summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
-rw-r--r--src/lib/libssl/s3_lib.c155
1 files changed, 91 insertions, 64 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 274b2daf81..f9364a4e02 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.148 2017/08/09 15:25:27 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.149 2017/08/09 15:52:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1802,6 +1802,78 @@ _SSL_total_renegotiations(SSL *s)
1802 return S3I(s)->total_renegotiations; 1802 return S3I(s)->total_renegotiations;
1803} 1803}
1804 1804
1805static int
1806_SSL_set_tmp_dh(SSL *s, DH *dh)
1807{
1808 DH *dh_tmp;
1809
1810 if (!ssl_cert_inst(&s->cert)) {
1811 SSLerror(s, ERR_R_MALLOC_FAILURE);
1812 return 0;
1813 }
1814
1815 if (dh == NULL) {
1816 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
1817 return 0;
1818 }
1819
1820 if ((dh_tmp = DHparams_dup(dh)) == NULL) {
1821 SSLerror(s, ERR_R_DH_LIB);
1822 return 0;
1823 }
1824
1825 DH_free(s->cert->dh_tmp);
1826 s->cert->dh_tmp = dh_tmp;
1827
1828 return 1;
1829}
1830
1831static int
1832_SSL_set_dh_auto(SSL *s, int state)
1833{
1834 s->cert->dh_tmp_auto = state;
1835 return 1;
1836}
1837
1838static int
1839_SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh)
1840{
1841 if (!ssl_cert_inst(&s->cert)) {
1842 SSLerror(s, ERR_R_MALLOC_FAILURE);
1843 return 0;
1844 }
1845
1846 if (ecdh == NULL) {
1847 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
1848 return 0;
1849 }
1850
1851 if (!EC_KEY_up_ref(ecdh)) {
1852 SSLerror(s, ERR_R_ECDH_LIB);
1853 return 0;
1854 }
1855
1856 if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
1857 if (!EC_KEY_generate_key(ecdh)) {
1858 EC_KEY_free(ecdh);
1859 SSLerror(s, ERR_R_ECDH_LIB);
1860 return 0;
1861 }
1862 }
1863
1864 EC_KEY_free(s->cert->ecdh_tmp);
1865 s->cert->ecdh_tmp = ecdh;
1866
1867 return 1;
1868}
1869
1870static int
1871_SSL_set_ecdh_auto(SSL *s, int state)
1872{
1873 s->cert->ecdh_tmp_auto = state;
1874 return 1;
1875}
1876
1805int 1877int
1806SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) 1878SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
1807{ 1879{
@@ -1821,13 +1893,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1821{ 1893{
1822 int ret = 0; 1894 int ret = 0;
1823 1895
1824 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_ECDH) {
1825 if (!ssl_cert_inst(&s->cert)) {
1826 SSLerror(s, ERR_R_MALLOC_FAILURE);
1827 return (0);
1828 }
1829 }
1830
1831 switch (cmd) { 1896 switch (cmd) {
1832 case SSL_CTRL_GET_SESSION_REUSED: 1897 case SSL_CTRL_GET_SESSION_REUSED:
1833 return _SSL_session_reused(s); 1898 return _SSL_session_reused(s);
@@ -1841,69 +1906,26 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1841 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: 1906 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
1842 return _SSL_total_renegotiations(s); 1907 return _SSL_total_renegotiations(s);
1843 1908
1844 case SSL_CTRL_NEED_TMP_RSA:
1845 ret = 0;
1846 break;
1847
1848 case SSL_CTRL_SET_TMP_RSA:
1849 case SSL_CTRL_SET_TMP_RSA_CB:
1850 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1851 break;
1852 case SSL_CTRL_SET_TMP_DH: 1909 case SSL_CTRL_SET_TMP_DH:
1853 { 1910 return _SSL_set_tmp_dh(s, (DH *)parg);
1854 DH *dh = (DH *)parg;
1855 if (dh == NULL) {
1856 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
1857 return (ret);
1858 }
1859 if ((dh = DHparams_dup(dh)) == NULL) {
1860 SSLerror(s, ERR_R_DH_LIB);
1861 return (ret);
1862 }
1863 DH_free(s->cert->dh_tmp);
1864 s->cert->dh_tmp = dh;
1865 ret = 1;
1866 }
1867 break;
1868 1911
1869 case SSL_CTRL_SET_TMP_DH_CB: 1912 case SSL_CTRL_SET_TMP_DH_CB:
1870 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1913 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1871 return (ret); 1914 return 0;
1872 1915
1873 case SSL_CTRL_SET_DH_AUTO: 1916 case SSL_CTRL_SET_DH_AUTO:
1874 s->cert->dh_tmp_auto = larg; 1917 return _SSL_set_dh_auto(s, larg);
1875 return 1;
1876 1918
1877 case SSL_CTRL_SET_TMP_ECDH: 1919 case SSL_CTRL_SET_TMP_ECDH:
1878 { 1920 return _SSL_set_tmp_ecdh(s, (EC_KEY *)parg);
1879 EC_KEY *ecdh = NULL;
1880
1881 if (parg == NULL) {
1882 SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
1883 return (ret);
1884 }
1885 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
1886 SSLerror(s, ERR_R_ECDH_LIB);
1887 return (ret);
1888 }
1889 ecdh = (EC_KEY *)parg;
1890 if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) {
1891 if (!EC_KEY_generate_key(ecdh)) {
1892 EC_KEY_free(ecdh);
1893 SSLerror(s, ERR_R_ECDH_LIB);
1894 return (ret);
1895 }
1896 }
1897 EC_KEY_free(s->cert->ecdh_tmp);
1898 s->cert->ecdh_tmp = ecdh;
1899 ret = 1;
1900 }
1901 break;
1902 1921
1903 case SSL_CTRL_SET_TMP_ECDH_CB: 1922 case SSL_CTRL_SET_TMP_ECDH_CB:
1904 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 1923 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1905 return (0); 1924 return (0);
1906 1925
1926 case SSL_CTRL_SET_ECDH_AUTO:
1927 return _SSL_set_ecdh_auto(s, larg);
1928
1907 case SSL_CTRL_SET_TLSEXT_HOSTNAME: 1929 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
1908 if (larg == TLSEXT_NAMETYPE_host_name) { 1930 if (larg == TLSEXT_NAMETYPE_host_name) {
1909 free(s->tlsext_hostname); 1931 free(s->tlsext_hostname);
@@ -1926,6 +1948,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1926 return 0; 1948 return 0;
1927 } 1949 }
1928 break; 1950 break;
1951
1929 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: 1952 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
1930 s->internal->tlsext_debug_arg = parg; 1953 s->internal->tlsext_debug_arg = parg;
1931 ret = 1; 1954 ret = 1;
@@ -1967,11 +1990,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1967 ret = 1; 1990 ret = 1;
1968 break; 1991 break;
1969 1992
1970 case SSL_CTRL_SET_ECDH_AUTO:
1971 s->cert->ecdh_tmp_auto = larg;
1972 ret = 1;
1973 break;
1974
1975 case SSL_CTRL_SET_GROUPS: 1993 case SSL_CTRL_SET_GROUPS:
1976 return SSL_set1_groups(s, parg, larg); 1994 return SSL_set1_groups(s, parg, larg);
1977 1995
@@ -1993,7 +2011,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1993 return SSL_set_max_proto_version(s, larg); 2011 return SSL_set_max_proto_version(s, larg);
1994 2012
1995 /* 2013 /*
1996 * Legacy controls that should be removed. 2014 * Legacy controls that should eventually be removed.
1997 */ 2015 */
1998 case SSL_CTRL_GET_CLIENT_CERT_REQUEST: 2016 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
1999 break; 2017 break;
@@ -2002,6 +2020,15 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2002 ret = (int)(s->s3->flags); 2020 ret = (int)(s->s3->flags);
2003 break; 2021 break;
2004 2022
2023 case SSL_CTRL_NEED_TMP_RSA:
2024 ret = 0;
2025 break;
2026
2027 case SSL_CTRL_SET_TMP_RSA:
2028 case SSL_CTRL_SET_TMP_RSA_CB:
2029 SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2030 break;
2031
2005 default: 2032 default:
2006 break; 2033 break;
2007 } 2034 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 12:54:13 +0000