diff options
| author |   jsing <jsing@openbsd.org> | 2014-10-31 14:51:01 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-10-31 14:51:01 +0000 |
| commit | 85bda7b83ce5c9f5db97200efe9d057e175bb7a7 (patch) | |
| tree | 1ab42d89f73039708d653700c7c44eaddea67170 /lib/libssl/ssl_cert.c | |
| parent | sync (diff) | |
| download | wireguard-openbsd-85bda7b83ce5c9f5db97200efe9d057e175bb7a7.tar.xz wireguard-openbsd-85bda7b83ce5c9f5db97200efe9d057e175bb7a7.zip | |
Remove support for ephemeral/temporary RSA private keys.
The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively
a standards violation) and for RSA sign-only, should only be possible if
you are using an export cipher and have an RSA private key that is more
than 512 bits in size (however we no longer support export ciphers).
ok bcook@ miod@
Diffstat (limited to 'lib/libssl/ssl_cert.c')
| -rw-r--r-- | lib/libssl/ssl_cert.c | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 6f1815067b9..beea31c64bd 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.42 2014/10/03 13:58:18 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.43 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -205,12 +205,6 @@ ssl_cert_dup(CERT *cert) ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; - if (cert->rsa_tmp != NULL) { - RSA_up_ref(cert->rsa_tmp); - ret->rsa_tmp = cert->rsa_tmp; - } - ret->rsa_tmp_cb = cert->rsa_tmp_cb; - if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); if (ret->dh_tmp == NULL) { @@ -305,7 +299,6 @@ ssl_cert_dup(CERT *cert) return (ret); err: - RSA_free(ret->rsa_tmp); DH_free(ret->dh_tmp); EC_KEY_free(ret->ecdh_tmp); @@ -331,7 +324,6 @@ ssl_cert_free(CERT *c) if (i > 0) return; - RSA_free(c->rsa_tmp); DH_free(c->dh_tmp); EC_KEY_free(c->ecdh_tmp); |