unifdef OPENSSL_NO_PSK.

Get those out of the way.

Change-Id: I4cc8c34cf637379ad734c43623f76ae72f22014e
Reviewed-on: https://boringssl-review.googlesource.com/1282
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

@@ -438,10 +438,8 @@ struct ssl_session_st
 	unsigned int sid_ctx_length;
 	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 
-#ifndef OPENSSL_NO_PSK
 	char *psk_identity_hint;
 	char *psk_identity;
-#endif
 	/* Used to indicate that session resumption is not allowed.
 	 * Applications can also set this bit for a new session via
 	 * not_resumable_session_cb to disable session caching and tickets. */
@@ -1011,14 +1009,12 @@ struct ssl_ctx_st
 	int (*tlsext_status_cb)(SSL *ssl, void *arg);
 	void *tlsext_status_arg;
 
-#ifndef OPENSSL_NO_PSK
 	char *psk_identity_hint;
 	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
 		unsigned int max_identity_len, unsigned char *psk,
 		unsigned int max_psk_len);
 	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
 		unsigned char *psk, unsigned int max_psk_len);
-#endif
 
 #ifndef OPENSSL_NO_BUF_FREELISTS
 #define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
@@ -1201,7 +1197,6 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
 void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
 			    unsigned *len);
 
-#ifndef OPENSSL_NO_PSK
 /* the maximum length of the buffer given to callbacks containing the
  * resulting identity/psk */
 #define PSK_MAX_IDENTITY_LEN 128
@@ -1224,7 +1219,6 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
 const char *SSL_get_psk_identity_hint(const SSL *s);
 const char *SSL_get_psk_identity(const SSL *s);
-#endif
 
 #define SSL_NOTHING	1
 #define SSL_WRITING	2
@@ -1372,7 +1366,6 @@ struct ssl_st
 	int error;		/* error bytes to be written */
 	int error_code;		/* actual code */
 
-#ifndef OPENSSL_NO_PSK
 	/* PSK identity hint is stored here only to enable setting a hint on an SSL object before an
 	 * SSL_SESSION is associated with it. Once an SSL_SESSION is associated with this SSL object,
 	 * the psk_identity_hint from the session takes precedence over this one. */
@@ -1382,7 +1375,6 @@ struct ssl_st
 		unsigned int max_psk_len);
 	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
 		unsigned char *psk, unsigned int max_psk_len);
-#endif
 
 	SSL_CTX *ctx;
 	/* set this flag to 1 and a sleep(1) is put into all SSL_read()

ssl/d1_srvr.c

@@ -393,9 +393,7 @@ int dtls1_accept(SSL *s)
 			if (s->s3->tmp.use_rsa_tmp
 			/* PSK: send ServerKeyExchange if PSK identity
 			 * hint if provided */
-#ifndef OPENSSL_NO_PSK
 			    || ((alg_k & SSL_kPSK) && s->session->psk_identity_hint)
-#endif
 			    || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			    || (alg_k & SSL_kEECDH)
 			    || ((alg_k & SSL_kRSA)

ssl/s3_clnt.c

@@ -1249,7 +1249,6 @@ int ssl3_get_server_key_exchange(SSL *s)
 			return -1;
 			}
 
-#ifndef OPENSSL_NO_PSK
 		/* In plain PSK ciphersuite, ServerKeyExchange can be
 		   omitted if no identity hint is sent. Set
 		   session->sess_cert anyway to avoid problems
@@ -1267,7 +1266,6 @@ int ssl3_get_server_key_exchange(SSL *s)
 				s->session->psk_identity_hint = NULL;
 				}
 			}
-#endif
 		s->s3->tmp.reuse_message=1;
 		return(1);
 		}
@@ -1308,7 +1306,6 @@ int ssl3_get_server_key_exchange(SSL *s)
 	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
 	EVP_MD_CTX_init(&md_ctx);
 
-#ifndef OPENSSL_NO_PSK
 	if (alg_a & SSL_aPSK)
 		{
 		CBS psk_identity_hint;
@@ -1346,7 +1343,6 @@ int ssl3_get_server_key_exchange(SSL *s)
 			goto f_err;
 			}
 		}
-#endif /* !OPENSSL_NO_PSK */
 
 	if (0) {}
 	else if (alg_k & SSL_kRSA)
@@ -2010,10 +2006,8 @@ int ssl3_send_client_key_exchange(SSL *s)
 	unsigned char *encodedPoint = NULL;
 	int encoded_pt_len = 0;
 	BN_CTX * bn_ctx = NULL;
-#ifndef OPENSSL_NO_PSK
 	unsigned int psk_len = 0;
 	unsigned char psk[PSK_MAX_PSK_LEN];
-#endif /* OPENSSL_NO_PSK */
 #endif /* OPENSSL_NO_ECDH */
 
 	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
@@ -2023,7 +2017,6 @@ int ssl3_send_client_key_exchange(SSL *s)
 		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
 		alg_a=s->s3->tmp.new_cipher->algorithm_auth;
 
-#ifndef OPENSSL_NO_PSK
 		if (alg_a & SSL_aPSK)
 			{
 			char identity[PSK_MAX_IDENTITY_LEN + 1];
@@ -2100,7 +2093,6 @@ int ssl3_send_client_key_exchange(SSL *s)
 				goto err;
 				}
 			}
-#endif
 
 		/* Fool emacs indentation */
 		if (0) {}
@@ -2270,12 +2262,10 @@ int ssl3_send_client_key_exchange(SSL *s)
 			EC_KEY *tkey;
 			int ecdh_clnt_cert = 0;
 			int field_size = 0;
-#ifndef OPENSSL_NO_PSK
 			unsigned char *pre_ms;
 			unsigned char *t;
 			unsigned int pre_ms_len;
 			unsigned int i;
-#endif
 
 			if (s->session->sess_cert == NULL) 
 				{
@@ -2399,7 +2389,6 @@ int ssl3_send_client_key_exchange(SSL *s)
 				goto err;
 				}
 
-#ifndef OPENSSL_NO_PSK
 			/* ECDHE PSK ciphersuites from RFC 5489 */
 			if ((alg_a & SSL_aPSK) && psk_len != 0)
 				{
@@ -2423,7 +2412,6 @@ int ssl3_send_client_key_exchange(SSL *s)
 				OPENSSL_cleanse(pre_ms, pre_ms_len);
 				OPENSSL_free(pre_ms);
 				}
-#endif /* OPENSSL_NO_PSK */
 			if (!(alg_a & SSL_aPSK))
 				{
 				/* generate master key from the result */
@@ -2467,7 +2455,6 @@ int ssl3_send_client_key_exchange(SSL *s)
 				    encodedPoint, encoded_pt_len, bn_ctx);
 
 				n = 0;
-#ifndef OPENSSL_NO_PSK
 				if ((alg_a & SSL_aPSK) && psk_len != 0)
 					{
 					i = strlen(s->session->psk_identity);
@@ -2476,7 +2463,6 @@ int ssl3_send_client_key_exchange(SSL *s)
 					p += i;
 					n = i + 2;
 					}
-#endif
 
 				*p = encoded_pt_len; /* length of encoded point */
 				/* Encoded point will be copied here */

ssl/s3_lib.c

@@ -1368,7 +1368,6 @@ SSL_CIPHER ssl3_ciphers[]={
 	},
 #endif /* OPENSSL_NO_CAMELLIA */
 
-#ifndef OPENSSL_NO_PSK
 	/* Cipher 8A */
 	{
 	1,
@@ -1432,7 +1431,6 @@ SSL_CIPHER ssl3_ciphers[]={
 	256,
 	256,
 	},
-#endif  /* OPENSSL_NO_PSK */
 
 #ifndef OPENSSL_NO_SEED
 	/* SEED ciphersuites from RFC4162 */
@@ -2419,7 +2417,6 @@ SSL_CIPHER ssl3_ciphers[]={
 	256,
 	},
 
-#ifndef OPENSSL_NO_PSK
     /* ECDH PSK ciphersuites */
 	/* Cipher CAFE */
 	{
@@ -2437,7 +2434,6 @@ SSL_CIPHER ssl3_ciphers[]={
 	128,
 	128,
 	},
-#endif /* OPENSSL_NO_PSK */
 
 #endif /* OPENSSL_NO_ECDH */
 
@@ -3571,11 +3567,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		alg_k=c->algorithm_mkey;
 		alg_a=c->algorithm_auth;
 
-#ifndef OPENSSL_NO_PSK
 		/* with PSK there must be server callback set */
 		if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL)
 			ok = 0;
-#endif /* OPENSSL_NO_PSK */
 
 		if (SSL_C_IS_EXPORT(c))
 			{

ssl/s3_srvr.c

@@ -402,9 +402,7 @@ int ssl3_accept(SSL *s)
 			/* PSK: send ServerKeyExchange if either:
 			 *   - PSK identity hint is provided, or
 			 *   - the key exchange is kEECDH. */
-#ifndef OPENSSL_NO_PSK
 			    || ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->session->psk_identity_hint))
-#endif
 			    || (alg_k & SSL_kEDH)
 			    || (alg_k & SSL_kEECDH)
 			    || ((alg_k & SSL_kRSA)
@@ -1469,10 +1467,8 @@ int ssl3_send_server_key_exchange(SSL *s)
 	int curve_id = 0;
 	BN_CTX *bn_ctx = NULL; 
 #endif
-#ifndef OPENSSL_NO_PSK
 	const char* psk_identity_hint;
 	size_t psk_identity_hint_len;
-#endif
 	EVP_PKEY *pkey;
 	const EVP_MD *md = NULL;
 	unsigned char *p,*d;
@@ -1497,7 +1493,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 		r[0]=r[1]=r[2]=r[3]=NULL;
 		n=0;
-#ifndef OPENSSL_NO_PSK
 		if (alg_a & SSL_aPSK)
 			{
 			/* size for PSK identity hint */
@@ -1508,7 +1503,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 				psk_identity_hint_len = 0;
 			n+=2+psk_identity_hint_len;
 			}
-#endif /* !OPENSSL_NO_PSK */
 		if (alg_k & SSL_kRSA)
 			{
 			rsa=cert->rsa_tmp;
@@ -1769,7 +1763,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 /* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK.
  * When one of them is used, the server key exchange record needs to have both
  * the psk_identity_hint and the ServerECDHParams. */
-#ifndef OPENSSL_NO_PSK
 		if (alg_a & SSL_aPSK)
 			{
 			/* copy PSK identity hint (if provided) */
@@ -1780,7 +1773,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 				p+=psk_identity_hint_len;
 				}
 			}
-#endif /* OPENSSL_NO_PSK */
 
 #ifndef OPENSSL_NO_ECDH
 		if (alg_k & SSL_kEECDH)
@@ -2008,10 +2000,8 @@ int ssl3_get_client_key_exchange(SSL *s)
 	EVP_PKEY *clnt_pub_pkey = NULL;
 	EC_POINT *clnt_ecpoint = NULL;
 	BN_CTX *bn_ctx = NULL;
-#ifndef OPENSSL_NO_PSK
 	unsigned int psk_len = 0;
 	unsigned char psk[PSK_MAX_PSK_LEN];
-#endif /* OPENSSL_NO_PSK */
 #endif
 
 	n=s->method->ssl_get_message(s,
@@ -2027,7 +2017,6 @@ int ssl3_get_client_key_exchange(SSL *s)
 	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
 	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
 
-#ifndef OPENSSL_NO_PSK
 	/* If using a PSK key exchange, prepare the pre-shared key. */
 	if (alg_a & SSL_aPSK)
 		{
@@ -2082,7 +2071,6 @@ int ssl3_get_client_key_exchange(SSL *s)
 			goto f_err;
 			}
 		}
-#endif /* OPENSSL_NO_PSK */
 
 	/* Depending on the key exchange method, compute |premaster_secret| and
 	 * |premaster_secret_len|. Also, for DH and ECDH, set
@@ -2520,7 +2508,6 @@ int ssl3_get_client_key_exchange(SSL *s)
 		premaster_secret_len = ecdh_len;
 		}
 #endif
-#ifndef OPENSSL_NO_PSK
 	else if (alg_k & SSL_kPSK)
 		{
 		/* For plain PSK, other_secret is a block of 0s with the same
@@ -2534,7 +2521,6 @@ int ssl3_get_client_key_exchange(SSL *s)
 			}
 		memset(premaster_secret, 0, premaster_secret_len);
 		}
-#endif  /* !OPENSSL_NO_PSK */
 	else
 		{
 		al=SSL_AD_HANDSHAKE_FAILURE;
@@ -2542,7 +2528,6 @@ int ssl3_get_client_key_exchange(SSL *s)
 		goto f_err;
 		}
 
-#ifndef OPENSSL_NO_PSK
 	/* For a PSK cipher suite, the actual pre-master secret is combined with
 	 * the pre-shared key. */
 	if (alg_a & SSL_aPSK)
@@ -2572,7 +2557,6 @@ int ssl3_get_client_key_exchange(SSL *s)
 		premaster_secret = new_data;
 		premaster_secret_len = new_len;
 		}
-#endif  /* !OPENSSL_NO_PSK */
 
 	/* Compute the master secret */
 	s->session->master_key_length = s->method->ssl3_enc

ssl/ssl_asn1.c

@@ -115,10 +115,8 @@ typedef struct ssl_session_asn1_st
 	ASN1_OCTET_STRING tlsext_hostname;
 	ASN1_INTEGER tlsext_tick_lifetime;
 	ASN1_OCTET_STRING tlsext_tick;
-#ifndef OPENSSL_NO_PSK
 	ASN1_OCTET_STRING psk_identity_hint;
 	ASN1_OCTET_STRING psk_identity;
-#endif /* OPENSSL_NO_PSK */
 	ASN1_OCTET_STRING peer_sha256;
 	ASN1_OCTET_STRING original_handshake_hash;
 	} SSL_SESSION_ASN1;
@@ -234,7 +232,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 		a.tlsext_tick_lifetime.data=ibuf6;
 		ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
 		}
-#ifndef OPENSSL_NO_PSK
 	if (in->psk_identity_hint)
 		{
 		a.psk_identity_hint.length=strlen(in->psk_identity_hint);
@@ -261,7 +258,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 		a.original_handshake_hash.type = V_ASN1_OCTET_STRING;
 		a.original_handshake_hash.data = in->original_handshake_hash;
 		}
-#endif /* OPENSSL_NO_PSK */
 
 	M_ASN1_I2D_len(&(a.version),		i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(&(a.ssl_version),	i2d_ASN1_INTEGER);
@@ -286,12 +282,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
         	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
 	if (in->tlsext_hostname)
         	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
-#ifndef OPENSSL_NO_PSK
 	if (in->psk_identity_hint)
         	M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
 	if (in->psk_identity)
         	M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
-#endif /* OPENSSL_NO_PSK */
 	if (in->peer_sha256_valid)
 		M_ASN1_I2D_len_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13);
 	if (in->original_handshake_hash_len > 0)
@@ -318,12 +312,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 		M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
 	if (in->tlsext_hostname)
         	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
-#ifndef OPENSSL_NO_PSK
 	if (in->psk_identity_hint)
 		M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
 	if (in->psk_identity)
 		M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
-#endif /* OPENSSL_NO_PSK */
 	if (in->tlsext_tick_lifetime_hint > 0)
       	 	M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
 	if (in->tlsext_tick)
@@ -502,7 +494,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	else
 		ret->tlsext_hostname=NULL;
 
-#ifndef OPENSSL_NO_PSK
 	os.length=0;
 	os.data=NULL;
 	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
@@ -528,7 +519,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 		}
 	else
 		ret->psk_identity=NULL;
-#endif /* OPENSSL_NO_PSK */
 
 	ai.length=0;
 	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);

ssl/ssl_ciph.c

@@ -580,10 +580,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
 	*mkey |= SSL_kECDHe|SSL_kECDHr;
 	*auth |= SSL_aECDH;
 #endif
-#ifdef OPENSSL_NO_PSK
-	*mkey |= SSL_kPSK;
-	*auth |= SSL_aPSK;
-#endif
 #ifdef SSL_FORBID_ENULL
 	*enc |= SSL_eNULL;
 #endif

ssl/ssl_lib.c

@@ -396,7 +396,6 @@ SSL *SSL_new(SSL_CTX *ctx)
 
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
-#ifndef OPENSSL_NO_PSK
 	s->psk_identity_hint = NULL;
 	if (ctx->psk_identity_hint)
 		{
@@ -406,7 +405,6 @@ SSL *SSL_new(SSL_CTX *ctx)
 		}
 	s->psk_client_callback=ctx->psk_client_callback;
 	s->psk_server_callback=ctx->psk_server_callback;
-#endif
 
 	return(s);
 err:
@@ -693,10 +691,8 @@ void SSL_free(SSL *s)
 	if (s->tlsext_channel_id_private)
 		EVP_PKEY_free(s->tlsext_channel_id_private);
 
-#ifndef OPENSSL_NO_PSK
 	if (s->psk_identity_hint)
 		OPENSSL_free(s->psk_identity_hint);
-#endif
 
 	if (s->client_CA != NULL)
 		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
@@ -2016,11 +2012,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 	ret->next_protos_advertised_cb = 0;
 	ret->next_proto_select_cb = 0;
 # endif
-#ifndef OPENSSL_NO_PSK
 	ret->psk_identity_hint=NULL;
 	ret->psk_client_callback=NULL;
 	ret->psk_server_callback=NULL;
-#endif
 #ifndef OPENSSL_NO_BUF_FREELISTS
 	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
 	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@@ -2143,10 +2137,8 @@ void SSL_CTX_free(SSL_CTX *a)
         if (a->srtp_profiles)
                 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
 
-#ifndef OPENSSL_NO_PSK
 	if (a->psk_identity_hint)
 		OPENSSL_free(a->psk_identity_hint);
-#endif
 
 	/* TODO(fork): remove. */
 #if 0
@@ -2396,12 +2388,10 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 		}
 #endif
 
-#ifndef OPENSSL_NO_PSK
 	mask_k |= SSL_kPSK;
 	mask_a |= SSL_aPSK;
 	emask_k |= SSL_kPSK;
 	emask_a |= SSL_aPSK;
-#endif
 
 	c->mask_k=mask_k;
 	c->mask_a=mask_a;
@@ -3175,7 +3165,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
 	}
 #endif
 
-#ifndef OPENSSL_NO_PSK
 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
 	{
 	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
@@ -3287,7 +3276,6 @@ void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
 	{
 	ctx->psk_server_callback = cb;
 	}
-#endif
 
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
 	{

ssl/ssl_sess.c

@@ -221,10 +221,8 @@ SSL_SESSION *SSL_SESSION_new(void)
 	ss->tlsext_ellipticcurvelist = NULL;
 #endif
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-#ifndef OPENSSL_NO_PSK
 	ss->psk_identity_hint=NULL;
 	ss->psk_identity=NULL;
-#endif
 	return(ss);
 	}
 
@@ -391,7 +389,6 @@ int ssl_get_new_session(SSL *s, int session)
 				return 0;
 				}
 			}
-#ifndef OPENSSL_NO_PSK
 		if (s->psk_identity_hint)
 			{
 			ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint);
@@ -402,7 +399,6 @@ int ssl_get_new_session(SSL *s, int session)
 				return 0;
 				}
 			}
-#endif
 		}
 	else
 		{
@@ -741,12 +737,10 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 	ss->tlsext_ellipticcurvelist_length = 0;
 	if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
 #endif /* OPENSSL_NO_EC */
-#ifndef OPENSSL_NO_PSK
 	if (ss->psk_identity_hint != NULL)
 		OPENSSL_free(ss->psk_identity_hint);
 	if (ss->psk_identity != NULL)
 		OPENSSL_free(ss->psk_identity);
-#endif
 	OPENSSL_cleanse(ss,sizeof(*ss));
 	OPENSSL_free(ss);
 	}

ssl/ssl_txt.c

@@ -168,12 +168,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
 			{
 			if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
 			}
-#ifndef OPENSSL_NO_PSK
 	if (BIO_puts(bp,"\n    PSK identity: ") <= 0) goto err;
 	if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
 	if (BIO_puts(bp,"\n    PSK identity hint: ") <= 0) goto err;
 	if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
-#endif
 	if (x->tlsext_tick_lifetime_hint)
 		{
 		if (BIO_printf(bp,

ssl/t1_lib.c

@@ -1117,14 +1117,12 @@ void ssl_set_client_disabled(SSL *s)
 		c->mask_a |= SSL_aECDSA;
 		c->mask_k |= SSL_kECDHe;
 		}
-#ifndef OPENSSL_NO_PSK
 	/* with PSK there must be client callback set */
 	if (!s->psk_client_callback)
 		{
 		c->mask_a |= SSL_aPSK;
 		c->mask_k |= SSL_kPSK;
 		}
-#endif /* OPENSSL_NO_PSK */
 	c->valid = 1;
 	}