From 4dee81fbfafeb6a0c5d8a20abce72c080860fe81 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 17 May 2010 09:53:17 +0000
Subject: Removed/commented out currently dead code.

---
 lib/ssl/src/ssl_connection.erl | 49 +++++++++++++++-----------------------
 lib/ssl/src/ssl_handshake.erl  | 54 ++++++++++++++++++++++--------------------
 2 files changed, 47 insertions(+), 56 deletions(-)

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index a9ddc44edf..a4eaf03086 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1339,11 +1339,12 @@ key_exchange(#state{role = server, key_algorithm = Algo} = State)
        Algo == dh_rsa ->
     State;
 
-%key_exchange(#state{role = server, key_algorithm = rsa_export} = State) ->
+%% Remove or uncomment when we decide if to support export cipher suites
+%%key_exchange(#state{role = server, key_algorithm = rsa_export} = State) ->
     %% TODO when the public key in the server certificate is
     %% less than or equal to 512 bits in length dont send key_exchange
     %% but do it otherwise
-%    State;
+%%    State;
 
 key_exchange(#state{role = server, key_algorithm = Algo,
 		    diffie_hellman_params = Params,
@@ -1411,27 +1412,12 @@ key_exchange(#state{role = client,
     {BinMsg, ConnectionStates1, Hashes1} =
         encode_handshake(Msg, Version, ConnectionStates0, Hashes0),
     Transport:send(Socket, BinMsg),
-    State#state{connection_states = ConnectionStates1,
-                tls_handshake_hashes = Hashes1};
-
-key_exchange(#state{role = client, 
-		    connection_states = ConnectionStates0,
-		    key_algorithm = Algorithm,
-		    negotiated_version = Version,
-		    client_certificate_requested = ClientCertReq,
-		    own_cert = OwnCert,
-		    diffie_hellman_keys = DhKeys,
-		    socket = Socket, transport_cb = Transport,
-		    tls_handshake_hashes = Hashes0} = State) 
-  when Algorithm == dh_dss;
-       Algorithm == dh_rsa  ->
-    Msg = dh_key_exchange(OwnCert, DhKeys, ClientCertReq),
-    {BinMsg, ConnectionStates1, Hashes1} =
-        encode_handshake(Msg, Version, ConnectionStates0, Hashes0),
-    Transport:send(Socket, BinMsg),
     State#state{connection_states = ConnectionStates1,
                 tls_handshake_hashes = Hashes1}.
 
+%% key_algorithm = dh_rsa | dh_dss are not supported. If we want to
+%% support it we need a key_exchange clause for it here.
+
 rsa_key_exchange(PremasterSecret, PublicKeyInfo = {Algorithm, _, _})  
   when Algorithm == ?rsaEncryption;
        Algorithm == ?md2WithRSAEncryption;
@@ -1443,16 +1429,19 @@ rsa_key_exchange(PremasterSecret, PublicKeyInfo = {Algorithm, _, _})
 rsa_key_exchange(_, _) ->
     throw (?ALERT_REC(?FATAL,?HANDSHAKE_FAILURE)).
 
-dh_key_exchange(OwnCert, DhKeys, true) ->
-    case public_key:pkix_is_fixed_dh_cert(OwnCert) of
-	true ->
-	    ssl_handshake:key_exchange(client, fixed_diffie_hellman);
-	false ->
-	    {DhPubKey, _} = DhKeys,
-	    ssl_handshake:key_exchange(client, {dh, DhPubKey})
-    end;
-dh_key_exchange(_, {DhPubKey, _}, false) ->
-    ssl_handshake:key_exchange(client, {dh, DhPubKey}).
+%% Uncomment if we decide to support cipher suites with key_algorithm
+%% dh_rsa and dh_dss.  Could also be removed if we decide support for
+%% this will not be needed. Not supported by openssl!
+%% dh_key_exchange(OwnCert, DhKeys, true) ->
+%%     case public_key:pkix_is_fixed_dh_cert(OwnCert) of
+%% 	true ->
+%% 	    ssl_handshake:key_exchange(client, fixed_diffie_hellman);
+%% 	false ->
+%% 	    {DhPubKey, _} = DhKeys,
+%% 	    ssl_handshake:key_exchange(client, {dh, DhPubKey})
+%%     end;
+%% dh_key_exchange(_, {DhPubKey, _}, false) ->
+%%     ssl_handshake:key_exchange(client, {dh, DhPubKey}).
 
 request_client_cert(#state{ssl_options = #ssl_options{verify = verify_peer},
 			   connection_states = ConnectionStates0,
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index f0413c4d31..54938e0fbc 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -345,11 +345,14 @@ key_exchange(client, {premaster_secret, Secret, {_, PublicKey, _}}) ->
     EncPremasterSecret =
 	encrypted_premaster_secret(Secret, PublicKey),
     #client_key_exchange{exchange_keys = EncPremasterSecret};
-key_exchange(client, fixed_diffie_hellman) -> 
-    #client_key_exchange{exchange_keys = 
-			 #client_diffie_hellman_public{
-			   dh_public = <<>>
-			  }};
+
+%% Uncomment if dh_rsa and dh_dss cipher suites should
+%% be supported.
+%% key_exchange(client, fixed_diffie_hellman) -> 
+%%     #client_key_exchange{exchange_keys = 
+%% 			 #client_diffie_hellman_public{
+%% 			   dh_public = <<>>
+%% 			  }};
 key_exchange(client, {dh, <<?UINT32(Len), PublicKey:Len/binary>>}) ->
     #client_key_exchange{
 	      exchange_keys = #client_diffie_hellman_public{
@@ -375,10 +378,7 @@ key_exchange(server, {dh, {<<?UINT32(_), PublicKey/binary>>, _},
 					   ?UINT16(YLen), PublicKey/binary>>),
     Signed = digitally_signed(Hash, PrivateKey),
     #server_key_exchange{params = ServerDHParams,
-			 signed_params = Signed};
-key_exchange(_, _) ->
-    %%TODO : Real imp
-    #server_key_exchange{}.
+			 signed_params = Signed}.
 
 %%--------------------------------------------------------------------
 %% Function: master_secret(Version, Session/PremasterSecret, 
@@ -812,13 +812,14 @@ dec_hs(?SERVER_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
 	renegotiation_info = RenegotiationInfo};
 dec_hs(?CERTIFICATE, <<?UINT24(ACLen), ASN1Certs:ACLen/binary>>, _, _) ->
     #certificate{asn1_certificates = certs_to_list(ASN1Certs)};
-dec_hs(?SERVER_KEY_EXCHANGE, <<?UINT16(ModLen), Mod:ModLen/binary,
-			      ?UINT16(ExpLen),  Exp:ExpLen/binary,
-			      ?UINT16(_),  Sig/binary>>,
-       ?KEY_EXCHANGE_RSA, _) ->
-    #server_key_exchange{params = #server_rsa_params{rsa_modulus = Mod, 
-						     rsa_exponent = Exp}, 
-			 signed_params = Sig}; 	
+%% Uncomment if support for export ciphers is added.
+%% dec_hs(?SERVER_KEY_EXCHANGE, <<?UINT16(ModLen), Mod:ModLen/binary,
+%% 			      ?UINT16(ExpLen),  Exp:ExpLen/binary,
+%% 			      ?UINT16(_),  Sig/binary>>,
+%%        ?KEY_EXCHANGE_RSA, _) ->
+%%     #server_key_exchange{params = #server_rsa_params{rsa_modulus = Mod, 
+%% 						     rsa_exponent = Exp}, 
+%% 			 signed_params = Sig}; 	
 dec_hs(?SERVER_KEY_EXCHANGE, <<?UINT16(PLen), P:PLen/binary,
 			      ?UINT16(GLen), G:GLen/binary,
 			      ?UINT16(YLen), Y:YLen/binary,
@@ -952,16 +953,17 @@ enc_hs(#certificate{asn1_certificates = ASN1CertList}, _Version, _) ->
     ASN1Certs = certs_from_list(ASN1CertList),
     ACLen = erlang:iolist_size(ASN1Certs),
     {?CERTIFICATE, <<?UINT24(ACLen), ASN1Certs:ACLen/binary>>};
-enc_hs(#server_key_exchange{params = #server_rsa_params{rsa_modulus = Mod,
-							rsa_exponent = Exp},
-			    signed_params = SignedParams}, _Version, _) -> 
-    ModLen = byte_size(Mod),
-    ExpLen = byte_size(Exp),
-    SignedLen = byte_size(SignedParams),
-    {?SERVER_KEY_EXCHANGE, <<?UINT16(ModLen),Mod/binary,
-			    ?UINT16(ExpLen), Exp/binary,
-			    ?UINT16(SignedLen), SignedParams/binary>>
-    };
+%% Uncomment if support for export ciphers is added.
+%% enc_hs(#server_key_exchange{params = #server_rsa_params{rsa_modulus = Mod,
+%% 							rsa_exponent = Exp},
+%% 			    signed_params = SignedParams}, _Version, _) -> 
+%%     ModLen = byte_size(Mod),
+%%     ExpLen = byte_size(Exp),
+%%     SignedLen = byte_size(SignedParams),
+%%     {?SERVER_KEY_EXCHANGE, <<?UINT16(ModLen),Mod/binary,
+%% 			    ?UINT16(ExpLen), Exp/binary,
+%% 			    ?UINT16(SignedLen), SignedParams/binary>>
+%%     };
 enc_hs(#server_key_exchange{params = #server_dh_params{
 			      dh_p = P, dh_g = G, dh_y = Y},
 	signed_params = SignedParams}, _Version, _) ->
-- 
cgit v1.2.3