diff options
| author |   jsing <jsing@openbsd.org> | 2017-08-12 02:55:22 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-08-12 02:55:22 +0000 |
| commit | 4722f98804ba189e411b7860ab9786cb0b63c135 (patch) | |
| tree | c76f96056a58733d1e2e168f3bcc0ca9f3de85f2 /lib/libssl/ssl_lib.c | |
| parent | Clear the child pointer in CBB_cleanup(), so that we have fewer pointers (diff) | |
| download | wireguard-openbsd-4722f98804ba189e411b7860ab9786cb0b63c135.tar.xz wireguard-openbsd-4722f98804ba189e411b7860ab9786cb0b63c135.zip | |
Remove support for DSS/DSA, since we removed the cipher suites a while
back.
ok guenther@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
| -rw-r--r-- | lib/libssl/ssl_lib.c | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 6e555898ad5..de78ad2fcff 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.165 2017/08/11 21:06:52 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.166 2017/08/12 02:55:22 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2041,7 +2041,7 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) { - int rsa_enc, rsa_sign, dh_tmp, dsa_sign; + int rsa_enc, rsa_sign, dh_tmp; int have_ecc_cert; unsigned long mask_k, mask_a; X509 *x = NULL; @@ -2057,8 +2057,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); - cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); - dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); cpk = &(c->pkeys[SSL_PKEY_ECC]); have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); @@ -2080,9 +2078,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (rsa_enc || rsa_sign) mask_a |= SSL_aRSA; - if (dsa_sign) - mask_a |= SSL_aDSS; - mask_a |= SSL_aNULL; /* @@ -2159,8 +2154,6 @@ ssl_get_server_send_pkey(const SSL *s) if (alg_a & SSL_aECDSA) { i = SSL_PKEY_ECC; - } else if (alg_a & SSL_aDSS) { - i = SSL_PKEY_DSA_SIGN; } else if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) i = SSL_PKEY_RSA_SIGN; @@ -2197,10 +2190,7 @@ ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) alg_a = cipher->algorithm_auth; c = s->cert; - if ((alg_a & SSL_aDSS) && - (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) - idx = SSL_PKEY_DSA_SIGN; - else if (alg_a & SSL_aRSA) { + if (alg_a & SSL_aRSA) { if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) idx = SSL_PKEY_RSA_SIGN; else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) |