diff options
| author | David Benjamin <davidben@chromium.org> | 2014-08-20 04:32:41 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-08-20 06:15:32 +0400 |
| commit | a7d1363fcb1f0d825ec2393c06be3d58b0c57efd (patch) | |
| tree | 29bd6f410a8eb4d966a74aa2c9ce7b23cfc07507 /ssl/t1_lib.c | |
| parent | ef2116d33c3c1b38005eb59caa2aaa6300a9b450 (diff) | |
Prune removed key types from SSL_PKEY_*.
Remove all the logic managing key types that aren't being used anymore.
Change-Id: I101369164588048e64ba1c84a6b8aac8f3a221cd
Reviewed-on: https://boringssl-review.googlesource.com/1567
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 5aa4d2c1..d5cb5f47 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3016,10 +3016,6 @@ int tls1_process_sigalgs(SSL *s, const CBS *sigalgs) /* Set any remaining keys to default values. NOTE: if alg is * not supported it stays as NULL. */ -#ifndef OPENSSL_NO_DSA - if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) - c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); -#endif if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); @@ -3177,8 +3173,6 @@ static int sig_cb(const char *elem, int len, void *arg) if (!strcmp(etmp, "RSA")) sig_alg = EVP_PKEY_RSA; - else if (!strcmp(etmp, "DSA")) - sig_alg = EVP_PKEY_DSA; else if (!strcmp(etmp, "ECDSA")) sig_alg = EVP_PKEY_EC; else return 0; @@ -3370,7 +3364,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, { case SSL_PKEY_RSA_ENC: case SSL_PKEY_RSA_SIGN: - case SSL_PKEY_DH_RSA: rsign = TLSEXT_signature_rsa; default_nid = NID_sha1WithRSAEncryption; break; @@ -3468,21 +3461,9 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, case EVP_PKEY_RSA: check_type = TLS_CT_RSA_SIGN; break; - case EVP_PKEY_DSA: - check_type = TLS_CT_DSS_SIGN; - break; case EVP_PKEY_EC: check_type = TLS_CT_ECDSA_SIGN; break; - case EVP_PKEY_DH: - case EVP_PKEY_DHX: - { - int cert_type = X509_certificate_type(x, pk); - if (cert_type & EVP_PKS_RSA) - check_type = TLS_CT_RSA_FIXED_DH; - if (cert_type & EVP_PKS_DSA) - check_type = TLS_CT_DSS_FIXED_DH; - } } if (check_type) { @@ -3563,9 +3544,6 @@ void tls1_set_cert_validity(SSL *s) { tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN); - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN); - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA); - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC); } /* User level utiity function to check a chain is suitable */ |