1 files changed, 15 insertions, 88 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 42f8074f8c..08c5111129 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.82 2014/10/03 13:58:17 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.83 2014/10/31 14:51:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1934,8 +1934,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 {
        int ret = 0;
-        if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+        if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
-            cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
                if (!ssl_cert_inst(&s->cert)) {
                        SSLerr(SSL_F_SSL3_CTRL,
                            ERR_R_MALLOC_FAILURE);
@@ -1963,36 +1962,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                ret = (int)(s->s3->flags);
                break;
        case SSL_CTRL_NEED_TMP_RSA:
-                if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
+                ret = 0;
-                    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-                    (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
-                    > (512 / 8))))
-                        ret = 1;
                break;
        case SSL_CTRL_SET_TMP_RSA:
-                {
-                        RSA *rsa = (RSA *)parg;
-                        if (rsa == NULL) {
-                                SSLerr(SSL_F_SSL3_CTRL,
-                                    ERR_R_PASSED_NULL_PARAMETER);
-                                return (ret);
-                        }
-                        if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
-                                SSLerr(SSL_F_SSL3_CTRL,
-                                    ERR_R_RSA_LIB);
-                                return (ret);
-                        }
-                        RSA_free(s->cert->rsa_tmp);
-                        s->cert->rsa_tmp = rsa;
-                        ret = 1;
-                }
-                break;
        case SSL_CTRL_SET_TMP_RSA_CB:
-                {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        SSLerr(SSL_F_SSL3_CTRL,
-                            ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        return (ret);
-                }
                break;
        case SSL_CTRL_SET_TMP_DH:
                {
@@ -2144,7 +2118,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 {
        int     ret = 0;
-        if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) {
+        if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
                if (!ssl_cert_inst(&s->cert)) {
                        SSLerr(SSL_F_SSL3_CALLBACK_CTRL,
                            ERR_R_MALLOC_FAILURE);
@@ -2154,20 +2128,13 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
        switch (cmd) {
        case SSL_CTRL_SET_TMP_RSA_CB:
-                {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-                }
                break;
        case SSL_CTRL_SET_TMP_DH_CB:
-                {
+                s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-                        s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-                }
                break;
        case SSL_CTRL_SET_TMP_ECDH_CB:
-                {
+                s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
-                        s->cert->ecdh_tmp_cb =
-                            (EC_KEY *(*)(SSL *, int, int))fp;
-                }
                break;
        case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
                s->tlsext_debug_cb = (void (*)(SSL *, int , int,
@@ -2188,45 +2155,11 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
        switch (cmd) {
        case SSL_CTRL_NEED_TMP_RSA:
-                if ((cert->rsa_tmp == NULL) &&
+                return (0);
-                    ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-                    (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
-                    (512 / 8))))
-                        return (1);
-                else
-                        return (0);
-                /* break; */
        case SSL_CTRL_SET_TMP_RSA:
-                {
-                        RSA *rsa;
-                        int i;
-                        rsa = (RSA *)parg;
-                        i = 1;
-                        if (rsa == NULL)
-                                i = 0;
-                        else {
-                                if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
-                                        i = 0;
-                        }
-                        if (!i) {
-                                SSLerr(SSL_F_SSL3_CTX_CTRL,
-                                    ERR_R_RSA_LIB);
-                                return (0);
-                        } else {
-                                RSA_free(cert->rsa_tmp);
-                                cert->rsa_tmp = rsa;
-                                return (1);
-                        }
-                }
-                /* break; */
        case SSL_CTRL_SET_TMP_RSA_CB:
-                {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        SSLerr(SSL_F_SSL3_CTX_CTRL,
+                return (0);
-                            ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        return (0);
-                }
-                break;
        case SSL_CTRL_SET_TMP_DH:
                {
                        DH *new = NULL, *dh;
@@ -2366,19 +2299,13 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        switch (cmd) {
        case SSL_CTRL_SET_TMP_RSA_CB:
-                {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                        cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+                return (0);
-                }
-                break;
        case SSL_CTRL_SET_TMP_DH_CB:
-                {
+                cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-                        cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-                }
                break;
        case SSL_CTRL_SET_TMP_ECDH_CB:
-                {
+                cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
-                        cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
-                }
                break;
        case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
                ctx->tlsext_servername_callback =

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 42f8074f8c..08c5111129 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.82 2014/10/03 13:58:17 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.83 2014/10/31 14:51:01 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1934,8 +1934,7 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
1934	{	1934	{
1935	int ret = 0;	1935	int ret = 0;
1936		1936
1937	if (cmd == SSL_CTRL_SET_TMP_RSA \|\| cmd == SSL_CTRL_SET_TMP_RSA_CB \|\|	1937	if (cmd == SSL_CTRL_SET_TMP_DH \|\| cmd == SSL_CTRL_SET_TMP_DH_CB) {
1938	cmd == SSL_CTRL_SET_TMP_DH \|\| cmd == SSL_CTRL_SET_TMP_DH_CB) {
1939	if (!ssl_cert_inst(&s->cert)) {	1938	if (!ssl_cert_inst(&s->cert)) {
1940	SSLerr(SSL_F_SSL3_CTRL,	1939	SSLerr(SSL_F_SSL3_CTRL,
1941	ERR_R_MALLOC_FAILURE);	1940	ERR_R_MALLOC_FAILURE);
@@ -1963,36 +1962,11 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
1963	ret = (int)(s->s3->flags);	1962	ret = (int)(s->s3->flags);
1964	break;	1963	break;
1965	case SSL_CTRL_NEED_TMP_RSA:	1964	case SSL_CTRL_NEED_TMP_RSA:
1966	if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&	1965	ret = 0;
1967	((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) \|\|
1968	(EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)
1969	> (512 / 8))))
1970	ret = 1;
1971	break;	1966	break;
1972	case SSL_CTRL_SET_TMP_RSA:	1967	case SSL_CTRL_SET_TMP_RSA:
1973	{
1974	RSA rsa = (RSA )parg;
1975	if (rsa == NULL) {
1976	SSLerr(SSL_F_SSL3_CTRL,
1977	ERR_R_PASSED_NULL_PARAMETER);
1978	return (ret);
1979	}
1980	if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
1981	SSLerr(SSL_F_SSL3_CTRL,
1982	ERR_R_RSA_LIB);
1983	return (ret);
1984	}
1985	RSA_free(s->cert->rsa_tmp);
1986	s->cert->rsa_tmp = rsa;
1987	ret = 1;
1988	}
1989	break;
1990	case SSL_CTRL_SET_TMP_RSA_CB:	1968	case SSL_CTRL_SET_TMP_RSA_CB:
1991	{	1969	SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1992	SSLerr(SSL_F_SSL3_CTRL,
1993	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1994	return (ret);
1995	}
1996	break;	1970	break;
1997	case SSL_CTRL_SET_TMP_DH:	1971	case SSL_CTRL_SET_TMP_DH:
1998	{	1972	{
@@ -2144,7 +2118,7 @@ ssl3_callback_ctrl(SSL s, int cmd, void (fp)(void))
2144	{	2118	{
2145	int ret = 0;	2119	int ret = 0;
2146		2120
2147	if (cmd == SSL_CTRL_SET_TMP_RSA_CB \|\| cmd == SSL_CTRL_SET_TMP_DH_CB) {	2121	if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
2148	if (!ssl_cert_inst(&s->cert)) {	2122	if (!ssl_cert_inst(&s->cert)) {
2149	SSLerr(SSL_F_SSL3_CALLBACK_CTRL,	2123	SSLerr(SSL_F_SSL3_CALLBACK_CTRL,
2150	ERR_R_MALLOC_FAILURE);	2124	ERR_R_MALLOC_FAILURE);
@@ -2154,20 +2128,13 @@ ssl3_callback_ctrl(SSL s, int cmd, void (fp)(void))
2154		2128
2155	switch (cmd) {	2129	switch (cmd) {
2156	case SSL_CTRL_SET_TMP_RSA_CB:	2130	case SSL_CTRL_SET_TMP_RSA_CB:
2157	{	2131	SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2158	s->cert->rsa_tmp_cb = (RSA ()(SSL *, int, int))fp;
2159	}
2160	break;	2132	break;
2161	case SSL_CTRL_SET_TMP_DH_CB:	2133	case SSL_CTRL_SET_TMP_DH_CB:
2162	{	2134	s->cert->dh_tmp_cb = (DH ()(SSL *, int, int))fp;
2163	s->cert->dh_tmp_cb = (DH ()(SSL *, int, int))fp;
2164	}
2165	break;	2135	break;
2166	case SSL_CTRL_SET_TMP_ECDH_CB:	2136	case SSL_CTRL_SET_TMP_ECDH_CB:
2167	{	2137	s->cert->ecdh_tmp_cb = (EC_KEY ()(SSL *, int, int))fp;
2168	s->cert->ecdh_tmp_cb =
2169	(EC_KEY ()(SSL *, int, int))fp;
2170	}
2171	break;	2138	break;
2172	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:	2139	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2173	s->tlsext_debug_cb = (void ()(SSL , int , int,	2140	s->tlsext_debug_cb = (void ()(SSL , int , int,
@@ -2188,45 +2155,11 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2188		2155
2189	switch (cmd) {	2156	switch (cmd) {
2190	case SSL_CTRL_NEED_TMP_RSA:	2157	case SSL_CTRL_NEED_TMP_RSA:
2191	if ((cert->rsa_tmp == NULL) &&	2158	return (0);
2192	((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) \|\|
2193	(EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
2194	(512 / 8))))
2195	return (1);
2196	else
2197	return (0);
2198	/* break; */
2199	case SSL_CTRL_SET_TMP_RSA:	2159	case SSL_CTRL_SET_TMP_RSA:
2200	{
2201	RSA *rsa;
2202	int i;
2203
2204	rsa = (RSA *)parg;
2205	i = 1;
2206	if (rsa == NULL)
2207	i = 0;
2208	else {
2209	if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2210	i = 0;
2211	}
2212	if (!i) {
2213	SSLerr(SSL_F_SSL3_CTX_CTRL,
2214	ERR_R_RSA_LIB);
2215	return (0);
2216	} else {
2217	RSA_free(cert->rsa_tmp);
2218	cert->rsa_tmp = rsa;
2219	return (1);
2220	}
2221	}
2222	/* break; */
2223	case SSL_CTRL_SET_TMP_RSA_CB:	2160	case SSL_CTRL_SET_TMP_RSA_CB:
2224	{	2161	SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2225	SSLerr(SSL_F_SSL3_CTX_CTRL,	2162	return (0);
2226	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2227	return (0);
2228	}
2229	break;
2230	case SSL_CTRL_SET_TMP_DH:	2163	case SSL_CTRL_SET_TMP_DH:
2231	{	2164	{
2232	DH new = NULL, dh;	2165	DH new = NULL, dh;
@@ -2366,19 +2299,13 @@ ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
2366		2299
2367	switch (cmd) {	2300	switch (cmd) {
2368	case SSL_CTRL_SET_TMP_RSA_CB:	2301	case SSL_CTRL_SET_TMP_RSA_CB:
2369	{	2302	SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2370	cert->rsa_tmp_cb = (RSA ()(SSL *, int, int))fp;	2303	return (0);
2371	}
2372	break;
2373	case SSL_CTRL_SET_TMP_DH_CB:	2304	case SSL_CTRL_SET_TMP_DH_CB:
2374	{	2305	cert->dh_tmp_cb = (DH ()(SSL *, int, int))fp;
2375	cert->dh_tmp_cb = (DH ()(SSL *, int, int))fp;
2376	}
2377	break;	2306	break;
2378	case SSL_CTRL_SET_TMP_ECDH_CB:	2307	case SSL_CTRL_SET_TMP_ECDH_CB:
2379	{	2308	cert->ecdh_tmp_cb = (EC_KEY ()(SSL *, int, int))fp;
2380	cert->ecdh_tmp_cb = (EC_KEY ()(SSL *, int, int))fp;
2381	}
2382	break;	2309	break;
2383	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:	2310	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2384	ctx->tlsext_servername_callback =	2311	ctx->tlsext_servername_callback =