Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA.

Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the
intention of handling RSA sign only certificates... this incomplete code
had the following comment:

  /* check to see if this is a signing only certificate */
  /* EAY EAY EAY EAY */

And while the comment was removed in 2005, the incomplete RSA sign-only
handling has remained ever since.

Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While
here also remove the unused SSL_PKEY_DH_RSA.

ok tb@

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index ea14cfa683..03d0e488ba 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.48 2020/05/19 01:30:34 beck Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.49 2020/05/19 16:35:21 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -437,7 +437,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
         int i, ret = 0;
 
         /* XXX - Need to revisit certificate selection. */
-        cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC];
+        cpk = &s->cert->pkeys[SSL_PKEY_RSA];
         if (cpk->x509 == NULL) {
                 /* A server must always provide a certificate. */
                 ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE;
@@ -489,7 +489,7 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
         memset(&sig_cbb, 0, sizeof(sig_cbb));
 
         /* XXX - Need to revisit certificate selection. */
-        cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC];
+        cpk = &s->cert->pkeys[SSL_PKEY_RSA];
         pkey = cpk->privatekey;
 
         if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {