Add support for automatic DH ephemeral keys.

This allows an SSL server to enable DHE ciphers with a single setting, which results in an DH key being generated based on the server key length. Partly based on OpenSSL.
author: jsing <> 2014-10-31 15:25:55 +0000
committer: jsing <> 2014-10-31 15:25:55 +0000
commit: 0da99f89c646309c2093dbe094b8dc7d568cdfd7 (patch)
tree: 10ac57418996f21ce78687efb7443c1a142dd4a1 /src/lib/libssl/s3_lib.c
parent: 7abf5bb08462c2b7ad3caf4e4fd4601fa2098700 (diff)
download: openbsd-0da99f89c646309c2093dbe094b8dc7d568cdfd7.tar.gz
openbsd-0da99f89c646309c2093dbe094b8dc7d568cdfd7.tar.bz2
openbsd-0da99f89c646309c2093dbe094b8dc7d568cdfd7.zip
1 files changed, 17 insertions, 13 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 08c5111129..21f1367442 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.83 2014/10/31 14:51:01 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.84 2014/10/31 15:25:55 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1994,13 +1994,15 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                        ret = 1;
                }
                break;
        case SSL_CTRL_SET_TMP_DH_CB:
-                {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        SSLerr(SSL_F_SSL3_CTRL,
+                return (ret);
-                            ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        return (ret);
+        case SSL_CTRL_SET_DH_AUTO:
-                }
+                s->cert->dh_tmp_auto = larg;
-                break;
+                return 1;
        case SSL_CTRL_SET_TMP_ECDH:
                {
                        EC_KEY *ecdh = NULL;
@@ -2183,13 +2185,15 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                        return 1;
                }
                /*break; */
        case SSL_CTRL_SET_TMP_DH_CB:
-                {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        SSLerr(SSL_F_SSL3_CTX_CTRL,
+                return (0);
-                            ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        return (0);
+        case SSL_CTRL_SET_DH_AUTO:
-                }
+                ctx->cert->dh_tmp_auto = larg;
-                break;
+                return (1);
        case SSL_CTRL_SET_TMP_ECDH:
                {
                        EC_KEY *ecdh = NULL;
author	jsing <>	2014-10-31 15:25:55 +0000
committer	jsing <>	2014-10-31 15:25:55 +0000
commit	0da99f89c646309c2093dbe094b8dc7d568cdfd7 (patch)
tree	10ac57418996f21ce78687efb7443c1a142dd4a1 /src/lib/libssl/s3_lib.c
parent	7abf5bb08462c2b7ad3caf4e4fd4601fa2098700 (diff)
download	openbsd-0da99f89c646309c2093dbe094b8dc7d568cdfd7.tar.gz openbsd-0da99f89c646309c2093dbe094b8dc7d568cdfd7.tar.bz2 openbsd-0da99f89c646309c2093dbe094b8dc7d568cdfd7.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 08c5111129..21f1367442 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.83 2014/10/31 14:51:01 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.84 2014/10/31 15:25:55 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1994,13 +1994,15 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
1994	ret = 1;	1994	ret = 1;
1995	}	1995	}
1996	break;	1996	break;
		1997
1997	case SSL_CTRL_SET_TMP_DH_CB:	1998	case SSL_CTRL_SET_TMP_DH_CB:
1998	{	1999	SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1999	SSLerr(SSL_F_SSL3_CTRL,	2000	return (ret);
2000	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);	2001
2001	return (ret);	2002	case SSL_CTRL_SET_DH_AUTO:
2002	}	2003	s->cert->dh_tmp_auto = larg;
2003	break;	2004	return 1;
		2005
2004	case SSL_CTRL_SET_TMP_ECDH:	2006	case SSL_CTRL_SET_TMP_ECDH:
2005	{	2007	{
2006	EC_KEY *ecdh = NULL;	2008	EC_KEY *ecdh = NULL;
@@ -2183,13 +2185,15 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2183	return 1;	2185	return 1;
2184	}	2186	}
2185	/break; /	2187	/break; /
		2188
2186	case SSL_CTRL_SET_TMP_DH_CB:	2189	case SSL_CTRL_SET_TMP_DH_CB:
2187	{	2190	SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2188	SSLerr(SSL_F_SSL3_CTX_CTRL,	2191	return (0);
2189	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);	2192
2190	return (0);	2193	case SSL_CTRL_SET_DH_AUTO:
2191	}	2194	ctx->cert->dh_tmp_auto = larg;
2192	break;	2195	return (1);
		2196
2193	case SSL_CTRL_SET_TMP_ECDH:	2197	case SSL_CTRL_SET_TMP_ECDH:
2194	{	2198	{
2195	EC_KEY *ecdh = NULL;	2199	EC_KEY *ecdh = NULL;