diff options
author | Matt Caswell <matt@openssl.org> | 2020-10-15 16:45:54 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-11-18 14:14:52 +0000 |
commit | 163f6dc1f70f30de46a68137c36e70cae4d95cd8 (patch) | |
tree | c7f1c37b230a8f226b716b65736c2b1cb236cfd4 /ssl/s3_lib.c | |
parent | 9912be1b33bf2a65672d70ad75e07e0d63d33df3 (diff) |
Implement a replacement for SSL_set_tmp_dh()
The old function took a DH as a parameter. In the new version we pass
an EVP_PKEY instead. Similarly for the SSL_CTX version of this function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 664844302a..8a572b8dd3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3465,15 +3465,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } - if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_security_bits(pkdh), 0, pkdh)) { - ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); - EVP_PKEY_free(pkdh); - return 0; - } - EVP_PKEY_free(s->cert->dh_tmp); - s->cert->dh_tmp = pkdh; - return 1; + return SSL_set0_tmp_dh_pkey(s, pkdh); } break; case SSL_CTRL_SET_TMP_DH_CB: @@ -3816,15 +3808,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return 0; } - if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, - EVP_PKEY_security_bits(pkdh), 0, pkdh)) { - ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); - EVP_PKEY_free(pkdh); - return 0; - } - EVP_PKEY_free(ctx->cert->dh_tmp); - ctx->cert->dh_tmp = pkdh; - return 1; + return SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh); } case SSL_CTRL_SET_TMP_DH_CB: { |