From adc85e649c82873f1fac3486fcd2504dcdeb3d41 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 25 Mar 2019 17:27:31 +0000
Subject: tls1_process_sigalgs() is no longer needed.

ok beck@
---
 src/lib/libssl/ssl_locl.h |  3 +--
 src/lib/libssl/t1_lib.c   | 56 +----------------------------------------------
 2 files changed, 2 insertions(+), 57 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 44abb6d6da..5358de452b 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.242 2019/03/25 17:21:18 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.243 2019/03/25 17:27:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1335,7 +1335,6 @@ int tls1_process_ticket(SSL *s, const unsigned char *session_id,
     int session_id_len, CBS *ext_block, SSL_SESSION **ret);
 
 long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *, size_t);
 
 int tls1_check_ec_server_key(SSL *s);
 
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 8986a0e755..5dbbdb7866 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.153 2019/01/23 18:39:28 beck Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.154 2019/03/25 17:27:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -999,57 +999,3 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	 * ticket. */
 	return 2;
 }
-
-/* Set preferred digest for each key type */
-int
-tls1_process_sigalgs(SSL *s, CBS *cbs, uint16_t *sigalgs, size_t sigalgs_len)
-{
-	CERT *c = s->cert;
-
-	/* Extension ignored for inappropriate versions */
-	/* XXX get rid of this? */
-	if (!SSL_USE_SIGALGS(s))
-		return 1;
-
-	c->pkeys[SSL_PKEY_RSA_SIGN].sigalg = NULL;
-	c->pkeys[SSL_PKEY_RSA_ENC].sigalg = NULL;
-	c->pkeys[SSL_PKEY_ECC].sigalg = NULL;
-#ifndef OPENSSL_NO_GOST
-	c->pkeys[SSL_PKEY_GOST01].sigalg = NULL;
-#endif
-	while (CBS_len(cbs) > 0) {
-		uint16_t sig_alg;
-		const struct ssl_sigalg *sigalg;
-
-		if (!CBS_get_u16(cbs, &sig_alg))
-			return 0;
-
-		if ((sigalg = ssl_sigalg(sig_alg, sigalgs, sigalgs_len)) !=
-		    NULL && c->pkeys[sigalg->pkey_idx].sigalg == NULL) {
-			c->pkeys[sigalg->pkey_idx].sigalg = sigalg;
-			if (sigalg->pkey_idx == SSL_PKEY_RSA_SIGN)
-				c->pkeys[SSL_PKEY_RSA_ENC].sigalg = sigalg;
-		}
-	}
-
-	/*
-	 * Set any remaining keys to default values. NOTE: if alg is not
-	 * supported it stays as NULL.
-	 */
-	if (c->pkeys[SSL_PKEY_RSA_SIGN].sigalg == NULL)
-		c->pkeys[SSL_PKEY_RSA_SIGN].sigalg =
-		    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
-	if (c->pkeys[SSL_PKEY_RSA_ENC].sigalg == NULL)
-		c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
-		    ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
-	if (c->pkeys[SSL_PKEY_ECC].sigalg == NULL)
-		c->pkeys[SSL_PKEY_RSA_ENC].sigalg =
-		    ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-
-#ifndef OPENSSL_NO_GOST
-	if (c->pkeys[SSL_PKEY_GOST01].sigalg == NULL)
-		c->pkeys[SSL_PKEY_GOST01].sigalg =
-		    ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94);
-#endif
-	return 1;
-}
-- 
cgit v1.2.3-55-g6feb