Permalink
Browse files

deprecate SSL_OP_SINGLE_DH_USE

ok jsing@
  • Loading branch information...
beck
beck committed Jan 27, 2016
1 parent 0a35a20 commit 5e12fe810f6fbbb375e66fe54abe8cc34750d5c2
Showing with 6 additions and 37 deletions.
  1. +1 −17 src/lib/libssl/src/ssl/s3_lib.c
  2. +5 −20 src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
/* $OpenBSD: s3_lib.c,v 1.105 2015/09/12 15:03:39 jsing Exp $ */
/* $OpenBSD: s3_lib.c,v 1.106 2015/09/12 16:10:07 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2141,14 +2141,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ERR_R_DH_LIB);
return (ret);
}
if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
if (!DH_generate_key(dh)) {
DH_free(dh);
SSLerr(SSL_F_SSL3_CTRL,
ERR_R_DH_LIB);
return (ret);
}
}
DH_free(s->cert->dh_tmp);
s->cert->dh_tmp = dh;
ret = 1;
@@ -2332,14 +2324,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
ERR_R_DH_LIB);
return 0;
}
if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
if (!DH_generate_key(new)) {
SSLerr(SSL_F_SSL3_CTX_CTRL,
ERR_R_DH_LIB);
DH_free(new);
return 0;
}
}
DH_free(cert->dh_tmp);
cert->dh_tmp = new;
return 1;
@@ -1,4 +1,4 @@
/* $OpenBSD: s3_srvr.c,v 1.122 2015/09/13 09:20:19 jsing Exp $ */
/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s)
goto err;
}
s->s3->tmp.dh = dh;
if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
(s->options & SSL_OP_SINGLE_DH_USE))) {
if (!DH_generate_key(dh)) {
SSLerr(
SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
ERR_R_DH_LIB);
goto err;
}
} else {
dh->pub_key = BN_dup(dhp->pub_key);
dh->priv_key = BN_dup(dhp->priv_key);
if ((dh->pub_key == NULL) ||
(dh->priv_key == NULL)) {
SSLerr(
SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
ERR_R_DH_LIB);
goto err;
}
if (!DH_generate_key(dh)) {
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
ERR_R_DH_LIB);
goto err;
}
r[0] = dh->p;
r[1] = dh->g;

0 comments on commit 5e12fe8

Please sign in to comment.