diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-17 00:05:26 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-23 22:26:31 +0000 |
commit | e2b420fdd708e14a0b43a21cd2377cafb0d54c02 (patch) | |
tree | a4a054a2a373cc31fc474c98c853565c06c098cd /ssl/s3_lib.c | |
parent | 6c4e6670d7cb21401962a4c09cf073ac97485640 (diff) |
Server side EVP_PKEY DH support
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 49 |
1 files changed, 25 insertions, 24 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 30fcd393e6..848953a454 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3488,21 +3488,24 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_TMP_DH: { DH *dh = (DH *)parg; + EVP_PKEY *pkdh = NULL; if (dh == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); return (ret); } + pkdh = ssl_dh_to_pkey(dh); + if (pkdh == NULL) { + SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); + return 0; + } if (!ssl_security(s, SSL_SECOP_TMP_DH, - DH_security_bits(dh), 0, dh)) { + EVP_PKEY_security_bits(pkdh), 0, pkdh)) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL); - return (ret); + EVP_PKEY_free(pkdh); + return ret; } - if ((dh = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return (ret); - } - DH_free(s->cert->dh_tmp); - s->cert->dh_tmp = dh; + EVP_PKEY_free(s->cert->dh_tmp); + s->cert->dh_tmp = pkdh; ret = 1; } break; @@ -3851,27 +3854,25 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { - DH *new = NULL, *dh; - CERT *cert; - - cert = ctx->cert; - dh = (DH *)parg; - if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, - DH_security_bits(dh), 0, dh)) { - SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL); + DH *dh = (DH *)parg; + EVP_PKEY *pkdh = NULL; + if (dh == NULL) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if ((new = DHparams_dup(dh)) == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); + pkdh = ssl_dh_to_pkey(dh); + if (pkdh == NULL) { + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE); return 0; } - if (!DH_generate_key(new)) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB); - DH_free(new); - return 0; + if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, + EVP_PKEY_security_bits(pkdh), 0, pkdh)) { + SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL); + EVP_PKEY_free(pkdh); + return 1; } - DH_free(cert->dh_tmp); - cert->dh_tmp = new; + EVP_PKEY_free(ctx->cert->dh_tmp); + ctx->cert->dh_tmp = pkdh; return 1; } /* |