deprecate SSL_OP_SINGLE_DH_USE

ok jsing@
libressl · Jan 27, 2016 · 5e12fe8 · 5e12fe8
1 parent 0a35a20
commit 5e12fe8
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 37 deletions.
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.105 2015/09/12 15:03:39 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.106 2015/09/12 16:10:07 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2141,14 +2141,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 				    ERR_R_DH_LIB);
 				return (ret);
 			}
-			if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
-				if (!DH_generate_key(dh)) {
-					DH_free(dh);
-					SSLerr(SSL_F_SSL3_CTRL,
-					    ERR_R_DH_LIB);
-					return (ret);
-				}
-			}
 			DH_free(s->cert->dh_tmp);
 			s->cert->dh_tmp = dh;
 			ret = 1;
@@ -2332,14 +2324,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 				    ERR_R_DH_LIB);
 				return 0;
 			}
-			if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
-				if (!DH_generate_key(new)) {
-					SSLerr(SSL_F_SSL3_CTX_CTRL,
-					    ERR_R_DH_LIB);
-					DH_free(new);
-					return 0;
-				}
-			}
 			DH_free(cert->dh_tmp);
 			cert->dh_tmp = new;
 			return 1;

diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.122 2015/09/13 09:20:19 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s)
 				goto err;
 			}
 			s->s3->tmp.dh = dh;
-
-			if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
-			    (s->options & SSL_OP_SINGLE_DH_USE))) {
-				if (!DH_generate_key(dh)) {
-					SSLerr(
-					    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-					    ERR_R_DH_LIB);
-					goto err;
-				}
-			} else {
-				dh->pub_key = BN_dup(dhp->pub_key);
-				dh->priv_key = BN_dup(dhp->priv_key);
-				if ((dh->pub_key == NULL) ||
-					(dh->priv_key == NULL)) {
-					SSLerr(
-					    SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-					    ERR_R_DH_LIB);
-					goto err;
-				}
+			if (!DH_generate_key(dh)) {
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+				    ERR_R_DH_LIB);
+				goto err;
 			}
 			r[0] = dh->p;
 			r[1] = dh->g;