From 6019fdeeec36b84a28e360616bf851bbb984af8c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 19 May 2020 16:35:21 +0000 Subject: Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA. Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the intention of handling RSA sign only certificates... this incomplete code had the following comment: /* check to see if this is a signing only certificate */ /* EAY EAY EAY EAY */ And while the comment was removed in 2005, the incomplete RSA sign-only handling has remained ever since. Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While here also remove the unused SSL_PKEY_DH_RSA. ok tb@ --- src/lib/libssl/ssl_cert.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) (limited to 'src/lib/libssl/ssl_cert.c') diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index af8ef329b4..3567b7b426 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.76 2019/05/15 09:13:16 bcook Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.77 2020/05/19 16:35:20 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -168,7 +168,7 @@ ssl_cert_new(void) SSLerrorx(ERR_R_MALLOC_FAILURE); return (NULL); } - ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); + ret->key = &(ret->pkeys[SSL_PKEY_RSA]); ret->references = 1; return (ret); } @@ -240,15 +240,10 @@ ssl_cert_dup(CERT *cert) * (Nothing at the moment, I think.) */ - case SSL_PKEY_RSA_ENC: - case SSL_PKEY_RSA_SIGN: + case SSL_PKEY_RSA: /* We have an RSA key. */ break; - case SSL_PKEY_DH_RSA: - /* We have a DH key. */ - break; - case SSL_PKEY_ECC: /* We have an ECC key */ break; @@ -377,7 +372,7 @@ ssl_sess_cert_new(void) SSLerrorx(ERR_R_MALLOC_FAILURE); return NULL; } - ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); + ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA]); ret->references = 1; return ret; -- cgit v1.2.3-55-g6feb