From: jsing <jsing@openbsd.org>
Date: Fri, 7 Jan 2022 16:45:06 +0000 (+0000)
Subject: Rename dh_tmp to dhe_params.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c0b85757f9e86cad92f828b911ea147c1b80283f;p=openbsd

Rename dh_tmp to dhe_params.

Support for non-ephemeral DH was removed a long time ago - as such, the
dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect
reality.

ok inoguchi@ tb@
---

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 899432e947d..1ede113cbb2 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.222 2022/01/07 15:46:30 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.223 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1708,20 +1708,20 @@ _SSL_total_renegotiations(SSL *s)
 static int
 _SSL_set_tmp_dh(SSL *s, DH *dh)
 {
-	DH *dh_tmp;
+	DH *dhe_params;
 
 	if (dh == NULL) {
 		SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
 	}
 
-	if ((dh_tmp = DHparams_dup(dh)) == NULL) {
+	if ((dhe_params = DHparams_dup(dh)) == NULL) {
 		SSLerror(s, ERR_R_DH_LIB);
 		return 0;
 	}
 
-	DH_free(s->cert->dh_tmp);
-	s->cert->dh_tmp = dh_tmp;
+	DH_free(s->cert->dhe_params);
+	s->cert->dhe_params = dhe_params;
 
 	return 1;
 }
@@ -1729,7 +1729,7 @@ _SSL_set_tmp_dh(SSL *s, DH *dh)
 static int
 _SSL_set_dh_auto(SSL *s, int state)
 {
-	s->cert->dh_tmp_auto = state;
+	s->cert->dhe_params_auto = state;
 	return 1;
 }
 
@@ -2122,7 +2122,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 		return 0;
 
 	case SSL_CTRL_SET_TMP_DH_CB:
-		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+		s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp;
 		return 1;
 
 	case SSL_CTRL_SET_TMP_ECDH_CB:
@@ -2140,15 +2140,20 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
 static int
 _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
 {
-	DH *dh_tmp;
+	DH *dhe_params;
 
-	if ((dh_tmp = DHparams_dup(dh)) == NULL) {
+	if (dh == NULL) {
+		SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+	}
+
+	if ((dhe_params = DHparams_dup(dh)) == NULL) {
 		SSLerrorx(ERR_R_DH_LIB);
 		return 0;
 	}
 
-	DH_free(ctx->internal->cert->dh_tmp);
-	ctx->internal->cert->dh_tmp = dh_tmp;
+	DH_free(ctx->internal->cert->dhe_params);
+	ctx->internal->cert->dhe_params = dhe_params;
 
 	return 1;
 }
@@ -2156,7 +2161,7 @@ _SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
 static int
 _SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
 {
-	ctx->internal->cert->dh_tmp_auto = state;
+	ctx->internal->cert->dhe_params_auto = state;
 	return 1;
 }
 
@@ -2443,7 +2448,7 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
 		return 0;
 
 	case SSL_CTRL_SET_TMP_DH_CB:
-		ctx->internal->cert->dh_tmp_cb =
+		ctx->internal->cert->dhe_params_cb =
 		    (DH *(*)(SSL *, int, int))fp;
 		return 1;
 
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index faa9886b90e..173e217c8f2 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.90 2022/01/07 15:56:33 jsing Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.91 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -195,15 +195,15 @@ ssl_cert_dup(CERT *cert)
 	ret->mask_k = cert->mask_k;
 	ret->mask_a = cert->mask_a;
 
-	if (cert->dh_tmp != NULL) {
-		ret->dh_tmp = DHparams_dup(cert->dh_tmp);
-		if (ret->dh_tmp == NULL) {
+	if (cert->dhe_params != NULL) {
+		ret->dhe_params = DHparams_dup(cert->dhe_params);
+		if (ret->dhe_params == NULL) {
 			SSLerrorx(ERR_R_DH_LIB);
 			goto err;
 		}
 	}
-	ret->dh_tmp_cb = cert->dh_tmp_cb;
-	ret->dh_tmp_auto = cert->dh_tmp_auto;
+	ret->dhe_params_cb = cert->dhe_params_cb;
+	ret->dhe_params_auto = cert->dhe_params_auto;
 
 	for (i = 0; i < SSL_PKEY_NUM; i++) {
 		if (cert->pkeys[i].x509 != NULL) {
@@ -256,7 +256,7 @@ ssl_cert_dup(CERT *cert)
 	return (ret);
 
  err:
-	DH_free(ret->dh_tmp);
+	DH_free(ret->dhe_params);
 
 	for (i = 0; i < SSL_PKEY_NUM; i++) {
 		X509_free(ret->pkeys[i].x509);
@@ -280,7 +280,7 @@ ssl_cert_free(CERT *c)
 	if (i > 0)
 		return;
 
-	DH_free(c->dh_tmp);
+	DH_free(c->dhe_params);
 
 	for (i = 0; i < SSL_PKEY_NUM; i++) {
 		X509_free(c->pkeys[i].x509);
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index a0d3d057750..4fe7fb58dce 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.280 2021/12/04 14:03:22 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.281 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2198,7 +2198,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 	mask_a = SSL_aNULL | SSL_aTLS1_3;
 	mask_k = SSL_kECDHE | SSL_kTLS1_3;
 
-	if (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto != 0)
+	if (c->dhe_params != NULL || c->dhe_params_cb != NULL ||
+	    c->dhe_params_auto != 0)
 		mask_k |= SSL_kDHE;
 
 	cpk = &(c->pkeys[SSL_PKEY_ECC]);
@@ -2324,7 +2325,7 @@ ssl_dhe_params_auto_key_bits(SSL *s)
 	CERT_PKEY *cpk;
 	int key_bits;
 
-	if (s->cert->dh_tmp_auto == 2) {
+	if (s->cert->dhe_params_auto == 2) {
 		key_bits = 1024;
 	} else if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
 		key_bits = 1024;
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index cc7b342247d..5361704d707 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.375 2022/01/07 15:46:30 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.376 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1212,9 +1212,9 @@ typedef struct cert_st {
 	unsigned long mask_k;
 	unsigned long mask_a;
 
-	DH *dh_tmp;
-	DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
-	int dh_tmp_auto;
+	DH *dhe_params;
+	DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize);
+	int dhe_params_auto;
 
 	CERT_PKEY pkeys[SSL_PKEY_NUM];
 
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index b66a2c108dd..9fad66b91a5 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.131 2022/01/07 15:46:30 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.132 2022/01/07 16:45:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1315,7 +1315,7 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
 	if ((S3I(s)->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
 		goto err;
 
-	if (s->cert->dh_tmp_auto != 0) {
+	if (s->cert->dhe_params_auto != 0) {
 		size_t key_bits;
 
 		if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) {
@@ -1327,10 +1327,10 @@ ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
 		tls_key_share_set_key_bits(S3I(s)->hs.key_share,
 		    key_bits);
 	} else {
-		DH *dh_params = s->cert->dh_tmp;
+		DH *dh_params = s->cert->dhe_params;
 
-		if (dh_params == NULL && s->cert->dh_tmp_cb != NULL)
-			dh_params = s->cert->dh_tmp_cb(s, 0,
+		if (dh_params == NULL && s->cert->dhe_params_cb != NULL)
+			dh_params = s->cert->dhe_params_cb(s, 0,
 			    SSL_C_PKEYLENGTH(S3I(s)->hs.cipher));
 
 		if (dh_params == NULL) {