deprecate SSL_OP_SINGLE_DH_USElibressl-v2.1.10 OPENBSD_5_7

ok jsing@
author: beck <> 2016-01-27 02:11:36 +0000
committer: beck <> 2016-01-27 02:11:36 +0000
commit: c982bc5d2443b7bdba62e86f16bbb7862376eecd (patch)
tree: 653011dc16412153bdf64b36b8b507f9d3488044
parent: 58485e4681efae946fc202175369e8b0c6da453e (diff)
download: openbsd-OPENBSD_5_7.tar.gz
openbsd-OPENBSD_5_7.tar.bz2
openbsd-OPENBSD_5_7.zip
2 files changed, 6 insertions, 37 deletions
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index c6062934dc..c31486d477 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.95 2015/02/08 22:06:49 miod Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.95.4.1 2016/01/27 02:11:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2176,14 +2176,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                                    ERR_R_DH_LIB);
                                return (ret);
                        }
-                        if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
-                                if (!DH_generate_key(dh)) {
-                                        DH_free(dh);
-                                        SSLerr(SSL_F_SSL3_CTRL,
-                                            ERR_R_DH_LIB);
-                                        return (ret);
-                                }
-                        }
                        DH_free(s->cert->dh_tmp);
                        s->cert->dh_tmp = dh;
                        ret = 1;
@@ -2367,14 +2359,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                                    ERR_R_DH_LIB);
                                return 0;
                        }
-                        if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
-                                if (!DH_generate_key(new)) {
-                                        SSLerr(SSL_F_SSL3_CTX_CTRL,
-                                            ERR_R_DH_LIB);
-                                        DH_free(new);
-                                        return 0;
-                                }
-                        }
                        DH_free(cert->dh_tmp);
                        cert->dh_tmp = new;
                        return 1;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 0bff0204d9..1b83711143 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.100 2015/02/25 03:49:21 bcook Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.100.4.1 2016/01/27 02:11:34 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1367,25 +1367,10 @@ ssl3_send_server_key_exchange(SSL *s)
                                goto err;
                        }
                        s->s3->tmp.dh = dh;
+                        if (!DH_generate_key(dh)) {
-                        if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                            (s->options & SSL_OP_SINGLE_DH_USE))) {
+                                    ERR_R_DH_LIB);
-                                if (!DH_generate_key(dh)) {
+                                goto err;
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            ERR_R_DH_LIB);
-                                        goto err;
-                                }
-                        } else {
-                                dh->pub_key = BN_dup(dhp->pub_key);
-                                dh->priv_key = BN_dup(dhp->priv_key);
-                                if ((dh->pub_key == NULL) ||
-                                        (dh->priv_key == NULL)) {
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            ERR_R_DH_LIB);
-                                        goto err;
-                                }
                        }
                        r[0] = dh->p;
                        r[1] = dh->g;
author	beck <>	2016-01-27 02:11:36 +0000
committer	beck <>	2016-01-27 02:11:36 +0000
commit	c982bc5d2443b7bdba62e86f16bbb7862376eecd (patch)
tree	653011dc16412153bdf64b36b8b507f9d3488044
parent	58485e4681efae946fc202175369e8b0c6da453e (diff)
download	openbsd-OPENBSD_5_7.tar.gz openbsd-OPENBSD_5_7.tar.bz2 openbsd-OPENBSD_5_7.zip

diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index c6062934dc..c31486d477 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.95 2015/02/08 22:06:49 miod Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.95.4.1 2016/01/27 02:11:34 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2176,14 +2176,6 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
2176	ERR_R_DH_LIB);	2176	ERR_R_DH_LIB);
2177	return (ret);	2177	return (ret);
2178	}	2178	}
2179	if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
2180	if (!DH_generate_key(dh)) {
2181	DH_free(dh);
2182	SSLerr(SSL_F_SSL3_CTRL,
2183	ERR_R_DH_LIB);
2184	return (ret);
2185	}
2186	}
2187	DH_free(s->cert->dh_tmp);	2179	DH_free(s->cert->dh_tmp);
2188	s->cert->dh_tmp = dh;	2180	s->cert->dh_tmp = dh;
2189	ret = 1;	2181	ret = 1;
@@ -2367,14 +2359,6 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2367	ERR_R_DH_LIB);	2359	ERR_R_DH_LIB);
2368	return 0;	2360	return 0;
2369	}	2361	}
2370	if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
2371	if (!DH_generate_key(new)) {
2372	SSLerr(SSL_F_SSL3_CTX_CTRL,
2373	ERR_R_DH_LIB);
2374	DH_free(new);
2375	return 0;
2376	}
2377	}
2378	DH_free(cert->dh_tmp);	2362	DH_free(cert->dh_tmp);
2379	cert->dh_tmp = new;	2363	cert->dh_tmp = new;
2380	return 1;	2364	return 1;


diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 0bff0204d9..1b83711143 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.100 2015/02/25 03:49:21 bcook Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.100.4.1 2016/01/27 02:11:34 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1367,25 +1367,10 @@ ssl3_send_server_key_exchange(SSL *s)
1367	goto err;	1367	goto err;
1368	}	1368	}
1369	s->s3->tmp.dh = dh;	1369	s->s3->tmp.dh = dh;
1370		1370	if (!DH_generate_key(dh)) {
1371	if ((dhp->pub_key == NULL \|\| dhp->priv_key == NULL \|\|	1371	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1372	(s->options & SSL_OP_SINGLE_DH_USE))) {	1372	ERR_R_DH_LIB);
1373	if (!DH_generate_key(dh)) {	1373	goto err;
1374	SSLerr(
1375	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1376	ERR_R_DH_LIB);
1377	goto err;
1378	}
1379	} else {
1380	dh->pub_key = BN_dup(dhp->pub_key);
1381	dh->priv_key = BN_dup(dhp->priv_key);
1382	if ((dh->pub_key == NULL) \|\|
1383	(dh->priv_key == NULL)) {
1384	SSLerr(
1385	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1386	ERR_R_DH_LIB);
1387	goto err;
1388	}
1389	}	1374	}
1390	r[0] = dh->p;	1375	r[0] = dh->p;
1391	r[1] = dh->g;	1376	r[1] = dh->g;