diff options
| author | jsing <> | 2017-08-12 02:55:22 +0000 |
|---|---|---|
| committer | jsing <> | 2017-08-12 02:55:22 +0000 |
| commit | 6c1ad08ad5efc682da1effe59e647f7ac8cdb641 (patch) | |
| tree | 772b4920210f4698c462169705fb8707d52beb22 /src/lib/libssl/t1_lib.c | |
| parent | b316f9f277648e3f7b8d4b8e8c5efe957a0fd85c (diff) | |
| download | openbsd-6c1ad08ad5efc682da1effe59e647f7ac8cdb641.tar.gz openbsd-6c1ad08ad5efc682da1effe59e647f7ac8cdb641.tar.bz2 openbsd-6c1ad08ad5efc682da1effe59e647f7ac8cdb641.zip | |
Remove support for DSS/DSA, since we removed the cipher suites a while
back.
ok guenther@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 4983ad27fa..3e5133ab54 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.126 2017/08/11 20:14:13 doug Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.127 2017/08/12 02:55:22 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -631,18 +631,15 @@ tls1_check_ec_tmp_key(SSL *s) | |||
| 631 | 631 | ||
| 632 | static unsigned char tls12_sigalgs[] = { | 632 | static unsigned char tls12_sigalgs[] = { |
| 633 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, | 633 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, |
| 634 | TLSEXT_hash_sha512, TLSEXT_signature_dsa, | ||
| 635 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, | 634 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, |
| 636 | #ifndef OPENSSL_NO_GOST | 635 | #ifndef OPENSSL_NO_GOST |
| 637 | TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512, | 636 | TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512, |
| 638 | #endif | 637 | #endif |
| 639 | 638 | ||
| 640 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, | 639 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, |
| 641 | TLSEXT_hash_sha384, TLSEXT_signature_dsa, | ||
| 642 | TLSEXT_hash_sha384, TLSEXT_signature_ecdsa, | 640 | TLSEXT_hash_sha384, TLSEXT_signature_ecdsa, |
| 643 | 641 | ||
| 644 | TLSEXT_hash_sha256, TLSEXT_signature_rsa, | 642 | TLSEXT_hash_sha256, TLSEXT_signature_rsa, |
| 645 | TLSEXT_hash_sha256, TLSEXT_signature_dsa, | ||
| 646 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, | 643 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, |
| 647 | 644 | ||
| 648 | #ifndef OPENSSL_NO_GOST | 645 | #ifndef OPENSSL_NO_GOST |
| @@ -651,11 +648,9 @@ static unsigned char tls12_sigalgs[] = { | |||
| 651 | #endif | 648 | #endif |
| 652 | 649 | ||
| 653 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, | 650 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, |
| 654 | TLSEXT_hash_sha224, TLSEXT_signature_dsa, | ||
| 655 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, | 651 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, |
| 656 | 652 | ||
| 657 | TLSEXT_hash_sha1, TLSEXT_signature_rsa, | 653 | TLSEXT_hash_sha1, TLSEXT_signature_rsa, |
| 658 | TLSEXT_hash_sha1, TLSEXT_signature_dsa, | ||
| 659 | TLSEXT_hash_sha1, TLSEXT_signature_ecdsa, | 654 | TLSEXT_hash_sha1, TLSEXT_signature_ecdsa, |
| 660 | }; | 655 | }; |
| 661 | 656 | ||
| @@ -1932,7 +1927,6 @@ static tls12_lookup tls12_md[] = { | |||
| 1932 | 1927 | ||
| 1933 | static tls12_lookup tls12_sig[] = { | 1928 | static tls12_lookup tls12_sig[] = { |
| 1934 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, | 1929 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, |
| 1935 | {EVP_PKEY_DSA, TLSEXT_signature_dsa}, | ||
| 1936 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa}, | 1930 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa}, |
| 1937 | {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01}, | 1931 | {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01}, |
| 1938 | }; | 1932 | }; |
| @@ -2020,7 +2014,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2020 | 2014 | ||
| 2021 | CBS_init(&cbs, data, dsize); | 2015 | CBS_init(&cbs, data, dsize); |
| 2022 | 2016 | ||
| 2023 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL; | ||
| 2024 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; | 2017 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; |
| 2025 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; | 2018 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; |
| 2026 | c->pkeys[SSL_PKEY_ECC].digest = NULL; | 2019 | c->pkeys[SSL_PKEY_ECC].digest = NULL; |
| @@ -2039,9 +2032,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2039 | case TLSEXT_signature_rsa: | 2032 | case TLSEXT_signature_rsa: |
| 2040 | idx = SSL_PKEY_RSA_SIGN; | 2033 | idx = SSL_PKEY_RSA_SIGN; |
| 2041 | break; | 2034 | break; |
| 2042 | case TLSEXT_signature_dsa: | ||
| 2043 | idx = SSL_PKEY_DSA_SIGN; | ||
| 2044 | break; | ||
| 2045 | case TLSEXT_signature_ecdsa: | 2035 | case TLSEXT_signature_ecdsa: |
| 2046 | idx = SSL_PKEY_ECC; | 2036 | idx = SSL_PKEY_ECC; |
| 2047 | break; | 2037 | break; |
| @@ -2068,8 +2058,6 @@ tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | |||
| 2068 | /* Set any remaining keys to default values. NOTE: if alg is not | 2058 | /* Set any remaining keys to default values. NOTE: if alg is not |
| 2069 | * supported it stays as NULL. | 2059 | * supported it stays as NULL. |
| 2070 | */ | 2060 | */ |
| 2071 | if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) | ||
| 2072 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | ||
| 2073 | if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { | 2061 | if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { |
| 2074 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); | 2062 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); |
| 2075 | c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); | 2063 | c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); |