diff options
author | Matt Caswell <matt@openssl.org> | 2020-10-15 16:45:54 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-11-18 14:14:52 +0000 |
commit | 163f6dc1f70f30de46a68137c36e70cae4d95cd8 (patch) | |
tree | c7f1c37b230a8f226b716b65736c2b1cb236cfd4 /ssl/ssl_lib.c | |
parent | 9912be1b33bf2a65672d70ad75e07e0d63d33df3 (diff) |
Implement a replacement for SSL_set_tmp_dh()
The old function took a DH as a parameter. In the new version we pass
an EVP_PKEY instead. Similarly for the SSL_CTX version of this function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bd7b838250..8f6771da3d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5955,3 +5955,29 @@ void ssl_evp_md_free(const EVP_MD *md) EVP_MD_free((EVP_MD *)md); } } + +int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) +{ + if (!ssl_security(s, SSL_SECOP_TMP_DH, + EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) { + SSLerr(0, SSL_R_DH_KEY_TOO_SMALL); + EVP_PKEY_free(dhpkey); + return 0; + } + EVP_PKEY_free(s->cert->dh_tmp); + s->cert->dh_tmp = dhpkey; + return 1; +} + +int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey) +{ + if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, + EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) { + SSLerr(0, SSL_R_DH_KEY_TOO_SMALL); + EVP_PKEY_free(dhpkey); + return 0; + } + EVP_PKEY_free(ctx->cert->dh_tmp); + ctx->cert->dh_tmp = dhpkey; + return 1; +} |