summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/d1_clnt.c24
-rw-r--r--src/lib/libssl/s3_clnt.c95
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c24
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c95
-rw-r--r--src/lib/libssl/src/ssl/ssl_cert.c3
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/ssl_cert.c3
-rw-r--r--src/lib/libssl/ssl_locl.h3
8 files changed, 52 insertions, 198 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index de5721851e..a73995ccda 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.38 2014/11/27 16:03:03 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.39 2014/12/06 14:24:26 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -946,20 +946,16 @@ dtls1_send_client_key_exchange(SSL *s)
946 RSA *rsa; 946 RSA *rsa;
947 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 947 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
948 948
949 if (s->session->sess_cert->peer_rsa_tmp != NULL) 949 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
950 rsa = s->session->sess_cert->peer_rsa_tmp; 950 if ((pkey == NULL) ||
951 else { 951 (pkey->type != EVP_PKEY_RSA) ||
952 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 952 (pkey->pkey.rsa == NULL)) {
953 if ((pkey == NULL) || 953 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
954 (pkey->type != EVP_PKEY_RSA) || 954 ERR_R_INTERNAL_ERROR);
955 (pkey->pkey.rsa == NULL)) { 955 goto err;
956 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
957 ERR_R_INTERNAL_ERROR);
958 goto err;
959 }
960 rsa = pkey->pkey.rsa;
961 EVP_PKEY_free(pkey);
962 } 956 }
957 rsa = pkey->pkey.rsa;
958 EVP_PKEY_free(pkey);
963 959
964 tmp_buf[0] = s->client_version >> 8; 960 tmp_buf[0] = s->client_version >> 8;
965 tmp_buf[1] = s->client_version&0xff; 961 tmp_buf[1] = s->client_version&0xff;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 1b94200f14..b3dbe32745 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.97 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1191,9 +1191,6 @@ ssl3_get_key_exchange(SSL *s)
1191 1191
1192 param = p = (unsigned char *)s->init_msg; 1192 param = p = (unsigned char *)s->init_msg;
1193 if (s->session->sess_cert != NULL) { 1193 if (s->session->sess_cert != NULL) {
1194 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1195 s->session->sess_cert->peer_rsa_tmp = NULL;
1196
1197 DH_free(s->session->sess_cert->peer_dh_tmp); 1194 DH_free(s->session->sess_cert->peer_dh_tmp);
1198 s->session->sess_cert->peer_dh_tmp = NULL; 1195 s->session->sess_cert->peer_dh_tmp = NULL;
1199 1196
@@ -1210,63 +1207,7 @@ ssl3_get_key_exchange(SSL *s)
1210 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1207 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1211 EVP_MD_CTX_init(&md_ctx); 1208 EVP_MD_CTX_init(&md_ctx);
1212 1209
1213 if (alg_k & SSL_kRSA) { 1210 if (alg_k & SSL_kDHE) {
1214 if ((rsa = RSA_new()) == NULL) {
1215 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1216 ERR_R_MALLOC_FAILURE);
1217 goto err;
1218 }
1219 if (2 > n)
1220 goto truncated;
1221 n2s(p, i);
1222 param_len = i + 2;
1223 if (param_len > n) {
1224 al = SSL_AD_DECODE_ERROR;
1225 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1226 SSL_R_BAD_RSA_MODULUS_LENGTH);
1227 goto f_err;
1228 }
1229 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1230 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1231 ERR_R_BN_LIB);
1232 goto err;
1233 }
1234 p += i;
1235
1236 if (param_len + 2 > n)
1237 goto truncated;
1238 n2s(p, i);
1239 param_len += i + 2;
1240 if (param_len > n) {
1241 al = SSL_AD_DECODE_ERROR;
1242 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1243 SSL_R_BAD_RSA_E_LENGTH);
1244 goto f_err;
1245 }
1246 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1247 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1248 ERR_R_BN_LIB);
1249 goto err;
1250 }
1251 p += i;
1252 n -= param_len;
1253
1254 /*
1255 * This should be because we are using an
1256 * export cipher
1257 */
1258 if (alg_a & SSL_aRSA)
1259 pkey = X509_get_pubkey(
1260 s->session->sess_cert->peer_pkeys[
1261 SSL_PKEY_RSA_ENC].x509);
1262 else {
1263 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1264 ERR_R_INTERNAL_ERROR);
1265 goto err;
1266 }
1267 s->session->sess_cert->peer_rsa_tmp = rsa;
1268 rsa = NULL;
1269 } else if (alg_k & SSL_kDHE) {
1270 if ((dh = DH_new()) == NULL) { 1211 if ((dh = DH_new()) == NULL) {
1271 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1212 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1272 ERR_R_DH_LIB); 1213 ERR_R_DH_LIB);
@@ -1976,24 +1917,19 @@ ssl3_send_client_key_exchange(SSL *s)
1976 RSA *rsa; 1917 RSA *rsa;
1977 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1918 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1978 1919
1979 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1920 pkey = X509_get_pubkey(
1980 rsa = s->session->sess_cert->peer_rsa_tmp; 1921 s->session->sess_cert->peer_pkeys[
1981 else { 1922 SSL_PKEY_RSA_ENC].x509);
1982 pkey = X509_get_pubkey( 1923 if ((pkey == NULL) ||
1983 s->session->sess_cert->peer_pkeys[ 1924 (pkey->type != EVP_PKEY_RSA) ||
1984 SSL_PKEY_RSA_ENC].x509); 1925 (pkey->pkey.rsa == NULL)) {
1985 if ((pkey == NULL) || 1926 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1986 (pkey->type != EVP_PKEY_RSA) || 1927 ERR_R_INTERNAL_ERROR);
1987 (pkey->pkey.rsa == NULL)) {
1988 SSLerr(
1989 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1990 ERR_R_INTERNAL_ERROR);
1991 EVP_PKEY_free(pkey);
1992 goto err;
1993 }
1994 rsa = pkey->pkey.rsa;
1995 EVP_PKEY_free(pkey); 1928 EVP_PKEY_free(pkey);
1929 goto err;
1996 } 1930 }
1931 rsa = pkey->pkey.rsa;
1932 EVP_PKEY_free(pkey);
1997 1933
1998 tmp_buf[0] = s->client_version >> 8; 1934 tmp_buf[0] = s->client_version >> 8;
1999 tmp_buf[1] = s->client_version & 0xff; 1935 tmp_buf[1] = s->client_version & 0xff;
@@ -2631,7 +2567,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2631 long alg_k, alg_a; 2567 long alg_k, alg_a;
2632 EVP_PKEY *pkey = NULL; 2568 EVP_PKEY *pkey = NULL;
2633 SESS_CERT *sc; 2569 SESS_CERT *sc;
2634 RSA *rsa;
2635 DH *dh; 2570 DH *dh;
2636 2571
2637 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2572 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@@ -2647,8 +2582,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2647 ERR_R_INTERNAL_ERROR); 2582 ERR_R_INTERNAL_ERROR);
2648 goto err; 2583 goto err;
2649 } 2584 }
2650
2651 rsa = s->session->sess_cert->peer_rsa_tmp;
2652 dh = s->session->sess_cert->peer_dh_tmp; 2585 dh = s->session->sess_cert->peer_dh_tmp;
2653 2586
2654 /* This is the passed certificate. */ 2587 /* This is the passed certificate. */
@@ -2681,7 +2614,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2681 goto f_err; 2614 goto f_err;
2682 } 2615 }
2683 if ((alg_k & SSL_kRSA) && 2616 if ((alg_k & SSL_kRSA) &&
2684 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { 2617 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2685 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2618 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2686 SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2619 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2687 goto f_err; 2620 goto f_err;
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index de5721851e..a73995ccda 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.38 2014/11/27 16:03:03 jsing Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.39 2014/12/06 14:24:26 jsing Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -946,20 +946,16 @@ dtls1_send_client_key_exchange(SSL *s)
946 RSA *rsa; 946 RSA *rsa;
947 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 947 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
948 948
949 if (s->session->sess_cert->peer_rsa_tmp != NULL) 949 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
950 rsa = s->session->sess_cert->peer_rsa_tmp; 950 if ((pkey == NULL) ||
951 else { 951 (pkey->type != EVP_PKEY_RSA) ||
952 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 952 (pkey->pkey.rsa == NULL)) {
953 if ((pkey == NULL) || 953 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
954 (pkey->type != EVP_PKEY_RSA) || 954 ERR_R_INTERNAL_ERROR);
955 (pkey->pkey.rsa == NULL)) { 955 goto err;
956 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
957 ERR_R_INTERNAL_ERROR);
958 goto err;
959 }
960 rsa = pkey->pkey.rsa;
961 EVP_PKEY_free(pkey);
962 } 956 }
957 rsa = pkey->pkey.rsa;
958 EVP_PKEY_free(pkey);
963 959
964 tmp_buf[0] = s->client_version >> 8; 960 tmp_buf[0] = s->client_version >> 8;
965 tmp_buf[1] = s->client_version&0xff; 961 tmp_buf[1] = s->client_version&0xff;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 1b94200f14..b3dbe32745 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.96 2014/11/27 16:13:36 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.97 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1191,9 +1191,6 @@ ssl3_get_key_exchange(SSL *s)
1191 1191
1192 param = p = (unsigned char *)s->init_msg; 1192 param = p = (unsigned char *)s->init_msg;
1193 if (s->session->sess_cert != NULL) { 1193 if (s->session->sess_cert != NULL) {
1194 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1195 s->session->sess_cert->peer_rsa_tmp = NULL;
1196
1197 DH_free(s->session->sess_cert->peer_dh_tmp); 1194 DH_free(s->session->sess_cert->peer_dh_tmp);
1198 s->session->sess_cert->peer_dh_tmp = NULL; 1195 s->session->sess_cert->peer_dh_tmp = NULL;
1199 1196
@@ -1210,63 +1207,7 @@ ssl3_get_key_exchange(SSL *s)
1210 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 1207 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1211 EVP_MD_CTX_init(&md_ctx); 1208 EVP_MD_CTX_init(&md_ctx);
1212 1209
1213 if (alg_k & SSL_kRSA) { 1210 if (alg_k & SSL_kDHE) {
1214 if ((rsa = RSA_new()) == NULL) {
1215 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1216 ERR_R_MALLOC_FAILURE);
1217 goto err;
1218 }
1219 if (2 > n)
1220 goto truncated;
1221 n2s(p, i);
1222 param_len = i + 2;
1223 if (param_len > n) {
1224 al = SSL_AD_DECODE_ERROR;
1225 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1226 SSL_R_BAD_RSA_MODULUS_LENGTH);
1227 goto f_err;
1228 }
1229 if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
1230 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1231 ERR_R_BN_LIB);
1232 goto err;
1233 }
1234 p += i;
1235
1236 if (param_len + 2 > n)
1237 goto truncated;
1238 n2s(p, i);
1239 param_len += i + 2;
1240 if (param_len > n) {
1241 al = SSL_AD_DECODE_ERROR;
1242 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1243 SSL_R_BAD_RSA_E_LENGTH);
1244 goto f_err;
1245 }
1246 if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
1247 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1248 ERR_R_BN_LIB);
1249 goto err;
1250 }
1251 p += i;
1252 n -= param_len;
1253
1254 /*
1255 * This should be because we are using an
1256 * export cipher
1257 */
1258 if (alg_a & SSL_aRSA)
1259 pkey = X509_get_pubkey(
1260 s->session->sess_cert->peer_pkeys[
1261 SSL_PKEY_RSA_ENC].x509);
1262 else {
1263 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1264 ERR_R_INTERNAL_ERROR);
1265 goto err;
1266 }
1267 s->session->sess_cert->peer_rsa_tmp = rsa;
1268 rsa = NULL;
1269 } else if (alg_k & SSL_kDHE) {
1270 if ((dh = DH_new()) == NULL) { 1211 if ((dh = DH_new()) == NULL) {
1271 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, 1212 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1272 ERR_R_DH_LIB); 1213 ERR_R_DH_LIB);
@@ -1976,24 +1917,19 @@ ssl3_send_client_key_exchange(SSL *s)
1976 RSA *rsa; 1917 RSA *rsa;
1977 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 1918 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1978 1919
1979 if (s->session->sess_cert->peer_rsa_tmp != NULL) 1920 pkey = X509_get_pubkey(
1980 rsa = s->session->sess_cert->peer_rsa_tmp; 1921 s->session->sess_cert->peer_pkeys[
1981 else { 1922 SSL_PKEY_RSA_ENC].x509);
1982 pkey = X509_get_pubkey( 1923 if ((pkey == NULL) ||
1983 s->session->sess_cert->peer_pkeys[ 1924 (pkey->type != EVP_PKEY_RSA) ||
1984 SSL_PKEY_RSA_ENC].x509); 1925 (pkey->pkey.rsa == NULL)) {
1985 if ((pkey == NULL) || 1926 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1986 (pkey->type != EVP_PKEY_RSA) || 1927 ERR_R_INTERNAL_ERROR);
1987 (pkey->pkey.rsa == NULL)) {
1988 SSLerr(
1989 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1990 ERR_R_INTERNAL_ERROR);
1991 EVP_PKEY_free(pkey);
1992 goto err;
1993 }
1994 rsa = pkey->pkey.rsa;
1995 EVP_PKEY_free(pkey); 1928 EVP_PKEY_free(pkey);
1929 goto err;
1996 } 1930 }
1931 rsa = pkey->pkey.rsa;
1932 EVP_PKEY_free(pkey);
1997 1933
1998 tmp_buf[0] = s->client_version >> 8; 1934 tmp_buf[0] = s->client_version >> 8;
1999 tmp_buf[1] = s->client_version & 0xff; 1935 tmp_buf[1] = s->client_version & 0xff;
@@ -2631,7 +2567,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2631 long alg_k, alg_a; 2567 long alg_k, alg_a;
2632 EVP_PKEY *pkey = NULL; 2568 EVP_PKEY *pkey = NULL;
2633 SESS_CERT *sc; 2569 SESS_CERT *sc;
2634 RSA *rsa;
2635 DH *dh; 2570 DH *dh;
2636 2571
2637 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 2572 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@@ -2647,8 +2582,6 @@ ssl3_check_cert_and_algorithm(SSL *s)
2647 ERR_R_INTERNAL_ERROR); 2582 ERR_R_INTERNAL_ERROR);
2648 goto err; 2583 goto err;
2649 } 2584 }
2650
2651 rsa = s->session->sess_cert->peer_rsa_tmp;
2652 dh = s->session->sess_cert->peer_dh_tmp; 2585 dh = s->session->sess_cert->peer_dh_tmp;
2653 2586
2654 /* This is the passed certificate. */ 2587 /* This is the passed certificate. */
@@ -2681,7 +2614,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2681 goto f_err; 2614 goto f_err;
2682 } 2615 }
2683 if ((alg_k & SSL_kRSA) && 2616 if ((alg_k & SSL_kRSA) &&
2684 !(has_bits(i, EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) { 2617 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2685 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 2618 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2686 SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2619 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2687 goto f_err; 2620 goto f_err;
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index 8bbfcd85d1..8f830d990a 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.46 2014/11/18 05:33:43 miod Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.47 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -406,7 +406,6 @@ ssl_sess_cert_free(SESS_CERT *sc)
406 X509_free(sc->peer_pkeys[i].x509); 406 X509_free(sc->peer_pkeys[i].x509);
407 } 407 }
408 408
409 RSA_free(sc->peer_rsa_tmp);
410 DH_free(sc->peer_dh_tmp); 409 DH_free(sc->peer_dh_tmp);
411 EC_KEY_free(sc->peer_ecdh_tmp); 410 EC_KEY_free(sc->peer_ecdh_tmp);
412 411
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index c425f67a5a..dcc17963ee 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.78 2014/12/06 13:51:06 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.79 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -467,7 +467,6 @@ typedef struct sess_cert_st {
467 /* Obviously we don't have the private keys of these, 467 /* Obviously we don't have the private keys of these,
468 * so maybe we shouldn't even use the CERT_PKEY type here. */ 468 * so maybe we shouldn't even use the CERT_PKEY type here. */
469 469
470 RSA *peer_rsa_tmp;
471 DH *peer_dh_tmp; 470 DH *peer_dh_tmp;
472 EC_KEY *peer_ecdh_tmp; 471 EC_KEY *peer_ecdh_tmp;
473 472
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 8bbfcd85d1..8f830d990a 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_cert.c,v 1.46 2014/11/18 05:33:43 miod Exp $ */ 1/* $OpenBSD: ssl_cert.c,v 1.47 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -406,7 +406,6 @@ ssl_sess_cert_free(SESS_CERT *sc)
406 X509_free(sc->peer_pkeys[i].x509); 406 X509_free(sc->peer_pkeys[i].x509);
407 } 407 }
408 408
409 RSA_free(sc->peer_rsa_tmp);
410 DH_free(sc->peer_dh_tmp); 409 DH_free(sc->peer_dh_tmp);
411 EC_KEY_free(sc->peer_ecdh_tmp); 410 EC_KEY_free(sc->peer_ecdh_tmp);
412 411
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index c425f67a5a..dcc17963ee 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.78 2014/12/06 13:51:06 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.79 2014/12/06 14:24:26 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -467,7 +467,6 @@ typedef struct sess_cert_st {
467 /* Obviously we don't have the private keys of these, 467 /* Obviously we don't have the private keys of these,
468 * so maybe we shouldn't even use the CERT_PKEY type here. */ 468 * so maybe we shouldn't even use the CERT_PKEY type here. */
469 469
470 RSA *peer_rsa_tmp;
471 DH *peer_dh_tmp; 470 DH *peer_dh_tmp;
472 EC_KEY *peer_ecdh_tmp; 471 EC_KEY *peer_ecdh_tmp;
473 472
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 19:33:16 +0000