Mop up ecdh_tmp, since it is no longer used.

ok bluhm@ tb@

3 files changed, 4 insertions, 25 deletions

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index a01f484578..567d8ea21f 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.67 2018/04/25 07:10:39 tb Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.68 2018/11/05 03:49:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -234,14 +234,6 @@ ssl_cert_dup(CERT *cert)
         ret->dh_tmp_cb = cert->dh_tmp_cb;
         ret->dh_tmp_auto = cert->dh_tmp_auto;
 
-        if (cert->ecdh_tmp) {
-                ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
-                if (ret->ecdh_tmp == NULL) {
-                        SSLerrorx(ERR_R_EC_LIB);
-                        goto err;
-                }
-        }
-
         for (i = 0; i < SSL_PKEY_NUM; i++) {
                 if (cert->pkeys[i].x509 != NULL) {
                         ret->pkeys[i].x509 = cert->pkeys[i].x509;
@@ -297,7 +289,6 @@ ssl_cert_dup(CERT *cert)
 
 err:
         DH_free(ret->dh_tmp);
-        EC_KEY_free(ret->ecdh_tmp);
 
         for (i = 0; i < SSL_PKEY_NUM; i++) {
                 X509_free(ret->pkeys[i].x509);
@@ -321,7 +312,6 @@ ssl_cert_free(CERT *c)
                 return;
 
         DH_free(c->dh_tmp);
-        EC_KEY_free(c->ecdh_tmp);
 
         for (i = 0; i < SSL_PKEY_NUM; i++) {
                 X509_free(c->pkeys[i].x509);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 9a018547ab..8cedc29490 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.216 2018/10/24 18:04:50 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.217 2018/11/05 03:49:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -947,8 +947,6 @@ typedef struct cert_st {
         DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
         int dh_tmp_auto;
 
-        EC_KEY *ecdh_tmp;
-
         CERT_PKEY pkeys[SSL_PKEY_NUM];
 
         int references; /* >1 only if SSL_copy_session_id is used */
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 0a00e4da7f..30305e6b2f 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.144 2018/08/24 18:10:25 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.145 2018/11/05 03:49:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -608,20 +608,11 @@ tls1_check_ec_server_key(SSL *s)
 int
 tls1_check_ec_tmp_key(SSL *s)
 {
-        EC_KEY *ec = s->cert->ecdh_tmp;
-        uint16_t curve_id;
-
         /* Need a shared curve. */
         if (tls1_get_shared_curve(s) != NID_undef)
                 return (1);
 
-        if (ec == NULL)
-                return (0);
-
-        if (tls1_set_ec_id(&curve_id, NULL, ec) != 1)
-                return (0);
-
-        return tls1_check_ec_key(s, &curve_id, NULL);
+        return (0);
 }
 
 /*