EVP_PKEY DH client support.

[openssl.git] / ssl / s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 4fc4426cd9e99c37a9d1cf2de21178a50202d78a..f3bf017042e4a6ddfd733f4bed50ae974fdfc051 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3377,11 +3377,13 @@ void ssl3_free(SSL *s)
 
 #ifndef OPENSSL_NO_DH
     DH_free(s->s3->tmp.dh);
-    DH_free(s->s3->peer_dh_tmp);
 #endif
+
 #ifndef OPENSSL_NO_EC
     EVP_PKEY_free(s->s3->tmp.pkey);
     s->s3->tmp.pkey = NULL;
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
     EVP_PKEY_free(s->s3->peer_tmp);
     s->s3->peer_tmp = NULL;
 #endif
@@ -3414,15 +3416,15 @@ void ssl3_clear(SSL *s)
 #ifndef OPENSSL_NO_DH
     DH_free(s->s3->tmp.dh);
     s->s3->tmp.dh = NULL;
-    DH_free(s->s3->peer_dh_tmp);
-    s->s3->peer_dh_tmp = NULL;
 #endif
 #ifndef OPENSSL_NO_EC
     EVP_PKEY_free(s->s3->tmp.pkey);
     s->s3->tmp.pkey = NULL;
+    s->s3->is_probably_safari = 0;
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
     EVP_PKEY_free(s->s3->peer_tmp);
     s->s3->peer_tmp = NULL;
-    s->s3->is_probably_safari = 0;
 #endif                         /* !OPENSSL_NO_EC */
 
     ssl3_free_digest_list(s);
@@ -3499,13 +3501,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
                 return (ret);
             }
-            if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
-                if (!DH_generate_key(dh)) {
-                    DH_free(dh);
-                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-                    return (ret);
-                }
-            }
             DH_free(s->cert->dh_tmp);
             s->cert->dh_tmp = dh;
             ret = 1;
@@ -3766,34 +3761,17 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             return 0;
 
     case SSL_CTRL_GET_SERVER_TMP_KEY:
-        if (s->server || !s->session)
-            return 0;
-        else {
-            EVP_PKEY *ptmp;
-            int rv = 0;
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
-            if (s->s3->peer_dh_tmp == NULL && s->s3->peer_tmp == NULL)
-                return 0;
-#endif
-            ptmp = EVP_PKEY_new();
-            if (ptmp == NULL)
-                return 0;
-#ifndef OPENSSL_NO_DH
-            else if (s->s3->peer_dh_tmp != NULL)
-                rv = EVP_PKEY_set1_DH(ptmp, s->s3->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_EC
-            else if (s->s3->peer_tmp != NULL)
-                rv = EVP_PKEY_set1_EC_KEY(ptmp,
-                                          EVP_PKEY_get0_EC_KEY(s->s3->peer_tmp));
-#endif
-            if (rv) {
-                *(EVP_PKEY **)parg = ptmp;
-                return 1;
-            }
-            EVP_PKEY_free(ptmp);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+        if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
             return 0;
+        } else {
+            EVP_PKEY_up_ref(s->s3->peer_tmp);
+            *(EVP_PKEY **)parg = s->s3->peer_tmp;
+            return 1;
         }
+#else
+        return 0;
+#endif
 #ifndef OPENSSL_NO_EC
     case SSL_CTRL_GET_EC_POINT_FORMATS:
         {
@@ -3887,12 +3865,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
                 return 0;
             }
-            if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
-                if (!DH_generate_key(new)) {
-                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
-                    DH_free(new);
-                    return 0;
-                }
+            if (!DH_generate_key(new)) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+                DH_free(new);
+                return 0;
             }
             DH_free(cert->dh_tmp);
             cert->dh_tmp = new;