summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbeck <>2016-01-27 02:11:36 +0000
committerbeck <>2016-01-27 02:11:36 +0000
commitc982bc5d2443b7bdba62e86f16bbb7862376eecd (patch)
tree653011dc16412153bdf64b36b8b507f9d3488044
parent58485e4681efae946fc202175369e8b0c6da453e (diff)
downloadopenbsd-OPENBSD_5_7.tar.gz
openbsd-OPENBSD_5_7.tar.bz2
openbsd-OPENBSD_5_7.zip
deprecate SSL_OP_SINGLE_DH_USElibressl-v2.1.10OPENBSD_5_7
ok jsing@
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c18
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c25
2 files changed, 6 insertions, 37 deletions
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index c6062934dc..c31486d477 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.95 2015/02/08 22:06:49 miod Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.95.4.1 2016/01/27 02:11:34 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2176,14 +2176,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2176 ERR_R_DH_LIB); 2176 ERR_R_DH_LIB);
2177 return (ret); 2177 return (ret);
2178 } 2178 }
2179 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
2180 if (!DH_generate_key(dh)) {
2181 DH_free(dh);
2182 SSLerr(SSL_F_SSL3_CTRL,
2183 ERR_R_DH_LIB);
2184 return (ret);
2185 }
2186 }
2187 DH_free(s->cert->dh_tmp); 2179 DH_free(s->cert->dh_tmp);
2188 s->cert->dh_tmp = dh; 2180 s->cert->dh_tmp = dh;
2189 ret = 1; 2181 ret = 1;
@@ -2367,14 +2359,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2367 ERR_R_DH_LIB); 2359 ERR_R_DH_LIB);
2368 return 0; 2360 return 0;
2369 } 2361 }
2370 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
2371 if (!DH_generate_key(new)) {
2372 SSLerr(SSL_F_SSL3_CTX_CTRL,
2373 ERR_R_DH_LIB);
2374 DH_free(new);
2375 return 0;
2376 }
2377 }
2378 DH_free(cert->dh_tmp); 2362 DH_free(cert->dh_tmp);
2379 cert->dh_tmp = new; 2363 cert->dh_tmp = new;
2380 return 1; 2364 return 1;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 0bff0204d9..1b83711143 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.100 2015/02/25 03:49:21 bcook Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.100.4.1 2016/01/27 02:11:34 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1367,25 +1367,10 @@ ssl3_send_server_key_exchange(SSL *s)
1367 goto err; 1367 goto err;
1368 } 1368 }
1369 s->s3->tmp.dh = dh; 1369 s->s3->tmp.dh = dh;
1370 1370 if (!DH_generate_key(dh)) {
1371 if ((dhp->pub_key == NULL || dhp->priv_key == NULL || 1371 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1372 (s->options & SSL_OP_SINGLE_DH_USE))) { 1372 ERR_R_DH_LIB);
1373 if (!DH_generate_key(dh)) { 1373 goto err;
1374 SSLerr(
1375 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1376 ERR_R_DH_LIB);
1377 goto err;
1378 }
1379 } else {
1380 dh->pub_key = BN_dup(dhp->pub_key);
1381 dh->priv_key = BN_dup(dhp->priv_key);
1382 if ((dh->pub_key == NULL) ||
1383 (dh->priv_key == NULL)) {
1384 SSLerr(
1385 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1386 ERR_R_DH_LIB);
1387 goto err;
1388 }
1389 } 1374 }
1390 r[0] = dh->p; 1375 r[0] = dh->p;
1391 r[1] = dh->g; 1376 r[1] = dh->g;