From 3f7702534a377e0a3b33a6681df0af8a57adbc57 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 7 Jan 2022 15:46:30 +0000 Subject: Convert legacy server to tls_key_share. This requires a few more additions to the DHE key share code - we need to be able to either set the DHE parameters or specify the number of key bits for use with auto DHE parameters. Additionally, we need to be able to serialise the DHE parameters to send to the client. This removes the infamous 'tmp' struct from ssl3_state_internal_st. ok inoguchi@ tb@ --- src/lib/libssl/s3_lib.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'src/lib/libssl/s3_lib.c') diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 54261c575a..899432e947 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.221 2022/01/06 18:23:56 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.222 2022/01/07 15:46:30 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1565,10 +1565,6 @@ ssl3_free(SSL *s) ssl3_release_write_buffer(s); freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); - DH_free(S3I(s)->tmp.dh); - EC_KEY_free(S3I(s)->tmp.ecdh); - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - tls_key_share_free(S3I(s)->hs.key_share); tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); @@ -1601,14 +1597,6 @@ ssl3_clear(SSL *s) sk_X509_pop_free(s->internal->verified_chain, X509_free); s->internal->verified_chain = NULL; - DH_free(S3I(s)->tmp.dh); - S3I(s)->tmp.dh = NULL; - EC_KEY_free(S3I(s)->tmp.ecdh); - S3I(s)->tmp.ecdh = NULL; - S3I(s)->tmp.ecdh_nid = NID_undef; - freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); - S3I(s)->tmp.x25519 = NULL; - freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); S3I(s)->hs.sigalgs = NULL; S3I(s)->hs.sigalgs_len = 0; -- cgit v1.2.3-55-g6feb