#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
- DH_free(s->s3->peer_dh_tmp);
#endif
+
#ifndef OPENSSL_NO_EC
EVP_PKEY_free(s->s3->tmp.pkey);
s->s3->tmp.pkey = NULL;
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->peer_tmp);
s->s3->peer_tmp = NULL;
#endif
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
- DH_free(s->s3->peer_dh_tmp);
- s->s3->peer_dh_tmp = NULL;
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY_free(s->s3->tmp.pkey);
s->s3->tmp.pkey = NULL;
+ s->s3->is_probably_safari = 0;
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->peer_tmp);
s->s3->peer_tmp = NULL;
- s->s3->is_probably_safari = 0;
#endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s);
case SSL_CTRL_SET_TMP_DH:
{
DH *dh = (DH *)parg;
+ EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return (ret);
}
+ pkdh = ssl_dh_to_pkey(dh);
+ if (pkdh == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (!ssl_security(s, SSL_SECOP_TMP_DH,
- DH_security_bits(dh), 0, dh)) {
+ EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
- return (ret);
- }
- if ((dh = DHparams_dup(dh)) == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return (ret);
+ EVP_PKEY_free(pkdh);
+ return ret;
}
- DH_free(s->cert->dh_tmp);
- s->cert->dh_tmp = dh;
+ EVP_PKEY_free(s->cert->dh_tmp);
+ s->cert->dh_tmp = pkdh;
ret = 1;
}
break;
return 0;
case SSL_CTRL_GET_SERVER_TMP_KEY:
- if (s->server || !s->session)
- return 0;
- else {
- EVP_PKEY *ptmp;
- int rv = 0;
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
- if (s->s3->peer_dh_tmp == NULL && s->s3->peer_tmp == NULL)
- return 0;
-#endif
- ptmp = EVP_PKEY_new();
- if (ptmp == NULL)
- return 0;
-#ifndef OPENSSL_NO_DH
- else if (s->s3->peer_dh_tmp != NULL)
- rv = EVP_PKEY_set1_DH(ptmp, s->s3->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_EC
- else if (s->s3->peer_tmp != NULL)
- rv = EVP_PKEY_set1_EC_KEY(ptmp,
- EVP_PKEY_get0_EC_KEY(s->s3->peer_tmp));
-#endif
- if (rv) {
- *(EVP_PKEY **)parg = ptmp;
- return 1;
- }
- EVP_PKEY_free(ptmp);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+ if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
return 0;
+ } else {
+ EVP_PKEY_up_ref(s->s3->peer_tmp);
+ *(EVP_PKEY **)parg = s->s3->peer_tmp;
+ return 1;
}
+#else
+ return 0;
+#endif
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
- DH *new = NULL, *dh;
- CERT *cert;
-
- cert = ctx->cert;
- dh = (DH *)parg;
- if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
- DH_security_bits(dh), 0, dh)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+ DH *dh = (DH *)parg;
+ EVP_PKEY *pkdh = NULL;
+ if (dh == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if ((new = DHparams_dup(dh)) == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+ pkdh = ssl_dh_to_pkey(dh);
+ if (pkdh == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
}
- if (!DH_generate_key(new)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
- DH_free(new);
- return 0;
+ if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
+ EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+ EVP_PKEY_free(pkdh);
+ return 1;
}
- DH_free(cert->dh_tmp);
- cert->dh_tmp = new;
+ EVP_PKEY_free(ctx->cert->dh_tmp);
+ ctx->cert->dh_tmp = pkdh;
return 1;
}
/*
EVP_PKEY_CTX_free(pctx);
return rv;
}
+
+EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+{
+ EVP_PKEY *ret;
+ if (dh == NULL)
+ return NULL;
+ ret = EVP_PKEY_new();
+ if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
+ EVP_PKEY_free(ret);
+ return NULL;
+ }
+ return ret;
+}