1 files changed, 5 insertions, 21 deletions

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index d4d564a688..c01dc77254 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.27 2014/06/30 14:13:27 tedu Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.28 2014/07/09 11:25:42 jsing Exp $ */
 /* 
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -473,9 +473,6 @@ dtls1_accept(SSL *s)
                         || (alg_k & SSL_kEECDH)
                         || ((alg_k & SSL_kRSA)
                         && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-                        || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
-                        && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
-                        )
                         )
                         )
                         ) {
@@ -1047,9 +1044,7 @@ dtls1_send_server_key_exchange(SSL *s)
                 if (type & SSL_kRSA) {
                         rsa = cert->rsa_tmp;
                         if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
-                                rsa = s->cert->rsa_tmp_cb(s,
-                                SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-                                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                                rsa = s->cert->rsa_tmp_cb(s, 0, 0);
                                 if (rsa == NULL) {
                                         al = SSL_AD_HANDSHAKE_FAILURE;
                                         SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
@@ -1070,9 +1065,7 @@ dtls1_send_server_key_exchange(SSL *s)
                 if (type & SSL_kEDH) {
                         dhp = cert->dh_tmp;
                         if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-                                dhp = s->cert->dh_tmp_cb(s,
-                                    SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-                                    SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+                                dhp = s->cert->dh_tmp_cb(s, 0, 0);
                         if (dhp == NULL) {
                                 al = SSL_AD_HANDSHAKE_FAILURE;
                                 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
@@ -1115,11 +1108,8 @@ dtls1_send_server_key_exchange(SSL *s)
                         const EC_GROUP *group;
 
                         ecdhp = cert->ecdh_tmp;
-                        if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
-                                ecdhp = s->cert->ecdh_tmp_cb(s,
-                                SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-                                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-                        }
+                        if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL)
+                                ecdhp = s->cert->ecdh_tmp_cb(s, 0, 0);
                         if (ecdhp == NULL) {
                                 al = SSL_AD_HANDSHAKE_FAILURE;
                                 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
@@ -1160,12 +1150,6 @@ dtls1_send_server_key_exchange(SSL *s)
                                 goto err;
                         }
 
-                        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-                            (EC_GROUP_get_degree(group) > 163)) {
-                                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-                                goto err;
-                        }
-
                         /* XXX: For now, we only support ephemeral ECDH
                          * keys over named (not generic) curves. For 
                          * supported named curves, curve_id is non-zero.