diff options
| author | jsing <> | 2017-08-12 02:55:22 +0000 |
|---|---|---|
| committer | jsing <> | 2017-08-12 02:55:22 +0000 |
| commit | 6c1ad08ad5efc682da1effe59e647f7ac8cdb641 (patch) | |
| tree | 772b4920210f4698c462169705fb8707d52beb22 /src/lib/libssl/ssl_clnt.c | |
| parent | b316f9f277648e3f7b8d4b8e8c5efe957a0fd85c (diff) | |
| download | openbsd-6c1ad08ad5efc682da1effe59e647f7ac8cdb641.tar.gz openbsd-6c1ad08ad5efc682da1effe59e647f7ac8cdb641.tar.bz2 openbsd-6c1ad08ad5efc682da1effe59e647f7ac8cdb641.zip | |
Remove support for DSS/DSA, since we removed the cipher suites a while
back.
ok guenther@
Diffstat (limited to 'src/lib/libssl/ssl_clnt.c')
| -rw-r--r-- | src/lib/libssl/ssl_clnt.c | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index a1745143f0..865c961db7 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_clnt.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */ | 1 | /* $OpenBSD: ssl_clnt.c,v 1.15 2017/08/12 02:55:22 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1162,8 +1162,6 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, unsigned char **pp, long *nn) | |||
| 1162 | 1162 | ||
| 1163 | if (alg_a & SSL_aRSA) | 1163 | if (alg_a & SSL_aRSA) |
| 1164 | *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | 1164 | *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 1165 | else if (alg_a & SSL_aDSS) | ||
| 1166 | *pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); | ||
| 1167 | else | 1165 | else |
| 1168 | /* XXX - Anonymous DH, so no certificate or pkey. */ | 1166 | /* XXX - Anonymous DH, so no certificate or pkey. */ |
| 1169 | *pkey = NULL; | 1167 | *pkey = NULL; |
| @@ -2395,16 +2393,6 @@ ssl3_send_client_verify(SSL *s) | |||
| 2395 | } | 2393 | } |
| 2396 | s2n(u, p); | 2394 | s2n(u, p); |
| 2397 | n = u + 2; | 2395 | n = u + 2; |
| 2398 | } else if (pkey->type == EVP_PKEY_DSA) { | ||
| 2399 | if (!DSA_sign(pkey->save_type, | ||
| 2400 | &(data[MD5_DIGEST_LENGTH]), | ||
| 2401 | SHA_DIGEST_LENGTH, &(p[2]), | ||
| 2402 | (unsigned int *)&j, pkey->pkey.dsa)) { | ||
| 2403 | SSLerror(s, ERR_R_DSA_LIB); | ||
| 2404 | goto err; | ||
| 2405 | } | ||
| 2406 | s2n(j, p); | ||
| 2407 | n = j + 2; | ||
| 2408 | } else if (pkey->type == EVP_PKEY_EC) { | 2396 | } else if (pkey->type == EVP_PKEY_EC) { |
| 2409 | if (!ECDSA_sign(pkey->save_type, | 2397 | if (!ECDSA_sign(pkey->save_type, |
| 2410 | &(data[MD5_DIGEST_LENGTH]), | 2398 | &(data[MD5_DIGEST_LENGTH]), |
| @@ -2593,13 +2581,8 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2593 | if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { | 2581 | if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { |
| 2594 | SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT); | 2582 | SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT); |
| 2595 | goto f_err; | 2583 | goto f_err; |
| 2596 | } else if ((alg_a & SSL_aDSS) && | ||
| 2597 | !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { | ||
| 2598 | SSLerror(s, SSL_R_MISSING_DSA_SIGNING_CERT); | ||
| 2599 | goto f_err; | ||
| 2600 | } | 2584 | } |
| 2601 | if ((alg_k & SSL_kRSA) && | 2585 | if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { |
| 2602 | !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { | ||
| 2603 | SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT); | 2586 | SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT); |
| 2604 | goto f_err; | 2587 | goto f_err; |
| 2605 | } | 2588 | } |