From 6019fdeeec36b84a28e360616bf851bbb984af8c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 19 May 2020 16:35:21 +0000 Subject: Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA. Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the intention of handling RSA sign only certificates... this incomplete code had the following comment: /* check to see if this is a signing only certificate */ /* EAY EAY EAY EAY */ And while the comment was removed in 2005, the incomplete RSA sign-only handling has remained ever since. Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While here also remove the unused SSL_PKEY_DH_RSA. ok tb@ --- src/lib/libssl/tls13_client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/lib/libssl/tls13_client.c') diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index a17b2bd47f..cef49c496e 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.62 2020/05/19 01:30:34 beck Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.63 2020/05/19 16:35:21 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -834,7 +834,7 @@ tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb) int i, ret = 0; /* XXX - Need to revisit certificate selection. */ - cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC]; + cpk = &s->cert->pkeys[SSL_PKEY_RSA]; if ((chain = cpk->chain) == NULL) chain = s->ctx->extra_certs; @@ -884,7 +884,7 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) memset(&sig_cbb, 0, sizeof(sig_cbb)); /* XXX - Need to revisit certificate selection. */ - cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC]; + cpk = &s->cert->pkeys[SSL_PKEY_RSA]; pkey = cpk->privatekey; if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { -- cgit v1.2.3-55-g6feb