Add support for automatic DH ephemeral keys.

This allows an SSL server to enable DHE ciphers with a single setting,
which results in an DH key being generated based on the server key length.

Partly based on OpenSSL.

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 955c169244..e7bcb890e4 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.72 2014/10/31 14:51:01 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.73 2014/10/31 15:25:55 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -442,6 +442,7 @@ typedef struct cert_st {
 
         DH *dh_tmp;
         DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
+        int dh_tmp_auto;
 
         EC_KEY *ecdh_tmp;
         EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
@@ -588,6 +589,7 @@ int ssl_undefined_const_function(const SSL *s);
 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
 X509 *ssl_get_server_send_cert(const SSL *);
 EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
+DH *ssl_get_auto_dh(SSL *s);
 int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);