deprecate SSL_OP_SINGLE_DH_USElibressl-v2.3.2

ok jsing@
author: beck <> 2016-01-27 02:06:16 +0000
committer: beck <> 2016-01-27 02:06:16 +0000
commit: e2e517f4c81621a7346f82a2064c31e7066f1198 (patch)
tree: b8ab3a9e7abf144ef7d0211e0cc8dbe609cf742a /src/lib/libssl/s3_srvr.c
parent: 7dd2931bc4345541724ce4f62b54914fbc4e0274 (diff)
download: openbsd-e2e517f4c81621a7346f82a2064c31e7066f1198.tar.gz
openbsd-e2e517f4c81621a7346f82a2064c31e7066f1198.tar.bz2
openbsd-e2e517f4c81621a7346f82a2064c31e7066f1198.zip
1 files changed, 5 insertions, 20 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 37d96e4e18..c992406ca8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s)
                                goto err;
                        }
                        s->s3->tmp.dh = dh;
+                        if (!DH_generate_key(dh)) {
-                        if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                            (s->options & SSL_OP_SINGLE_DH_USE))) {
+                                    ERR_R_DH_LIB);
-                                if (!DH_generate_key(dh)) {
+                                goto err;
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            ERR_R_DH_LIB);
-                                        goto err;
-                                }
-                        } else {
-                                dh->pub_key = BN_dup(dhp->pub_key);
-                                dh->priv_key = BN_dup(dhp->priv_key);
-                                if ((dh->pub_key == NULL) ||
-                                        (dh->priv_key == NULL)) {
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            ERR_R_DH_LIB);
-                                        goto err;
-                                }
                        }
                        r[0] = dh->p;
                        r[1] = dh->g;
author	beck <>	2016-01-27 02:06:16 +0000
committer	beck <>	2016-01-27 02:06:16 +0000
commit	e2e517f4c81621a7346f82a2064c31e7066f1198 (patch)
tree	b8ab3a9e7abf144ef7d0211e0cc8dbe609cf742a /src/lib/libssl/s3_srvr.c
parent	7dd2931bc4345541724ce4f62b54914fbc4e0274 (diff)
download	openbsd-e2e517f4c81621a7346f82a2064c31e7066f1198.tar.gz openbsd-e2e517f4c81621a7346f82a2064c31e7066f1198.tar.bz2 openbsd-e2e517f4c81621a7346f82a2064c31e7066f1198.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 37d96e4e18..c992406ca8 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s)
1236	goto err;	1236	goto err;
1237	}	1237	}
1238	s->s3->tmp.dh = dh;	1238	s->s3->tmp.dh = dh;
1239		1239	if (!DH_generate_key(dh)) {
1240	if ((dhp->pub_key == NULL \|\| dhp->priv_key == NULL \|\|	1240	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1241	(s->options & SSL_OP_SINGLE_DH_USE))) {	1241	ERR_R_DH_LIB);
1242	if (!DH_generate_key(dh)) {	1242	goto err;
1243	SSLerr(
1244	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1245	ERR_R_DH_LIB);
1246	goto err;
1247	}
1248	} else {
1249	dh->pub_key = BN_dup(dhp->pub_key);
1250	dh->priv_key = BN_dup(dhp->priv_key);
1251	if ((dh->pub_key == NULL) \|\|
1252	(dh->priv_key == NULL)) {
1253	SSLerr(
1254	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1255	ERR_R_DH_LIB);
1256	goto err;
1257	}
1258	}	1243	}
1259	r[0] = dh->p;	1244	r[0] = dh->p;
1260	r[1] = dh->g;	1245	r[1] = dh->g;