Remove support for old-style SSL_PRIVATE_KEY_METHOD types.

Everything has been updated to return the ECDSA curve. Change-Id: Iee8fafb576c0ff92d9a47304d59cc607b5faa112 Reviewed-on: https://boringssl-review.googlesource.com/14066 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-03-02 12:17:39 -05:00 · 2017-03-02 12:17:39 -05:00 · f29c429324
commit f29c429324
parent f465461062
2 changed files with 1 additions and 6 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -1050,10 +1050,7 @@ enum ssl_private_key_result_t {
 typedef struct ssl_private_key_method_st {
  /* type returns the type of the key used by |ssl|. For RSA keys, return
   * |NID_rsaEncryption|. For ECDSA keys, return |NID_X9_62_prime256v1|,
-   * |NID_secp384r1|, or |NID_secp521r1|, depending on the curve.
-   *
-   * Returning |EVP_PKEY_EC| for ECDSA keys is deprecated and may result in
-   * connection failures in TLS 1.3. */
+   * |NID_secp384r1|, or |NID_secp521r1|, depending on the curve. */
  int (*type)(SSL *ssl);

  /* max_signature_len returns the maximum length of a signature signed by the
--- a/ssl/ssl_privkey.c
+++ b/ssl/ssl_privkey.c
@ -304,8 +304,6 @@ int ssl_has_private_key(const SSL *ssl) {

 int ssl_is_ecdsa_key_type(int type) {
  switch (type) {
-    /* TODO(davidben): Remove support for |EVP_PKEY_EC| key types. */
-    case EVP_PKEY_EC:
    case NID_secp224r1:
    case NID_X9_62_prime256v1:
    case NID_secp384r1: