diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2020-12-08 18:10:16 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2020-12-08 18:10:16 +0000 |
commit | 970a464089066970886f0bce6d1c9dcfbcb2e8ea (patch) | |
tree | 655c2eb8197c7c07b52e3246e4f63157f928f13d /ssl/statem | |
parent | 92f02b3b0f21350e7c92a16ca9b594ad7682c717 (diff) | |
download | src-970a464089066970886f0bce6d1c9dcfbcb2e8ea.tar.gz src-970a464089066970886f0bce6d1c9dcfbcb2e8ea.zip |
Import OpenSSL 1.1.1i.vendor/openssl/1.1.1i
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=368456
svn path=/vendor-crypto/openssl/1.1.1i/; revision=368457; tag=vendor/openssl/1.1.1i
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_clnt.c | 16 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
2 files changed, 10 insertions, 8 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 64e392cfbfc7..3420ce65c7c7 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2145,17 +2145,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) } bnpub_key = NULL; - if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, - SSL_R_DH_KEY_TOO_SMALL); - goto err; - } - if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB); goto err; } + dh = NULL; + + if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp), + 0, peer_tmp)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_DH_KEY_TOO_SMALL); + goto err; + } s->s3->peer_tmp = peer_tmp; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 14cb27e6db01..cf45a40ce4e3 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2577,7 +2577,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); if (s->s3->tmp.pkey == NULL) { - /* SSLfatal() already called */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR); goto err; } |