Implement a replacement for SSL_set_tmp_dh()

The old function took a DH as a parameter. In the new version we pass an EVP_PKEY instead. Similarly for the SSL_CTX version of this function. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
author: Matt Caswell <matt@openssl.org> 2020-10-15 16:45:54 +0100
committer: Matt Caswell <matt@openssl.org> 2020-11-18 14:14:52 +0000
commit: 163f6dc1f70f30de46a68137c36e70cae4d95cd8 (patch)
tree: c7f1c37b230a8f226b716b65736c2b1cb236cfd4 /ssl/ssl_lib.c
parent: 9912be1b33bf2a65672d70ad75e07e0d63d33df3 (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index bd7b838250..8f6771da3d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -5955,3 +5955,29 @@ void ssl_evp_md_free(const EVP_MD *md)
         EVP_MD_free((EVP_MD *)md);
     }
 }
+
+int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey)
+{
+    if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                      EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) {
+        SSLerr(0, SSL_R_DH_KEY_TOO_SMALL);
+        EVP_PKEY_free(dhpkey);
+        return 0;
+    }
+    EVP_PKEY_free(s->cert->dh_tmp);
+    s->cert->dh_tmp = dhpkey;
+    return 1;
+}
+
+int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey)
+{
+    if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
+                          EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) {
+        SSLerr(0, SSL_R_DH_KEY_TOO_SMALL);
+        EVP_PKEY_free(dhpkey);
+        return 0;
+    }
+    EVP_PKEY_free(ctx->cert->dh_tmp);
+    ctx->cert->dh_tmp = dhpkey;
+    return 1;
+}
author	Matt Caswell <matt@openssl.org>	2020-10-15 16:45:54 +0100
committer	Matt Caswell <matt@openssl.org>	2020-11-18 14:14:52 +0000
commit	163f6dc1f70f30de46a68137c36e70cae4d95cd8 (patch)
tree	c7f1c37b230a8f226b716b65736c2b1cb236cfd4 /ssl/ssl_lib.c
parent	9912be1b33bf2a65672d70ad75e07e0d63d33df3 (diff)