summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbeck <>2016-01-27 02:09:53 +0000
committerbeck <>2016-01-27 02:09:53 +0000
commit25f4d07affe0edbe0362e926e3ae2ba28e740c4b (patch)
treedde249b6c28c49ecba068ea0a976127bbe2a06a9
parent5837cda8af304800512d2def015ab12394c018e1 (diff)
downloadopenbsd-25f4d07affe0edbe0362e926e3ae2ba28e740c4b.tar.gz
openbsd-25f4d07affe0edbe0362e926e3ae2ba28e740c4b.tar.bz2
openbsd-25f4d07affe0edbe0362e926e3ae2ba28e740c4b.zip
deprecate SSL_OP_SINGLE_DH_USE
ok jsing@
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c18
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c25
2 files changed, 6 insertions, 37 deletions
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index c8bdac0214..ea4fffa55c 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.99 2015/07/19 06:23:51 doug Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.99.4.1 2016/01/27 02:09:51 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2172,14 +2172,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2172 ERR_R_DH_LIB); 2172 ERR_R_DH_LIB);
2173 return (ret); 2173 return (ret);
2174 } 2174 }
2175 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
2176 if (!DH_generate_key(dh)) {
2177 DH_free(dh);
2178 SSLerr(SSL_F_SSL3_CTRL,
2179 ERR_R_DH_LIB);
2180 return (ret);
2181 }
2182 }
2183 DH_free(s->cert->dh_tmp); 2175 DH_free(s->cert->dh_tmp);
2184 s->cert->dh_tmp = dh; 2176 s->cert->dh_tmp = dh;
2185 ret = 1; 2177 ret = 1;
@@ -2363,14 +2355,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2363 ERR_R_DH_LIB); 2355 ERR_R_DH_LIB);
2364 return 0; 2356 return 0;
2365 } 2357 }
2366 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
2367 if (!DH_generate_key(new)) {
2368 SSLerr(SSL_F_SSL3_CTX_CTRL,
2369 ERR_R_DH_LIB);
2370 DH_free(new);
2371 return 0;
2372 }
2373 }
2374 DH_free(cert->dh_tmp); 2358 DH_free(cert->dh_tmp);
2375 cert->dh_tmp = new; 2359 cert->dh_tmp = new;
2376 return 1; 2360 return 1;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 7d2ec4d132..1081a7aae7 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.112 2015/07/29 19:16:09 miod Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.112.4.1 2016/01/27 02:09:51 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1292,25 +1292,10 @@ ssl3_send_server_key_exchange(SSL *s)
1292 goto err; 1292 goto err;
1293 } 1293 }
1294 s->s3->tmp.dh = dh; 1294 s->s3->tmp.dh = dh;
1295 1295 if (!DH_generate_key(dh)) {
1296 if ((dhp->pub_key == NULL || dhp->priv_key == NULL || 1296 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1297 (s->options & SSL_OP_SINGLE_DH_USE))) { 1297 ERR_R_DH_LIB);
1298 if (!DH_generate_key(dh)) { 1298 goto err;
1299 SSLerr(
1300 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1301 ERR_R_DH_LIB);
1302 goto err;
1303 }
1304 } else {
1305 dh->pub_key = BN_dup(dhp->pub_key);
1306 dh->priv_key = BN_dup(dhp->priv_key);
1307 if ((dh->pub_key == NULL) ||
1308 (dh->priv_key == NULL)) {
1309 SSLerr(
1310 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1311 ERR_R_DH_LIB);
1312 goto err;
1313 }
1314 } 1299 }
1315 r[0] = dh->p; 1300 r[0] = dh->p;
1316 r[1] = dh->g; 1301 r[1] = dh->g;