diff options
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 58 |
1 files changed, 14 insertions, 44 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 1abe01cd88..abebaa0fc4 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.154 2017/08/09 17:49:54 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.155 2017/08/10 17:18:38 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1838,39 +1838,26 @@ _SSL_set_dh_auto(SSL *s, int state) | |||
| 1838 | static int | 1838 | static int |
| 1839 | _SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh) | 1839 | _SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh) |
| 1840 | { | 1840 | { |
| 1841 | const EC_GROUP *group; | ||
| 1842 | int nid; | ||
| 1843 | |||
| 1841 | if (!ssl_cert_inst(&s->cert)) { | 1844 | if (!ssl_cert_inst(&s->cert)) { |
| 1842 | SSLerror(s, ERR_R_MALLOC_FAILURE); | 1845 | SSLerror(s, ERR_R_MALLOC_FAILURE); |
| 1843 | return 0; | 1846 | return 0; |
| 1844 | } | 1847 | } |
| 1845 | 1848 | ||
| 1846 | if (ecdh == NULL) { | 1849 | if (ecdh == NULL) |
| 1847 | SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1848 | return 0; | 1850 | return 0; |
| 1849 | } | 1851 | if ((group = EC_KEY_get0_group(ecdh)) == NULL) |
| 1850 | |||
| 1851 | if (!EC_KEY_up_ref(ecdh)) { | ||
| 1852 | SSLerror(s, ERR_R_ECDH_LIB); | ||
| 1853 | return 0; | 1852 | return 0; |
| 1854 | } | ||
| 1855 | |||
| 1856 | if (!(s->internal->options & SSL_OP_SINGLE_ECDH_USE)) { | ||
| 1857 | if (!EC_KEY_generate_key(ecdh)) { | ||
| 1858 | EC_KEY_free(ecdh); | ||
| 1859 | SSLerror(s, ERR_R_ECDH_LIB); | ||
| 1860 | return 0; | ||
| 1861 | } | ||
| 1862 | } | ||
| 1863 | |||
| 1864 | EC_KEY_free(s->cert->ecdh_tmp); | ||
| 1865 | s->cert->ecdh_tmp = ecdh; | ||
| 1866 | 1853 | ||
| 1867 | return 1; | 1854 | nid = EC_GROUP_get_curve_name(group); |
| 1855 | return SSL_set1_groups(s, &nid, 1); | ||
| 1868 | } | 1856 | } |
| 1869 | 1857 | ||
| 1870 | static int | 1858 | static int |
| 1871 | _SSL_set_ecdh_auto(SSL *s, int state) | 1859 | _SSL_set_ecdh_auto(SSL *s, int state) |
| 1872 | { | 1860 | { |
| 1873 | s->cert->ecdh_tmp_auto = state; | ||
| 1874 | return 1; | 1861 | return 1; |
| 1875 | } | 1862 | } |
| 1876 | 1863 | ||
| @@ -2095,7 +2082,6 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | |||
| 2095 | return 1; | 2082 | return 1; |
| 2096 | 2083 | ||
| 2097 | case SSL_CTRL_SET_TMP_ECDH_CB: | 2084 | case SSL_CTRL_SET_TMP_ECDH_CB: |
| 2098 | s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
| 2099 | return 1; | 2085 | return 1; |
| 2100 | 2086 | ||
| 2101 | case SSL_CTRL_SET_TLSEXT_DEBUG_CB: | 2087 | case SSL_CTRL_SET_TLSEXT_DEBUG_CB: |
| @@ -2133,35 +2119,21 @@ _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) | |||
| 2133 | static int | 2119 | static int |
| 2134 | _SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh) | 2120 | _SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh) |
| 2135 | { | 2121 | { |
| 2136 | EC_KEY *ecdh_tmp; | 2122 | const EC_GROUP *group; |
| 2123 | int nid; | ||
| 2137 | 2124 | ||
| 2138 | if (ecdh == NULL) { | 2125 | if (ecdh == NULL) |
| 2139 | SSLerrorx(ERR_R_ECDH_LIB); | ||
| 2140 | return 0; | 2126 | return 0; |
| 2141 | } | 2127 | if ((group = EC_KEY_get0_group(ecdh)) == NULL) |
| 2142 | |||
| 2143 | if ((ecdh_tmp = EC_KEY_dup(ecdh)) == NULL) { | ||
| 2144 | SSLerrorx(ERR_R_EC_LIB); | ||
| 2145 | return 0; | 2128 | return 0; |
| 2146 | } | ||
| 2147 | if (!(ctx->internal->options & SSL_OP_SINGLE_ECDH_USE)) { | ||
| 2148 | if (!EC_KEY_generate_key(ecdh_tmp)) { | ||
| 2149 | EC_KEY_free(ecdh_tmp); | ||
| 2150 | SSLerrorx(ERR_R_ECDH_LIB); | ||
| 2151 | return 0; | ||
| 2152 | } | ||
| 2153 | } | ||
| 2154 | 2129 | ||
| 2155 | EC_KEY_free(ctx->internal->cert->ecdh_tmp); | 2130 | nid = EC_GROUP_get_curve_name(group); |
| 2156 | ctx->internal->cert->ecdh_tmp = ecdh_tmp; | 2131 | return SSL_CTX_set1_groups(ctx, &nid, 1); |
| 2157 | |||
| 2158 | return 1; | ||
| 2159 | } | 2132 | } |
| 2160 | 2133 | ||
| 2161 | static int | 2134 | static int |
| 2162 | _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state) | 2135 | _SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state) |
| 2163 | { | 2136 | { |
| 2164 | ctx->internal->cert->ecdh_tmp_auto = state; | ||
| 2165 | return 1; | 2137 | return 1; |
| 2166 | } | 2138 | } |
| 2167 | 2139 | ||
| @@ -2347,8 +2319,6 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | |||
| 2347 | return 1; | 2319 | return 1; |
| 2348 | 2320 | ||
| 2349 | case SSL_CTRL_SET_TMP_ECDH_CB: | 2321 | case SSL_CTRL_SET_TMP_ECDH_CB: |
| 2350 | ctx->internal->cert->ecdh_tmp_cb = | ||
| 2351 | (EC_KEY *(*)(SSL *, int, int))fp; | ||
| 2352 | return 1; | 2322 | return 1; |
| 2353 | 2323 | ||
| 2354 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: | 2324 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: |