From 6019fdeeec36b84a28e360616bf851bbb984af8c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 19 May 2020 16:35:21 +0000 Subject: Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA. Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the intention of handling RSA sign only certificates... this incomplete code had the following comment: /* check to see if this is a signing only certificate */ /* EAY EAY EAY EAY */ And while the comment was removed in 2005, the incomplete RSA sign-only handling has remained ever since. Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While here also remove the unused SSL_PKEY_DH_RSA. ok tb@ --- src/lib/libssl/tls13_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/lib/libssl/tls13_server.c') diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index ea14cfa683..03d0e488ba 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.48 2020/05/19 01:30:34 beck Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.49 2020/05/19 16:35:21 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -437,7 +437,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb) int i, ret = 0; /* XXX - Need to revisit certificate selection. */ - cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC]; + cpk = &s->cert->pkeys[SSL_PKEY_RSA]; if (cpk->x509 == NULL) { /* A server must always provide a certificate. */ ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE; @@ -489,7 +489,7 @@ tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) memset(&sig_cbb, 0, sizeof(sig_cbb)); /* XXX - Need to revisit certificate selection. */ - cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC]; + cpk = &s->cert->pkeys[SSL_PKEY_RSA]; pkey = cpk->privatekey; if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) { -- cgit v1.2.3-55-g6feb