4 files changed, 12 insertions, 74 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index ce383bb209..e7f71d6b6f 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.106 2015/09/12 16:10:07 doug Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.107 2016/01/27 02:06:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2141,14 +2141,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                                    ERR_R_DH_LIB);
                                return (ret);
                        }
-                        if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
-                                if (!DH_generate_key(dh)) {
-                                        DH_free(dh);
-                                        SSLerr(SSL_F_SSL3_CTRL,
-                                            ERR_R_DH_LIB);
-                                        return (ret);
-                                }
-                        }
                        DH_free(s->cert->dh_tmp);
                        s->cert->dh_tmp = dh;
                        ret = 1;
@@ -2332,14 +2324,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                                    ERR_R_DH_LIB);
                                return 0;
                        }
-                        if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
-                                if (!DH_generate_key(new)) {
-                                        SSLerr(SSL_F_SSL3_CTX_CTRL,
-                                            ERR_R_DH_LIB);
-                                        DH_free(new);
-                                        return 0;
-                                }
-                        }
                        DH_free(cert->dh_tmp);
                        cert->dh_tmp = new;
                        return 1;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 37d96e4e18..c992406ca8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s)
                                goto err;
                        }
                        s->s3->tmp.dh = dh;
+                        if (!DH_generate_key(dh)) {
-                        if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                            (s->options & SSL_OP_SINGLE_DH_USE))) {
+                                    ERR_R_DH_LIB);
-                                if (!DH_generate_key(dh)) {
+                                goto err;
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            ERR_R_DH_LIB);
-                                        goto err;
-                                }
-                        } else {
-                                dh->pub_key = BN_dup(dhp->pub_key);
-                                dh->priv_key = BN_dup(dhp->priv_key);
-                                if ((dh->pub_key == NULL) ||
-                                        (dh->priv_key == NULL)) {
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            ERR_R_DH_LIB);
-                                        goto err;
-                                }
                        }
                        r[0] = dh->p;
                        r[1] = dh->g;
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index ce383bb209..e7f71d6b6f 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.106 2015/09/12 16:10:07 doug Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.107 2016/01/27 02:06:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2141,14 +2141,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                                    ERR_R_DH_LIB);
                                return (ret);
                        }
-                        if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
-                                if (!DH_generate_key(dh)) {
-                                        DH_free(dh);
-                                        SSLerr(SSL_F_SSL3_CTRL,
-                                            ERR_R_DH_LIB);
-                                        return (ret);
-                                }
-                        }
                        DH_free(s->cert->dh_tmp);
                        s->cert->dh_tmp = dh;
                        ret = 1;
@@ -2332,14 +2324,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                                    ERR_R_DH_LIB);
                                return 0;
                        }
-                        if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
-                                if (!DH_generate_key(new)) {
-                                        SSLerr(SSL_F_SSL3_CTX_CTRL,
-                                            ERR_R_DH_LIB);
-                                        DH_free(new);
-                                        return 0;
-                                }
-                        }
                        DH_free(cert->dh_tmp);
                        cert->dh_tmp = new;
                        return 1;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 37d96e4e18..c992406ca8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s)
                                goto err;
                        }
                        s->s3->tmp.dh = dh;
+                        if (!DH_generate_key(dh)) {
-                        if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
+                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                            (s->options & SSL_OP_SINGLE_DH_USE))) {
+                                    ERR_R_DH_LIB);
-                                if (!DH_generate_key(dh)) {
+                                goto err;
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            ERR_R_DH_LIB);
-                                        goto err;
-                                }
-                        } else {
-                                dh->pub_key = BN_dup(dhp->pub_key);
-                                dh->priv_key = BN_dup(dhp->priv_key);
-                                if ((dh->pub_key == NULL) ||
-                                        (dh->priv_key == NULL)) {
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            ERR_R_DH_LIB);
-                                        goto err;
-                                }
                        }
                        r[0] = dh->p;
                        r[1] = dh->g;

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index ce383bb209..e7f71d6b6f 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.106 2015/09/12 16:10:07 doug Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.107 2016/01/27 02:06:16 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2141,14 +2141,6 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
2141	ERR_R_DH_LIB);	2141	ERR_R_DH_LIB);
2142	return (ret);	2142	return (ret);
2143	}	2143	}
2144	if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
2145	if (!DH_generate_key(dh)) {
2146	DH_free(dh);
2147	SSLerr(SSL_F_SSL3_CTRL,
2148	ERR_R_DH_LIB);
2149	return (ret);
2150	}
2151	}
2152	DH_free(s->cert->dh_tmp);	2144	DH_free(s->cert->dh_tmp);
2153	s->cert->dh_tmp = dh;	2145	s->cert->dh_tmp = dh;
2154	ret = 1;	2146	ret = 1;
@@ -2332,14 +2324,6 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2332	ERR_R_DH_LIB);	2324	ERR_R_DH_LIB);
2333	return 0;	2325	return 0;
2334	}	2326	}
2335	if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
2336	if (!DH_generate_key(new)) {
2337	SSLerr(SSL_F_SSL3_CTX_CTRL,
2338	ERR_R_DH_LIB);
2339	DH_free(new);
2340	return 0;
2341	}
2342	}
2343	DH_free(cert->dh_tmp);	2327	DH_free(cert->dh_tmp);
2344	cert->dh_tmp = new;	2328	cert->dh_tmp = new;
2345	return 1;	2329	return 1;


diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 37d96e4e18..c992406ca8 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s)
1236	goto err;	1236	goto err;
1237	}	1237	}
1238	s->s3->tmp.dh = dh;	1238	s->s3->tmp.dh = dh;
1239		1239	if (!DH_generate_key(dh)) {
1240	if ((dhp->pub_key == NULL \|\| dhp->priv_key == NULL \|\|	1240	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1241	(s->options & SSL_OP_SINGLE_DH_USE))) {	1241	ERR_R_DH_LIB);
1242	if (!DH_generate_key(dh)) {	1242	goto err;
1243	SSLerr(
1244	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1245	ERR_R_DH_LIB);
1246	goto err;
1247	}
1248	} else {
1249	dh->pub_key = BN_dup(dhp->pub_key);
1250	dh->priv_key = BN_dup(dhp->priv_key);
1251	if ((dh->pub_key == NULL) \|\|
1252	(dh->priv_key == NULL)) {
1253	SSLerr(
1254	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1255	ERR_R_DH_LIB);
1256	goto err;
1257	}
1258	}	1243	}
1259	r[0] = dh->p;	1244	r[0] = dh->p;
1260	r[1] = dh->g;	1245	r[1] = dh->g;


diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index ce383bb209..e7f71d6b6f 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.106 2015/09/12 16:10:07 doug Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.107 2016/01/27 02:06:16 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2141,14 +2141,6 @@ ssl3_ctrl(SSL s, int cmd, long larg, void parg)
2141	ERR_R_DH_LIB);	2141	ERR_R_DH_LIB);
2142	return (ret);	2142	return (ret);
2143	}	2143	}
2144	if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
2145	if (!DH_generate_key(dh)) {
2146	DH_free(dh);
2147	SSLerr(SSL_F_SSL3_CTRL,
2148	ERR_R_DH_LIB);
2149	return (ret);
2150	}
2151	}
2152	DH_free(s->cert->dh_tmp);	2144	DH_free(s->cert->dh_tmp);
2153	s->cert->dh_tmp = dh;	2145	s->cert->dh_tmp = dh;
2154	ret = 1;	2146	ret = 1;
@@ -2332,14 +2324,6 @@ ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
2332	ERR_R_DH_LIB);	2324	ERR_R_DH_LIB);
2333	return 0;	2325	return 0;
2334	}	2326	}
2335	if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
2336	if (!DH_generate_key(new)) {
2337	SSLerr(SSL_F_SSL3_CTX_CTRL,
2338	ERR_R_DH_LIB);
2339	DH_free(new);
2340	return 0;
2341	}
2342	}
2343	DH_free(cert->dh_tmp);	2327	DH_free(cert->dh_tmp);
2344	cert->dh_tmp = new;	2328	cert->dh_tmp = new;
2345	return 1;	2329	return 1;


diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 37d96e4e18..c992406ca8 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s)
1236	goto err;	1236	goto err;
1237	}	1237	}
1238	s->s3->tmp.dh = dh;	1238	s->s3->tmp.dh = dh;
1239		1239	if (!DH_generate_key(dh)) {
1240	if ((dhp->pub_key == NULL \|\| dhp->priv_key == NULL \|\|	1240	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1241	(s->options & SSL_OP_SINGLE_DH_USE))) {	1241	ERR_R_DH_LIB);
1242	if (!DH_generate_key(dh)) {	1242	goto err;
1243	SSLerr(
1244	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1245	ERR_R_DH_LIB);
1246	goto err;
1247	}
1248	} else {
1249	dh->pub_key = BN_dup(dhp->pub_key);
1250	dh->priv_key = BN_dup(dhp->priv_key);
1251	if ((dh->pub_key == NULL) \|\|
1252	(dh->priv_key == NULL)) {
1253	SSLerr(
1254	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1255	ERR_R_DH_LIB);
1256	goto err;
1257	}
1258	}	1243	}
1259	r[0] = dh->p;	1244	r[0] = dh->p;
1260	r[1] = dh->g;	1245	r[1] = dh->g;