Remove SSL_get_peer_signature_nid and don't compute digests for peer_key.

This is new in OpenSSL 1.0.2 so it isn't used anywhere. Cuts down slightly on connection-global state associated with signature algorithm processing. Repurposing the digest field to mean both "the digest we choose to sign with this key" and "the digest the last signature we saw happened to use" is confusing. Change-Id: Iec4d5078c33e271c8c7b0ab221c356ee8480b89d Reviewed-on: https://boringssl-review.googlesource.com/2281 Reviewed-by: Adam Langley <agl@google.com>
2014-11-13 14:51:02 -05:00 · 2014-11-13 14:51:02 -05:00 · 248f350ed8
commit 248f350ed8
parent c20febe177
3 changed files with 0 additions and 28 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -1671,7 +1671,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_BUILD_CERT_CHAIN		105
 #define SSL_CTRL_SET_VERIFY_CERT_STORE		106
 #define SSL_CTRL_SET_CHAIN_CERT_STORE		107
-#define SSL_CTRL_GET_PEER_SIGNATURE_NID		108
 #define SSL_CTRL_GET_SERVER_TMP_KEY		109
 #define SSL_CTRL_GET_RAW_CIPHERLIST		110
 #define SSL_CTRL_GET_EC_POINT_FORMATS		111
@ -1839,9 +1838,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_set1_client_certificate_types(s, clist, clistlen) \
 	SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)

-#define SSL_get_peer_signature_nid(s, pn) \
-	SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
-
 #define SSL_get_server_tmp_key(s, pk) \
 	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)

--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -1358,25 +1358,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 	case SSL_CTRL_SET_CHAIN_CERT_STORE:
 		return ssl_cert_set_cert_store(s->cert, parg, 1, larg);

-	case SSL_CTRL_GET_PEER_SIGNATURE_NID:
-		if (SSL_USE_SIGALGS(s))
-			{
-			if (s->session && s->session->sess_cert)
-				{
-				const EVP_MD *sig;
-				sig = s->session->sess_cert->peer_key->digest;
-				if (sig)
-					{
-					*(int *)parg = EVP_MD_type(sig);
-					return 1;
-					}
-				}
-			return 0;
-			}
-		/* Might want to do something here for other versions */
-		else
-			return 0;
-
 	case SSL_CTRL_GET_SERVER_TMP_KEY:
 		if (s->server || !s->session || !s->session->sess_cert)
 			return 0;
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -822,11 +822,6 @@ int tls12_check_peer_sigalg(const EVP_MD **out_md, int *out_alert,
 		*out_alert = SSL_AD_ILLEGAL_PARAMETER;
 		return 0;
 		}
-	/* Store the digest used so applications can retrieve it if they
-	 * wish.
-	 */
-	if (s->session && s->session->sess_cert)
-		s->session->sess_cert->peer_key->digest = *out_md;
 	return 1;
 	}
 /* Get a mask of disabled algorithms: an algorithm is disabled