From owner-p4-projects@FreeBSD.ORG  Sat Mar  1 19:02:33 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D8F461065672; Sat,  1 Mar 2008 19:02:32 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9835B106566C
	for <perforce@freebsd.org>; Sat,  1 Mar 2008 19:02:32 +0000 (UTC)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 8411C8FC2B
	for <perforce@freebsd.org>; Sat,  1 Mar 2008 19:02:32 +0000 (UTC)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m21J2WA1063862
	for <perforce@freebsd.org>; Sat, 1 Mar 2008 19:02:32 GMT
	(envelope-from csjp@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m21J2Wor063860
	for perforce@freebsd.org; Sat, 1 Mar 2008 19:02:32 GMT
	(envelope-from csjp@freebsd.org)
Date: Sat, 1 Mar 2008 19:02:32 GMT
Message-Id: <200803011902.m21J2Wor063860@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	csjp@freebsd.org using -f
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 136594 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Mar 2008 19:02:33 -0000

http://perforce.freebsd.org/chv.cgi?CH=136594

Change 136594 by csjp@ibm01 on 2008/03/01 19:01:37

	We dont process Diffie Hellman parameters when we are running in client
	mode.  Introduce context flags "server" and "client" and pass them
	to the crypto context initialization function.

Affected files ...

.. //depot/projects/trustedbsd/netauditd/crypto.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/netauditd/crypto.c#2 (text+ko) ====

@@ -31,6 +31,9 @@
 	BIO		*c_bioerror;
 };
 
+#define	CRTYPO_CTX_CLIENT	1
+#define	CRYPTO_CTX_SERVER	2
+
 static char	*crypto_pass;
 
 static int
@@ -46,7 +49,7 @@
 }   
 
 int
-crypto_init_context(struct crypto_context *ct)
+crypto_init_context(struct crypto_context *ct, int ctx_type)
 {
 	SSL_METHOD *meth;
 	DH *ret;
@@ -79,12 +82,15 @@
 	if ((bio = BIO_new_file("DHFILE", "r")) == NULL)
 		berr_exit("Couldn't open DH file");
 	/*
-	 * Process DH parameters
+	 * If we are initializing this crypto context for serving SSL clients,
+	 * make sure we initialize our Diffie Hellman parameters.
 	 */
-	ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-	BIO_free(bio); 
-	if(SSL_CTX_set_tmp_dh(ct->c_ctx,ret) < 0)
-		berr_exit("Couldn't set DH parameters");
+	if (ctx_type == CRYPTO_CTX_SERVER) {
+		ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+		BIO_free(bio); 
+		if (SSL_CTX_set_tmp_dh(ct->c_ctx, ret) < 0)
+			berr_exit("Couldn't set DH parameters");
+	}
 	return (0);
 }