[openssl] master update

Matt Caswell matt at openssl.org
Wed Nov 25 10:25:16 UTC 2020


The branch master has been updated
       via  6955e3f7e0574a1f4bf373ba7e8940591b0138ed (commit)
       via  6db0d58d815b84b44610471b71de1f259d00c166 (commit)
       via  01c6551ce63005d65aa03edaa4c57d04438cc0d0 (commit)
      from  1950e0e3e796a066a0de95330f67d2da9d2c93e5 (commit)


- Log -----------------------------------------------------------------
commit 6955e3f7e0574a1f4bf373ba7e8940591b0138ed
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Nov 10 17:04:02 2020 +0000

    Re-enable testing of ciphersuites
    
    Commit be9d82bb3 inadvertently disabled ciphersuite testing. This masked
    some issues. Therefore we fix this testing.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/13378)

commit 6db0d58d815b84b44610471b71de1f259d00c166
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 11 11:07:12 2020 +0000

    Fix RC4-MD5 based ciphersuites
    
    The RC4-MD5 ciphersuites were not removing the length of the MAC when
    calculating the length of decrypted TLS data. Since RC4 is a streamed
    cipher that doesn't use padding we separate out the concepts of fixed
    length TLS data to be removed, and TLS padding.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/13378)

commit 01c6551ce63005d65aa03edaa4c57d04438cc0d0
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Nov 10 16:01:11 2020 +0000

    Ensure Stream ciphers know how to remove a TLS MAC
    
    We previously updated the block ciphers to know how to remove a TLS
    MAC when using Encrypt-then-MAC. We also need to do the same for stream
    ciphers.
    
    Fixes #13363
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/13378)

-----------------------------------------------------------------------

Summary of changes:
 .../ciphers/cipher_aes_cbc_hmac_sha.c              |  4 +-
 .../ciphers/cipher_aes_cbc_hmac_sha1_hw.c          |  3 +-
 .../ciphers/cipher_aes_cbc_hmac_sha256_hw.c        |  3 +-
 .../ciphers/cipher_rc4_hmac_md5_hw.c               |  1 +
 providers/implementations/ciphers/ciphercommon.c   | 39 ++++++---
 .../implementations/include/prov/ciphercommon.h    |  5 +-
 test/recipes/80-test_ssl_old.t                     | 81 +++++++++++--------
 test/recipes/80-test_ssl_old_data/dsa2048.pem      | 14 ++++
 test/ssltest_old.c                                 | 92 +++++++++++-----------
 9 files changed, 147 insertions(+), 95 deletions(-)
 create mode 100644 test/recipes/80-test_ssl_old_data/dsa2048.pem

diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index 1ff2a29590..c1934afac5 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -184,7 +184,7 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         }
         if (ctx->base.tlsversion == SSL3_VERSION
                 || ctx->base.tlsversion == TLS1_VERSION) {
-            if (!ossl_assert(ctx->base.removetlspad >= AES_BLOCK_SIZE)) {
+            if (!ossl_assert(ctx->base.removetlsfixed >= AES_BLOCK_SIZE)) {
                 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
                 return 0;
             }
@@ -192,7 +192,7 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
              * There is no explicit IV with these TLS versions, so don't attempt
              * to remove it.
              */
-            ctx->base.removetlspad -= AES_BLOCK_SIZE;
+            ctx->base.removetlsfixed -= AES_BLOCK_SIZE;
         }
     }
     return ret;
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index f8db563d18..5be237b485 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -60,7 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx,
 
     ctx->payload_length = NO_PAYLOAD_LENGTH;
 
-    vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
+    vctx->removetlspad = 1;
+    vctx->removetlsfixed = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
 
     return ret < 0 ? 0 : 1;
 }
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index 8587c414cd..03d06f8870 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -62,7 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx,
 
     ctx->payload_length = NO_PAYLOAD_LENGTH;
 
-    vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
+    vctx->removetlspad = 1;
+    vctx->removetlsfixed = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
 
     return ret < 0 ? 0 : 1;
 }
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
index 73233a2de7..8cce02b1c5 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
@@ -42,6 +42,7 @@ static int cipher_hw_rc4_hmac_md5_initkey(PROV_CIPHER_CTX *bctx,
     ctx->tail = ctx->head;
     ctx->md = ctx->head;
     ctx->payload_length = NO_PAYLOAD_LENGTH;
+    bctx->removetlsfixed = MD5_DIGEST_LENGTH;
     return 1;
 }
 
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 8d45d7a7d7..0941210f20 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -429,16 +429,37 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
     }
 
     *outl = inl;
-    /*
-     * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
-     * cipher_aes_cbc_hmac_sha256_hw.c
-     */
-    if (!ctx->enc && ctx->removetlspad > 0) {
-        /* The actual padding length */
-        *outl -= out[inl - 1] + 1;
+    if (!ctx->enc) {
+        /*
+        * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
+        * cipher_aes_cbc_hmac_sha256_hw.c
+        */
+        if (ctx->removetlspad) {
+            /*
+             * We should have already failed in the cipher() call above if this
+             * isn't true.
+             */
+            if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
+                return 0;
+            /* The actual padding length */
+            *outl -= out[inl - 1] + 1;
+        }
 
-        /* MAC and explicit IV */
-        *outl -= ctx->removetlspad;
+        /* TLS MAC and explicit IV if relevant. We should have already failed
+         * in the cipher() call above if *outl is too short.
+         */
+        if (!ossl_assert(*outl >= ctx->removetlsfixed))
+            return 0;
+        *outl -= ctx->removetlsfixed;
+
+        /* Extract the MAC if there is one */
+        if (ctx->tlsmacsize > 0) {
+            if (*outl < ctx->tlsmacsize)
+                return 0;
+
+            ctx->tlsmac = out + *outl - ctx->tlsmacsize;
+            *outl -= ctx->tlsmacsize;
+        }
     }
 
     return 1;
diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h
index c034528448..a6071c28b7 100644
--- a/providers/implementations/include/prov/ciphercommon.h
+++ b/providers/implementations/include/prov/ciphercommon.h
@@ -61,9 +61,10 @@ struct prov_cipher_ctx_st {
                               * points into the user buffer.
                               */
     size_t tlsmacsize;       /* Size of the TLS MAC */
-    size_t removetlspad;     /*
+    int removetlspad;        /* Whether TLS padding should be removed or not */
+    size_t removetlsfixed;   /*
                               * Length of the fixed size data to remove when
-                              * removing TLS padding (equals mac size plus
+                              * processing TLS data (equals mac size plus
                               * IV size if applicable)
                               */
 
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index a4d84c9b5c..26df2bdb3a 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -13,7 +13,7 @@ use warnings;
 use POSIX;
 use File::Basename;
 use File::Copy;
-use OpenSSL::Test qw/:DEFAULT with bldtop_file bldtop_dir srctop_file srctop_dir cmdstr/;
+use OpenSSL::Test qw/:DEFAULT with bldtop_file bldtop_dir srctop_file srctop_dir cmdstr data_file/;
 use OpenSSL::Test::Utils;
 
 BEGIN {
@@ -104,7 +104,7 @@ subtest 'test_ss' => sub {
 };
 
 note('test_ssl -- key U');
-testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default.cnf"));
+testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default-and-legacy.cnf"));
 unless ($no_fips) {
     testssl("keyU.ss", $Ucert, $CAcert, "fips",
             srctop_file("test","fips-and-base.cnf"));
@@ -114,8 +114,8 @@ unless ($no_fips) {
 # subtest functions
 sub testss {
     my @req_dsa = ("-newkey",
-                   "dsa:".srctop_file("apps", "dsa1024.pem"));
-    my $dsaparams = srctop_file("apps", "dsa1024.pem");
+                   "dsa:".data_file("dsa2048.pem"));
+    my $dsaparams = data_file("dsa2048.pem");
     my @req_new;
     if ($no_rsa) {
 	@req_new = @req_dsa;
@@ -327,12 +327,18 @@ sub testss {
 sub testssl {
     my ($key, $cert, $CAtmp, $provider, $configfile) = @_;
     my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
+    my @providerflags = ("-provider", $provider);
+
+    if ($provider eq "default") {
+        push @providerflags, "-provider", "legacy";
+    }
 
     my @ssltest = ("ssltest_old",
-		   "-s_key", $key, "-s_cert", $cert,
-		   "-c_key", $key, "-c_cert", $cert,
-		   "-provider", $provider,
-		   "-config", $configfile);
+                   "-s_key", $key, "-s_cert", $cert,
+                   "-c_key", $key, "-c_cert", $cert,
+                   "-config", $configfile,
+                   @providerflags);
+
 
     my $serverinfo = srctop_file("test","serverinfo.pem");
 
@@ -415,7 +421,7 @@ sub testssl {
     subtest "Testing ciphersuites" => sub {
 
         my @exkeys = ();
-        my $ciphers = "-PSK:-SRP";
+        my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
 
         if (!$no_dsa) {
             push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
@@ -425,28 +431,33 @@ sub testssl {
             push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss";
         }
 
-	my @protocols = ();
-	# We only use the flags that ssltest_old understands
-	push @protocols, "-tls1_3" unless $no_tls1_3;
-	push @protocols, "-tls1_2" unless $no_tls1_2;
-	push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips";
-	push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips";
-	my $protocolciphersuitecount = 0;
-	my %ciphersuites = ();
-	my %ciphersstatus = ();
-	foreach my $protocol (@protocols) {
-	    my $ciphersstatus = undef;
-	    my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol,
-				   "ALL:$ciphers"]),
-			      capture => 1, statusvar => \$ciphersstatus);
-	    @ciphers = grep {!/CAMELLIA|ARIA|CHACHA/} @ciphers;
-	    $ciphersstatus{$protocol} = $ciphersstatus;
-	    if ($ciphersstatus) {
-		$ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) }
-					     @ciphers ];
-		$protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
-	    }
-	}
+        my @protocols = ();
+        # We only use the flags that ssltest_old understands
+        push @protocols, "-tls1_3" unless $no_tls1_3;
+        push @protocols, "-tls1_2" unless $no_tls1_2;
+        push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips";
+        push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips";
+        my $protocolciphersuitecount = 0;
+        my %ciphersuites = ();
+        my %ciphersstatus = ();
+        #There's no "-config" option to the ciphers command so we set the
+        #environment variable instead
+        my $opensslconf = $ENV{OPENSSL_CONF};
+        $ENV{OPENSSL_CONF} = $configfile;
+        foreach my $protocol (@protocols) {
+            my $ciphersstatus = undef;
+            my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol,
+                                   @providerflags,
+                                   "ALL:$ciphers"]),
+                                   capture => 1, statusvar => \$ciphersstatus);
+            $ciphersstatus{$protocol} = $ciphersstatus;
+            if ($ciphersstatus) {
+                $ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) }
+                                    @ciphers ];
+                $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
+            }
+        }
+        $ENV{OPENSSL_CONF} = $opensslconf;
 
         plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build"
             if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0;
@@ -477,9 +488,13 @@ sub testssl {
                     if ($protocol eq "-tls1_3") {
                         $ciphersuites = $cipher;
                         $cipher = "";
+                    } else {
+                        $cipher = $cipher.':@SECLEVEL=0';
                     }
-                    ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
-                                 "-ciphersuites", $ciphersuites, $flag || ()])),
+                    ok(run(test([@ssltest, @exkeys, "-cipher",
+                                 $cipher,
+                                 "-ciphersuites", $ciphersuites,
+                                 $flag || ()])),
                        "Testing $cipher");
                 }
             }
diff --git a/test/recipes/80-test_ssl_old_data/dsa2048.pem b/test/recipes/80-test_ssl_old_data/dsa2048.pem
new file mode 100644
index 0000000000..fe19703445
--- /dev/null
+++ b/test/recipes/80-test_ssl_old_data/dsa2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN DSA PARAMETERS-----
+MIICKAKCAQEAgs47OPFxfQkX45kHL/B2S3nQciJ7n0KeYc0QQx/wJn5XSQN1/K7F
+Jn70pXFg4xvj6TyATGbQwwkIf8faGA4lN/RWeNfhjW8nieXa1OtQQ/8oKU+LJWyT
+mabObd6mMtD/8itrdozGxaLgSTOIqdqXY5wC28FWZP5NRmaM4IR4e3/aCcHHQIM/
+n9jAornTNnkluB/iPTVfZtsUht7coM2d00TP2rxTW0ROiq6IcCNjEj66ENL/N9eP
++Pud3xNIqBVXWw8gp7WnpZwO0fBj/IpaldfMpv68AA/61qkv3GkAVqPHmNSu/7cV
++n+cota0QoCUXKFsW5H3wPqfbrPc/nDrsQIdAO08IJyljQlKs85MWKSOW8WpG/j3
+Wf4H1Ri0SAECggEAT82XewPGwVOIK/Y0PzrAlLeYN/jicIVNqjKcZsaRKMzvO/g9
+yJa4HTLslvH6fFyGEoWMC96b+DxtRayJ09beaBNFbFdB0H4hqF7ayiImQ+ROERcG
+geFUew0x0pYuNllWkB6gctA0Z+olmLR3YI0l6qUGewFms/RA0eokgZJyLusPLlgY
+tkrd75dxZ0Wdz6uHFzIVQwroubcrA7TBDSSbS6FjPPQC+tLCM3VcCH6OG9x1hHUq
+pt9QI1//WwWrYDLc/bP0Gi4NHfPByMSnckNqPmREqXrhngeLyfjlQZnhWbrwPwwT
+pC3Y8Wfzb9cs1jXO1tswXEMh+4CDyQ6ndCf9SQ==
+-----END DSA PARAMETERS-----
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index df88385042..cd5d1b3f4d 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -92,8 +92,8 @@ struct app_verify_arg {
 };
 
 static EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
-static EVP_PKEY *get_dh1024(OSSL_LIB_CTX *libctx);
 static EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx);
+static EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
 
 static char *psk_key = NULL;    /* by default PSK is not used */
 #ifndef OPENSSL_NO_PSK
@@ -1487,12 +1487,13 @@ int main(int argc, char *argv[])
         goto end;
     }
     if (!no_dhe) {
-        if (dhe1024dsa) {
+        if (dhe1024dsa)
             dhpkey = get_dh1024dsa(libctx);
-        } else if (dhe512)
+        else if (dhe512)
             dhpkey = get_dh512(libctx);
         else
-            dhpkey = get_dh1024(libctx);
+            dhpkey = get_dh2048(libctx);
+
         if (dhpkey == NULL || !EVP_PKEY_up_ref(dhpkey)) {
             EVP_PKEY_free(dhpkey);
             BIO_puts(bio_err, "Error getting DH parameters\n");
@@ -2883,23 +2884,16 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
     return ok;
 }
 
-static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, unsigned char *pdata,
-                                size_t plen, unsigned char *gdata, size_t glen)
+static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, BIGNUM *p, BIGNUM *g)
 {
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL);
     OSSL_PARAM_BLD *tmpl = NULL;
     OSSL_PARAM *params = NULL;
     EVP_PKEY *dhpkey = NULL;
-    BIGNUM *p = NULL, *g = NULL;
 
     if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
         goto err;
 
-    p = BN_bin2bn(pdata, plen, NULL);
-    g = BN_bin2bn(gdata, glen, NULL);
-    if (p == NULL || g == NULL)
-        goto err;
-
     tmpl = OSSL_PARAM_BLD_new();
     if (tmpl == NULL
             || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
@@ -2911,13 +2905,29 @@ static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, unsigned char *pdata,
         goto err;
 
  err:
-    BN_free(p);
-    BN_free(g);
     EVP_PKEY_CTX_free(pctx);
     OSSL_PARAM_BLD_free_params(params);
     OSSL_PARAM_BLD_free(tmpl);
     return dhpkey;
 }
+static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, unsigned char *pdata,
+                                size_t plen, unsigned char *gdata, size_t glen)
+{
+    EVP_PKEY *dhpkey = NULL;
+    BIGNUM *p = NULL, *g = NULL;
+
+    p = BN_bin2bn(pdata, plen, NULL);
+    g = BN_bin2bn(gdata, glen, NULL);
+    if (p == NULL || g == NULL)
+        goto err;
+
+    dhpkey = get_dh_from_pg_bn(libctx, p, g);
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    return dhpkey;
+}
 
 /* These DH parameters were generated using the dhparam command line app */
 static EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx)
@@ -2943,39 +2953,6 @@ static EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx)
                           sizeof(dh512_g));
 }
 
-static EVP_PKEY *get_dh1024(OSSL_LIB_CTX *libctx)
-{
-    static unsigned char dh1024_p[] = {
-        0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
-        0x3A,
-        0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
-        0xA2,
-        0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
-        0xB0,
-        0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
-        0xC2,
-        0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
-        0x8C,
-        0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
-        0xB8,
-        0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
-        0x52,
-        0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
-        0xC1,
-        0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
-        0xB1,
-        0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
-        0xAB,
-        0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
-    };
-    static unsigned char dh1024_g[] = {
-        0x02,
-    };
-
-    return get_dh_from_pg(libctx, dh1024_p, sizeof(dh1024_p), dh1024_g,
-                          sizeof(dh1024_g));
-}
-
 static EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
 {
     static unsigned char dh1024_p[] = {
@@ -3029,6 +3006,27 @@ static EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
                           sizeof(dh1024_g));
 }
 
+static EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx)
+{
+    BIGNUM *p = NULL, *g = NULL;
+    EVP_PKEY *dhpkey = NULL;
+
+    g = BN_new();
+    if (g == NULL || !BN_set_word(g, 2))
+        goto err;
+
+    p = BN_get_rfc3526_prime_2048(NULL);
+    if (p == NULL)
+        goto err;
+
+    dhpkey = get_dh_from_pg_bn(libctx, p, g);
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    return dhpkey;
+}
+
 #ifndef OPENSSL_NO_PSK
 /* convert the PSK key (psk_key) in ascii to binary (psk) */
 static int psk_key2bn(const char *pskkey, unsigned char *psk,


More information about the openssl-commits mailing list