diff options
| -rw-r--r-- | lib/libssl/s3_lib.c | 18 | ||||
| -rw-r--r-- | lib/libssl/s3_srvr.c | 25 |
2 files changed, 6 insertions, 37 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index ce383bb209f..e7f71d6b6f4 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.106 2015/09/12 16:10:07 doug Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.107 2016/01/27 02:06:16 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2141,14 +2141,6 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ERR_R_DH_LIB); return (ret); } - if (!(s->options & SSL_OP_SINGLE_DH_USE)) { - if (!DH_generate_key(dh)) { - DH_free(dh); - SSLerr(SSL_F_SSL3_CTRL, - ERR_R_DH_LIB); - return (ret); - } - } DH_free(s->cert->dh_tmp); s->cert->dh_tmp = dh; ret = 1; @@ -2332,14 +2324,6 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ERR_R_DH_LIB); return 0; } - if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { - if (!DH_generate_key(new)) { - SSLerr(SSL_F_SSL3_CTX_CTRL, - ERR_R_DH_LIB); - DH_free(new); - return 0; - } - } DH_free(cert->dh_tmp); cert->dh_tmp = new; return 1; diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 37d96e4e183..c992406ca8f 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.123 2015/09/13 12:39:16 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.124 2016/01/27 02:06:16 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1236,25 +1236,10 @@ ssl3_send_server_key_exchange(SSL *s) goto err; } s->s3->tmp.dh = dh; - - if ((dhp->pub_key == NULL || dhp->priv_key == NULL || - (s->options & SSL_OP_SINGLE_DH_USE))) { - if (!DH_generate_key(dh)) { - SSLerr( - SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_R_DH_LIB); - goto err; - } - } else { - dh->pub_key = BN_dup(dhp->pub_key); - dh->priv_key = BN_dup(dhp->priv_key); - if ((dh->pub_key == NULL) || - (dh->priv_key == NULL)) { - SSLerr( - SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_R_DH_LIB); - goto err; - } + if (!DH_generate_key(dh)) { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + ERR_R_DH_LIB); + goto err; } r[0] = dh->p; r[1] = dh->g; |