diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-15 23:57:18 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-19 16:14:51 +0000 |
| commit | bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb (patch) | |
| tree | 7775c994e7acb1ba45132c84edda69305a3b467a /ssl/ssl_lib.c | |
| parent | 74a62e9629b2d07360a62571ff3028c83b69b0d9 (diff) | |
Remove fixed DH ciphersuites.
Remove all fixed DH ciphersuites and associated logic.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 909b23ef6f..7f4bca058b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2006,7 +2006,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) #endif CERT *c = s->cert; uint32_t *pvalid = s->s3->tmp.valid_flags; - int rsa_enc, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; + int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok; @@ -2026,8 +2026,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID; rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN; dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN; - dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID; - dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID; #ifndef OPENSSL_NO_EC have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif @@ -2064,15 +2062,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) if (dh_tmp) mask_k |= SSL_kDHE; - if (dh_rsa) - mask_k |= SSL_kDHr; - - if (dh_dsa) - mask_k |= SSL_kDHd; - - if (mask_k & (SSL_kDHr | SSL_kDHd)) - mask_a |= SSL_aDH; - if (rsa_enc || rsa_sign) { mask_a |= SSL_aRSA; } |