diff options
author | beck <> | 2016-01-27 02:09:53 +0000 |
---|---|---|
committer | beck <> | 2016-01-27 02:09:53 +0000 |
commit | 25f4d07affe0edbe0362e926e3ae2ba28e740c4b (patch) | |
tree | dde249b6c28c49ecba068ea0a976127bbe2a06a9 | |
parent | 5837cda8af304800512d2def015ab12394c018e1 (diff) | |
download | openbsd-25f4d07affe0edbe0362e926e3ae2ba28e740c4b.tar.gz openbsd-25f4d07affe0edbe0362e926e3ae2ba28e740c4b.tar.bz2 openbsd-25f4d07affe0edbe0362e926e3ae2ba28e740c4b.zip |
deprecate SSL_OP_SINGLE_DH_USE
ok jsing@
-rw-r--r-- | src/lib/libssl/src/ssl/s3_lib.c | 18 | ||||
-rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 25 |
2 files changed, 6 insertions, 37 deletions
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index c8bdac0214..ea4fffa55c 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: s3_lib.c,v 1.99 2015/07/19 06:23:51 doug Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.99.4.1 2016/01/27 02:09:51 beck Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -2172,14 +2172,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
2172 | ERR_R_DH_LIB); | 2172 | ERR_R_DH_LIB); |
2173 | return (ret); | 2173 | return (ret); |
2174 | } | 2174 | } |
2175 | if (!(s->options & SSL_OP_SINGLE_DH_USE)) { | ||
2176 | if (!DH_generate_key(dh)) { | ||
2177 | DH_free(dh); | ||
2178 | SSLerr(SSL_F_SSL3_CTRL, | ||
2179 | ERR_R_DH_LIB); | ||
2180 | return (ret); | ||
2181 | } | ||
2182 | } | ||
2183 | DH_free(s->cert->dh_tmp); | 2175 | DH_free(s->cert->dh_tmp); |
2184 | s->cert->dh_tmp = dh; | 2176 | s->cert->dh_tmp = dh; |
2185 | ret = 1; | 2177 | ret = 1; |
@@ -2363,14 +2355,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
2363 | ERR_R_DH_LIB); | 2355 | ERR_R_DH_LIB); |
2364 | return 0; | 2356 | return 0; |
2365 | } | 2357 | } |
2366 | if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { | ||
2367 | if (!DH_generate_key(new)) { | ||
2368 | SSLerr(SSL_F_SSL3_CTX_CTRL, | ||
2369 | ERR_R_DH_LIB); | ||
2370 | DH_free(new); | ||
2371 | return 0; | ||
2372 | } | ||
2373 | } | ||
2374 | DH_free(cert->dh_tmp); | 2358 | DH_free(cert->dh_tmp); |
2375 | cert->dh_tmp = new; | 2359 | cert->dh_tmp = new; |
2376 | return 1; | 2360 | return 1; |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 7d2ec4d132..1081a7aae7 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: s3_srvr.c,v 1.112 2015/07/29 19:16:09 miod Exp $ */ | 1 | /* $OpenBSD: s3_srvr.c,v 1.112.4.1 2016/01/27 02:09:51 beck Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -1292,25 +1292,10 @@ ssl3_send_server_key_exchange(SSL *s) | |||
1292 | goto err; | 1292 | goto err; |
1293 | } | 1293 | } |
1294 | s->s3->tmp.dh = dh; | 1294 | s->s3->tmp.dh = dh; |
1295 | 1295 | if (!DH_generate_key(dh)) { | |
1296 | if ((dhp->pub_key == NULL || dhp->priv_key == NULL || | 1296 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, |
1297 | (s->options & SSL_OP_SINGLE_DH_USE))) { | 1297 | ERR_R_DH_LIB); |
1298 | if (!DH_generate_key(dh)) { | 1298 | goto err; |
1299 | SSLerr( | ||
1300 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
1301 | ERR_R_DH_LIB); | ||
1302 | goto err; | ||
1303 | } | ||
1304 | } else { | ||
1305 | dh->pub_key = BN_dup(dhp->pub_key); | ||
1306 | dh->priv_key = BN_dup(dhp->priv_key); | ||
1307 | if ((dh->pub_key == NULL) || | ||
1308 | (dh->priv_key == NULL)) { | ||
1309 | SSLerr( | ||
1310 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
1311 | ERR_R_DH_LIB); | ||
1312 | goto err; | ||
1313 | } | ||
1314 | } | 1299 | } |
1315 | r[0] = dh->p; | 1300 | r[0] = dh->p; |
1316 | r[1] = dh->g; | 1301 | r[1] = dh->g; |