diff options
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 6e555898ad..de78ad2fcf 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.165 2017/08/11 21:06:52 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.166 2017/08/12 02:55:22 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2041,7 +2041,7 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) | |||
| 2041 | void | 2041 | void |
| 2042 | ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | 2042 | ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) |
| 2043 | { | 2043 | { |
| 2044 | int rsa_enc, rsa_sign, dh_tmp, dsa_sign; | 2044 | int rsa_enc, rsa_sign, dh_tmp; |
| 2045 | int have_ecc_cert; | 2045 | int have_ecc_cert; |
| 2046 | unsigned long mask_k, mask_a; | 2046 | unsigned long mask_k, mask_a; |
| 2047 | X509 *x = NULL; | 2047 | X509 *x = NULL; |
| @@ -2057,8 +2057,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2057 | rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); | 2057 | rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2058 | cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); | 2058 | cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); |
| 2059 | rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); | 2059 | rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2060 | cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); | ||
| 2061 | dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
| 2062 | cpk = &(c->pkeys[SSL_PKEY_ECC]); | 2060 | cpk = &(c->pkeys[SSL_PKEY_ECC]); |
| 2063 | have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); | 2061 | have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2064 | 2062 | ||
| @@ -2080,9 +2078,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2080 | if (rsa_enc || rsa_sign) | 2078 | if (rsa_enc || rsa_sign) |
| 2081 | mask_a |= SSL_aRSA; | 2079 | mask_a |= SSL_aRSA; |
| 2082 | 2080 | ||
| 2083 | if (dsa_sign) | ||
| 2084 | mask_a |= SSL_aDSS; | ||
| 2085 | |||
| 2086 | mask_a |= SSL_aNULL; | 2081 | mask_a |= SSL_aNULL; |
| 2087 | 2082 | ||
| 2088 | /* | 2083 | /* |
| @@ -2159,8 +2154,6 @@ ssl_get_server_send_pkey(const SSL *s) | |||
| 2159 | 2154 | ||
| 2160 | if (alg_a & SSL_aECDSA) { | 2155 | if (alg_a & SSL_aECDSA) { |
| 2161 | i = SSL_PKEY_ECC; | 2156 | i = SSL_PKEY_ECC; |
| 2162 | } else if (alg_a & SSL_aDSS) { | ||
| 2163 | i = SSL_PKEY_DSA_SIGN; | ||
| 2164 | } else if (alg_a & SSL_aRSA) { | 2157 | } else if (alg_a & SSL_aRSA) { |
| 2165 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) | 2158 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) |
| 2166 | i = SSL_PKEY_RSA_SIGN; | 2159 | i = SSL_PKEY_RSA_SIGN; |
| @@ -2197,10 +2190,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) | |||
| 2197 | alg_a = cipher->algorithm_auth; | 2190 | alg_a = cipher->algorithm_auth; |
| 2198 | c = s->cert; | 2191 | c = s->cert; |
| 2199 | 2192 | ||
| 2200 | if ((alg_a & SSL_aDSS) && | 2193 | if (alg_a & SSL_aRSA) { |
| 2201 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) | ||
| 2202 | idx = SSL_PKEY_DSA_SIGN; | ||
| 2203 | else if (alg_a & SSL_aRSA) { | ||
| 2204 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) | 2194 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) |
| 2205 | idx = SSL_PKEY_RSA_SIGN; | 2195 | idx = SSL_PKEY_RSA_SIGN; |
| 2206 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) | 2196 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) |