Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA.

Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the
intention of handling RSA sign only certificates... this incomplete code
had the following comment:

  /* check to see if this is a signing only certificate */
  /* EAY EAY EAY EAY */

And while the comment was removed in 2005, the incomplete RSA sign-only
handling has remained ever since.

Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While
here also remove the unused SSL_PKEY_DH_RSA.

ok tb@

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index e78099cdad..6a90ad17eb 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.75 2020/05/10 14:17:48 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.76 2020/05/19 16:35:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1693,7 +1693,7 @@ ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
         fakekey[0] = s->client_version >> 8;
         fakekey[1] = s->client_version & 0xff;
 
-        pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
+        pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey;
         if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
             (pkey->pkey.rsa == NULL)) {
                 al = SSL_AD_HANDSHAKE_FAILURE;