Removal of sig_hashes in ssl.h
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index de8f13b..9cba94e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1485,10 +1485,6 @@
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
-#endif
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3794d38..8b5d6a1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1069,68 +1069,7 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
- /* Heap allocate and translate sig_hashes from internal hash identifiers to
- signature algorithms IANA identifiers. */
- if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) &&
- ssl->conf->sig_hashes != NULL) {
- const int *md;
- const int *sig_hashes = ssl->conf->sig_hashes;
- size_t sig_algs_len = 0;
- uint16_t *p;
-
- MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN
- <= (SIZE_MAX - (2 * sizeof(uint16_t))),
- "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big");
-
- for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
- if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
- continue;
- }
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
- sig_algs_len += sizeof(uint16_t);
-#endif
-
-#if defined(MBEDTLS_RSA_C)
- sig_algs_len += sizeof(uint16_t);
-#endif
- if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) {
- return MBEDTLS_ERR_SSL_BAD_CONFIG;
- }
- }
-
- if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) {
- return MBEDTLS_ERR_SSL_BAD_CONFIG;
- }
-
- ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len +
- sizeof(uint16_t));
- if (ssl->handshake->sig_algs == NULL) {
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
- }
-
- p = (uint16_t *) ssl->handshake->sig_algs;
- for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
- unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md);
- if (hash == MBEDTLS_SSL_HASH_NONE) {
- continue;
- }
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
- *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
- p++;
-#endif
-#if defined(MBEDTLS_RSA_C)
- *p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA);
- p++;
-#endif
- }
- *p = MBEDTLS_TLS_SIG_NONE;
- ssl->handshake->sig_algs_heap_allocated = 1;
- } else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
- {
ssl->handshake->sig_algs_heap_allocated = 0;
- }
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
return 0;
@@ -2425,9 +2364,6 @@
void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
const uint16_t *sig_algs)
{
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
- conf->sig_hashes = NULL;
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
conf->sig_algs = sig_algs;
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */