[openssl] master update
Matt Caswell
matt at openssl.org
Wed Nov 25 10:25:16 UTC 2020
The branch master has been updated
via 6955e3f7e0574a1f4bf373ba7e8940591b0138ed (commit)
via 6db0d58d815b84b44610471b71de1f259d00c166 (commit)
via 01c6551ce63005d65aa03edaa4c57d04438cc0d0 (commit)
from 1950e0e3e796a066a0de95330f67d2da9d2c93e5 (commit)
- Log -----------------------------------------------------------------
commit 6955e3f7e0574a1f4bf373ba7e8940591b0138ed
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 10 17:04:02 2020 +0000
Re-enable testing of ciphersuites
Commit be9d82bb3 inadvertently disabled ciphersuite testing. This masked
some issues. Therefore we fix this testing.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13378)
commit 6db0d58d815b84b44610471b71de1f259d00c166
Author: Matt Caswell <matt at openssl.org>
Date: Wed Nov 11 11:07:12 2020 +0000
Fix RC4-MD5 based ciphersuites
The RC4-MD5 ciphersuites were not removing the length of the MAC when
calculating the length of decrypted TLS data. Since RC4 is a streamed
cipher that doesn't use padding we separate out the concepts of fixed
length TLS data to be removed, and TLS padding.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13378)
commit 01c6551ce63005d65aa03edaa4c57d04438cc0d0
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 10 16:01:11 2020 +0000
Ensure Stream ciphers know how to remove a TLS MAC
We previously updated the block ciphers to know how to remove a TLS
MAC when using Encrypt-then-MAC. We also need to do the same for stream
ciphers.
Fixes #13363
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13378)
-----------------------------------------------------------------------
Summary of changes:
.../ciphers/cipher_aes_cbc_hmac_sha.c | 4 +-
.../ciphers/cipher_aes_cbc_hmac_sha1_hw.c | 3 +-
.../ciphers/cipher_aes_cbc_hmac_sha256_hw.c | 3 +-
.../ciphers/cipher_rc4_hmac_md5_hw.c | 1 +
providers/implementations/ciphers/ciphercommon.c | 39 ++++++---
.../implementations/include/prov/ciphercommon.h | 5 +-
test/recipes/80-test_ssl_old.t | 81 +++++++++++--------
test/recipes/80-test_ssl_old_data/dsa2048.pem | 14 ++++
test/ssltest_old.c | 92 +++++++++++-----------
9 files changed, 147 insertions(+), 95 deletions(-)
create mode 100644 test/recipes/80-test_ssl_old_data/dsa2048.pem
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index 1ff2a29590..c1934afac5 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -184,7 +184,7 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
}
if (ctx->base.tlsversion == SSL3_VERSION
|| ctx->base.tlsversion == TLS1_VERSION) {
- if (!ossl_assert(ctx->base.removetlspad >= AES_BLOCK_SIZE)) {
+ if (!ossl_assert(ctx->base.removetlsfixed >= AES_BLOCK_SIZE)) {
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -192,7 +192,7 @@ static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[])
* There is no explicit IV with these TLS versions, so don't attempt
* to remove it.
*/
- ctx->base.removetlspad -= AES_BLOCK_SIZE;
+ ctx->base.removetlsfixed -= AES_BLOCK_SIZE;
}
}
return ret;
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index f8db563d18..5be237b485 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -60,7 +60,8 @@ static int aesni_cbc_hmac_sha1_init_key(PROV_CIPHER_CTX *vctx,
ctx->payload_length = NO_PAYLOAD_LENGTH;
- vctx->removetlspad = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
+ vctx->removetlspad = 1;
+ vctx->removetlsfixed = SHA_DIGEST_LENGTH + AES_BLOCK_SIZE;
return ret < 0 ? 0 : 1;
}
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index 8587c414cd..03d06f8870 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -62,7 +62,8 @@ static int aesni_cbc_hmac_sha256_init_key(PROV_CIPHER_CTX *vctx,
ctx->payload_length = NO_PAYLOAD_LENGTH;
- vctx->removetlspad = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
+ vctx->removetlspad = 1;
+ vctx->removetlsfixed = SHA256_DIGEST_LENGTH + AES_BLOCK_SIZE;
return ret < 0 ? 0 : 1;
}
diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
index 73233a2de7..8cce02b1c5 100644
--- a/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
+++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c
@@ -42,6 +42,7 @@ static int cipher_hw_rc4_hmac_md5_initkey(PROV_CIPHER_CTX *bctx,
ctx->tail = ctx->head;
ctx->md = ctx->head;
ctx->payload_length = NO_PAYLOAD_LENGTH;
+ bctx->removetlsfixed = MD5_DIGEST_LENGTH;
return 1;
}
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 8d45d7a7d7..0941210f20 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -429,16 +429,37 @@ int ossl_cipher_generic_stream_update(void *vctx, unsigned char *out,
}
*outl = inl;
- /*
- * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
- * cipher_aes_cbc_hmac_sha256_hw.c
- */
- if (!ctx->enc && ctx->removetlspad > 0) {
- /* The actual padding length */
- *outl -= out[inl - 1] + 1;
+ if (!ctx->enc) {
+ /*
+ * Remove any TLS padding. Only used by cipher_aes_cbc_hmac_sha1_hw.c and
+ * cipher_aes_cbc_hmac_sha256_hw.c
+ */
+ if (ctx->removetlspad) {
+ /*
+ * We should have already failed in the cipher() call above if this
+ * isn't true.
+ */
+ if (!ossl_assert(*outl >= (size_t)(out[inl - 1] + 1)))
+ return 0;
+ /* The actual padding length */
+ *outl -= out[inl - 1] + 1;
+ }
- /* MAC and explicit IV */
- *outl -= ctx->removetlspad;
+ /* TLS MAC and explicit IV if relevant. We should have already failed
+ * in the cipher() call above if *outl is too short.
+ */
+ if (!ossl_assert(*outl >= ctx->removetlsfixed))
+ return 0;
+ *outl -= ctx->removetlsfixed;
+
+ /* Extract the MAC if there is one */
+ if (ctx->tlsmacsize > 0) {
+ if (*outl < ctx->tlsmacsize)
+ return 0;
+
+ ctx->tlsmac = out + *outl - ctx->tlsmacsize;
+ *outl -= ctx->tlsmacsize;
+ }
}
return 1;
diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h
index c034528448..a6071c28b7 100644
--- a/providers/implementations/include/prov/ciphercommon.h
+++ b/providers/implementations/include/prov/ciphercommon.h
@@ -61,9 +61,10 @@ struct prov_cipher_ctx_st {
* points into the user buffer.
*/
size_t tlsmacsize; /* Size of the TLS MAC */
- size_t removetlspad; /*
+ int removetlspad; /* Whether TLS padding should be removed or not */
+ size_t removetlsfixed; /*
* Length of the fixed size data to remove when
- * removing TLS padding (equals mac size plus
+ * processing TLS data (equals mac size plus
* IV size if applicable)
*/
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index a4d84c9b5c..26df2bdb3a 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -13,7 +13,7 @@ use warnings;
use POSIX;
use File::Basename;
use File::Copy;
-use OpenSSL::Test qw/:DEFAULT with bldtop_file bldtop_dir srctop_file srctop_dir cmdstr/;
+use OpenSSL::Test qw/:DEFAULT with bldtop_file bldtop_dir srctop_file srctop_dir cmdstr data_file/;
use OpenSSL::Test::Utils;
BEGIN {
@@ -104,7 +104,7 @@ subtest 'test_ss' => sub {
};
note('test_ssl -- key U');
-testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default.cnf"));
+testssl("keyU.ss", $Ucert, $CAcert, "default", srctop_file("test","default-and-legacy.cnf"));
unless ($no_fips) {
testssl("keyU.ss", $Ucert, $CAcert, "fips",
srctop_file("test","fips-and-base.cnf"));
@@ -114,8 +114,8 @@ unless ($no_fips) {
# subtest functions
sub testss {
my @req_dsa = ("-newkey",
- "dsa:".srctop_file("apps", "dsa1024.pem"));
- my $dsaparams = srctop_file("apps", "dsa1024.pem");
+ "dsa:".data_file("dsa2048.pem"));
+ my $dsaparams = data_file("dsa2048.pem");
my @req_new;
if ($no_rsa) {
@req_new = @req_dsa;
@@ -327,12 +327,18 @@ sub testss {
sub testssl {
my ($key, $cert, $CAtmp, $provider, $configfile) = @_;
my @CA = $CAtmp ? ("-CAfile", $CAtmp) : ("-CApath", bldtop_dir("certs"));
+ my @providerflags = ("-provider", $provider);
+
+ if ($provider eq "default") {
+ push @providerflags, "-provider", "legacy";
+ }
my @ssltest = ("ssltest_old",
- "-s_key", $key, "-s_cert", $cert,
- "-c_key", $key, "-c_cert", $cert,
- "-provider", $provider,
- "-config", $configfile);
+ "-s_key", $key, "-s_cert", $cert,
+ "-c_key", $key, "-c_cert", $cert,
+ "-config", $configfile,
+ @providerflags);
+
my $serverinfo = srctop_file("test","serverinfo.pem");
@@ -415,7 +421,7 @@ sub testssl {
subtest "Testing ciphersuites" => sub {
my @exkeys = ();
- my $ciphers = "-PSK:-SRP";
+ my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
if (!$no_dsa) {
push @exkeys, "-s_cert", "certD.ss", "-s_key", "keyD.ss";
@@ -425,28 +431,33 @@ sub testssl {
push @exkeys, "-s_cert", "certE.ss", "-s_key", "keyE.ss";
}
- my @protocols = ();
- # We only use the flags that ssltest_old understands
- push @protocols, "-tls1_3" unless $no_tls1_3;
- push @protocols, "-tls1_2" unless $no_tls1_2;
- push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips";
- push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips";
- my $protocolciphersuitecount = 0;
- my %ciphersuites = ();
- my %ciphersstatus = ();
- foreach my $protocol (@protocols) {
- my $ciphersstatus = undef;
- my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol,
- "ALL:$ciphers"]),
- capture => 1, statusvar => \$ciphersstatus);
- @ciphers = grep {!/CAMELLIA|ARIA|CHACHA/} @ciphers;
- $ciphersstatus{$protocol} = $ciphersstatus;
- if ($ciphersstatus) {
- $ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) }
- @ciphers ];
- $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
- }
- }
+ my @protocols = ();
+ # We only use the flags that ssltest_old understands
+ push @protocols, "-tls1_3" unless $no_tls1_3;
+ push @protocols, "-tls1_2" unless $no_tls1_2;
+ push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips";
+ push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips";
+ my $protocolciphersuitecount = 0;
+ my %ciphersuites = ();
+ my %ciphersstatus = ();
+ #There's no "-config" option to the ciphers command so we set the
+ #environment variable instead
+ my $opensslconf = $ENV{OPENSSL_CONF};
+ $ENV{OPENSSL_CONF} = $configfile;
+ foreach my $protocol (@protocols) {
+ my $ciphersstatus = undef;
+ my @ciphers = run(app(["openssl", "ciphers", "-s", $protocol,
+ @providerflags,
+ "ALL:$ciphers"]),
+ capture => 1, statusvar => \$ciphersstatus);
+ $ciphersstatus{$protocol} = $ciphersstatus;
+ if ($ciphersstatus) {
+ $ciphersuites{$protocol} = [ map { s|\R||; split(/:/, $_) }
+ @ciphers ];
+ $protocolciphersuitecount += scalar @{$ciphersuites{$protocol}};
+ }
+ }
+ $ENV{OPENSSL_CONF} = $opensslconf;
plan skip_all => "None of the ciphersuites to test are available in this OpenSSL build"
if $protocolciphersuitecount + scalar(keys %ciphersuites) == 0;
@@ -477,9 +488,13 @@ sub testssl {
if ($protocol eq "-tls1_3") {
$ciphersuites = $cipher;
$cipher = "";
+ } else {
+ $cipher = $cipher.':@SECLEVEL=0';
}
- ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
- "-ciphersuites", $ciphersuites, $flag || ()])),
+ ok(run(test([@ssltest, @exkeys, "-cipher",
+ $cipher,
+ "-ciphersuites", $ciphersuites,
+ $flag || ()])),
"Testing $cipher");
}
}
diff --git a/test/recipes/80-test_ssl_old_data/dsa2048.pem b/test/recipes/80-test_ssl_old_data/dsa2048.pem
new file mode 100644
index 0000000000..fe19703445
--- /dev/null
+++ b/test/recipes/80-test_ssl_old_data/dsa2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN DSA PARAMETERS-----
+MIICKAKCAQEAgs47OPFxfQkX45kHL/B2S3nQciJ7n0KeYc0QQx/wJn5XSQN1/K7F
+Jn70pXFg4xvj6TyATGbQwwkIf8faGA4lN/RWeNfhjW8nieXa1OtQQ/8oKU+LJWyT
+mabObd6mMtD/8itrdozGxaLgSTOIqdqXY5wC28FWZP5NRmaM4IR4e3/aCcHHQIM/
+n9jAornTNnkluB/iPTVfZtsUht7coM2d00TP2rxTW0ROiq6IcCNjEj66ENL/N9eP
++Pud3xNIqBVXWw8gp7WnpZwO0fBj/IpaldfMpv68AA/61qkv3GkAVqPHmNSu/7cV
++n+cota0QoCUXKFsW5H3wPqfbrPc/nDrsQIdAO08IJyljQlKs85MWKSOW8WpG/j3
+Wf4H1Ri0SAECggEAT82XewPGwVOIK/Y0PzrAlLeYN/jicIVNqjKcZsaRKMzvO/g9
+yJa4HTLslvH6fFyGEoWMC96b+DxtRayJ09beaBNFbFdB0H4hqF7ayiImQ+ROERcG
+geFUew0x0pYuNllWkB6gctA0Z+olmLR3YI0l6qUGewFms/RA0eokgZJyLusPLlgY
+tkrd75dxZ0Wdz6uHFzIVQwroubcrA7TBDSSbS6FjPPQC+tLCM3VcCH6OG9x1hHUq
+pt9QI1//WwWrYDLc/bP0Gi4NHfPByMSnckNqPmREqXrhngeLyfjlQZnhWbrwPwwT
+pC3Y8Wfzb9cs1jXO1tswXEMh+4CDyQ6ndCf9SQ==
+-----END DSA PARAMETERS-----
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index df88385042..cd5d1b3f4d 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -92,8 +92,8 @@ struct app_verify_arg {
};
static EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
-static EVP_PKEY *get_dh1024(OSSL_LIB_CTX *libctx);
static EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx);
+static EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
static char *psk_key = NULL; /* by default PSK is not used */
#ifndef OPENSSL_NO_PSK
@@ -1487,12 +1487,13 @@ int main(int argc, char *argv[])
goto end;
}
if (!no_dhe) {
- if (dhe1024dsa) {
+ if (dhe1024dsa)
dhpkey = get_dh1024dsa(libctx);
- } else if (dhe512)
+ else if (dhe512)
dhpkey = get_dh512(libctx);
else
- dhpkey = get_dh1024(libctx);
+ dhpkey = get_dh2048(libctx);
+
if (dhpkey == NULL || !EVP_PKEY_up_ref(dhpkey)) {
EVP_PKEY_free(dhpkey);
BIO_puts(bio_err, "Error getting DH parameters\n");
@@ -2883,23 +2884,16 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
return ok;
}
-static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, unsigned char *pdata,
- size_t plen, unsigned char *gdata, size_t glen)
+static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, BIGNUM *p, BIGNUM *g)
{
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL);
OSSL_PARAM_BLD *tmpl = NULL;
OSSL_PARAM *params = NULL;
EVP_PKEY *dhpkey = NULL;
- BIGNUM *p = NULL, *g = NULL;
if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
goto err;
- p = BN_bin2bn(pdata, plen, NULL);
- g = BN_bin2bn(gdata, glen, NULL);
- if (p == NULL || g == NULL)
- goto err;
-
tmpl = OSSL_PARAM_BLD_new();
if (tmpl == NULL
|| !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
@@ -2911,13 +2905,29 @@ static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, unsigned char *pdata,
goto err;
err:
- BN_free(p);
- BN_free(g);
EVP_PKEY_CTX_free(pctx);
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free(tmpl);
return dhpkey;
}
+static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, unsigned char *pdata,
+ size_t plen, unsigned char *gdata, size_t glen)
+{
+ EVP_PKEY *dhpkey = NULL;
+ BIGNUM *p = NULL, *g = NULL;
+
+ p = BN_bin2bn(pdata, plen, NULL);
+ g = BN_bin2bn(gdata, glen, NULL);
+ if (p == NULL || g == NULL)
+ goto err;
+
+ dhpkey = get_dh_from_pg_bn(libctx, p, g);
+
+ err:
+ BN_free(p);
+ BN_free(g);
+ return dhpkey;
+}
/* These DH parameters were generated using the dhparam command line app */
static EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx)
@@ -2943,39 +2953,6 @@ static EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx)
sizeof(dh512_g));
}
-static EVP_PKEY *get_dh1024(OSSL_LIB_CTX *libctx)
-{
- static unsigned char dh1024_p[] = {
- 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
- 0x3A,
- 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
- 0xA2,
- 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
- 0xB0,
- 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
- 0xC2,
- 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
- 0x8C,
- 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
- 0xB8,
- 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
- 0x52,
- 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
- 0xC1,
- 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
- 0xB1,
- 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
- 0xAB,
- 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
- };
- static unsigned char dh1024_g[] = {
- 0x02,
- };
-
- return get_dh_from_pg(libctx, dh1024_p, sizeof(dh1024_p), dh1024_g,
- sizeof(dh1024_g));
-}
-
static EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
{
static unsigned char dh1024_p[] = {
@@ -3029,6 +3006,27 @@ static EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
sizeof(dh1024_g));
}
+static EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx)
+{
+ BIGNUM *p = NULL, *g = NULL;
+ EVP_PKEY *dhpkey = NULL;
+
+ g = BN_new();
+ if (g == NULL || !BN_set_word(g, 2))
+ goto err;
+
+ p = BN_get_rfc3526_prime_2048(NULL);
+ if (p == NULL)
+ goto err;
+
+ dhpkey = get_dh_from_pg_bn(libctx, p, g);
+
+ err:
+ BN_free(p);
+ BN_free(g);
+ return dhpkey;
+}
+
#ifndef OPENSSL_NO_PSK
/* convert the PSK key (psk_key) in ascii to binary (psk) */
static int psk_key2bn(const char *pskkey, unsigned char *psk,
More information about the openssl-commits
mailing list