NO_DH
 		if (s->session->sess_cert->peer_dh_tmp)
 			{
@ -1468,7 +1462,6 @@ int ssl3_get_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_PSK */

 	if (0) {}
-#ifndef OPENSSL_NO_RSA
 	else if (alg_k & SSL_kRSA)
 		{
 		if ((rsa=RSA_new()) == NULL)
@ -1518,7 +1511,6 @@ int ssl3_get_key_exchange(SSL *s)
 		s->session->sess_cert->peer_rsa_tmp=rsa;
 		rsa=NULL;
 		}
-#endif
 #ifndef OPENSSL_NO_DH
 	else if (alg_k & SSL_kEDH)
 		{
@ -1573,13 +1565,8 @@ int ssl3_get_key_exchange(SSL *s)
 		p+=i;
 		n-=param_len;

-#ifndef OPENSSL_NO_RSA
 		if (alg_a & SSL_aRSA)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-		if (0)
-			;
-#endif
 #ifndef OPENSSL_NO_DSA
 		else if (alg_a & SSL_aDSS)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
@ -1689,10 +1676,8 @@ int ssl3_get_key_exchange(SSL *s)
 		 * key exchange message. We do support RSA and ECDSA.
 		 */
 		if (0) ;
-#ifndef OPENSSL_NO_RSA
 		else if (alg_a & SSL_aRSA)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#endif
 #ifndef OPENSSL_NO_ECDSA
 		else if (alg_a & SSL_aECDSA)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
@ -1751,7 +1736,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 			goto f_err;
 			}

-#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))
 			{
 			int num;
@ -1786,7 +1770,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 				}
 			}
 		else
-#endif
 			{
 			EVP_VerifyInit_ex(&md_ctx, md, NULL);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@ -1828,10 +1811,8 @@ f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
 	EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
 	if (rsa != NULL)
 		RSA_free(rsa);
-#endif
 #ifndef OPENSSL_NO_DH
 	if (dh != NULL)
 		DH_free(dh);
@ -2229,10 +2210,8 @@ int ssl3_send_client_key_exchange(SSL *s)
 	int n = 0;
 	unsigned long alg_k;
 	unsigned long alg_a;
-#ifndef OPENSSL_NO_RSA
 	unsigned char *q;
 	EVP_PKEY *pkey=NULL;
-#endif
 #ifndef OPENSSL_NO_ECDH
 	EC_KEY *clnt_ecdh = NULL;
 	const EC_POINT *srvr_ecpoint = NULL;
@ -2332,7 +2311,6 @@ int ssl3_send_client_key_exchange(SSL *s)

 		/* Fool emacs indentation */
 		if (0) {}
-#ifndef OPENSSL_NO_RSA
 		else if (alg_k & SSL_kRSA)
 			{
 			RSA *rsa;
@ -2390,7 +2368,6 @@ int ssl3_send_client_key_exchange(SSL *s)
 					tmp_buf,sizeof tmp_buf);
 			OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
 			}
-#endif
 #ifndef OPENSSL_NO_DH
 		else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			{
@ -2806,7 +2783,6 @@ int ssl3_send_client_verify(SSL *s)
 				goto err;
 			}
 		else
-#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data);
@ -2823,7 +2799,6 @@ int ssl3_send_client_verify(SSL *s)
 			n = signature_length + 2;
 			}
 		else
-#endif
 #ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 			{
@ -3014,9 +2989,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 	long alg_k,alg_a;
 	EVP_PKEY *pkey=NULL;
 	SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
 	RSA *rsa;
-#endif
 #ifndef OPENSSL_NO_DH
 	DH *dh;
 #endif
@ -3035,9 +3008,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 		goto err;
 		}

-#ifndef OPENSSL_NO_RSA
 	rsa=s->session->sess_cert->peer_rsa_tmp;
-#endif
 #ifndef OPENSSL_NO_DH
 	dh=s->session->sess_cert->peer_dh_tmp;
 #endif
@ -3088,14 +3059,12 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 		goto f_err;
 		}
 #endif
-#ifndef OPENSSL_NO_RSA
 	if ((alg_k & SSL_kRSA) &&
 		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
 		{
 		OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
 		goto f_err;
 		}
-#endif
 #ifndef OPENSSL_NO_DH
 	if ((alg_k & SSL_kEDH) && 
 		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
@ -3121,7 +3090,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)

 	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
 		{
-#ifndef OPENSSL_NO_RSA
 		if (alg_k & SSL_kRSA)
 			{
 			if (rsa == NULL
@ -3132,7 +3100,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 				}
 			}
 		else
-#endif
 #ifndef OPENSSL_NO_DH
 			if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			    {
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -2813,12 +2813,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 	{
 	int ret=0;

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
 	if (
-#ifndef OPENSSL_NO_RSA
 	    cmd == SSL_CTRL_SET_TMP_RSA ||
 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
 #ifndef OPENSSL_NO_DSA
 	    cmd == SSL_CTRL_SET_TMP_DH ||
 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
@ -2831,7 +2828,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 			return(0);
 			}
 		}
-#endif

 	switch (cmd)
 		{
@ -2853,7 +2849,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 	case SSL_CTRL_GET_FLAGS:
 		ret=(int)(s->s3->flags);
 		break;
-#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_NEED_TMP_RSA:
 		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
 		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@ -2885,7 +2880,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		return(ret);
 		}
 		break;
-#endif
 #ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH:
 		{
@ -3165,10 +3159,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 			if (!ptmp)
 				return 0;
 			if (0);
-#ifndef OPENSSL_NO_RSA
 			else if (sc->peer_rsa_tmp)
 				rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
 			else if (sc->peer_dh_tmp)
 				rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
@ -3242,11 +3234,8 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 	{
 	int ret=0;

-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
 	if (
-#ifndef OPENSSL_NO_RSA
 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
 #ifndef OPENSSL_NO_DSA
 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
 #endif
@ -3258,17 +3247,14 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 			return(0);
 			}
 		}
-#endif

 	switch (cmd)
 		{
-#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_SET_TMP_RSA_CB:
 		{
 		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
 		}
 		break;
-#endif
 #ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH_CB:
 		{
@ -3303,7 +3289,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)

 	switch (cmd)
 		{
-#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_NEED_TMP_RSA:
 		if (	(cert->rsa_tmp == NULL) &&
 			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@ -3347,7 +3332,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 		return(0);
 		}
 		break;
-#endif
 #ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH:
 		{
@ -3566,13 +3550,11 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))

 	switch (cmd)
 		{
-#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_SET_TMP_RSA_CB:
 		{
 		cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
 		}
 		break;
-#endif
 #ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH_CB:
 		{
@ -3853,13 +3835,11 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #ifndef OPENSSL_NO_DH
 	if (alg_k & (SSL_kDHr|SSL_kEDH))
 		{
-#  ifndef OPENSSL_NO_RSA
 		/* Since this refers to a certificate signed with an RSA
 		 * algorithm, only check for rsa signing in strict mode.
 		 */
 		if (nostrict || have_rsa_sign)
 			p[ret++]=SSL3_CT_RSA_FIXED_DH;
-#  endif
 #  ifndef OPENSSL_NO_DSA
 		if (nostrict || have_dsa_sign)
 			p[ret++]=SSL3_CT_DSS_FIXED_DH;
@ -3868,18 +3848,14 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 	if ((s->version == SSL3_VERSION) &&
 		(alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
 		{
-#  ifndef OPENSSL_NO_RSA
 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
-#  endif
 #  ifndef OPENSSL_NO_DSA
 		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
 #  endif
 		}
 #endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
 	if (have_rsa_sign)
 		p[ret++]=SSL3_CT_RSA_SIGN;
-#endif
 #ifndef OPENSSL_NO_DSA
 	if (have_dsa_sign)
 		p[ret++]=SSL3_CT_DSS_SIGN;
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -1527,13 +1527,11 @@ int ssl3_send_server_done(SSL *s)

 int ssl3_send_server_key_exchange(SSL *s)
 	{
-#ifndef OPENSSL_NO_RSA
 	unsigned char *q;
 	int j,num;
 	RSA *rsa;
 	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	unsigned int u;
-#endif
 #ifndef OPENSSL_NO_DH
 	DH *dh=NULL,*dhp;
 #endif
@ -1584,7 +1582,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 			n+=2+psk_identity_hint_len;
 			}
 #endif /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_RSA
 		if (alg_k & SSL_kRSA)
 			{
 			rsa=cert->rsa_tmp;
@ -1612,7 +1609,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 			r[1]=rsa->e;
 			s->s3->tmp.use_rsa_tmp=1;
 			}
-#endif
 #ifndef OPENSSL_NO_DH
 		else if (alg_k & SSL_kEDH)
 			{
@ -1892,7 +1888,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 			{
 			/* n is the length of the params, they start at &(d[4])
 			 * and p points to the space at the end. */
-#ifndef OPENSSL_NO_RSA
 			if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s))
 				{
 				q=md_buf;
@ -1919,7 +1914,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 				n+=u+2;
 				}
 			else
-#endif /* OPENSSL_NO_RSA */
 			if (md)
 				{
 				/* send signature algorithm */
@ -2085,10 +2079,8 @@ int ssl3_get_client_key_exchange(SSL *s)
 	unsigned long alg_k;
 	unsigned long alg_a;
 	unsigned char *p;
-#ifndef OPENSSL_NO_RSA
 	RSA *rsa=NULL;
 	EVP_PKEY *pkey=NULL;
-#endif
 #ifndef OPENSSL_NO_DH
 	BIGNUM *pub=NULL;
 	DH *dh_srvr, *dh_clnt = NULL;
@ -2200,7 +2192,6 @@ int ssl3_get_client_key_exchange(SSL *s)
 #endif /* OPENSSL_NO_PSK */

 	if (0) {}
-#ifndef OPENSSL_NO_RSA
 	else if (alg_k & SSL_kRSA)
 		{
 		unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
@ -2362,7 +2353,6 @@ int ssl3_get_client_key_exchange(SSL *s)
 				p,sizeof(rand_premaster_secret));
 		OPENSSL_cleanse(p,sizeof(rand_premaster_secret));
 		}
-#endif
 #ifndef OPENSSL_NO_DH
 	else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 		{
@ -2657,9 +2647,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
 err:
-#endif
 #ifndef OPENSSL_NO_ECDH
 	EVP_PKEY_free(clnt_pub_pkey);
 	EC_POINT_free(clnt_ecpoint);
@ -2805,7 +2793,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 			}
 		}
 	else
-#ifndef OPENSSL_NO_RSA 
 	if (pkey->type == EVP_PKEY_RSA)
 		{
 		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
@ -2825,7 +2812,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 			}
 		}
 	else
-#endif
 #ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -2064,9 +2064,7 @@ void	SSL_set_verify(SSL *s, int mode,
 		       int (*callback)(int ok,X509_STORE_CTX *ctx));
 void	SSL_set_verify_depth(SSL *s, int depth);
 void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg);
-#ifndef OPENSSL_NO_RSA
 int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
 int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
@ -2142,9 +2140,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
 void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg);
-#ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
@ -2346,7 +2342,6 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)

     /* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
 				  RSA *(*cb)(SSL *ssl,int is_export,
 					     int keylength));
@ -2354,7 +2349,6 @@ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
 void SSL_set_tmp_rsa_callback(SSL *ssl,
 				  RSA *(*cb)(SSL *ssl,int is_export,
 					     int keylength));
-#endif
 #ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
 				 DH *(*dh)(SSL *ssl,int is_export,
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@ -161,10 +161,8 @@ void ssl_cert_set_default_md(CERT *cert)
 #ifndef OPENSSL_NO_DSA
 	cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
-#ifndef OPENSSL_NO_RSA
 	cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
 	cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-#endif
 #ifndef OPENSSL_NO_ECDSA
 	cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
@ -212,14 +210,12 @@ CERT *ssl_cert_dup(CERT *cert)
 	ret->export_mask_k = cert->export_mask_k;
 	ret->export_mask_a = cert->export_mask_a;

-#ifndef OPENSSL_NO_RSA
 	if (cert->rsa_tmp != NULL)
 		{
 		RSA_up_ref(cert->rsa_tmp);
 		ret->rsa_tmp = cert->rsa_tmp;
 		}
 	ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif

 #ifndef OPENSSL_NO_DH
 	if (cert->dh_tmp != NULL)
@ -395,10 +391,8 @@ CERT *ssl_cert_dup(CERT *cert)
 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
-#ifndef OPENSSL_NO_RSA
 	if (ret->rsa_tmp != NULL)
 		RSA_free(ret->rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
 	if (ret->dh_tmp != NULL)
 		DH_free(ret->dh_tmp);
@ -463,9 +457,7 @@ void ssl_cert_free(CERT *c)
 		}
 #endif

-#ifndef OPENSSL_NO_RSA
 	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
 	if (c->dh_tmp) DH_free(c->dh_tmp);
 #endif
@ -653,10 +645,8 @@ void ssl_sess_cert_free(SESS_CERT *sc)
 #endif
 		}

-#ifndef OPENSSL_NO_RSA
 	if (sc->peer_rsa_tmp != NULL)
 		RSA_free(sc->peer_rsa_tmp);
-#endif
 #ifndef OPENSSL_NO_DH
 	if (sc->peer_dh_tmp != NULL)
 		DH_free(sc->peer_dh_tmp);
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@ -605,10 +605,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
 	*mac = 0;
 	*ssl = 0;

-#ifdef OPENSSL_NO_RSA
-	*mkey |= SSL_kRSA;
-	*auth |= SSL_aRSA;
-#endif
 #ifdef OPENSSL_NO_DSA
 	*auth |= SSL_aDSS;
 #endif
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -2300,13 +2300,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)

 	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);

-#ifndef OPENSSL_NO_RSA
 	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
 	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
 		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
-	rsa_tmp=rsa_tmp_export=0;
-#endif
 #ifndef OPENSSL_NO_DH
 	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
 	dh_tmp_export=(c->dh_tmp_cb != NULL ||
@ -3193,7 +3189,6 @@ int SSL_want(const SSL *s)
 * \param cb the callback
 */

-#ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
 							  int is_export,
 							  int keylength))
@ -3207,7 +3202,6 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
    {
    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
    }
-#endif

 #ifdef DOXYGEN
 /*!
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -547,10 +547,8 @@ typedef struct cert_st
 	unsigned long export_mask_a;
 	/* Client only */
 	unsigned long mask_ssl;
-#ifndef OPENSSL_NO_RSA
 	RSA *rsa_tmp;
 	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
 #ifndef OPENSSL_NO_DH
 	DH *dh_tmp;
 	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
@ -639,9 +637,7 @@ typedef struct sess_cert_st
 	/* Obviously we don't have the private keys of these,
 	 * so maybe we shouldn't even use the CERT_PKEY type here. */

-#ifndef OPENSSL_NO_RSA
 	RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
 #ifndef OPENSSL_NO_DH
 	DH *peer_dh_tmp; /* not used for SSL 2 */
 #endif
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@ -150,7 +150,6 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
 	return(ret);
 	}

-#ifndef OPENSSL_NO_RSA
 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 	{
 	EVP_PKEY *pkey;
@ -179,7 +178,6 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 	EVP_PKEY_free(pkey);
 	return(ret);
 	}
-#endif

 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 	{
@ -217,14 +215,12 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)

                /* TODO(fork): remove this? */
 #if 0
-#ifndef OPENSSL_NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
 		if ((pkey->type == EVP_PKEY_RSA) &&
 			(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
 			;
 		else
-#endif
 #endif
 		if (!X509_check_private_key(c->pkeys[i].x509,pkey))
 			{
@ -244,7 +240,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 	return(1);
 	}

-#ifndef OPENSSL_NO_RSA
 #ifndef OPENSSL_NO_STDIO
 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
 	{
@ -310,7 +305,6 @@ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
 	RSA_free(rsa);
 	return(ret);
 	}
-#endif /* !OPENSSL_NO_RSA */

 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 	{
@ -438,7 +432,6 @@ static int ssl_set_cert(CERT *c, X509 *x)

                /* TODO(fork): remove this? */
 #if 0
-#ifndef OPENSSL_NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
 		if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
@ -446,7 +439,6 @@ static int ssl_set_cert(CERT *c, X509 *x)
 			 RSA_METHOD_FLAG_NO_CHECK))
 			 ;
 		else
-#endif /* OPENSSL_NO_RSA */
 #endif
 		if (!X509_check_private_key(x,c->pkeys[i].privatekey))
 			{
@ -540,7 +532,6 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
 	return(ret);
 	}

-#ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 	{
 	int ret;
@ -635,7 +626,6 @@ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long le
 	RSA_free(rsa);
 	return(ret);
 	}
-#endif /* !OPENSSL_NO_RSA */

 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 	{
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -990,11 +990,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
 * customisable at some point, for now include everything we support.
 */

-#ifdef OPENSSL_NO_RSA
-#define tlsext_sigalg_rsa(md) /* */
-#else
 #define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
-#endif

 #ifdef OPENSSL_NO_DSA
 #define tlsext_sigalg_dsa(md) /* */
@ -1183,11 +1179,9 @@ void ssl_set_client_disabled(SSL *s)
 		{
 		switch(sigalgs[1])
 			{
-#ifndef OPENSSL_NO_RSA
 		case TLSEXT_signature_rsa:
 			have_rsa = 1;
 			break;
-#endif
 #ifndef OPENSSL_NO_DSA
 		case TLSEXT_signature_dsa:
 			have_dsa = 1;
@ -3214,10 +3208,8 @@ static int tls12_get_pkey_idx(unsigned char sig_alg)
 	{
 	switch(sig_alg)
 		{
-#ifndef OPENSSL_NO_RSA
 	case TLSEXT_signature_rsa:
 		return SSL_PKEY_RSA_SIGN;
-#endif
 #ifndef OPENSSL_NO_DSA
 	case TLSEXT_signature_dsa:
 		return SSL_PKEY_DSA_SIGN;
@ -3431,13 +3423,11 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 		if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
 			c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
-#ifndef OPENSSL_NO_RSA
 		if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
 			{
 			c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
 			c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 			}
-#endif
 #ifndef OPENSSL_NO_ECDSA
 		if (!c->pkeys[SSL_PKEY_ECC].digest)
 			c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();