diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2013-04-26 14:49:54 +0200 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2013-04-29 12:12:33 +0200 |
commit | 4fdb8acdaef4c3cb1d855e992ada0e63fee520a6 (patch) | |
tree | 4b2a796fadb3060c6952c5521c292da209b4adfb /deps/openssl/openssl/crypto/dh/dh_key.c | |
parent | 626d7abdb43b672a6153510561afdd8856b7770f (diff) | |
download | android-node-v8-4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.tar.gz android-node-v8-4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.tar.bz2 android-node-v8-4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.zip |
deps: downgrade openssl to v1.0.0f
Several people have reported issues with IIS and Resin servers (or maybe
SSL terminators sitting in front of those servers) that are fixed by
downgrading OpenSSL. The AESNI performance improvements were nice but
stability is more important. Downgrade OpenSSL from 1.0.1e to 1.0.0f.
Fixes #5360 (and others).
Diffstat (limited to 'deps/openssl/openssl/crypto/dh/dh_key.c')
-rw-r--r-- | deps/openssl/openssl/crypto/dh/dh_key.c | 33 |
1 files changed, 2 insertions, 31 deletions
diff --git a/deps/openssl/openssl/crypto/dh/dh_key.c b/deps/openssl/openssl/crypto/dh/dh_key.c index 89a74db4e6..e7db440342 100644 --- a/deps/openssl/openssl/crypto/dh/dh_key.c +++ b/deps/openssl/openssl/crypto/dh/dh_key.c @@ -73,27 +73,11 @@ static int dh_finish(DH *dh); int DH_generate_key(DH *dh) { -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) - && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) - { - DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); - return 0; - } -#endif return dh->meth->generate_key(dh); } int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) - && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) - { - DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); - return 0; - } -#endif return dh->meth->compute_key(key, pub_key, dh); } @@ -154,21 +138,8 @@ static int generate_key(DH *dh) if (generate_new_key) { - if (dh->q) - { - do - { - if (!BN_rand_range(priv_key, dh->q)) - goto err; - } - while (BN_is_zero(priv_key) || BN_is_one(priv_key)); - } - else - { - /* secret exponent length */ - l = dh->length ? dh->length : BN_num_bits(dh->p)-1; - if (!BN_rand(priv_key, l, 0, 0)) goto err; - } + l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ + if (!BN_rand(priv_key, l, 0, 0)) goto err; } { |