diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2019-03-25 17:33:27 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2019-03-25 17:33:27 +0000 |
| commit | b7f1d9f66c0ffed1bfd35c2d24df20b796a51ba2 (patch) | |
| tree | 6e3744220b175895d9058e371f1d712da396595d /lib/libssl | |
| parent | 0dffa9f4e9753268601464c16e2d2d98760dd7e2 (diff) | |
Strip out all of the pkey to sigalg and sigalg to pkey linkages.
These are no longer used now that we defer signature algorithm selection.
ok beck@
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/ssl_cert.c | 24 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 14 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_sigalgs.c | 22 | ||||
| -rw-r--r-- | lib/libssl/ssl_sigalgs.h | 3 |
5 files changed, 8 insertions, 59 deletions
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index ab76939116e..6c00b0d336f 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.73 2019/03/25 16:24:57 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.74 2019/03/25 17:33:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -158,22 +158,6 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void) return ssl_x509_store_ctx_idx; } -static void -ssl_cert_set_default_sigalgs(CERT *cert) -{ - /* Set digest values to defaults */ - cert->pkeys[SSL_PKEY_RSA_SIGN].sigalg = - ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); - cert->pkeys[SSL_PKEY_RSA_ENC].sigalg = - ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); - cert->pkeys[SSL_PKEY_ECC].sigalg = - ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); -#ifndef OPENSSL_NO_GOST - cert->pkeys[SSL_PKEY_GOST01].sigalg = - ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); -#endif -} - CERT * ssl_cert_new(void) { @@ -186,7 +170,6 @@ ssl_cert_new(void) } ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; - ssl_cert_set_default_sigalgs(ret); return (ret); } @@ -289,11 +272,6 @@ ssl_cert_dup(CERT *cert) */ ret->references = 1; - /* - * Set sigalgs to defaults. NB: we don't copy existing values - * as they will be set during handshake. - */ - ssl_cert_set_default_sigalgs(ret); return (ret); diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 70a4c6d16ff..adcaa1b3cca 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.203 2019/03/25 17:21:18 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.204 2019/03/25 17:33:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2734,20 +2734,14 @@ SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX * SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { - CERT *ocert = ssl->cert; - if (ssl->ctx == ctx) return (ssl->ctx); if (ctx == NULL) ctx = ssl->initial_ctx; + + ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->internal->cert); - if (ocert != NULL) { - int i; - /* Copy negotiated sigalg from original certificate. */ - for (i = 0; i < SSL_PKEY_NUM; i++) - ssl->cert->pkeys[i].sigalg = ocert->pkeys[i].sigalg; - ssl_cert_free(ocert); - } + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 5358de452b9..2dae72309cd 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.243 2019/03/25 17:27:31 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.244 2019/03/25 17:33:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -966,8 +966,6 @@ typedef struct cert_pkey_st { X509 *x509; EVP_PKEY *privatekey; STACK_OF(X509) *chain; - /* sigalg to use when signing */ - const struct ssl_sigalg *sigalg; } CERT_PKEY; typedef struct cert_st { diff --git a/lib/libssl/ssl_sigalgs.c b/lib/libssl/ssl_sigalgs.c index 50f4802fdb7..129ccccfbce 100644 --- a/lib/libssl/ssl_sigalgs.c +++ b/lib/libssl/ssl_sigalgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.18 2019/03/25 17:21:18 jsing Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.19 2019/03/25 17:33:26 jsing Exp $ */ /* * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> * @@ -29,13 +29,11 @@ const struct ssl_sigalg sigalgs[] = { .value = SIGALG_RSA_PKCS1_SHA512, .md = EVP_sha512, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, }, { .value = SIGALG_ECDSA_SECP521R1_SHA512, .md = EVP_sha512, .key_type = EVP_PKEY_EC, - .pkey_idx = SSL_PKEY_ECC, .curve_nid = NID_secp521r1, }, #ifndef OPENSSL_NO_GOST @@ -43,33 +41,28 @@ const struct ssl_sigalg sigalgs[] = { .value = SIGALG_GOSTR12_512_STREEBOG_512, .md = EVP_streebog512, .key_type = EVP_PKEY_GOSTR12_512, - .pkey_idx = SSL_PKEY_GOST01, /* XXX */ }, #endif { .value = SIGALG_RSA_PKCS1_SHA384, .md = EVP_sha384, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, }, { .value = SIGALG_ECDSA_SECP384R1_SHA384, .md = EVP_sha384, .key_type = EVP_PKEY_EC, - .pkey_idx = SSL_PKEY_ECC, .curve_nid = NID_secp384r1, }, { .value = SIGALG_RSA_PKCS1_SHA256, .md = EVP_sha256, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, }, { .value = SIGALG_ECDSA_SECP256R1_SHA256, .md = EVP_sha256, .key_type = EVP_PKEY_EC, - .pkey_idx = SSL_PKEY_ECC, .curve_nid = NID_X9_62_prime256v1, }, #ifndef OPENSSL_NO_GOST @@ -77,85 +70,72 @@ const struct ssl_sigalg sigalgs[] = { .value = SIGALG_GOSTR12_256_STREEBOG_256, .md = EVP_streebog256, .key_type = EVP_PKEY_GOSTR12_256, - .pkey_idx = SSL_PKEY_GOST01, /* XXX */ }, { .value = SIGALG_GOSTR01_GOST94, .md = EVP_gostr341194, .key_type = EVP_PKEY_GOSTR01, - .pkey_idx = SSL_PKEY_GOST01, }, #endif { .value = SIGALG_RSA_PSS_RSAE_SHA256, .md = EVP_sha256, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_RSAE_SHA384, .md = EVP_sha384, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_RSAE_SHA512, .md = EVP_sha512, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA256, .md = EVP_sha256, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA384, .md = EVP_sha384, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PSS_PSS_SHA512, .md = EVP_sha512, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, .flags = SIGALG_FLAG_RSA_PSS, }, { .value = SIGALG_RSA_PKCS1_SHA224, .md = EVP_sha224, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, }, { .value = SIGALG_ECDSA_SECP224R1_SHA224, .md = EVP_sha224, .key_type = EVP_PKEY_EC, - .pkey_idx = SSL_PKEY_ECC, }, { .value = SIGALG_RSA_PKCS1_SHA1, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, .md = EVP_sha1, }, { .value = SIGALG_ECDSA_SHA1, .key_type = EVP_PKEY_EC, .md = EVP_sha1, - .pkey_idx = SSL_PKEY_ECC, }, { .value = SIGALG_RSA_PKCS1_MD5_SHA1, .key_type = EVP_PKEY_RSA, - .pkey_idx = SSL_PKEY_RSA_SIGN, .md = EVP_md5_sha1, }, { diff --git a/lib/libssl/ssl_sigalgs.h b/lib/libssl/ssl_sigalgs.h index d06731e10d8..13a3597fb5a 100644 --- a/lib/libssl/ssl_sigalgs.h +++ b/lib/libssl/ssl_sigalgs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.13 2019/03/25 17:21:18 jsing Exp $ */ +/* $OpenBSD: ssl_sigalgs.h,v 1.14 2019/03/25 17:33:26 jsing Exp $ */ /* * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> * @@ -64,7 +64,6 @@ struct ssl_sigalg{ uint16_t value; const EVP_MD *(*md)(void); int key_type; - int pkey_idx; /* XXX get rid of this eventually */ int curve_nid; int flags; }; |