7 files changed, 54 insertions, 120 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1abe01cd88..abebaa0fc4 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.154 2017/08/09 17:49:54 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.155 2017/08/10 17:18:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1838,39 +1838,26 @@ _SSL_set_dh_auto(SSL *s, int state)
 static int
 _SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh)
 {
+        const EC_GROUP *group;
+        int nid;
        if (!ssl_cert_inst(&s->cert)) {
                SSLerror(s, ERR_R_MALLOC_FAILURE);
                return 0;
        }
-        if (ecdh == NULL) {
+        if (ecdh == NULL)
-                SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
                return 0;
-        }
+        if ((group = EC_KEY_get0_group(ecdh)) == NULL)
-        if (!EC_KEY_up_ref(ecdh)) {
-                SSLerror(s, ERR_R_ECDH_LIB);
                return 0;
-        }
-        if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                        EC_KEY_free(ecdh);
-                        SSLerror(s, ERR_R_ECDH_LIB);
-                        return 0;
-                }
-        }
-        EC_KEY_free(s->cert->ecdh_tmp);
-        s->cert->ecdh_tmp = ecdh;
-        return 1;
+        nid = EC_GROUP_get_curve_name(group);
+        return SSL_set1_groups(s, &nid, 1);
 }
 static int
 _SSL_set_ecdh_auto(SSL *s, int state)
 {
-        s->cert->ecdh_tmp_auto = state;
        return 1;
 }
@@ -2095,7 +2082,6 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
                return 1;
        case SSL_CTRL_SET_TMP_ECDH_CB:
-                s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
                return 1;
        case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
@@ -2133,35 +2119,21 @@ _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
 static int
 _SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh)
 {
-        EC_KEY *ecdh_tmp;
+        const EC_GROUP *group;
+        int nid;
-        if (ecdh == NULL) {
+        if (ecdh == NULL)
-                SSLerrorx(ERR_R_ECDH_LIB);
                return 0;
-        }
+        if ((group = EC_KEY_get0_group(ecdh)) == NULL)
-        if ((ecdh_tmp = EC_KEY_dup(ecdh)) == NULL) {
-                SSLerrorx(ERR_R_EC_LIB);
                return 0;
-        }
-        if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh_tmp)) {
-                        EC_KEY_free(ecdh_tmp);
-                        SSLerrorx(ERR_R_ECDH_LIB);
-                        return 0;
-                }
-        }
-        EC_KEY_free(ctx->internal->cert->ecdh_tmp);
+        nid = EC_GROUP_get_curve_name(group);
-        ctx->internal->cert->ecdh_tmp = ecdh_tmp;
+        return SSL_CTX_set1_groups(ctx, &nid, 1);
-        return 1;
 }
 static int
 _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
 {
-        ctx->internal->cert->ecdh_tmp_auto = state;
        return 1;
 }
@@ -2347,8 +2319,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                return 1;
        case SSL_CTRL_SET_TMP_ECDH_CB:
-                ctx->internal->cert->ecdh_tmp_cb =
-                    (EC_KEY *(*)(SSL *, int, int))fp;
                return 1;
        case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index dda5192c10..e816dec83c 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.129 2017/05/07 04:22:24 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.130 2017/08/10 17:18:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -503,8 +503,6 @@ struct ssl_session_st {
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
 /* Disallow client initiated renegotiation. */
 #define SSL_OP_NO_CLIENT_RENEGOTIATION                  0x00020000L
-/* If set, always create a new key when using tmp_ecdh parameters */
-#define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */
 #define SSL_OP_SINGLE_DH_USE                            0x00100000L
 /* Set on servers to choose the cipher according to the server's
@@ -549,6 +547,7 @@ struct ssl_session_st {
 #define SSL_OP_PKCS1_CHECK_1                            0x0
 #define SSL_OP_PKCS1_CHECK_2                            0x0
 #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x0
+#define SSL_OP_SINGLE_ECDH_USE                          0x0
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 83a9f2e92d..174441c70e 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.64 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.65 2017/08/10 17:18:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -242,8 +242,6 @@ ssl_cert_dup(CERT *cert)
                        goto err;
                }
        }
-        ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
-        ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
        for (i = 0; i < SSL_PKEY_NUM; i++) {
                if (cert->pkeys[i].x509 != NULL) {
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index d933acb32d..bc8b56d3be 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.162 2017/08/09 22:24:25 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.163 2017/08/10 17:18:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2042,7 +2042,7 @@ void
 ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 {
        int              rsa_enc, rsa_sign, dh_tmp, dsa_sign;
-        int              have_ecc_cert, have_ecdh_tmp;
+        int              have_ecc_cert;
        unsigned long    mask_k, mask_a;
        X509            *x = NULL;
        CERT_PKEY       *cpk;
@@ -2053,9 +2053,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
        dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
            c->dh_tmp_auto != 0);
-        have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
-            c->ecdh_tmp_auto != 0);
        cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
        rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
        cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
@@ -2104,8 +2101,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
                        mask_a|=SSL_aECDSA;
        }
-        if (have_ecdh_tmp)
+        mask_k |= SSL_kECDHE;
-                mask_k|=SSL_kECDHE;
        c->mask_k = mask_k;
        c->mask_a = mask_a;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index f98ce681a2..8ef2d01402 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.183 2017/08/09 22:24:25 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.184 2017/08/10 17:18:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -993,8 +993,6 @@ typedef struct cert_st {
        int dh_tmp_auto;
        EC_KEY *ecdh_tmp;
-        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
-        int ecdh_tmp_auto;
        CERT_PKEY pkeys[SSL_PKEY_NUM];
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 730d4ed1ad..575621a0ce 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.17 2017/05/07 04:22:24 beck Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.18 2017/08/10 17:18:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1267,27 +1267,23 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
 static int
 ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
 {
-        CBB ecpoint;
-        unsigned char *data;
-        EC_KEY *ecdh = NULL, *ecdhp;
        const EC_GROUP *group;
+        const EC_POINT *pubkey;
+        unsigned char *data;
        int encoded_len = 0;
        int curve_id = 0;
        BN_CTX *bn_ctx = NULL;
+        EC_KEY *ecdh;
+        CBB ecpoint;
        int al;
-        ecdhp = s->cert->ecdh_tmp;
+        /*
-        if (s->cert->ecdh_tmp_auto != 0) {
+         * Only named curves are supported in ECDH ephemeral key exchanges.
-                if (nid != NID_undef)
+         * For supported named curves, curve_id is non-zero.
-                        ecdhp = EC_KEY_new_by_curve_name(nid);
+         */
-        } else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) {
+        if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
-                ecdhp = s->cert->ecdh_tmp_cb(s, 0,
+                SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-                    SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));
+                goto err;
-        }
-        if (ecdhp == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
-                goto f_err;
        }
        if (S3I(s)->tmp.ecdh != NULL) {
@@ -1295,46 +1291,28 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
                goto err;
        }
-        /* Duplicate the ECDH structure. */
+        if ((S3I(s)->tmp.ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
-        if (s->cert->ecdh_tmp_auto != 0) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
-                ecdh = ecdhp;
+                SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
-        } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
+                goto f_err;
-                SSLerror(s, ERR_R_ECDH_LIB);
-                goto err;
-        }
-        S3I(s)->tmp.ecdh = ecdh;
-        if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
-            (EC_KEY_get0_private_key(ecdh) == NULL) ||
-            (s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                        SSLerror(s, ERR_R_ECDH_LIB);
-                        goto err;
-                }
        }
+        ecdh = S3I(s)->tmp.ecdh;
-        if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
+        if (!EC_KEY_generate_key(ecdh)) {
-            (EC_KEY_get0_public_key(ecdh)  == NULL) ||
-            (EC_KEY_get0_private_key(ecdh) == NULL)) {
                SSLerror(s, ERR_R_ECDH_LIB);
                goto err;
        }
+        if ((group = EC_KEY_get0_group(ecdh)) == NULL ||
-        /*
+            (pubkey = EC_KEY_get0_public_key(ecdh)) == NULL ||
-         * Only named curves are supported in ECDH ephemeral key exchanges.
+            EC_KEY_get0_private_key(ecdh) == NULL) {
-         * For supported named curves, curve_id is non-zero.
+                SSLerror(s, ERR_R_ECDH_LIB);
-         */
-        if ((curve_id = tls1_ec_nid2curve_id(
-            EC_GROUP_get_curve_name(group))) == 0) {
-                SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
                goto err;
        }
        /*
-         * Encode the public key. First check the size of encoding and
+         * Encode the public key.
-         * allocate memory accordingly.
         */
-        encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
+        encoded_len = EC_POINT_point2oct(group, pubkey,
            POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
        if (encoded_len == 0) {
                SSLerror(s, ERR_R_ECDH_LIB);
@@ -1360,8 +1338,8 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
                goto err;
        if (!CBB_add_space(&ecpoint, &data, encoded_len))
                goto err;
-        if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),
+        if (EC_POINT_point2oct(group, pubkey, POINT_CONVERSION_UNCOMPRESSED,
-            POINT_CONVERSION_UNCOMPRESSED, data, encoded_len, bn_ctx) == 0) {
+            data, encoded_len, bn_ctx) == 0) {
                SSLerror(s, ERR_R_ECDH_LIB);
                goto err;
        }
@@ -1431,7 +1409,7 @@ ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
        nid = tls1_get_shared_curve(s);
-        if (s->cert->ecdh_tmp_auto != 0 && nid == NID_X25519)
+        if (nid == NID_X25519)
                return ssl3_send_server_kex_ecdhe_ecx(s, nid, cbb);
        return ssl3_send_server_kex_ecdhe_ecp(s, nid, cbb);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index ea44e7579a..42fd18fe2d 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.123 2017/08/09 22:24:25 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.124 2017/08/10 17:18:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -611,18 +611,13 @@ tls1_check_ec_tmp_key(SSL *s)
        EC_KEY *ec = s->cert->ecdh_tmp;
        uint16_t curve_id;
-        if (s->cert->ecdh_tmp_auto != 0) {
+        /* Need a shared curve. */
-                /* Need a shared curve. */
+        if (tls1_get_shared_curve(s) != NID_undef)
-                if (tls1_get_shared_curve(s) != NID_undef)
+                return (1);
-                        return (1);
-                return (0);
-        }
-        if (ec == NULL) {
+        if (ec == NULL)
-                if (s->cert->ecdh_tmp_cb != NULL)
-                        return (1);
                return (0);
-        }
        if (tls1_set_ec_id(&curve_id, NULL, ec) != 1)
                return (0);

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 1abe01cd88..abebaa0fc4 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.154 2017/08/09 17:49:54 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.155 2017/08/10 17:18:38 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1838,39 +1838,26 @@ _SSL_set_dh_auto(SSL *s, int state)
1838	static int	1838	static int
1839	_SSL_set_tmp_ecdh(SSL s, EC_KEY ecdh)	1839	_SSL_set_tmp_ecdh(SSL s, EC_KEY ecdh)
1840	{	1840	{
		1841	const EC_GROUP *group;
		1842	int nid;
		1843
1841	if (!ssl_cert_inst(&s->cert)) {	1844	if (!ssl_cert_inst(&s->cert)) {
1842	SSLerror(s, ERR_R_MALLOC_FAILURE);	1845	SSLerror(s, ERR_R_MALLOC_FAILURE);
1843	return 0;	1846	return 0;
1844	}	1847	}
1845		1848
1846	if (ecdh == NULL) {	1849	if (ecdh == NULL)
1847	SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
1848	return 0;	1850	return 0;
1849	}	1851	if ((group = EC_KEY_get0_group(ecdh)) == NULL)
1850
1851	if (!EC_KEY_up_ref(ecdh)) {
1852	SSLerror(s, ERR_R_ECDH_LIB);
1853	return 0;	1852	return 0;
1854	}
1855
1856	if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
1857	if (!EC_KEY_generate_key(ecdh)) {
1858	EC_KEY_free(ecdh);
1859	SSLerror(s, ERR_R_ECDH_LIB);
1860	return 0;
1861	}
1862	}
1863
1864	EC_KEY_free(s->cert->ecdh_tmp);
1865	s->cert->ecdh_tmp = ecdh;
1866		1853
1867	return 1;	1854	nid = EC_GROUP_get_curve_name(group);
		1855	return SSL_set1_groups(s, &nid, 1);
1868	}	1856	}
1869		1857
1870	static int	1858	static int
1871	_SSL_set_ecdh_auto(SSL *s, int state)	1859	_SSL_set_ecdh_auto(SSL *s, int state)
1872	{	1860	{
1873	s->cert->ecdh_tmp_auto = state;
1874	return 1;	1861	return 1;
1875	}	1862	}
1876		1863
@@ -2095,7 +2082,6 @@ ssl3_callback_ctrl(SSL s, int cmd, void (fp)(void))
2095	return 1;	2082	return 1;
2096		2083
2097	case SSL_CTRL_SET_TMP_ECDH_CB:	2084	case SSL_CTRL_SET_TMP_ECDH_CB:
2098	s->cert->ecdh_tmp_cb = (EC_KEY ()(SSL *, int, int))fp;
2099	return 1;	2085	return 1;
2100		2086
2101	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:	2087	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
@@ -2133,35 +2119,21 @@ _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
2133	static int	2119	static int
2134	_SSL_CTX_set_tmp_ecdh(SSL_CTX ctx, EC_KEY ecdh)	2120	_SSL_CTX_set_tmp_ecdh(SSL_CTX ctx, EC_KEY ecdh)
2135	{	2121	{
2136	EC_KEY *ecdh_tmp;	2122	const EC_GROUP *group;
		2123	int nid;
2137		2124
2138	if (ecdh == NULL) {	2125	if (ecdh == NULL)
2139	SSLerrorx(ERR_R_ECDH_LIB);
2140	return 0;	2126	return 0;
2141	}	2127	if ((group = EC_KEY_get0_group(ecdh)) == NULL)
2142
2143	if ((ecdh_tmp = EC_KEY_dup(ecdh)) == NULL) {
2144	SSLerrorx(ERR_R_EC_LIB);
2145	return 0;	2128	return 0;
2146	}
2147	if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
2148	if (!EC_KEY_generate_key(ecdh_tmp)) {
2149	EC_KEY_free(ecdh_tmp);
2150	SSLerrorx(ERR_R_ECDH_LIB);
2151	return 0;
2152	}
2153	}
2154		2129
2155	EC_KEY_free(ctx->internal->cert->ecdh_tmp);	2130	nid = EC_GROUP_get_curve_name(group);
2156	ctx->internal->cert->ecdh_tmp = ecdh_tmp;	2131	return SSL_CTX_set1_groups(ctx, &nid, 1);
2157
2158	return 1;
2159	}	2132	}
2160		2133
2161	static int	2134	static int
2162	_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)	2135	_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
2163	{	2136	{
2164	ctx->internal->cert->ecdh_tmp_auto = state;
2165	return 1;	2137	return 1;
2166	}	2138	}
2167		2139
@@ -2347,8 +2319,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
2347	return 1;	2319	return 1;
2348		2320
2349	case SSL_CTRL_SET_TMP_ECDH_CB:	2321	case SSL_CTRL_SET_TMP_ECDH_CB:
2350	ctx->internal->cert->ecdh_tmp_cb =
2351	(EC_KEY ()(SSL *, int, int))fp;
2352	return 1;	2322	return 1;
2353		2323
2354	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:	2324	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index dda5192c10..e816dec83c 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.129 2017/05/07 04:22:24 beck Exp $ */	1	/* $OpenBSD: ssl.h,v 1.130 2017/08/10 17:18:38 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -503,8 +503,6 @@ struct ssl_session_st {
503	#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L	503	#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
504	/* Disallow client initiated renegotiation. */	504	/* Disallow client initiated renegotiation. */
505	#define SSL_OP_NO_CLIENT_RENEGOTIATION 0x00020000L	505	#define SSL_OP_NO_CLIENT_RENEGOTIATION 0x00020000L
506	/* If set, always create a new key when using tmp_ecdh parameters */
507	#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
508	/* If set, always create a new key when using tmp_dh parameters */	506	/* If set, always create a new key when using tmp_dh parameters */
509	#define SSL_OP_SINGLE_DH_USE 0x00100000L	507	#define SSL_OP_SINGLE_DH_USE 0x00100000L
510	/* Set on servers to choose the cipher according to the server's	508	/* Set on servers to choose the cipher according to the server's
@@ -549,6 +547,7 @@ struct ssl_session_st {
549	#define SSL_OP_PKCS1_CHECK_1 0x0	547	#define SSL_OP_PKCS1_CHECK_1 0x0
550	#define SSL_OP_PKCS1_CHECK_2 0x0	548	#define SSL_OP_PKCS1_CHECK_2 0x0
551	#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0	549	#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0
		550	#define SSL_OP_SINGLE_ECDH_USE 0x0
552	#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0	551	#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
553	#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0	552	#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
554	#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0	553	#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0


diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 83a9f2e92d..174441c70e 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_cert.c,v 1.64 2017/02/07 02:08:38 beck Exp $ */	1	/* $OpenBSD: ssl_cert.c,v 1.65 2017/08/10 17:18:38 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -242,8 +242,6 @@ ssl_cert_dup(CERT *cert)
242	goto err;	242	goto err;
243	}	243	}
244	}	244	}
245	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
246	ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
247		245
248	for (i = 0; i < SSL_PKEY_NUM; i++) {	246	for (i = 0; i < SSL_PKEY_NUM; i++) {
249	if (cert->pkeys[i].x509 != NULL) {	247	if (cert->pkeys[i].x509 != NULL) {


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index d933acb32d..bc8b56d3be 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.162 2017/08/09 22:24:25 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.163 2017/08/10 17:18:38 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2042,7 +2042,7 @@ void
2042	ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher)	2042	ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher)
2043	{	2043	{
2044	int rsa_enc, rsa_sign, dh_tmp, dsa_sign;	2044	int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
2045	int have_ecc_cert, have_ecdh_tmp;	2045	int have_ecc_cert;
2046	unsigned long mask_k, mask_a;	2046	unsigned long mask_k, mask_a;
2047	X509 *x = NULL;	2047	X509 *x = NULL;
2048	CERT_PKEY *cpk;	2048	CERT_PKEY *cpk;
@@ -2053,9 +2053,6 @@ ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher)
2053	dh_tmp = (c->dh_tmp != NULL \|\| c->dh_tmp_cb != NULL \|\|	2053	dh_tmp = (c->dh_tmp != NULL \|\| c->dh_tmp_cb != NULL \|\|
2054	c->dh_tmp_auto != 0);	2054	c->dh_tmp_auto != 0);
2055		2055
2056	have_ecdh_tmp = (c->ecdh_tmp != NULL \|\| c->ecdh_tmp_cb != NULL \|\|
2057	c->ecdh_tmp_auto != 0);
2058
2059	cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);	2056	cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
2060	rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);	2057	rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
2061	cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);	2058	cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
@@ -2104,8 +2101,7 @@ ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher)
2104	mask_a\|=SSL_aECDSA;	2101	mask_a\|=SSL_aECDSA;
2105	}	2102	}
2106		2103
2107	if (have_ecdh_tmp)	2104	mask_k \|= SSL_kECDHE;
2108	mask_k\|=SSL_kECDHE;
2109		2105
2110	c->mask_k = mask_k;	2106	c->mask_k = mask_k;
2111	c->mask_a = mask_a;	2107	c->mask_a = mask_a;


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index f98ce681a2..8ef2d01402 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.183 2017/08/09 22:24:25 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.184 2017/08/10 17:18:38 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -993,8 +993,6 @@ typedef struct cert_st {
993	int dh_tmp_auto;	993	int dh_tmp_auto;
994		994
995	EC_KEY *ecdh_tmp;	995	EC_KEY *ecdh_tmp;
996	EC_KEY (ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
997	int ecdh_tmp_auto;
998		996
999	CERT_PKEY pkeys[SSL_PKEY_NUM];	997	CERT_PKEY pkeys[SSL_PKEY_NUM];
1000		998


diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 730d4ed1ad..575621a0ce 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.17 2017/05/07 04:22:24 beck Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.18 2017/08/10 17:18:38 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1267,27 +1267,23 @@ ssl3_send_server_kex_dhe(SSL s, CBB cbb)
1267	static int	1267	static int
1268	ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)	1268	ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)
1269	{	1269	{
1270	CBB ecpoint;
1271	unsigned char *data;
1272	EC_KEY ecdh = NULL, ecdhp;
1273	const EC_GROUP *group;	1270	const EC_GROUP *group;
		1271	const EC_POINT *pubkey;
		1272	unsigned char *data;
1274	int encoded_len = 0;	1273	int encoded_len = 0;
1275	int curve_id = 0;	1274	int curve_id = 0;
1276	BN_CTX *bn_ctx = NULL;	1275	BN_CTX *bn_ctx = NULL;
		1276	EC_KEY *ecdh;
		1277	CBB ecpoint;
1277	int al;	1278	int al;
1278		1279
1279	ecdhp = s->cert->ecdh_tmp;	1280	/*
1280	if (s->cert->ecdh_tmp_auto != 0) {	1281	* Only named curves are supported in ECDH ephemeral key exchanges.
1281	if (nid != NID_undef)	1282	* For supported named curves, curve_id is non-zero.
1282	ecdhp = EC_KEY_new_by_curve_name(nid);	1283	*/
1283	} else if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) {	1284	if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
1284	ecdhp = s->cert->ecdh_tmp_cb(s, 0,	1285	SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1285	SSL_C_PKEYLENGTH(S3I(s)->hs.new_cipher));	1286	goto err;
1286	}
1287	if (ecdhp == NULL) {
1288	al = SSL_AD_HANDSHAKE_FAILURE;
1289	SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
1290	goto f_err;
1291	}	1287	}
1292		1288
1293	if (S3I(s)->tmp.ecdh != NULL) {	1289	if (S3I(s)->tmp.ecdh != NULL) {
@@ -1295,46 +1291,28 @@ ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)
1295	goto err;	1291	goto err;
1296	}	1292	}
1297		1293
1298	/* Duplicate the ECDH structure. */	1294	if ((S3I(s)->tmp.ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
1299	if (s->cert->ecdh_tmp_auto != 0) {	1295	al = SSL_AD_HANDSHAKE_FAILURE;
1300	ecdh = ecdhp;	1296	SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
1301	} else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {	1297	goto f_err;
1302	SSLerror(s, ERR_R_ECDH_LIB);
1303	goto err;
1304	}
1305	S3I(s)->tmp.ecdh = ecdh;
1306
1307	if ((EC_KEY_get0_public_key(ecdh) == NULL) \|\|
1308	(EC_KEY_get0_private_key(ecdh) == NULL) \|\|
1309	(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
1310	if (!EC_KEY_generate_key(ecdh)) {
1311	SSLerror(s, ERR_R_ECDH_LIB);
1312	goto err;
1313	}
1314	}	1298	}
		1299	ecdh = S3I(s)->tmp.ecdh;
1315		1300
1316	if (((group = EC_KEY_get0_group(ecdh)) == NULL) \|\|	1301	if (!EC_KEY_generate_key(ecdh)) {
1317	(EC_KEY_get0_public_key(ecdh) == NULL) \|\|
1318	(EC_KEY_get0_private_key(ecdh) == NULL)) {
1319	SSLerror(s, ERR_R_ECDH_LIB);	1302	SSLerror(s, ERR_R_ECDH_LIB);
1320	goto err;	1303	goto err;
1321	}	1304	}
1322		1305	if ((group = EC_KEY_get0_group(ecdh)) == NULL \|\|
1323	/*	1306	(pubkey = EC_KEY_get0_public_key(ecdh)) == NULL \|\|
1324	* Only named curves are supported in ECDH ephemeral key exchanges.	1307	EC_KEY_get0_private_key(ecdh) == NULL) {
1325	* For supported named curves, curve_id is non-zero.	1308	SSLerror(s, ERR_R_ECDH_LIB);
1326	*/
1327	if ((curve_id = tls1_ec_nid2curve_id(
1328	EC_GROUP_get_curve_name(group))) == 0) {
1329	SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1330	goto err;	1309	goto err;
1331	}	1310	}
1332		1311
1333	/*	1312	/*
1334	* Encode the public key. First check the size of encoding and	1313	* Encode the public key.
1335	* allocate memory accordingly.
1336	*/	1314	*/
1337	encoded_len = EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),	1315	encoded_len = EC_POINT_point2oct(group, pubkey,
1338	POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);	1316	POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
1339	if (encoded_len == 0) {	1317	if (encoded_len == 0) {
1340	SSLerror(s, ERR_R_ECDH_LIB);	1318	SSLerror(s, ERR_R_ECDH_LIB);
@@ -1360,8 +1338,8 @@ ssl3_send_server_kex_ecdhe_ecp(SSL s, int nid, CBB cbb)
1360	goto err;	1338	goto err;
1361	if (!CBB_add_space(&ecpoint, &data, encoded_len))	1339	if (!CBB_add_space(&ecpoint, &data, encoded_len))
1362	goto err;	1340	goto err;
1363	if (EC_POINT_point2oct(group, EC_KEY_get0_public_key(ecdh),	1341	if (EC_POINT_point2oct(group, pubkey, POINT_CONVERSION_UNCOMPRESSED,
1364	POINT_CONVERSION_UNCOMPRESSED, data, encoded_len, bn_ctx) == 0) {	1342	data, encoded_len, bn_ctx) == 0) {
1365	SSLerror(s, ERR_R_ECDH_LIB);	1343	SSLerror(s, ERR_R_ECDH_LIB);
1366	goto err;	1344	goto err;
1367	}	1345	}
@@ -1431,7 +1409,7 @@ ssl3_send_server_kex_ecdhe(SSL s, CBB cbb)
1431		1409
1432	nid = tls1_get_shared_curve(s);	1410	nid = tls1_get_shared_curve(s);
1433		1411
1434	if (s->cert->ecdh_tmp_auto != 0 && nid == NID_X25519)	1412	if (nid == NID_X25519)
1435	return ssl3_send_server_kex_ecdhe_ecx(s, nid, cbb);	1413	return ssl3_send_server_kex_ecdhe_ecx(s, nid, cbb);
1436		1414
1437	return ssl3_send_server_kex_ecdhe_ecp(s, nid, cbb);	1415	return ssl3_send_server_kex_ecdhe_ecp(s, nid, cbb);


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index ea44e7579a..42fd18fe2d 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.123 2017/08/09 22:24:25 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.124 2017/08/10 17:18:38 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -611,18 +611,13 @@ tls1_check_ec_tmp_key(SSL *s)
611	EC_KEY *ec = s->cert->ecdh_tmp;	611	EC_KEY *ec = s->cert->ecdh_tmp;
612	uint16_t curve_id;	612	uint16_t curve_id;
613		613
614	if (s->cert->ecdh_tmp_auto != 0) {	614	/* Need a shared curve. */
615	/* Need a shared curve. */	615	if (tls1_get_shared_curve(s) != NID_undef)
616	if (tls1_get_shared_curve(s) != NID_undef)	616	return (1);
617	return (1);
618	return (0);
619	}
620		617
621	if (ec == NULL) {	618	if (ec == NULL)
622	if (s->cert->ecdh_tmp_cb != NULL)
623	return (1);
624	return (0);	619	return (0);
625	}	620
626	if (tls1_set_ec_id(&curve_id, NULL, ec) != 1)	621	if (tls1_set_ec_id(&curve_id, NULL, ec) != 1)
627	return (0);	622	return (0);
628		623