Commit 63c1df09 authored by Matt Caswell's avatar Matt Caswell
Browse files

Remove some unneeded functions 



The sigalgs work has made some old lookup tables and functions redundant
so remove them.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2157)
parent 536199ec

ssl/ssl_locl.h

+0 −1
Original line number Diff line number Diff line
@@ -2145,7 +2145,6 @@ __owur int tls_use_ticket(SSL *s); 


__owur int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,

                                const EVP_MD *md);

__owur int tls12_get_sigid(const EVP_PKEY *pk);

__owur const EVP_MD *tls12_get_hash(int hash_nid);

void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);

ssl/t1_lib.c

+14 −49
Original line number Diff line number Diff line
@@ -1287,44 +1287,6 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, 
    return ret;

}



/* Tables to translate from NIDs to TLS v1.2 ids */



typedef struct {

    int nid;

    int id;

} tls12_lookup;



static const tls12_lookup tls12_md[] = {

    {NID_md5, TLSEXT_hash_md5},

    {NID_sha1, TLSEXT_hash_sha1},

    {NID_sha224, TLSEXT_hash_sha224},

    {NID_sha256, TLSEXT_hash_sha256},

    {NID_sha384, TLSEXT_hash_sha384},

    {NID_sha512, TLSEXT_hash_sha512},

    {NID_id_GostR3411_94, TLSEXT_hash_gostr3411},

    {NID_id_GostR3411_2012_256, TLSEXT_hash_gostr34112012_256},

    {NID_id_GostR3411_2012_512, TLSEXT_hash_gostr34112012_512},

};



static const tls12_lookup tls12_sig[] = {

    {EVP_PKEY_RSA, TLSEXT_signature_rsa},

    {EVP_PKEY_DSA, TLSEXT_signature_dsa},

    {EVP_PKEY_EC, TLSEXT_signature_ecdsa},

    {NID_id_GostR3410_2001, TLSEXT_signature_gostr34102001},

    {NID_id_GostR3410_2012_256, TLSEXT_signature_gostr34102012_256},

    {NID_id_GostR3410_2012_512, TLSEXT_signature_gostr34102012_512}

};



static int tls12_find_id(int nid, const tls12_lookup *table, size_t tlen)

{

    size_t i;

    for (i = 0; i < tlen; i++) {

        if (table[i].nid == nid)

            return table[i].id;

    }

    return -1;

}



int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,

                         const EVP_MD *md)

{
@@ -1352,11 +1314,6 @@ int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk, 
    return 0;

}



int tls12_get_sigid(const EVP_PKEY *pk)

{

    return tls12_find_id(EVP_PKEY_id(pk), tls12_sig, OSSL_NELEM(tls12_sig));

}



typedef struct {

    int nid;

    int secbits;
@@ -1829,8 +1786,8 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client) 
int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)

{

    unsigned int *sigalgs, *sptr;

    int rhash, rsign;

    size_t i;



    if (salglen & 1)

        return 0;

    sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs));
@@ -1841,13 +1798,21 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) 
     * RSA-PKCS1. For now we only allow setting of RSA-PKCS1

     */

    for (i = 0, sptr = sigalgs; i < salglen; i += 2) {

        rhash = tls12_find_id(*psig_nids++, tls12_md, OSSL_NELEM(tls12_md));

        rsign = tls12_find_id(*psig_nids++, tls12_sig, OSSL_NELEM(tls12_sig));

        size_t j;

        SIGALG_LOOKUP *curr;

        int md_id = *psig_nids++;

        int sig_id = *psig_nids++;



        for (j = 0, curr = sigalg_lookup_tbl; j < OSSL_NELEM(sigalg_lookup_tbl);

             j++, curr++) {

            if (curr->hash == md_id && curr->sig == sig_id && !curr->notls12) {

                *sptr++ = curr->sigalg;

                break;

            }

        }



        if (rhash == -1 || rsign == -1)

        if (j == OSSL_NELEM(sigalg_lookup_tbl))

            goto err;

        *sptr++ = rhash;

        *sptr++ = rsign;

    }



    if (client) {