diff options
| author | jsing <> | 2014-09-07 12:16:23 +0000 |
|---|---|---|
| committer | jsing <> | 2014-09-07 12:16:23 +0000 |
| commit | 0fed0b531b893a421795b86e91da5c89afa84e40 (patch) | |
| tree | 05653f416e3e348af48f738c0cc7f45d8437ec05 /src/lib/libssl/s3_clnt.c | |
| parent | 620b0c428295995017c04f2dfbb4d70cb01a3701 (diff) | |
| download | openbsd-0fed0b531b893a421795b86e91da5c89afa84e40.tar.gz openbsd-0fed0b531b893a421795b86e91da5c89afa84e40.tar.bz2 openbsd-0fed0b531b893a421795b86e91da5c89afa84e40.zip | |
Remove SSL_kDHr, SSL_kDHd and SSL_aDH. No supported ciphersuites use them,
nor do we plan on supporting them.
ok guenther@
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 19 |
1 files changed, 3 insertions, 16 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 9ccc67acb9..bbe2b91392 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.88 2014/08/23 14:52:41 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.89 2014/09/07 12:16:23 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1329,11 +1329,6 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1329 | 1329 | ||
| 1330 | s->session->sess_cert->peer_dh_tmp = dh; | 1330 | s->session->sess_cert->peer_dh_tmp = dh; |
| 1331 | dh = NULL; | 1331 | dh = NULL; |
| 1332 | } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { | ||
| 1333 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1334 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1335 | SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); | ||
| 1336 | goto f_err; | ||
| 1337 | } else if (alg_k & SSL_kECDHE) { | 1332 | } else if (alg_k & SSL_kECDHE) { |
| 1338 | EC_GROUP *ngroup; | 1333 | EC_GROUP *ngroup; |
| 1339 | const EC_GROUP *group; | 1334 | const EC_GROUP *group; |
| @@ -2006,7 +2001,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2006 | s->method->ssl3_enc->generate_master_secret( | 2001 | s->method->ssl3_enc->generate_master_secret( |
| 2007 | s, s->session->master_key, tmp_buf, sizeof tmp_buf); | 2002 | s, s->session->master_key, tmp_buf, sizeof tmp_buf); |
| 2008 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | 2003 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); |
| 2009 | } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) { | 2004 | } else if (alg_k & SSL_kDHE) { |
| 2010 | DH *dh_srvr, *dh_clnt; | 2005 | DH *dh_srvr, *dh_clnt; |
| 2011 | 2006 | ||
| 2012 | if (s->session->sess_cert == NULL) { | 2007 | if (s->session->sess_cert == NULL) { |
| @@ -2611,7 +2606,7 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2611 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 2606 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 2612 | 2607 | ||
| 2613 | /* We don't have a certificate. */ | 2608 | /* We don't have a certificate. */ |
| 2614 | if (alg_a & (SSL_aDH|SSL_aNULL)) | 2609 | if (alg_a & SSL_aNULL) |
| 2615 | return (1); | 2610 | return (1); |
| 2616 | 2611 | ||
| 2617 | sc = s->session->sess_cert; | 2612 | sc = s->session->sess_cert; |
| @@ -2664,14 +2659,6 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2664 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | 2659 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, |
| 2665 | SSL_R_MISSING_DH_KEY); | 2660 | SSL_R_MISSING_DH_KEY); |
| 2666 | goto f_err; | 2661 | goto f_err; |
| 2667 | } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH|EVP_PKS_RSA)) { | ||
| 2668 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | ||
| 2669 | SSL_R_MISSING_DH_RSA_CERT); | ||
| 2670 | goto f_err; | ||
| 2671 | } else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH|EVP_PKS_DSA)) { | ||
| 2672 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | ||
| 2673 | SSL_R_MISSING_DH_DSA_CERT); | ||
| 2674 | goto f_err; | ||
| 2675 | } | 2662 | } |
| 2676 | 2663 | ||
| 2677 | return (1); | 2664 | return (1); |