diff options
| author | jsing <> | 2022-01-07 16:45:06 +0000 |
|---|---|---|
| committer | jsing <> | 2022-01-07 16:45:06 +0000 |
| commit | 2c1d085f7eb5453e4fb95d057e86c38c946db67c (patch) | |
| tree | 7e6b16ad127edd4e8e0cceddf4c00ec784c29233 | |
| parent | 2c6556e224486550bce48b776ee3df483e7fffcb (diff) | |
| download | openbsd-2c1d085f7eb5453e4fb95d057e86c38c946db67c.tar.gz openbsd-2c1d085f7eb5453e4fb95d057e86c38c946db67c.tar.bz2 openbsd-2c1d085f7eb5453e4fb95d057e86c38c946db67c.zip | |
Rename dh_tmp to dhe_params.
Support for non-ephemeral DH was removed a long time ago - as such, the
dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect
reality.
ok inoguchi@ tb@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 31 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 16 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_srvr.c | 10 |
5 files changed, 39 insertions, 33 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 899432e947..1ede113cbb 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.222 2022/01/07 15:46:30 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.223 2022/01/07 16:45:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1708,20 +1708,20 @@ _SSL_total_renegotiations(SSL *s) | |||
| 1708 | static int | 1708 | static int |
| 1709 | _SSL_set_tmp_dh(SSL *s, DH *dh) | 1709 | _SSL_set_tmp_dh(SSL *s, DH *dh) |
| 1710 | { | 1710 | { |
| 1711 | DH *dh_tmp; | 1711 | DH *dhe_params; |
| 1712 | 1712 | ||
| 1713 | if (dh == NULL) { | 1713 | if (dh == NULL) { |
| 1714 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); | 1714 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); |
| 1715 | return 0; | 1715 | return 0; |
| 1716 | } | 1716 | } |
| 1717 | 1717 | ||
| 1718 | if ((dh_tmp = DHparams_dup(dh)) == NULL) { | 1718 | if ((dhe_params = DHparams_dup(dh)) == NULL) { |
| 1719 | SSLerror(s, ERR_R_DH_LIB); | 1719 | SSLerror(s, ERR_R_DH_LIB); |
| 1720 | return 0; | 1720 | return 0; |
| 1721 | } | 1721 | } |
| 1722 | 1722 | ||
| 1723 | DH_free(s->cert->dh_tmp); | 1723 | DH_free(s->cert->dhe_params); |
| 1724 | s->cert->dh_tmp = dh_tmp; | 1724 | s->cert->dhe_params = dhe_params; |
| 1725 | 1725 | ||
| 1726 | return 1; | 1726 | return 1; |
| 1727 | } | 1727 | } |
| @@ -1729,7 +1729,7 @@ _SSL_set_tmp_dh(SSL *s, DH *dh) | |||
| 1729 | static int | 1729 | static int |
| 1730 | _SSL_set_dh_auto(SSL *s, int state) | 1730 | _SSL_set_dh_auto(SSL *s, int state) |
| 1731 | { | 1731 | { |
| 1732 | s->cert->dh_tmp_auto = state; | 1732 | s->cert->dhe_params_auto = state; |
| 1733 | return 1; | 1733 | return 1; |
| 1734 | } | 1734 | } |
| 1735 | 1735 | ||
| @@ -2122,7 +2122,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | |||
| 2122 | return 0; | 2122 | return 0; |
| 2123 | 2123 | ||
| 2124 | case SSL_CTRL_SET_TMP_DH_CB: | 2124 | case SSL_CTRL_SET_TMP_DH_CB: |
| 2125 | s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | 2125 | s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp; |
| 2126 | return 1; | 2126 | return 1; |
| 2127 | 2127 | ||
| 2128 | case SSL_CTRL_SET_TMP_ECDH_CB: | 2128 | case SSL_CTRL_SET_TMP_ECDH_CB: |
| @@ -2140,15 +2140,20 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | |||
| 2140 | static int | 2140 | static int |
| 2141 | _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) | 2141 | _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) |
| 2142 | { | 2142 | { |
| 2143 | DH *dh_tmp; | 2143 | DH *dhe_params; |
| 2144 | 2144 | ||
| 2145 | if ((dh_tmp = DHparams_dup(dh)) == NULL) { | 2145 | if (dh == NULL) { |
| 2146 | SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); | ||
| 2147 | return 0; | ||
| 2148 | } | ||
| 2149 | |||
| 2150 | if ((dhe_params = DHparams_dup(dh)) == NULL) { | ||
| 2146 | SSLerrorx(ERR_R_DH_LIB); | 2151 | SSLerrorx(ERR_R_DH_LIB); |
| 2147 | return 0; | 2152 | return 0; |
| 2148 | } | 2153 | } |
| 2149 | 2154 | ||
| 2150 | DH_free(ctx->internal->cert->dh_tmp); | 2155 | DH_free(ctx->internal->cert->dhe_params); |
| 2151 | ctx->internal->cert->dh_tmp = dh_tmp; | 2156 | ctx->internal->cert->dhe_params = dhe_params; |
| 2152 | 2157 | ||
| 2153 | return 1; | 2158 | return 1; |
| 2154 | } | 2159 | } |
| @@ -2156,7 +2161,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) | |||
| 2156 | static int | 2161 | static int |
| 2157 | _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) | 2162 | _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) |
| 2158 | { | 2163 | { |
| 2159 | ctx->internal->cert->dh_tmp_auto = state; | 2164 | ctx->internal->cert->dhe_params_auto = state; |
| 2160 | return 1; | 2165 | return 1; |
| 2161 | } | 2166 | } |
| 2162 | 2167 | ||
| @@ -2443,7 +2448,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | |||
| 2443 | return 0; | 2448 | return 0; |
| 2444 | 2449 | ||
| 2445 | case SSL_CTRL_SET_TMP_DH_CB: | 2450 | case SSL_CTRL_SET_TMP_DH_CB: |
| 2446 | ctx->internal->cert->dh_tmp_cb = | 2451 | ctx->internal->cert->dhe_params_cb = |
| 2447 | (DH *(*)(SSL *, int, int))fp; | 2452 | (DH *(*)(SSL *, int, int))fp; |
| 2448 | return 1; | 2453 | return 1; |
| 2449 | 2454 | ||
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index faa9886b90..173e217c8f 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.90 2022/01/07 15:56:33 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_cert.c,v 1.91 2022/01/07 16:45:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -195,15 +195,15 @@ ssl_cert_dup(CERT *cert) | |||
| 195 | ret->mask_k = cert->mask_k; | 195 | ret->mask_k = cert->mask_k; |
| 196 | ret->mask_a = cert->mask_a; | 196 | ret->mask_a = cert->mask_a; |
| 197 | 197 | ||
| 198 | if (cert->dh_tmp != NULL) { | 198 | if (cert->dhe_params != NULL) { |
| 199 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | 199 | ret->dhe_params = DHparams_dup(cert->dhe_params); |
| 200 | if (ret->dh_tmp == NULL) { | 200 | if (ret->dhe_params == NULL) { |
| 201 | SSLerrorx(ERR_R_DH_LIB); | 201 | SSLerrorx(ERR_R_DH_LIB); |
| 202 | goto err; | 202 | goto err; |
| 203 | } | 203 | } |
| 204 | } | 204 | } |
| 205 | ret->dh_tmp_cb = cert->dh_tmp_cb; | 205 | ret->dhe_params_cb = cert->dhe_params_cb; |
| 206 | ret->dh_tmp_auto = cert->dh_tmp_auto; | 206 | ret->dhe_params_auto = cert->dhe_params_auto; |
| 207 | 207 | ||
| 208 | for (i = 0; i < SSL_PKEY_NUM; i++) { | 208 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 209 | if (cert->pkeys[i].x509 != NULL) { | 209 | if (cert->pkeys[i].x509 != NULL) { |
| @@ -256,7 +256,7 @@ ssl_cert_dup(CERT *cert) | |||
| 256 | return (ret); | 256 | return (ret); |
| 257 | 257 | ||
| 258 | err: | 258 | err: |
| 259 | DH_free(ret->dh_tmp); | 259 | DH_free(ret->dhe_params); |
| 260 | 260 | ||
| 261 | for (i = 0; i < SSL_PKEY_NUM; i++) { | 261 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 262 | X509_free(ret->pkeys[i].x509); | 262 | X509_free(ret->pkeys[i].x509); |
| @@ -280,7 +280,7 @@ ssl_cert_free(CERT *c) | |||
| 280 | if (i > 0) | 280 | if (i > 0) |
| 281 | return; | 281 | return; |
| 282 | 282 | ||
| 283 | DH_free(c->dh_tmp); | 283 | DH_free(c->dhe_params); |
| 284 | 284 | ||
| 285 | for (i = 0; i < SSL_PKEY_NUM; i++) { | 285 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 286 | X509_free(c->pkeys[i].x509); | 286 | X509_free(c->pkeys[i].x509); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index a0d3d05775..4fe7fb58dc 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.280 2021/12/04 14:03:22 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.281 2022/01/07 16:45:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2198,7 +2198,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2198 | mask_a = SSL_aNULL | SSL_aTLS1_3; | 2198 | mask_a = SSL_aNULL | SSL_aTLS1_3; |
| 2199 | mask_k = SSL_kECDHE | SSL_kTLS1_3; | 2199 | mask_k = SSL_kECDHE | SSL_kTLS1_3; |
| 2200 | 2200 | ||
| 2201 | if (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto != 0) | 2201 | if (c->dhe_params != NULL || c->dhe_params_cb != NULL || |
| 2202 | c->dhe_params_auto != 0) | ||
| 2202 | mask_k |= SSL_kDHE; | 2203 | mask_k |= SSL_kDHE; |
| 2203 | 2204 | ||
| 2204 | cpk = &(c->pkeys[SSL_PKEY_ECC]); | 2205 | cpk = &(c->pkeys[SSL_PKEY_ECC]); |
| @@ -2324,7 +2325,7 @@ ssl_dhe_params_auto_key_bits(SSL *s) | |||
| 2324 | CERT_PKEY *cpk; | 2325 | CERT_PKEY *cpk; |
| 2325 | int key_bits; | 2326 | int key_bits; |
| 2326 | 2327 | ||
| 2327 | if (s->cert->dh_tmp_auto == 2) { | 2328 | if (s->cert->dhe_params_auto == 2) { |
| 2328 | key_bits = 1024; | 2329 | key_bits = 1024; |
| 2329 | } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { | 2330 | } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) { |
| 2330 | key_bits = 1024; | 2331 | key_bits = 1024; |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index cc7b342247..5361704d70 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.375 2022/01/07 15:46:30 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.376 2022/01/07 16:45:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1212,9 +1212,9 @@ typedef struct cert_st { | |||
| 1212 | unsigned long mask_k; | 1212 | unsigned long mask_k; |
| 1213 | unsigned long mask_a; | 1213 | unsigned long mask_a; |
| 1214 | 1214 | ||
| 1215 | DH *dh_tmp; | 1215 | DH *dhe_params; |
| 1216 | DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); | 1216 | DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize); |
| 1217 | int dh_tmp_auto; | 1217 | int dhe_params_auto; |
| 1218 | 1218 | ||
| 1219 | CERT_PKEY pkeys[SSL_PKEY_NUM]; | 1219 | CERT_PKEY pkeys[SSL_PKEY_NUM]; |
| 1220 | 1220 | ||
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index b66a2c108d..9fad66b91a 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_srvr.c,v 1.131 2022/01/07 15:46:30 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_srvr.c,v 1.132 2022/01/07 16:45:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1315,7 +1315,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) | |||
| 1315 | if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL) | 1315 | if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL) |
| 1316 | goto err; | 1316 | goto err; |
| 1317 | 1317 | ||
| 1318 | if (s->cert->dh_tmp_auto != 0) { | 1318 | if (s->cert->dhe_params_auto != 0) { |
| 1319 | size_t key_bits; | 1319 | size_t key_bits; |
| 1320 | 1320 | ||
| 1321 | if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) { | 1321 | if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) { |
| @@ -1327,10 +1327,10 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb) | |||
| 1327 | tls_key_share_set_key_bits(S3I(s)->hs.key_share, | 1327 | tls_key_share_set_key_bits(S3I(s)->hs.key_share, |
| 1328 | key_bits); | 1328 | key_bits); |
| 1329 | } else { | 1329 | } else { |
| 1330 | DH *dh_params = s->cert->dh_tmp; | 1330 | DH *dh_params = s->cert->dhe_params; |
| 1331 | 1331 | ||
| 1332 | if (dh_params == NULL && s->cert->dh_tmp_cb != NULL) | 1332 | if (dh_params == NULL && s->cert->dhe_params_cb != NULL) |
| 1333 | dh_params = s->cert->dh_tmp_cb(s, 0, | 1333 | dh_params = s->cert->dhe_params_cb(s, 0, |
| 1334 | SSL_C_PKEYLENGTH(S3I(s)->hs.cipher)); | 1334 | SSL_C_PKEYLENGTH(S3I(s)->hs.cipher)); |
| 1335 | 1335 | ||
| 1336 | if (dh_params == NULL) { | 1336 | if (dh_params == NULL) { |