Drop X9.31 support from libtls

The TLS signer isn't exposed in public API (we should finally fix it...)
and it supports X9.31, a standard that has been retired and deprecated for
a very long time. libcrypto will stop supporting it soon, this step is
needed to prepare userland.

ok jsing

1 files changed, 1 insertions, 5 deletions

diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
index 1f11096792..f6005d3e07 100644
--- a/src/lib/libtls/tls_signer.c
+++ b/src/lib/libtls/tls_signer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.4 2022/02/01 17:18:38 jsing Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.5 2023/04/09 18:26:26 tb Exp $ */
 /*
  * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
  *
@@ -193,8 +193,6 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
                 rsa_padding = RSA_NO_PADDING;
         } else if (padding_type == TLS_PADDING_RSA_PKCS1) {
                 rsa_padding = RSA_PKCS1_PADDING;
-        } else if (padding_type == TLS_PADDING_RSA_X9_31) {
-                rsa_padding = RSA_X931_PADDING;
         } else {
                 tls_error_setx(&signer->error, "invalid RSA padding type (%d)",
                     padding_type);
@@ -331,8 +329,6 @@ tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to,
                 padding_type = TLS_PADDING_NONE;
         } else if (rsa_padding == RSA_PKCS1_PADDING) {
                 padding_type = TLS_PADDING_RSA_PKCS1;
-        } else if (rsa_padding == RSA_X931_PADDING) {
-                padding_type = TLS_PADDING_RSA_X9_31;
         } else {
                 goto err;
         }