[openssl] master update

dev at ddvo.net dev at ddvo.net
Sun Nov 29 10:33:05 UTC 2020


The branch master has been updated
       via  5658470ce7b4fabfd1fa2cdc69bee8d3a5e826f9 (commit)
      from  6568d7a93127d097122e2ce10491d06a363929e9 (commit)


- Log -----------------------------------------------------------------
commit 5658470ce7b4fabfd1fa2cdc69bee8d3a5e826f9
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri Nov 27 22:03:29 2020 +0100

    endecode_test.c: Significant speedup in generating DH and DHX keys
    
    Fixes #13495
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13552)

-----------------------------------------------------------------------

Summary of changes:
 test/build.info                                    |   4 +-
 test/endecode_test.c                               |  19 ++-
 test/predefined_dhparams.c                         | 172 +++++++++++++++++++++
 crypto/des/cbc_enc.c => test/predefined_dhparams.h |  15 +-
 test/recipes/80-test_ssl_old.t                     |  28 +++-
 test/ssltest_old.c                                 | 171 ++------------------
 6 files changed, 232 insertions(+), 177 deletions(-)
 create mode 100644 test/predefined_dhparams.c
 copy crypto/des/cbc_enc.c => test/predefined_dhparams.h (59%)

diff --git a/test/build.info b/test/build.info
index 7f9e44b591..d781b10393 100644
--- a/test/build.info
+++ b/test/build.info
@@ -700,7 +700,7 @@ IF[{- !$disabled{tests} -}]
     INCLUDE[mdc2_internal_test]=.. ../include ../apps/include
     DEPEND[mdc2_internal_test]=../libcrypto.a libtestutil.a
 
-    SOURCE[ssltest_old]=ssltest_old.c
+    SOURCE[ssltest_old]=ssltest_old.c predefined_dhparams.c
     INCLUDE[ssltest_old]=.. ../include ../apps/include
     DEPEND[ssltest_old]=../libcrypto.a ../libssl.a
   ENDIF
@@ -789,7 +789,7 @@ IF[{- !$disabled{tests} -}]
   DEPEND[hexstr_test]=../libcrypto.a libtestutil.a
 
   PROGRAMS{noinst}=endecode_test
-  SOURCE[endecode_test]=endecode_test.c
+  SOURCE[endecode_test]=endecode_test.c predefined_dhparams.c
   INCLUDE[endecode_test]=.. ../include ../apps/include
   DEPEND[endecode_test]=../libcrypto.a libtestutil.a
 
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 4a86e71b76..e01cc4ddff 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -22,6 +22,7 @@
 #include "internal/cryptlib.h"   /* ossl_assert */
 #include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
 
+#include "predefined_dhparams.h"
 #include "testutil.h"
 
 #ifndef OPENSSL_NO_EC
@@ -42,13 +43,21 @@ static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
 {
     EVP_PKEY *pkey = NULL;
-    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL);
+    EVP_PKEY_CTX *ctx = NULL;
+
+#ifndef OPENSSL_NO_DH
+    /* use DH(X) keys with predetermined parameters for efficiency */
+    if (strcmp(type, "DH") == 0)
+        return get_dh512(NULL);
+    if (strcmp(type, "X9.42 DH") == 0)
+        return get_dhx512(NULL);
+#endif
 
     /*
      * No real need to check the errors other than for the cascade
      * effect.  |pkey| will simply remain NULL if something goes wrong.
      */
-    (void)(ctx != NULL
+    (void)((ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL)) != NULL
            && EVP_PKEY_paramgen_init(ctx) > 0
            && (genparams == NULL
                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
@@ -1193,9 +1202,11 @@ int setup_tests(void)
 #ifndef OPENSSL_NO_DH
     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
+    TEST_info("Generating keys...DH done");
 #endif
 #ifndef OPENSSL_NO_DSA
     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
+    TEST_info("Generating keys...DSA done");
 #endif
 #ifndef OPENSSL_NO_EC
     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
@@ -1209,10 +1220,12 @@ int setup_tests(void)
     MAKE_KEYS(ED448, "ED448", NULL);
     MAKE_KEYS(X25519, "X25519", NULL);
     MAKE_KEYS(X448, "X448", NULL);
+    TEST_info("Generating keys...EC done");
 #endif
     MAKE_KEYS(RSA, "RSA", NULL);
+    TEST_info("Generating keys...RSA done");
     MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
-    TEST_info("Generating key... done");
+    TEST_info("Generating keys...RSA_PSS done");
 
     if (ok) {
 #ifndef OPENSSL_NO_DH
diff --git a/test/predefined_dhparams.c b/test/predefined_dhparams.c
new file mode 100644
index 0000000000..18fb096216
--- /dev/null
+++ b/test/predefined_dhparams.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
+
+#include "predefined_dhparams.h"
+
+#ifndef OPENSSL_NO_DH
+
+static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, const char *type,
+                                   BIGNUM *p, BIGNUM *g, BIGNUM *q)
+{
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(libctx, type, NULL);
+    OSSL_PARAM_BLD *tmpl = NULL;
+    OSSL_PARAM *params = NULL;
+    EVP_PKEY *dhpkey = NULL;
+
+    if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
+        goto err;
+
+    if ((tmpl = OSSL_PARAM_BLD_new()) == NULL
+            || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
+            || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g)
+            || (q != NULL
+                && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q)))
+        goto err;
+
+    params = OSSL_PARAM_BLD_to_param(tmpl);
+    if (params == NULL || !EVP_PKEY_fromdata(pctx, &dhpkey, params))
+        goto err;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_BLD_free(tmpl);
+    return dhpkey;
+}
+
+static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, const char *type,
+                                unsigned char *pdata, size_t plen,
+                                unsigned char *gdata, size_t glen,
+                                unsigned char *qdata, size_t qlen)
+{
+    EVP_PKEY *dhpkey = NULL;
+    BIGNUM *p = NULL, *g = NULL, *q = NULL;
+
+    p = BN_bin2bn(pdata, plen, NULL);
+    g = BN_bin2bn(gdata, glen, NULL);
+    if (p == NULL || g == NULL)
+        goto err;
+    if (qdata != NULL && (q = BN_bin2bn(qdata, qlen, NULL)) == NULL)
+        goto err;
+
+    dhpkey = get_dh_from_pg_bn(libctx, type, p, g, q);
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    BN_free(q);
+    return dhpkey;
+}
+
+EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx)
+{
+    static unsigned char dh512_p[] = {
+        0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, 0xC6,
+        0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04, 0xB0,
+        0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9, 0x5F,
+        0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33, 0xB8,
+        0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21, 0x33,
+        0x02, 0xC5, 0xAE, 0x23,
+    };
+    static unsigned char dh512_g[] = {
+        0x02,
+    };
+
+    return get_dh_from_pg(libctx, "DH", dh512_p, sizeof(dh512_p),
+                          dh512_g, sizeof(dh512_g), NULL, 0);
+}
+
+EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
+{
+    static unsigned char dhx512_p[] = {
+        0x00, 0xe8, 0x1a, 0xb7, 0x9a, 0x02, 0x65, 0x64, 0x94, 0x7b, 0xba, 0x09,
+        0x1c, 0x12, 0x27, 0x1e, 0xea, 0x89, 0x32, 0x64, 0x78, 0xf8, 0x1c, 0x78,
+        0x8e, 0x96, 0xc3, 0xc6, 0x9f, 0x41, 0x05, 0x41, 0x65, 0xae, 0xe3, 0x05,
+        0xea, 0x66, 0x21, 0xf7, 0x38, 0xb7, 0x2b, 0x32, 0x40, 0x5a, 0x14, 0x86,
+        0x51, 0x94, 0xb1, 0xcf, 0x01, 0xe3, 0x27, 0x28, 0xf6, 0x75, 0xa3, 0x15,
+        0xbb, 0x12, 0x4d, 0x99, 0xe7,
+    };
+    static unsigned char dhx512_g[] = {
+        0x00, 0x91, 0xc1, 0x43, 0x6d, 0x0d, 0xb0, 0xa4, 0xde, 0x41, 0xb7, 0x93,
+        0xad, 0x51, 0x94, 0x1b, 0x43, 0xd8, 0x42, 0xf1, 0x5e, 0x46, 0x83, 0x5d,
+        0xf1, 0xd1, 0xf0, 0x41, 0x10, 0xd1, 0x1c, 0x5e, 0xad, 0x9b, 0x68, 0xb1,
+        0x6f, 0xf5, 0x8e, 0xaa, 0x6d, 0x71, 0x88, 0x37, 0xdf, 0x05, 0xf7, 0x6e,
+        0x7a, 0xb4, 0x25, 0x10, 0x6c, 0x7f, 0x38, 0xb4, 0xc8, 0xfc, 0xcc, 0x0c,
+        0x6a, 0x02, 0x08, 0x61, 0xf6,
+    };
+    static unsigned char dhx512_q[] = {
+        0x00, 0xdd, 0xf6, 0x35, 0xad, 0xfa, 0x70, 0xc7, 0xe7, 0xa8, 0xf0, 0xe3,
+        0xda, 0x79, 0x34, 0x3f, 0x5b, 0xcf, 0x73, 0x82, 0x91,
+    };
+
+    return get_dh_from_pg(libctx, "X9.42 DH",
+                          dhx512_p, sizeof(dhx512_p),
+                          dhx512_g, sizeof(dhx512_g),
+                          dhx512_q, sizeof(dhx512_q));
+}
+
+EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
+{
+    static unsigned char dh1024_p[] = {
+        0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00,
+        0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19,
+        0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2,
+        0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55,
+        0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC,
+        0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97,
+        0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D,
+        0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB,
+        0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6,
+        0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E,
+        0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
+    };
+    static unsigned char dh1024_g[] = {
+        0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05,
+        0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3,
+        0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9,
+        0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C,
+        0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65,
+        0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60,
+        0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6,
+        0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7,
+        0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1,
+        0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60,
+        0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
+    };
+
+    return get_dh_from_pg(libctx, "DH", dh1024_p, sizeof(dh1024_p),
+                          dh1024_g, sizeof(dh1024_g), NULL, 0);
+}
+
+EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx)
+{
+    BIGNUM *p = NULL, *g = NULL;
+    EVP_PKEY *dhpkey = NULL;
+
+    g = BN_new();
+    if (g == NULL || !BN_set_word(g, 2))
+        goto err;
+
+    p = BN_get_rfc3526_prime_2048(NULL);
+    if (p == NULL)
+        goto err;
+
+    dhpkey = get_dh_from_pg_bn(libctx, "DH", p, g, NULL);
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    return dhpkey;
+}
+
+#endif
diff --git a/crypto/des/cbc_enc.c b/test/predefined_dhparams.h
similarity index 59%
copy from crypto/des/cbc_enc.c
copy to test/predefined_dhparams.h
index aa8ac1a5c3..29d33ce1eb 100644
--- a/crypto/des/cbc_enc.c
+++ b/test/predefined_dhparams.h
@@ -7,12 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-/*
- * DES low level APIs are deprecated for public use, but still ok for internal
- * use.
- */
-#include "internal/deprecated.h"
-
-#define CBC_ENC_C__DONT_UPDATE_IV
+#include <openssl/evp.h>
 
-#include "ncbc_enc.c"           /* des_cbc_encrypt */
+#ifndef OPENSSL_NO_DH
+EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
+EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx);
+EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
+EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
+#endif
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 26df2bdb3a..aa2428559f 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -391,8 +391,14 @@ sub testssl {
 	       'test sslv2/sslv3 w/o (EC)DHE via BIO pair');
 	  }
 
-	  ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
-	     'test sslv2/sslv3 with 1024bit DHE via BIO pair');
+	SKIP: {
+	    skip "skipping dhe1024dsa test", 1
+                if ($no_dh);
+
+            ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
+               'test sslv2/sslv3 with 1024bit DHE via BIO pair');
+          }
+
 	  ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
 	     'test sslv2/sslv3 with server authentication');
 	  ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
@@ -499,12 +505,18 @@ sub testssl {
                 }
             }
             next if $protocol eq "-tls1_3";
-            is(run(test([@ssltest,
-                         "-s_cipher", "EDH",
-                         "-c_cipher", 'EDH:@SECLEVEL=1',
-                         "-dhe512",
-                         $protocol])), 0,
-               "testing connection with weak DH, expecting failure");
+
+          SKIP: {
+              skip "skipping dhe512 test", 1
+                  if ($no_dh);
+
+              is(run(test([@ssltest,
+                           "-s_cipher", "EDH",
+                           "-c_cipher", 'EDH:@SECLEVEL=1',
+                           "-dhe512",
+                           $protocol])), 0,
+                 "testing connection with weak DH, expecting failure");
+            }
         }
     };
 
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index cd5d1b3f4d..794d878675 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -57,8 +57,6 @@
 # include <openssl/ct.h>
 #endif
 #include <openssl/provider.h>
-#include <openssl/core_names.h>
-#include <openssl/param_build.h>
 
 /*
  * Or gethostname won't be declared properly
@@ -74,6 +72,8 @@
 # include <unistd.h>
 #endif
 
+#include "predefined_dhparams.h"
+
 static SSL_CTX *s_ctx = NULL;
 static SSL_CTX *s_ctx2 = NULL;
 
@@ -91,10 +91,6 @@ struct app_verify_arg {
     int app_verify;
 };
 
-static EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
-static EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx);
-static EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
-
 static char *psk_key = NULL;    /* by default PSK is not used */
 #ifndef OPENSSL_NO_PSK
 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
@@ -632,12 +628,14 @@ static void sv_usage(void)
     fprintf(stderr, " -num <val>    - number of connections to perform\n");
     fprintf(stderr,
             " -bytes <val>  - number of bytes to swap between client/server\n");
+#ifndef OPENSSL_NO_DH
     fprintf(stderr,
             " -dhe512       - use 512 bit key for DHE (to test failure)\n");
     fprintf(stderr,
             " -dhe1024      - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
     fprintf(stderr,
             " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
+#endif
     fprintf(stderr, " -no_dhe       - disable DHE\n");
 #ifndef OPENSSL_NO_EC
     fprintf(stderr, " -no_ecdhe     - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
@@ -888,12 +886,10 @@ int main(int argc, char *argv[])
     int should_reuse = -1;
     int no_ticket = 0;
     long bytes = 256L;
+#ifndef OPENSSL_NO_DH
     EVP_PKEY *dhpkey;
     int dhe512 = 0, dhe1024dsa = 0;
-#ifndef OPENSSL_NO_DH
     int no_dhe = 0;
-#else
-    int no_dhe = 1;
 #endif
     int no_psk = 0;
     int print_time = 0;
@@ -978,12 +974,16 @@ int main(int argc, char *argv[])
             debug = 1;
         else if (strcmp(*argv, "-reuse") == 0)
             reuse = 1;
-        else if (strcmp(*argv, "-dhe512") == 0) {
+        else if (strcmp(*argv, "-no_dhe") == 0)
+#ifdef OPENSSL_NO_DH
+            /* unused in this case */;
+#else
+            no_dhe = 1;
+        else if (strcmp(*argv, "-dhe512") == 0)
             dhe512 = 1;
-        } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
+        else if (strcmp(*argv, "-dhe1024dsa") == 0)
             dhe1024dsa = 1;
-        } else if (strcmp(*argv, "-no_dhe") == 0)
-            no_dhe = 1;
+#endif
         else if (strcmp(*argv, "-no_ecdhe") == 0)
             /* obsolete */;
         else if (strcmp(*argv, "-psk") == 0) {
@@ -1486,6 +1486,7 @@ int main(int argc, char *argv[])
         ERR_print_errors(bio_err);
         goto end;
     }
+#ifndef OPENSSL_NO_DH
     if (!no_dhe) {
         if (dhe1024dsa)
             dhpkey = get_dh1024dsa(libctx);
@@ -1503,6 +1504,7 @@ int main(int argc, char *argv[])
         SSL_CTX_set0_tmp_dh_pkey(s_ctx, dhpkey);
         SSL_CTX_set0_tmp_dh_pkey(s_ctx2, dhpkey);
     }
+#endif
 
     if (!(SSL_CTX_load_verify_file(s_ctx, CAfile)
           || SSL_CTX_load_verify_dir(s_ctx, CApath))
@@ -2884,149 +2886,6 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
     return ok;
 }
 
-static EVP_PKEY *get_dh_from_pg_bn(OSSL_LIB_CTX *libctx, BIGNUM *p, BIGNUM *g)
-{
-    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL);
-    OSSL_PARAM_BLD *tmpl = NULL;
-    OSSL_PARAM *params = NULL;
-    EVP_PKEY *dhpkey = NULL;
-
-    if (pctx == NULL || !EVP_PKEY_key_fromdata_init(pctx))
-        goto err;
-
-    tmpl = OSSL_PARAM_BLD_new();
-    if (tmpl == NULL
-            || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
-            || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g))
-        goto err;
-
-    params = OSSL_PARAM_BLD_to_param(tmpl);
-    if (params == NULL || !EVP_PKEY_fromdata(pctx, &dhpkey, params))
-        goto err;
-
- err:
-    EVP_PKEY_CTX_free(pctx);
-    OSSL_PARAM_BLD_free_params(params);
-    OSSL_PARAM_BLD_free(tmpl);
-    return dhpkey;
-}
-static EVP_PKEY *get_dh_from_pg(OSSL_LIB_CTX *libctx, unsigned char *pdata,
-                                size_t plen, unsigned char *gdata, size_t glen)
-{
-    EVP_PKEY *dhpkey = NULL;
-    BIGNUM *p = NULL, *g = NULL;
-
-    p = BN_bin2bn(pdata, plen, NULL);
-    g = BN_bin2bn(gdata, glen, NULL);
-    if (p == NULL || g == NULL)
-        goto err;
-
-    dhpkey = get_dh_from_pg_bn(libctx, p, g);
-
- err:
-    BN_free(p);
-    BN_free(g);
-    return dhpkey;
-}
-
-/* These DH parameters were generated using the dhparam command line app */
-static EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx)
-{
-    static unsigned char dh512_p[] = {
-        0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
-        0xC6,
-        0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
-        0xB0,
-        0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
-        0x5F,
-        0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
-        0xB8,
-        0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
-        0x33,
-        0x02, 0xC5, 0xAE, 0x23,
-    };
-    static unsigned char dh512_g[] = {
-        0x02,
-    };
-
-    return get_dh_from_pg(libctx, dh512_p, sizeof(dh512_p), dh512_g,
-                          sizeof(dh512_g));
-}
-
-static EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
-{
-    static unsigned char dh1024_p[] = {
-        0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
-        0x00,
-        0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
-        0x19,
-        0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
-        0xD2,
-        0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
-        0x55,
-        0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
-        0xFC,
-        0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
-        0x97,
-        0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
-        0x8D,
-        0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
-        0xBB,
-        0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
-        0xF6,
-        0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
-        0x9E,
-        0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
-    };
-    static unsigned char dh1024_g[] = {
-        0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
-        0x05,
-        0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
-        0xF3,
-        0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
-        0xE9,
-        0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
-        0x3C,
-        0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
-        0x65,
-        0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
-        0x60,
-        0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
-        0xF6,
-        0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
-        0xA7,
-        0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
-        0xA1,
-        0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
-        0x60,
-        0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
-    };
-
-    return get_dh_from_pg(libctx, dh1024_p, sizeof(dh1024_p), dh1024_g,
-                          sizeof(dh1024_g));
-}
-
-static EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx)
-{
-    BIGNUM *p = NULL, *g = NULL;
-    EVP_PKEY *dhpkey = NULL;
-
-    g = BN_new();
-    if (g == NULL || !BN_set_word(g, 2))
-        goto err;
-
-    p = BN_get_rfc3526_prime_2048(NULL);
-    if (p == NULL)
-        goto err;
-
-    dhpkey = get_dh_from_pg_bn(libctx, p, g);
-
- err:
-    BN_free(p);
-    BN_free(g);
-    return dhpkey;
-}
-
 #ifndef OPENSSL_NO_PSK
 /* convert the PSK key (psk_key) in ascii to binary (psk) */
 static int psk_key2bn(const char *pskkey, unsigned char *psk,


More information about the openssl-commits mailing list