From 224cc55e7b0aa21110d14dd564e88e13893a294e Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Mon, 28 Jul 2014 04:23:12 +0000
Subject: The RSA, DH, and ECDH temporary key callbacks expect the number of
 keybits for the key (expressed in RSA key bits, which makes *no sense* for
 ECDH) as their second argument, not zero.

(jsing@ notes that the RSA callback is only invoked for 'export' ciphers,
which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA
option, which is makes the application non-compliant.  More fuel for the
tedu fire...)

jasper@ noted the breakage and bisected it down to the diff that broke this
ok jsing@ miod@
---
 src/lib/libssl/ssl_locl.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_locl.h')

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 34e6337856..3c1c444cb0 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.63 2014/07/28 04:23:12 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -368,6 +368,12 @@
 #define SSL_MEDIUM		0x00000040L
 #define SSL_HIGH		0x00000080L
 
+/*
+ * The keylength (measured in RSA key bits, I guess)  for temporary keys.
+ * Cipher argument is so that this can be variable in the future.
+ */
+#define SSL_C_PKEYLENGTH(c)	1024
+
 /* Check if an SSL structure is using DTLS. */
 #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
 
-- 
cgit v1.2.3-55-g6feb