Rename dh_tmp to dhe_params.

Support for non-ephemeral DH was removed a long time ago - as such, the
dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect
reality.

ok inoguchi@ tb@

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 899432e..1ede113 100644 (file)
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.222 2022/01/07 15:46:30 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.223 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1708,20 +1708,20 @@ _SSL_total_renegotiations(SSL *s)
 static int
 _SSL_set_tmp_dh(SSL *s, DH *dh)
 {
-       DH *dh_tmp;
+       DH *dhe_params;
 
        if (dh == NULL) {
                SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
                return 0;
        }
 
-       if ((dh_tmp = DHparams_dup(dh)) == NULL) {
+       if ((dhe_params = DHparams_dup(dh)) == NULL) {
                SSLerror(s, ERR_R_DH_LIB);
                return 0;
        }
 
-       DH_free(s->cert->dh_tmp);
-       s->cert->dh_tmp = dh_tmp;
+       DH_free(s->cert->dhe_params);
+       s->cert->dhe_params = dhe_params;
 
        return 1;
 }
@@ -1729,7 +1729,7 @@ _SSL_set_tmp_dh(SSL *s, DH *dh)
 static int
 _SSL_set_dh_auto(SSL *s, int state)
 {
-       s->cert->dh_tmp_auto = state;
+       s->cert->dhe_params_auto = state;
        return 1;
 }
 
@@ -2122,7 +2122,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
                return 0;
 
        case SSL_CTRL_SET_TMP_DH_CB:
-               s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+               s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp;
                return 1;
 
        case SSL_CTRL_SET_TMP_ECDH_CB:
@@ -2140,15 +2140,20 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 static int
 _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
 {
-       DH *dh_tmp;
+       DH *dhe_params;
 
-       if ((dh_tmp = DHparams_dup(dh)) == NULL) {
+       if (dh == NULL) {
+               SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+       }
+
+       if ((dhe_params = DHparams_dup(dh)) == NULL) {
                SSLerrorx(ERR_R_DH_LIB);
                return 0;
        }
 
-       DH_free(ctx->internal->cert->dh_tmp);
-       ctx->internal->cert->dh_tmp = dh_tmp;
+       DH_free(ctx->internal->cert->dhe_params);
+       ctx->internal->cert->dhe_params = dhe_params;
 
        return 1;
 }
@@ -2156,7 +2161,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
 static int
 _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
 {
-       ctx->internal->cert->dh_tmp_auto = state;
+       ctx->internal->cert->dhe_params_auto = state;
        return 1;
 }
 
@@ -2443,7 +2448,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                return 0;
 
        case SSL_CTRL_SET_TMP_DH_CB:
-               ctx->internal->cert->dh_tmp_cb =
+               ctx->internal->cert->dhe_params_cb =
                    (DH *(*)(SSL *, int, int))fp;
                return 1;
 

diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index faa9886..173e217 100644 (file)
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.90 2022/01/07 15:56:33 jsing Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.91 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -195,15 +195,15 @@ ssl_cert_dup(CERT *cert)
        ret->mask_k = cert->mask_k;
        ret->mask_a = cert->mask_a;
 
-       if (cert->dh_tmp != NULL) {
-               ret->dh_tmp = DHparams_dup(cert->dh_tmp);
-               if (ret->dh_tmp == NULL) {
+       if (cert->dhe_params != NULL) {
+               ret->dhe_params = DHparams_dup(cert->dhe_params);
+               if (ret->dhe_params == NULL) {
                        SSLerrorx(ERR_R_DH_LIB);
                        goto err;
                }
        }
-       ret->dh_tmp_cb = cert->dh_tmp_cb;
-       ret->dh_tmp_auto = cert->dh_tmp_auto;
+       ret->dhe_params_cb = cert->dhe_params_cb;
+       ret->dhe_params_auto = cert->dhe_params_auto;
 
        for (i = 0; i < SSL_PKEY_NUM; i++) {
                if (cert->pkeys[i].x509 != NULL) {
@@ -256,7 +256,7 @@ ssl_cert_dup(CERT *cert)
        return (ret);
 
  err:
-       DH_free(ret->dh_tmp);
+       DH_free(ret->dhe_params);
 
        for (i = 0; i < SSL_PKEY_NUM; i++) {
                X509_free(ret->pkeys[i].x509);
@@ -280,7 +280,7 @@ ssl_cert_free(CERT *c)
        if (i > 0)
                return;
 
-       DH_free(c->dh_tmp);
+       DH_free(c->dhe_params);
 
        for (i = 0; i < SSL_PKEY_NUM; i++) {
                X509_free(c->pkeys[i].x509);

diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index a0d3d05..4fe7fb5 100644 (file)
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.280 2021/12/04 14:03:22 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.281 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2198,7 +2198,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
        mask_a = SSL_aNULL | SSL_aTLS1_3;
        mask_k = SSL_kECDHE | SSL_kTLS1_3;
 
-       if (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto != 0)
+       if (c->dhe_params != NULL || c->dhe_params_cb != NULL ||
+           c->dhe_params_auto != 0)
                mask_k |= SSL_kDHE;
 
        cpk = &(c->pkeys[SSL_PKEY_ECC]);
@@ -2324,7 +2325,7 @@ ssl_dhe_params_auto_key_bits(SSL *s)
        CERT_PKEY *cpk;
        int key_bits;
 
-       if (s->cert->dh_tmp_auto == 2) {
+       if (s->cert->dhe_params_auto == 2) {
                key_bits = 1024;
        } else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
                key_bits = 1024;

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index cc7b342..5361704 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.375 2022/01/07 15:46:30 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.376 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1212,9 +1212,9 @@ typedef struct cert_st {
        unsigned long mask_k;
        unsigned long mask_a;
 
-       DH *dh_tmp;
-       DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
-       int dh_tmp_auto;
+       DH *dhe_params;
+       DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize);
+       int dhe_params_auto;
 
        CERT_PKEY pkeys[SSL_PKEY_NUM];
 

diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index b66a2c1..9fad66b 100644 (file)
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.131 2022/01/07 15:46:30 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.132 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1315,7 +1315,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
        if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
                goto err;
 
-       if (s->cert->dh_tmp_auto != 0) {
+       if (s->cert->dhe_params_auto != 0) {
                size_t key_bits;
 
                if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) {
@@ -1327,10 +1327,10 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
                tls_key_share_set_key_bits(S3I(s)->hs.key_share,
                    key_bits);
        } else {
-               DH *dh_params = s->cert->dh_tmp;
+               DH *dh_params = s->cert->dhe_params;
 
-               if (dh_params == NULL && s->cert->dh_tmp_cb != NULL)
-                       dh_params = s->cert->dh_tmp_cb(s, 0,
+               if (dh_params == NULL && s->cert->dhe_params_cb != NULL)
+                       dh_params = s->cert->dhe_params_cb(s, 0,
                            SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
 
                if (dh_params == NULL) {