kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove SSL_get_peer_signature_nid and don't compute digests for peer_key.

Browse Source 
This is new in OpenSSL 1.0.2 so it isn't used anywhere. Cuts down slightly on
connection-global state associated with signature algorithm processing.
Repurposing the digest field to mean both "the digest we choose to sign with
this key" and "the digest the last signature we saw happened to use" is
confusing.

Change-Id: Iec4d5078c33e271c8c7b0ab221c356ee8480b89d
Reviewed-on: https://boringssl-review.googlesource.com/2281
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-11-13 14:51:02 -05:00 committed by Adam Langley
parent c20febe177
commit 248f350ed8
3 changed files with 0 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/openssl/ssl.h
View File

@ -1671,7 +1671,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_BUILD_CERT_CHAIN 105 #define SSL_CTRL_BUILD_CERT_CHAIN 105
#define SSL_CTRL_SET_VERIFY_CERT_STORE 106 #define SSL_CTRL_SET_VERIFY_CERT_STORE 106
#define SSL_CTRL_SET_CHAIN_CERT_STORE 107 #define SSL_CTRL_SET_CHAIN_CERT_STORE 107
#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
#define SSL_CTRL_GET_SERVER_TMP_KEY 109 #define SSL_CTRL_GET_SERVER_TMP_KEY 109
#define SSL_CTRL_GET_RAW_CIPHERLIST 110 #define SSL_CTRL_GET_RAW_CIPHERLIST 110
#define SSL_CTRL_GET_EC_POINT_FORMATS 111 #define SSL_CTRL_GET_EC_POINT_FORMATS 111
@ -1839,9 +1838,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_set1_client_certificate_types(s, clist, clistlen) \ #define SSL_set1_client_certificate_types(s, clist, clistlen) \
SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
#define SSL_get_peer_signature_nid(s, pn) \
SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
#define SSL_get_server_tmp_key(s, pk) \ #define SSL_get_server_tmp_key(s, pk) \
SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)

19
ssl/s3_lib.c
View File

@ -1358,25 +1358,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_CHAIN_CERT_STORE: case SSL_CTRL_SET_CHAIN_CERT_STORE:
return ssl_cert_set_cert_store(s->cert, parg, 1, larg); return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
case SSL_CTRL_GET_PEER_SIGNATURE_NID:
if (SSL_USE_SIGALGS(s))
{
if (s->session && s->session->sess_cert)
{
const EVP_MD *sig;
sig = s->session->sess_cert->peer_key->digest;
if (sig)
{
*(int *)parg = EVP_MD_type(sig);
return 1;
}
}
return 0;
}
/* Might want to do something here for other versions */
else
return 0;
case SSL_CTRL_GET_SERVER_TMP_KEY: case SSL_CTRL_GET_SERVER_TMP_KEY:
if (s->server || !s->session || !s->session->sess_cert) if (s->server || !s->session || !s->session->sess_cert)
return 0; return 0;

5
ssl/t1_lib.c
View File

@ -822,11 +822,6 @@ int tls12_check_peer_sigalg(const EVP_MD **out_md, int *out_alert,
*out_alert = SSL_AD_ILLEGAL_PARAMETER; *out_alert = SSL_AD_ILLEGAL_PARAMETER;
return 0; return 0;
} }
/* Store the digest used so applications can retrieve it if they
* wish.
*/
if (s->session && s->session->sess_cert)
s->session->sess_cert->peer_key->digest = *out_md;
return 1; return 1;
} }
/* Get a mask of disabled algorithms: an algorithm is disabled /* Get a mask of disabled algorithms: an algorithm is disabled