Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC

Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 750217f..1e611c4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1321,7 +1321,7 @@
 #ifndef OPENSSL_NO_DH
     DH *dh = NULL;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     EC_KEY *ecdh = NULL;
     BN_CTX *bn_ctx = NULL;
     EC_POINT *srvr_ecpoint = NULL;
@@ -1385,7 +1385,7 @@
             s->session->sess_cert->peer_dh_tmp = NULL;
         }
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
         if (s->session->sess_cert->peer_ecdh_tmp) {
             EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
             s->session->sess_cert->peer_ecdh_tmp = NULL;
@@ -1724,7 +1724,7 @@
     }
 #endif                          /* !OPENSSL_NO_DH */
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     else if (alg_k & SSL_kECDHE) {
         EC_GROUP *ngroup;
         const EC_GROUP *group;
@@ -1822,7 +1822,7 @@
                 X509_get_pubkey(s->session->
                                 sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
         else if (alg_a & SSL_aECDSA)
             pkey =
                 X509_get_pubkey(s->session->
@@ -1841,7 +1841,7 @@
         SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
         goto f_err;
     }
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
 
     /* p points to the next byte, there are 'n' bytes left */
 
@@ -1961,7 +1961,7 @@
     if (dh != NULL)
         DH_free(dh);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     BN_CTX_free(bn_ctx);
     EC_POINT_free(srvr_ecpoint);
     if (ecdh != NULL)
@@ -2299,7 +2299,7 @@
 #ifndef OPENSSL_NO_KRB5
     KSSL_ERR kssl_err;
 #endif                          /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     EC_KEY *clnt_ecdh = NULL;
     const EC_POINT *srvr_ecpoint = NULL;
     EVP_PKEY *srvr_pub_pkey = NULL;
@@ -2597,7 +2597,7 @@
         }
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
         else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) {
             const EC_GROUP *srvr_group = NULL;
             EC_KEY *tkey;
@@ -2768,7 +2768,7 @@
                 EC_KEY_free(clnt_ecdh);
             EVP_PKEY_free(srvr_pub_pkey);
         }
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
         else if (alg_k & SSL_kGOST) {
             /* GOST key exchange message creation */
             EVP_PKEY_CTX *pkey_ctx;
@@ -3054,7 +3054,7 @@
         OPENSSL_free(pms);
         s->cert->pms = NULL;
     }
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     BN_CTX_free(bn_ctx);
     if (encodedPoint != NULL)
         OPENSSL_free(encodedPoint);
@@ -3156,7 +3156,7 @@
             n = j + 2;
         } else
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
         if (pkey->type == EVP_PKEY_EC) {
             if (!ECDSA_sign(pkey->save_type,
                             &(data[MD5_DIGEST_LENGTH]),
@@ -3365,7 +3365,7 @@
     /* This is the passed certificate */
 
     idx = sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (idx == SSL_PKEY_ECC) {
         if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) {
             /* check failed */
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 20ce112..f4369eb 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2051,7 +2051,7 @@
      },
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     /* Cipher C001 */
     {
      1,
@@ -2451,7 +2451,7 @@
      256,
      256,
      },
-#endif                          /* OPENSSL_NO_ECDH */
+#endif                          /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_SRP
     /* Cipher C01A */
@@ -2598,7 +2598,7 @@
      256,
      },
 #endif                          /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
 
     /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
 
@@ -2973,7 +2973,7 @@
      256,
      256},
 # endif                         /* OPENSSL_NO_CAMELLIA */
-#endif                          /* OPENSSL_NO_ECDH */
+#endif                          /* OPENSSL_NO_EC */
 
 #ifdef TEMP_GOST_TLS
 /* Cipher FF00 */
@@ -3138,7 +3138,7 @@
     if (s->s3->tmp.dh != NULL)
         DH_free(s->s3->tmp.dh);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (s->s3->tmp.ecdh != NULL)
         EC_KEY_free(s->s3->tmp.ecdh);
 #endif
@@ -3183,7 +3183,7 @@
         s->s3->tmp.dh = NULL;
     }
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (s->s3->tmp.ecdh != NULL) {
         EC_KEY_free(s->s3->tmp.ecdh);
         s->s3->tmp.ecdh = NULL;
@@ -3357,7 +3357,7 @@
         s->cert->dh_tmp_auto = larg;
         return 1;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH:
         {
             EC_KEY *ecdh = NULL;
@@ -3389,7 +3389,7 @@
             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
             return (ret);
         }
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_TLSEXT
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
         if (larg == TLSEXT_NAMETYPE_host_name) {
@@ -3558,7 +3558,7 @@
     case SSL_CTRL_GET_SHARED_CURVE:
         return tls1_shared_curve(s, larg);
 
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_ECDH_AUTO:
         s->cert->ecdh_tmp_auto = larg;
         return 1;
@@ -3629,7 +3629,7 @@
             EVP_PKEY *ptmp;
             int rv = 0;
             sc = s->session->sess_cert;
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
             if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
                 return 0;
 #endif
@@ -3645,7 +3645,7 @@
             else if (sc->peer_dh_tmp)
                 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
             else if (sc->peer_ecdh_tmp)
                 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
 #endif
@@ -3736,7 +3736,7 @@
         }
         break;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH_CB:
         {
             s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
@@ -3847,7 +3847,7 @@
         ctx->cert->dh_tmp_auto = larg;
         return 1;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH:
         {
             EC_KEY *ecdh = NULL;
@@ -3881,7 +3881,7 @@
             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
             return (0);
         }
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_TLSEXT
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
         ctx->tlsext_servername_arg = parg;
@@ -3955,7 +3955,7 @@
         return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
                                     &ctx->tlsext_ellipticcurvelist_length,
                                     parg);
-#  ifndef OPENSSL_NO_ECDH
+#  ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_ECDH_AUTO:
         ctx->cert->ecdh_tmp_auto = larg;
         return 1;
@@ -4059,7 +4059,7 @@
         }
         break;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_TMP_ECDH_CB:
         {
             cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
@@ -4251,14 +4251,12 @@
 
 #ifndef OPENSSL_NO_TLSEXT
 # ifndef OPENSSL_NO_EC
-#  ifndef OPENSSL_NO_ECDH
         /*
          * if we are considering an ECC cipher suite that uses an ephemeral
          * EC key check it
          */
         if (alg_k & SSL_kECDHE)
             ok = ok && tls1_check_ec_tmp_key(s, c->id);
-#  endif                        /* OPENSSL_NO_ECDH */
 # endif                         /* OPENSSL_NO_EC */
 #endif                          /* OPENSSL_NO_TLSEXT */
 
@@ -4346,16 +4344,13 @@
     if (!(alg_a & SSL_aDSS))
         p[ret++] = SSL3_CT_DSS_SIGN;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
         if (nostrict || !(alg_a & SSL_aRSA))
             p[ret++] = TLS_CT_RSA_FIXED_ECDH;
         if (nostrict || !(alg_a & SSL_aECDSA))
             p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
     }
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
     /*
      * ECDSA certs can be used with RSA cipher suites as well so we don't
      * need to check for SSL_kECDH or SSL_kECDHE
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 39c1574..ee66a5a 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1532,7 +1532,7 @@
 #ifndef OPENSSL_NO_DH
     DH *dh = NULL, *dhp;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     EC_KEY *ecdh = NULL, *ecdhp;
     unsigned char *encodedPoint = NULL;
     int encodedlen = 0;
@@ -1654,7 +1654,7 @@
             r[2] = dh->pub_key;
         } else
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
         if (type & SSL_kECDHE) {
             const EC_GROUP *group;
 
@@ -1782,7 +1782,7 @@
             r[2] = NULL;
             r[3] = NULL;
         } else
-#endif                          /* !OPENSSL_NO_ECDH */
+#endif                          /* !OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_PSK
         if (type & SSL_kPSK) {
             /*
@@ -1853,7 +1853,7 @@
             p += nr[i];
         }
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
         if (type & SSL_kECDHE) {
             /*
              * XXX: For now, we only support named (not generic) curves. In
@@ -3001,7 +3001,7 @@
         }
     } else
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     if (pkey->type == EVP_PKEY_EC) {
         j = ECDSA_verify(pkey->save_type,
                          &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 160d37c..56eb7ba 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1760,7 +1760,7 @@
                              DH *(*dh) (SSL *ssl, int is_export,
                                         int keylength));
 # endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
                                    EC_KEY *(*ecdh) (SSL *ssl, int is_export,
                                                     int keylength));
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 3843aef..504e4d7 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -122,7 +122,7 @@
     EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
     EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     EVP_add_digest(EVP_ecdsa());
 #endif
 #ifndef OPENSSL_NO_COMP
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9742599..fa0c693 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -175,7 +175,7 @@
     cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
     cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
     cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
 }
@@ -261,7 +261,7 @@
     ret->dh_tmp_auto = cert->dh_tmp_auto;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (cert->ecdh_tmp) {
         ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
         if (ret->ecdh_tmp == NULL) {
@@ -450,7 +450,7 @@
     if (c->dh_tmp)
         DH_free(c->dh_tmp);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (c->ecdh_tmp)
         EC_KEY_free(c->ecdh_tmp);
 #endif
@@ -683,7 +683,7 @@
     if (sc->peer_dh_tmp != NULL)
         DH_free(sc->peer_dh_tmp);
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (sc->peer_ecdh_tmp != NULL)
         EC_KEY_free(sc->peer_ecdh_tmp);
 #endif
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 12820b6..f220e8e 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -748,12 +748,9 @@
     *mkey |= SSL_kKRB5;
     *auth |= SSL_aKRB5;
 #endif
-#ifdef OPENSSL_NO_ECDSA
-    *auth |= SSL_aECDSA;
-#endif
-#ifdef OPENSSL_NO_ECDH
+#ifdef OPENSSL_NO_EC
     *mkey |= SSL_kECDHe | SSL_kECDHr;
-    *auth |= SSL_aECDH;
+    *auth |= SSL_aECDSA | SSL_aECDH;
 #endif
 #ifdef OPENSSL_NO_PSK
     *mkey |= SSL_kPSK;
@@ -1437,7 +1434,7 @@
                    SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
         return 0;
     }
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     switch (suiteb_flags) {
     case SSL_CERT_FLAG_SUITEB_128_LOS:
         if (suiteb_comb2)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 354f218..cfed40d 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -257,7 +257,7 @@
     return rv > 0;
 }
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
 /* ECDH temporary parameters */
 static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
@@ -447,7 +447,7 @@
     SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"),
     SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"),
     SSL_CONF_CMD_STRING(Curves, "curves"),
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"),
 #endif
     SSL_CONF_CMD_STRING(CipherString, "cipher"),
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c535a42..3bce4cf 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2153,13 +2153,9 @@
     int rsa_enc_export, dh_rsa_export, dh_dsa_export;
     int rsa_tmp_export, dh_tmp_export, kl;
     unsigned long mask_k, mask_a, emask_k, emask_a;
-#ifndef OPENSSL_NO_ECDSA
-    int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    int have_ecdh_tmp, ecdh_ok;
-#endif
 #ifndef OPENSSL_NO_EC
+    int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
+    int have_ecdh_tmp, ecdh_ok;
     X509 *x = NULL;
     EVP_PKEY *ecc_pkey = NULL;
     int signature_nid = 0, pk_nid = 0, md_nid = 0;
@@ -2185,7 +2181,7 @@
     dh_tmp = dh_tmp_export = 0;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto);
 #endif
     cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
@@ -2283,10 +2279,8 @@
         x = cpk->x509;
         /* This call populates extension flags (ex_flags) */
         X509_check_purpose(x, -1, 0);
-# ifndef OPENSSL_NO_ECDH
         ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
             (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
-# endif
         ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
             (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
         if (!(cpk->valid_flags & CERT_PKEY_SIGN))
@@ -2298,7 +2292,6 @@
             signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
             OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
         }
-# ifndef OPENSSL_NO_ECDH
         if (ecdh_ok) {
 
             if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
@@ -2319,17 +2312,14 @@
                 }
             }
         }
-# endif
-# ifndef OPENSSL_NO_ECDSA
         if (ecdsa_ok) {
             mask_a |= SSL_aECDSA;
             emask_a |= SSL_aECDSA;
         }
-# endif
     }
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (have_ecdh_tmp) {
         mask_k |= SSL_kECDHE;
         emask_k |= SSL_kECDHE;
@@ -3267,7 +3257,7 @@
 }
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
                                    EC_KEY *(*ecdh) (SSL *ssl, int is_export,
                                                     int keylength))
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7a8a303..a16ad08 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1350,7 +1350,7 @@
 #  ifndef OPENSSL_NO_DH
         DH *dh;
 #  endif
-#  ifndef OPENSSL_NO_ECDH
+#  ifndef OPENSSL_NO_EC
         EC_KEY *ecdh;           /* holds short lived ECDH key */
 #  endif
         /* used when SSL_ST_FLUSH_DATA is entered */
@@ -1662,7 +1662,7 @@
     DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
     int dh_tmp_auto;
 # endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     EC_KEY *ecdh_tmp;
     /* Callback for generating ephemeral ECDH keys */
     EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
@@ -1760,7 +1760,7 @@
 # ifndef OPENSSL_NO_DH
     DH *peer_dh_tmp;            /* not used for SSL 2 */
 # endif
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
     EC_KEY *peer_ecdh_tmp;
 # endif
     int references;             /* actually always 1 at the moment */
@@ -2317,7 +2317,7 @@
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
 
-#  ifndef OPENSSL_NO_ECDH
+#  ifndef OPENSSL_NO_EC
 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
 #  endif
 
@@ -2332,9 +2332,7 @@
                     int *curves, size_t ncurves);
 int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
                          const char *str);
-#   ifndef OPENSSL_NO_ECDH
 int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
-#   endif                       /* OPENSSL_NO_ECDH */
 #  endif                        /* OPENSSL_NO_EC */
 
 #  ifndef OPENSSL_NO_TLSEXT
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 89fb44a..7a157a6 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -774,7 +774,7 @@
             " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
     fprintf(stderr, " -no_dhe       - disable DHE\n");
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
 #endif
 #ifndef OPENSSL_NO_PSK
@@ -803,7 +803,7 @@
             " -time         - measure processor time used by client and server\n");
     fprintf(stderr, " -zlib         - use zlib compression\n");
     fprintf(stderr, " -rle          - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     fprintf(stderr,
             " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n"
             "                 Use \"openssl ecparam -list_curves\" for all names\n"
@@ -967,7 +967,7 @@
     char *server_key = NULL;
     char *client_cert = TEST_CLIENT_CERT;
     char *client_key = NULL;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     char *named_curve = NULL;
 #endif
     SSL_CTX *s_ctx = NULL;
@@ -980,7 +980,7 @@
     DH *dh;
     int dhe1024 = 0, dhe1024dsa = 0;
 #endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     EC_KEY *ecdh = NULL;
 #endif
 #ifndef OPENSSL_NO_SRP
@@ -1206,7 +1206,7 @@
         else if (strcmp(*argv, "-named_curve") == 0) {
             if (--argc < 1)
                 goto bad;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
             named_curve = *(++argv);
 #else
             fprintf(stderr,
@@ -1470,7 +1470,7 @@
     (void)no_dhe;
 #endif
 
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
     if (!no_ecdhe) {
         int nid;
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c91b761..8296ea1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -798,7 +798,7 @@
     return rv;
 }
 
-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_EC
 /* Check EC temporary key is compatible with client extensions */
 int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
 {
@@ -863,7 +863,7 @@
     return tls1_check_ec_key(s, curve_id, NULL);
 #  endif
 }
-# endif                         /* OPENSSL_NO_ECDH */
+# endif                         /* OPENSSL_NO_EC */
 
 #else
 
@@ -893,9 +893,8 @@
 #  define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
 # endif
 
-# ifdef OPENSSL_NO_ECDSA
-#  define tlsext_sigalg_ecdsa(md)
-                                /* */
+# ifdef OPENSSL_NO_EC
+#  define tlsext_sigalg_ecdsa(md) /* */
 # else
 #  define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
 # endif
@@ -913,7 +912,7 @@
         tlsext_sigalg(TLSEXT_hash_sha1)
 };
 
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
 static const unsigned char suiteb_sigalgs[] = {
     tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
         tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
@@ -3246,7 +3245,7 @@
     case TLSEXT_signature_dsa:
         return SSL_PKEY_DSA_SIGN;
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
     case TLSEXT_signature_ecdsa:
         return SSL_PKEY_ECC;
 # endif
@@ -3326,7 +3325,7 @@
                 have_dsa = 1;
             break;
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
         case TLSEXT_signature_ecdsa:
             if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs))
                 have_ecdsa = 1;
@@ -3521,7 +3520,7 @@
             c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
         }
 # endif
-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_EC
         if (!c->pkeys[SSL_PKEY_ECC].digest)
             c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 # endif