tls1_process_sigalgs() is no longer needed.

ok beck@
author: jsing <> 2019-03-25 17:27:31 +0000
committer: jsing <> 2019-03-25 17:27:31 +0000
commit: adc85e649c82873f1fac3486fcd2504dcdeb3d41 (patch)
tree: 679aedffb7db8d75c8f4b118fac1782ce5f1528a
parent: e54e43a6f31368338de68eeea77a87ad2be5b85f (diff)
download: openbsd-adc85e649c82873f1fac3486fcd2504dcdeb3d41.tar.gz
openbsd-adc85e649c82873f1fac3486fcd2504dcdeb3d41.tar.bz2
openbsd-adc85e649c82873f1fac3486fcd2504dcdeb3d41.zip
2 files changed, 2 insertions, 57 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 44abb6d6da..5358de452b 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.242 2019/03/25 17:21:18 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.243 2019/03/25 17:27:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1335,7 +1335,6 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id,
    int session_id_len, CBS *ext_block, SSL_SESSION **ret);
 long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t);
 int tls1_check_ec_server_key(SSL *s);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 8986a0e755..5dbbdb7866 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.153 2019/01/23 18:39:28 beck Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.154 2019/03/25 17:27:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -999,57 +999,3 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
         * ticket. */
        return 2;
 }
-/* Set preferred digest for each key type */
-int
-tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *sigalgs, size_t sigalgs_len)
-{
-        CERT *c = s->cert;
-        /* Extension ignored for inappropriate versions */
-        /* XXX get rid of this? */
-        if (!SSL_USE_SIGALGS(s))
-                return 1;
-        c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = NULL;
-        c->pkeys[SSL_PKEY_RSA_ENC].sigalg = NULL;
-        c->pkeys[SSL_PKEY_ECC].sigalg = NULL;
-#ifndef OPENSSL_NO_GOST
-        c->pkeys[SSL_PKEY_GOST01].sigalg = NULL;
-#endif
-        while (CBS_len(cbs) > 0) {
-                uint16_t sig_alg;
-                const struct ssl_sigalg *sigalg;
-                if (!CBS_get_u16(cbs, &sig_alg))
-                        return 0;
-                if ((sigalg = ssl_sigalg(sig_alg, sigalgs, sigalgs_len)) !=
-                    NULL && c->pkeys[sigalg->pkey_idx].sigalg == NULL) {
-                        c->pkeys[sigalg->pkey_idx].sigalg = sigalg;
-                        if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
-                                c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg;
-                }
-        }
-        /*
-         * Set any remaining keys to default values. NOTE: if alg is not
-         * supported it stays as NULL.
-         */
-        if (c->pkeys[SSL_PKEY_RSA_SIGN].sigalg == NULL)
-                c->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
-                    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
-        if (c->pkeys[SSL_PKEY_RSA_ENC].sigalg == NULL)
-                c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
-                    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
-        if (c->pkeys[SSL_PKEY_ECC].sigalg == NULL)
-                c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
-                    ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-#ifndef OPENSSL_NO_GOST
-        if (c->pkeys[SSL_PKEY_GOST01].sigalg == NULL)
-                c->pkeys[SSL_PKEY_GOST01].sigalg =
-                    ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
-#endif
-        return 1;
-}
author	jsing <>	2019-03-25 17:27:31 +0000
committer	jsing <>	2019-03-25 17:27:31 +0000
commit	adc85e649c82873f1fac3486fcd2504dcdeb3d41 (patch)
tree	679aedffb7db8d75c8f4b118fac1782ce5f1528a
parent	e54e43a6f31368338de68eeea77a87ad2be5b85f (diff)
download	openbsd-adc85e649c82873f1fac3486fcd2504dcdeb3d41.tar.gz openbsd-adc85e649c82873f1fac3486fcd2504dcdeb3d41.tar.bz2 openbsd-adc85e649c82873f1fac3486fcd2504dcdeb3d41.zip

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 44abb6d6da..5358de452b 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.242 2019/03/25 17:21:18 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.243 2019/03/25 17:27:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1335,7 +1335,6 @@ int tls1_process_ticket(SSL s, const unsigned char session_id,
1335	int session_id_len, CBS ext_block, SSL_SESSION *ret);	1335	int session_id_len, CBS ext_block, SSL_SESSION *ret);
1336		1336
1337	long ssl_get_algorithm2(SSL *s);	1337	long ssl_get_algorithm2(SSL *s);
1338	int tls1_process_sigalgs(SSL s, CBS cbs, uint16_t *, size_t);
1339		1338
1340	int tls1_check_ec_server_key(SSL *s);	1339	int tls1_check_ec_server_key(SSL *s);
1341		1340


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 8986a0e755..5dbbdb7866 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.153 2019/01/23 18:39:28 beck Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.154 2019/03/25 17:27:31 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -999,57 +999,3 @@ tls_decrypt_ticket(SSL s, const unsigned char etick, int eticklen,
999	* ticket. */	999	* ticket. */
1000	return 2;	1000	return 2;
1001	}	1001	}
1002
1003	/* Set preferred digest for each key type */
1004	int
1005	tls1_process_sigalgs(SSL s, CBS cbs, uint16_t *sigalgs, size_t sigalgs_len)
1006	{
1007	CERT *c = s->cert;
1008
1009	/* Extension ignored for inappropriate versions */
1010	/* XXX get rid of this? */
1011	if (!SSL_USE_SIGALGS(s))
1012	return 1;
1013
1014	c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = NULL;
1015	c->pkeys[SSL_PKEY_RSA_ENC].sigalg = NULL;
1016	c->pkeys[SSL_PKEY_ECC].sigalg = NULL;
1017	#ifndef OPENSSL_NO_GOST
1018	c->pkeys[SSL_PKEY_GOST01].sigalg = NULL;
1019	#endif
1020	while (CBS_len(cbs) > 0) {
1021	uint16_t sig_alg;
1022	const struct ssl_sigalg *sigalg;
1023
1024	if (!CBS_get_u16(cbs, &sig_alg))
1025	return 0;
1026
1027	if ((sigalg = ssl_sigalg(sig_alg, sigalgs, sigalgs_len)) !=
1028	NULL && c->pkeys[sigalg->pkey_idx].sigalg == NULL) {
1029	c->pkeys[sigalg->pkey_idx].sigalg = sigalg;
1030	if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
1031	c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg;
1032	}
1033	}
1034
1035	/*
1036	* Set any remaining keys to default values. NOTE: if alg is not
1037	* supported it stays as NULL.
1038	*/
1039	if (c->pkeys[SSL_PKEY_RSA_SIGN].sigalg == NULL)
1040	c->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
1041	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
1042	if (c->pkeys[SSL_PKEY_RSA_ENC].sigalg == NULL)
1043	c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
1044	ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
1045	if (c->pkeys[SSL_PKEY_ECC].sigalg == NULL)
1046	c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
1047	ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
1048
1049	#ifndef OPENSSL_NO_GOST
1050	if (c->pkeys[SSL_PKEY_GOST01].sigalg == NULL)
1051	c->pkeys[SSL_PKEY_GOST01].sigalg =
1052	ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
1053	#endif
1054	return 1;
1055	}