summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-12-06 14:24:26 +0000
committerjsing <>2014-12-06 14:24:26 +0000
commit7b858dee1df9a704b4fd1755b70c8f53352dcbeb (patch)
tree16f00a61036316c6d0afc1976c7e1dfaf932cde4
parenta657ba9d9f7c27a3001f24d121b111838c1dc856 (diff)
downloadopenbsd-7b858dee1df9a704b4fd1755b70c8f53352dcbeb.tar.gz
openbsd-7b858dee1df9a704b4fd1755b70c8f53352dcbeb.tar.bz2
openbsd-7b858dee1df9a704b4fd1755b70c8f53352dcbeb.zip
Remove client handling of RSA in ServerKeyExchange messages, along with
the associated peer_rsa_tmp goop. This was only needed for export cipher handling and intentional RFC violations. The export cipher suites have already been removed and previous cleanup means that we will never send ServerKeyExchange messages from the server side for RSA.
Diffstat
-rw-r--r--src/lib/libssl/d1_clnt.c24
-rw-r--r--src/lib/libssl/s3_clnt.c95
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c24
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c95
-rw-r--r--src/lib/libssl/src/ssl/ssl_cert.c3
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/ssl_cert.c3
-rw-r--r--src/lib/libssl/ssl_locl.h3
8 files changed, 52 insertions, 198 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index de5721851e..a73995ccda 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.38 2014/11/27 16:03:03 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.39 2014/12/06 14:24:26 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -946,20 +946,16 @@ dtls1_send_client_key_exchange(SSL *s)
946 RSA *rsa; 946 RSA *rsa;
947 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 947 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
948 948
949 if (s->session->sess_cert->peer_rsa_tmp != NULL) 949 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
950 rsa = s->session->sess_cert->peer_rsa_tmp; 950 if ((pkey == NULL) ||
951 else { 951 (pkey->type != EVP_PKEY_RSA) ||
952 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 952 (pkey->pkey.rsa == NULL)) {
953 if ((pkey == NULL) || 953 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
954 (pkey->type != EVP_PKEY_RSA) || 954 ERR_R_INTERNAL_ERROR);
955 (pkey->pkey.rsa == NULL)) { 955 goto err;
956 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
957 ERR_R_INTERNAL_ERROR);
958 goto err;
959 }
960 rsa = pkey->pkey.rsa;
961 EVP_PKEY_free(pkey);
962 } 956 }
957 rsa = pkey->pkey.rsa;
958 EVP_PKEY_free(pkey);
963 959
964 tmp_buf[0] = s->client_version >> 8; 960 tmp_buf[0] = s->client_version >> 8;
965 tmp_buf[1] = s->client_version&0xff; 961 tmp_buf[1] = s->client_version&0xff;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 1b94200f14..b3dbe32745 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.97 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1191,9 +1191,6 @@ ssl3_get_key_exchange(SSL *s)
1191 1191
1192 param = p = (unsigned char *)s->init_msg; 1192 param = p = (unsigned char *)s->init_msg;
1193 if (s->session->sess_cert != NULL) { 1193 if (s->session->sess_cert != NULL) {
1194 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1195 s->session->sess_cert->peer_rsa_tmp = NULL;
1196
1197 DH_free(s->session->sess_cert->peer_dh_tmp); 1194 DH_free(s->session->sess_cert->peer_dh_tmp);
1198 s->session->sess_cert->peer_dh_tmp = NULL; 1195 s->session->sess_cert->peer_dh_tmp = NULL;
1199 1196
@@ -1210,63 +1207,7 @@ ssl3_get_key_exchange(SSL *s)
1210 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1207 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1211 EVP_MD_CTX_init(&md_ctx); 1208 EVP_MD_CTX_init(&md_ctx);
1212 1209
1213 if (alg_k & SSL_kRSA) { 1210 if (alg_k & SSL_kDHE) {
1214 if ((rsa = RSA_new()) == NULL) {
1215 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1216 ERR_R_MALLOC_FAILURE);
1217 goto err;
1218 }
1219 if (2 > n)
1220 goto truncated;
1221 n2s(p, i);
1222 param_len = i + 2;
1223 if (param_len > n) {
1224 al = SSL_AD_DECODE_ERROR;
1225 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1226 SSL_R_BAD_RSA_MODULUS_LENGTH);
1227 goto f_err;
1228 }
1229 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1230 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1231 ERR_R_BN_LIB);
1232 goto err;
1233 }
1234 p += i;
1235
1236 if (param_len + 2 > n)
1237 goto truncated;
1238 n2s(p, i);
1239 param_len += i + 2;
1240 if (param_len > n) {
1241 al = SSL_AD_DECODE_ERROR;
1242 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1243 SSL_R_BAD_RSA_E_LENGTH);
1244 goto f_err;
1245 }
1246 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1247 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1248 ERR_R_BN_LIB);
1249 goto err;
1250 }
1251 p += i;
1252 n -= param_len;
1253
1254 /*
1255 * This should be because we are using an
1256 * export cipher
1257 */
1258 if (alg_a & SSL_aRSA)
1259 pkey = X509_get_pubkey(
1260 s->session->sess_cert->peer_pkeys[
1261 SSL_PKEY_RSA_ENC].x509);
1262 else {
1263 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1264 ERR_R_INTERNAL_ERROR);
1265 goto err;
1266 }
1267 s->session->sess_cert->peer_rsa_tmp = rsa;
1268 rsa = NULL;
1269 } else if (alg_k & SSL_kDHE) {
1270 if ((dh = DH_new()) == NULL) { 1211 if ((dh = DH_new()) == NULL) {
1271 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1212 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1272 ERR_R_DH_LIB); 1213 ERR_R_DH_LIB);
@@ -1976,24 +1917,19 @@ ssl3_send_client_key_exchange(SSL *s)
1976 RSA *rsa; 1917 RSA *rsa;
1977 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1918 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1978 1919
1979 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1920 pkey = X509_get_pubkey(
1980 rsa = s->session->sess_cert->peer_rsa_tmp; 1921 s->session->sess_cert->peer_pkeys[
1981 else { 1922 SSL_PKEY_RSA_ENC].x509);
1982 pkey = X509_get_pubkey( 1923 if ((pkey == NULL) ||
1983 s->session->sess_cert->peer_pkeys[ 1924 (pkey->type != EVP_PKEY_RSA) ||
1984 SSL_PKEY_RSA_ENC].x509); 1925 (pkey->pkey.rsa == NULL)) {
1985 if ((pkey == NULL) || 1926 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1986 (pkey->type != EVP_PKEY_RSA) || 1927 ERR_R_INTERNAL_ERROR);
1987 (pkey->pkey.rsa == NULL)) {
1988 SSLerr(
1989 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1990 ERR_R_INTERNAL_ERROR);
1991 EVP_PKEY_free(pkey);
1992 goto err;
1993 }
1994 rsa = pkey->pkey.rsa;
1995 EVP_PKEY_free(pkey); 1928 EVP_PKEY_free(pkey);
1929 goto err;
1996 } 1930 }
1931 rsa = pkey->pkey.rsa;
1932 EVP_PKEY_free(pkey);
1997 1933
1998 tmp_buf[0] = s->client_version >> 8; 1934 tmp_buf[0] = s->client_version >> 8;
1999 tmp_buf[1] = s->client_version & 0xff; 1935 tmp_buf[1] = s->client_version & 0xff;
@@ -2631,7 +2567,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2631 long alg_k, alg_a; 2567 long alg_k, alg_a;
2632 EVP_PKEY *pkey = NULL; 2568 EVP_PKEY *pkey = NULL;
2633 SESS_CERT *sc; 2569 SESS_CERT *sc;
2634 RSA *rsa;
2635 DH *dh; 2570 DH *dh;
2636 2571
2637 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2572 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@@ -2647,8 +2582,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2647 ERR_R_INTERNAL_ERROR); 2582 ERR_R_INTERNAL_ERROR);
2648 goto err; 2583 goto err;
2649 } 2584 }
2650
2651 rsa = s->session->sess_cert->peer_rsa_tmp;
2652 dh = s->session->sess_cert->peer_dh_tmp; 2585 dh = s->session->sess_cert->peer_dh_tmp;
2653 2586
2654 /* This is the passed certificate. */ 2587 /* This is the passed certificate. */
@@ -2681,7 +2614,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2681 goto f_err; 2614 goto f_err;
2682 } 2615 }
2683 if ((alg_k & SSL_kRSA) && 2616 if ((alg_k & SSL_kRSA) &&
2684 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { 2617 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2685 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2618 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2686 SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2619 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2687 goto f_err; 2620 goto f_err;
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index de5721851e..a73995ccda 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.38 2014/11/27 16:03:03 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.39 2014/12/06 14:24:26 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -946,20 +946,16 @@ dtls1_send_client_key_exchange(SSL *s)
946 RSA *rsa; 946 RSA *rsa;
947 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 947 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
948 948
949 if (s->session->sess_cert->peer_rsa_tmp != NULL) 949 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
950 rsa = s->session->sess_cert->peer_rsa_tmp; 950 if ((pkey == NULL) ||
951 else { 951 (pkey->type != EVP_PKEY_RSA) ||
952 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 952 (pkey->pkey.rsa == NULL)) {
953 if ((pkey == NULL) || 953 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
954 (pkey->type != EVP_PKEY_RSA) || 954 ERR_R_INTERNAL_ERROR);
955 (pkey->pkey.rsa == NULL)) { 955 goto err;
956 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
957 ERR_R_INTERNAL_ERROR);
958 goto err;
959 }
960 rsa = pkey->pkey.rsa;
961 EVP_PKEY_free(pkey);
962 } 956 }
957 rsa = pkey->pkey.rsa;
958 EVP_PKEY_free(pkey);
963 959
964 tmp_buf[0] = s->client_version >> 8; 960 tmp_buf[0] = s->client_version >> 8;
965 tmp_buf[1] = s->client_version&0xff; 961 tmp_buf[1] = s->client_version&0xff;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 1b94200f14..b3dbe32745 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.97 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1191,9 +1191,6 @@ ssl3_get_key_exchange(SSL *s)
1191 1191
1192 param = p = (unsigned char *)s->init_msg; 1192 param = p = (unsigned char *)s->init_msg;
1193 if (s->session->sess_cert != NULL) { 1193 if (s->session->sess_cert != NULL) {
1194 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1195 s->session->sess_cert->peer_rsa_tmp = NULL;
1196
1197 DH_free(s->session->sess_cert->peer_dh_tmp); 1194 DH_free(s->session->sess_cert->peer_dh_tmp);
1198 s->session->sess_cert->peer_dh_tmp = NULL; 1195 s->session->sess_cert->peer_dh_tmp = NULL;
1199 1196
@@ -1210,63 +1207,7 @@ ssl3_get_key_exchange(SSL *s)
1210 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1207 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1211 EVP_MD_CTX_init(&md_ctx); 1208 EVP_MD_CTX_init(&md_ctx);
1212 1209
1213 if (alg_k & SSL_kRSA) { 1210 if (alg_k & SSL_kDHE) {
1214 if ((rsa = RSA_new()) == NULL) {
1215 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1216 ERR_R_MALLOC_FAILURE);
1217 goto err;
1218 }
1219 if (2 > n)
1220 goto truncated;
1221 n2s(p, i);
1222 param_len = i + 2;
1223 if (param_len > n) {
1224 al = SSL_AD_DECODE_ERROR;
1225 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1226 SSL_R_BAD_RSA_MODULUS_LENGTH);
1227 goto f_err;
1228 }
1229 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1230 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1231 ERR_R_BN_LIB);
1232 goto err;
1233 }
1234 p += i;
1235
1236 if (param_len + 2 > n)
1237 goto truncated;
1238 n2s(p, i);
1239 param_len += i + 2;
1240 if (param_len > n) {
1241 al = SSL_AD_DECODE_ERROR;
1242 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1243 SSL_R_BAD_RSA_E_LENGTH);
1244 goto f_err;
1245 }
1246 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1247 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1248 ERR_R_BN_LIB);
1249 goto err;
1250 }
1251 p += i;
1252 n -= param_len;
1253
1254 /*
1255 * This should be because we are using an
1256 * export cipher
1257 */
1258 if (alg_a & SSL_aRSA)
1259 pkey = X509_get_pubkey(
1260 s->session->sess_cert->peer_pkeys[
1261 SSL_PKEY_RSA_ENC].x509);
1262 else {
1263 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1264 ERR_R_INTERNAL_ERROR);
1265 goto err;
1266 }
1267 s->session->sess_cert->peer_rsa_tmp = rsa;
1268 rsa = NULL;
1269 } else if (alg_k & SSL_kDHE) {
1270 if ((dh = DH_new()) == NULL) { 1211 if ((dh = DH_new()) == NULL) {
1271 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1212 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1272 ERR_R_DH_LIB); 1213 ERR_R_DH_LIB);
@@ -1976,24 +1917,19 @@ ssl3_send_client_key_exchange(SSL *s)
1976 RSA *rsa; 1917 RSA *rsa;
1977 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1918 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1978 1919
1979 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1920 pkey = X509_get_pubkey(
1980 rsa = s->session->sess_cert->peer_rsa_tmp; 1921 s->session->sess_cert->peer_pkeys[
1981 else { 1922 SSL_PKEY_RSA_ENC].x509);
1982 pkey = X509_get_pubkey( 1923 if ((pkey == NULL) ||
1983 s->session->sess_cert->peer_pkeys[ 1924 (pkey->type != EVP_PKEY_RSA) ||
1984 SSL_PKEY_RSA_ENC].x509); 1925 (pkey->pkey.rsa == NULL)) {
1985 if ((pkey == NULL) || 1926 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1986 (pkey->type != EVP_PKEY_RSA) || 1927 ERR_R_INTERNAL_ERROR);
1987 (pkey->pkey.rsa == NULL)) {
1988 SSLerr(
1989 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1990 ERR_R_INTERNAL_ERROR);
1991 EVP_PKEY_free(pkey);
1992 goto err;
1993 }
1994 rsa = pkey->pkey.rsa;
1995 EVP_PKEY_free(pkey); 1928 EVP_PKEY_free(pkey);
1929 goto err;
1996 } 1930 }
1931 rsa = pkey->pkey.rsa;
1932 EVP_PKEY_free(pkey);
1997 1933
1998 tmp_buf[0] = s->client_version >> 8; 1934 tmp_buf[0] = s->client_version >> 8;
1999 tmp_buf[1] = s->client_version & 0xff; 1935 tmp_buf[1] = s->client_version & 0xff;
@@ -2631,7 +2567,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2631 long alg_k, alg_a; 2567 long alg_k, alg_a;
2632 EVP_PKEY *pkey = NULL; 2568 EVP_PKEY *pkey = NULL;
2633 SESS_CERT *sc; 2569 SESS_CERT *sc;
2634 RSA *rsa;
2635 DH *dh; 2570 DH *dh;
2636 2571
2637 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2572 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@@ -2647,8 +2582,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2647 ERR_R_INTERNAL_ERROR); 2582 ERR_R_INTERNAL_ERROR);
2648 goto err; 2583 goto err;
2649 } 2584 }
2650
2651 rsa = s->session->sess_cert->peer_rsa_tmp;
2652 dh = s->session->sess_cert->peer_dh_tmp; 2585 dh = s->session->sess_cert->peer_dh_tmp;
2653 2586
2654 /* This is the passed certificate. */ 2587 /* This is the passed certificate. */
@@ -2681,7 +2614,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2681 goto f_err; 2614 goto f_err;
2682 } 2615 }
2683 if ((alg_k & SSL_kRSA) && 2616 if ((alg_k & SSL_kRSA) &&
2684 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { 2617 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2685 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2618 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2686 SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2619 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2687 goto f_err; 2620 goto f_err;
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index 8bbfcd85d1..8f830d990a 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.46 2014/11/18 05:33:43 miod Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.47 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -406,7 +406,6 @@ ssl_sess_cert_free(SESS_CERT *sc)
406 X509_free(sc->peer_pkeys[i].x509); 406 X509_free(sc->peer_pkeys[i].x509);
407 } 407 }
408 408
409 RSA_free(sc->peer_rsa_tmp);
410 DH_free(sc->peer_dh_tmp); 409 DH_free(sc->peer_dh_tmp);
411 EC_KEY_free(sc->peer_ecdh_tmp); 410 EC_KEY_free(sc->peer_ecdh_tmp);
412 411
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index c425f67a5a..dcc17963ee 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.78 2014/12/06 13:51:06 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.79 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -467,7 +467,6 @@ typedef struct sess_cert_st {
467 /* Obviously we don't have the private keys of these, 467 /* Obviously we don't have the private keys of these,
468 * so maybe we shouldn't even use the CERT_PKEY type here. */ 468 * so maybe we shouldn't even use the CERT_PKEY type here. */
469 469
470 RSA *peer_rsa_tmp;
471 DH *peer_dh_tmp; 470 DH *peer_dh_tmp;
472 EC_KEY *peer_ecdh_tmp; 471 EC_KEY *peer_ecdh_tmp;
473 472
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 8bbfcd85d1..8f830d990a 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.46 2014/11/18 05:33:43 miod Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.47 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -406,7 +406,6 @@ ssl_sess_cert_free(SESS_CERT *sc)
406 X509_free(sc->peer_pkeys[i].x509); 406 X509_free(sc->peer_pkeys[i].x509);
407 } 407 }
408 408
409 RSA_free(sc->peer_rsa_tmp);
410 DH_free(sc->peer_dh_tmp); 409 DH_free(sc->peer_dh_tmp);
411 EC_KEY_free(sc->peer_ecdh_tmp); 410 EC_KEY_free(sc->peer_ecdh_tmp);
412 411
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index c425f67a5a..dcc17963ee 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.78 2014/12/06 13:51:06 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.79 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -467,7 +467,6 @@ typedef struct sess_cert_st {
467 /* Obviously we don't have the private keys of these, 467 /* Obviously we don't have the private keys of these,
468 * so maybe we shouldn't even use the CERT_PKEY type here. */ 468 * so maybe we shouldn't even use the CERT_PKEY type here. */
469 469
470 RSA *peer_rsa_tmp;
471 DH *peer_dh_tmp; 470 DH *peer_dh_tmp;
472 EC_KEY *peer_ecdh_tmp; 471 EC_KEY *peer_ecdh_tmp;
473 472
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:43:36 +0000