Google Git
Sign in
boringssl/boringssl.git/f29c429324503b395fdaece95d2f01868a05ba2e^!/.
commit
f29c429324503b395fdaece95d2f01868a05ba2e
[log]
author
David Benjamin <davidben@google.com>
Thu Mar 02 12:17:39 2017 -0500
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Fri Mar 03 15:52:08 2017 +0000
tree
f6301baa4325fa68d01a07c4945a809972965b26
parent
f4654610623397339cfbd86783c765104ea09d3a [diff]
Remove support for old-style SSL_PRIVATE_KEY_METHOD types.

Everything has been updated to return the ECDSA curve.

Change-Id: Iee8fafb576c0ff92d9a47304d59cc607b5faa112
Reviewed-on: https://boringssl-review.googlesource.com/14066
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 8189611..2d72fec 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1050,10 +1050,7 @@
 typedef struct ssl_private_key_method_st {
   /* type returns the type of the key used by |ssl|. For RSA keys, return
    * |NID_rsaEncryption|. For ECDSA keys, return |NID_X9_62_prime256v1|,
-   * |NID_secp384r1|, or |NID_secp521r1|, depending on the curve.
-   *
-   * Returning |EVP_PKEY_EC| for ECDSA keys is deprecated and may result in
-   * connection failures in TLS 1.3. */
+   * |NID_secp384r1|, or |NID_secp521r1|, depending on the curve. */
   int (*type)(SSL *ssl);
 
   /* max_signature_len returns the maximum length of a signature signed by the

diff --git a/ssl/ssl_privkey.c b/ssl/ssl_privkey.c
index ed8ebaa..c5441de 100644
--- a/ssl/ssl_privkey.c
+++ b/ssl/ssl_privkey.c

@@ -304,8 +304,6 @@
 
 int ssl_is_ecdsa_key_type(int type) {
   switch (type) {
-    /* TODO(davidben): Remove support for |EVP_PKEY_EC| key types. */
-    case EVP_PKEY_EC:
     case NID_secp224r1:
     case NID_X9_62_prime256v1:
     case NID_secp384r1: