diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2019-03-25 17:27:32 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2019-03-25 17:27:32 +0000 |
| commit | 0dffa9f4e9753268601464c16e2d2d98760dd7e2 (patch) | |
| tree | a626a7d5ad45d6f6fbd3d05acaf42b0100df4c4d /lib | |
| parent | 66bca2749fa0f5be77098136eabb80af1af51ce1 (diff) | |
tls1_process_sigalgs() is no longer needed.
ok beck@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/ssl_locl.h | 3 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 56 |
2 files changed, 2 insertions, 57 deletions
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 44abb6d6dab..5358de452b9 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.242 2019/03/25 17:21:18 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.243 2019/03/25 17:27:31 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1335,7 +1335,6 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id, int session_id_len, CBS *ext_block, SSL_SESSION **ret); long ssl_get_algorithm2(SSL *s); -int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t); int tls1_check_ec_server_key(SSL *s); diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 8986a0e755d..5dbbdb78667 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.153 2019/01/23 18:39:28 beck Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.154 2019/03/25 17:27:31 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -999,57 +999,3 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, * ticket. */ return 2; } - -/* Set preferred digest for each key type */ -int -tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *sigalgs, size_t sigalgs_len) -{ - CERT *c = s->cert; - - /* Extension ignored for inappropriate versions */ - /* XXX get rid of this? */ - if (!SSL_USE_SIGALGS(s)) - return 1; - - c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = NULL; - c->pkeys[SSL_PKEY_RSA_ENC].sigalg = NULL; - c->pkeys[SSL_PKEY_ECC].sigalg = NULL; -#ifndef OPENSSL_NO_GOST - c->pkeys[SSL_PKEY_GOST01].sigalg = NULL; -#endif - while (CBS_len(cbs) > 0) { - uint16_t sig_alg; - const struct ssl_sigalg *sigalg; - - if (!CBS_get_u16(cbs, &sig_alg)) - return 0; - - if ((sigalg = ssl_sigalg(sig_alg, sigalgs, sigalgs_len)) != - NULL && c->pkeys[sigalg->pkey_idx].sigalg == NULL) { - c->pkeys[sigalg->pkey_idx].sigalg = sigalg; - if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN) - c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg; - } - } - - /* - * Set any remaining keys to default values. NOTE: if alg is not - * supported it stays as NULL. - */ - if (c->pkeys[SSL_PKEY_RSA_SIGN].sigalg == NULL) - c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = - ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); - if (c->pkeys[SSL_PKEY_RSA_ENC].sigalg == NULL) - c->pkeys[SSL_PKEY_RSA_ENC].sigalg = - ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); - if (c->pkeys[SSL_PKEY_ECC].sigalg == NULL) - c->pkeys[SSL_PKEY_RSA_ENC].sigalg = - ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); - -#ifndef OPENSSL_NO_GOST - if (c->pkeys[SSL_PKEY_GOST01].sigalg == NULL) - c->pkeys[SSL_PKEY_GOST01].sigalg = - ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); -#endif - return 1; -} |