Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA.

Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the
intention of handling RSA sign only certificates... this incomplete code
had the following comment:

  /* check to see if this is a signing only certificate */
  /* EAY EAY EAY EAY */

And while the comment was removed in 2005, the incomplete RSA sign-only
handling has remained ever since.

Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While
here also remove the unused SSL_PKEY_DH_RSA.

ok tb@

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index a17b2bd47f..cef49c496e 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.62 2020/05/19 01:30:34 beck Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.63 2020/05/19 16:35:21 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -834,7 +834,7 @@ tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
         int i, ret = 0;
 
         /* XXX - Need to revisit certificate selection. */
-        cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC];
+        cpk = &s->cert->pkeys[SSL_PKEY_RSA];
 
         if ((chain = cpk->chain) == NULL)
                 chain = s->ctx->extra_certs;
@@ -884,7 +884,7 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
         memset(&sig_cbb, 0, sizeof(sig_cbb));
 
         /* XXX - Need to revisit certificate selection. */
-        cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC];
+        cpk = &s->cert->pkeys[SSL_PKEY_RSA];
         pkey = cpk->privatekey;
 
         if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {