summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2016-11-04 18:42:26 +0000
committerjsing <>2016-11-04 18:42:26 +0000
commitd728ee2c971216d9a12df9f880d3d68c41f9287f (patch)
tree43b8daacf8e408cfe537ee9cb7de0fe40bc5782c /src/lib
parentf1bfac5c0c9b216325ace4860e9de46713ed5a5c (diff)
downloadopenbsd-d728ee2c971216d9a12df9f880d3d68c41f9287f.tar.gz
openbsd-d728ee2c971216d9a12df9f880d3d68c41f9287f.tar.bz2
openbsd-d728ee2c971216d9a12df9f880d3d68c41f9287f.zip
Tidy up the usage of peer_ecdh_tmp, following the fixed ECDH removal.
ok beck@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/s3_clnt.c18
1 files changed, 5 insertions, 13 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 8e02239392..6ec97e95be 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.141 2016/11/04 15:05:29 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.142 2016/11/04 18:42:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1999,7 +1999,7 @@ static int
1999ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p, 1999ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
2000 int *outlen) 2000 int *outlen)
2001{ 2001{
2002 EC_KEY *tkey, *clnt_ecdh = NULL; 2002 EC_KEY *clnt_ecdh = NULL;
2003 const EC_GROUP *srvr_group = NULL; 2003 const EC_GROUP *srvr_group = NULL;
2004 const EC_POINT *srvr_ecpoint = NULL; 2004 const EC_POINT *srvr_ecpoint = NULL;
2005 BN_CTX *bn_ctx = NULL; 2005 BN_CTX *bn_ctx = NULL;
@@ -2012,23 +2012,15 @@ ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
2012 2012
2013 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2013 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2014 2014
2015 /* Ensure that we have an ephemeral key for ECDHE. */ 2015 if (sess_cert->peer_ecdh_tmp == NULL) {
2016 if ((alg_k & SSL_kECDHE) && sess_cert->peer_ecdh_tmp == NULL) {
2017 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); 2016 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2018 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2017 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2019 ERR_R_INTERNAL_ERROR); 2018 ERR_R_INTERNAL_ERROR);
2020 goto err; 2019 goto err;
2021 } 2020 }
2022 tkey = sess_cert->peer_ecdh_tmp;
2023 2021
2024 if (tkey == NULL) { 2022 srvr_group = EC_KEY_get0_group(sess_cert->peer_ecdh_tmp);
2025 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2023 srvr_ecpoint = EC_KEY_get0_public_key(sess_cert->peer_ecdh_tmp);
2026 ERR_R_INTERNAL_ERROR);
2027 goto err;
2028 }
2029
2030 srvr_group = EC_KEY_get0_group(tkey);
2031 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2032 2024
2033 if (srvr_group == NULL || srvr_ecpoint == NULL) { 2025 if (srvr_group == NULL || srvr_ecpoint == NULL) {
2034 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 2026 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 12:19:19 +0000