generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make no-dh work, plus other no-dh problems found by Richard.

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Ben Laurie 2015-09-12 17:17:33 +01:00
parent ea11c6e920
commit 94d6151236
4 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/engine/eng_cryptodev.c
View File

@ -55,7 +55,9 @@
# include <errno.h>
# include <string.h>
#endif
#include <openssl/dh.h>
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
@ -125,11 +127,13 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
DSA *dsa);
static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
#ifndef OPENSSL_NO_DH
static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh);
#endif
static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
void (*f) (void));
void ENGINE_load_cryptodev(void);
@ -1364,6 +1368,7 @@ static DSA_METHOD cryptodev_dsa = {
NULL /* app_data */
};
#ifndef OPENSSL_NO_DH
static int
cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
@ -1425,6 +1430,8 @@ static DH_METHOD cryptodev_dh = {
NULL /* app_data */
};
#endif /* ndef OPENSSL_NO_DH */
/*
* ctrl right now is just a wrapper that doesn't do much
* but I expect we'll want some options soon.
@ -1512,6 +1519,7 @@ void ENGINE_load_cryptodev(void)
cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
}
#ifndef OPENSSL_NO_DH
if (ENGINE_set_DH(engine, &cryptodev_dh)) {
const DH_METHOD *dh_meth = DH_OpenSSL();
@ -1524,6 +1532,7 @@ void ENGINE_load_cryptodev(void)
cryptodev_dh.compute_key = cryptodev_dh_compute_key;
}
}
#endif
ENGINE_add(engine);
ENGINE_free(engine);

12
ssl/s3_lib.c
View File

@ -4250,16 +4250,14 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
CERT *cert;
cert = ctx->cert;
switch (cmd) {
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
DH *new = NULL, *dh;
CERT *cert;
cert = ctx->cert;
dh = (DH *)parg;
if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
DH_security_bits(dh), 0, dh)) {
@ -4464,15 +4462,11 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
CERT *cert;
cert = ctx->cert;
switch (cmd) {
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH_CB:
{
cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
cxt->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
#endif

4
ssl/statem/statem_srvr.c
View File

@ -1729,7 +1729,6 @@ int tls_construct_server_key_exchange(SSL *s)
int al, i;
unsigned long type;
int n;
CERT *cert;
BIGNUM *r[4];
int nr[4], kn;
BUF_MEM *buf;
@ -1742,7 +1741,6 @@ int tls_construct_server_key_exchange(SSL *s)
}
type = s->s3->tmp.new_cipher->algorithm_mkey;
cert = s->cert;
buf = s->init_buf;
@ -1763,6 +1761,8 @@ int tls_construct_server_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_DH
if (type & (SSL_kDHE | SSL_kDHEPSK)) {
CERT *cert = s->cert;
if (s->cert->dh_tmp_auto) {
dhp = ssl_get_auto_dh(s);
if (dhp == NULL) {

4
test/recipes/70-test_sslskewith0p.t
View File

@ -54,6 +54,7 @@
use strict;
use OpenSSL::Test qw/:DEFAULT cmdstr top_file top_dir/;
use OpenSSL::Test::Utils;
use TLSProxy::Proxy;
my $test_name = "test_sslskewith0p";
@ -64,6 +65,9 @@ plan skip_all => "$test_name can only be performed with OpenSSL configured share
grep { /^SHARED_LIBS=/ }
do { local @ARGV = ( top_file("Makefile") ); <> })[0] ne "";
plan skip_all => "dh is not supported by this OpenSSL build"
if disabled("dh");
$ENV{OPENSSL_ENGINES} = top_dir("engines");
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(