diff options
| author | tb <> | 2022-01-14 09:11:22 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-14 09:11:22 +0000 |
| commit | ee9499fcb1fda226353c92a4cc08ca23480156dd (patch) | |
| tree | 86206ffd3cf4bac478a24987068db519cf069a7b /src/lib/libssl/ssl_kex.c | |
| parent | 84ba16c1b09530a035a1f361f5c8e5a175478796 (diff) | |
| download | openbsd-ee9499fcb1fda226353c92a4cc08ca23480156dd.tar.gz openbsd-ee9499fcb1fda226353c92a4cc08ca23480156dd.tar.bz2 openbsd-ee9499fcb1fda226353c92a4cc08ca23480156dd.zip | |
Convert ssl_kex.c to opaque DH
Stop reaching into DH internals and use the new API functions instead.
ok inoguchi jsing
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_kex.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c index cd6713b8b2..cab2f1c78d 100644 --- a/src/lib/libssl/ssl_kex.c +++ b/src/lib/libssl/ssl_kex.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_kex.c,v 1.9 2022/01/11 18:28:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_kex.c,v 1.10 2022/01/14 09:11:22 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -34,9 +34,9 @@ ssl_kex_generate_dhe(DH *dh, DH *dh_params) | |||
| 34 | BIGNUM *p = NULL, *g = NULL; | 34 | BIGNUM *p = NULL, *g = NULL; |
| 35 | int ret = 0; | 35 | int ret = 0; |
| 36 | 36 | ||
| 37 | if ((p = BN_dup(dh_params->p)) == NULL) | 37 | if ((p = BN_dup(DH_get0_p(dh_params))) == NULL) |
| 38 | goto err; | 38 | goto err; |
| 39 | if ((g = BN_dup(dh_params->g)) == NULL) | 39 | if ((g = BN_dup(DH_get0_g(dh_params))) == NULL) |
| 40 | goto err; | 40 | goto err; |
| 41 | 41 | ||
| 42 | if (!DH_set0_pqg(dh, p, NULL, g)) | 42 | if (!DH_set0_pqg(dh, p, NULL, g)) |
| @@ -107,23 +107,23 @@ ssl_kex_params_dhe(DH *dh, CBB *cbb) | |||
| 107 | CBB dh_p, dh_g; | 107 | CBB dh_p, dh_g; |
| 108 | uint8_t *data; | 108 | uint8_t *data; |
| 109 | 109 | ||
| 110 | if ((dh_p_len = BN_num_bytes(dh->p)) <= 0) | 110 | if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0) |
| 111 | return 0; | 111 | return 0; |
| 112 | if ((dh_g_len = BN_num_bytes(dh->g)) <= 0) | 112 | if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0) |
| 113 | return 0; | 113 | return 0; |
| 114 | 114 | ||
| 115 | if (!CBB_add_u16_length_prefixed(cbb, &dh_p)) | 115 | if (!CBB_add_u16_length_prefixed(cbb, &dh_p)) |
| 116 | return 0; | 116 | return 0; |
| 117 | if (!CBB_add_space(&dh_p, &data, dh_p_len)) | 117 | if (!CBB_add_space(&dh_p, &data, dh_p_len)) |
| 118 | return 0; | 118 | return 0; |
| 119 | if (BN_bn2bin(dh->p, data) != dh_p_len) | 119 | if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len) |
| 120 | return 0; | 120 | return 0; |
| 121 | 121 | ||
| 122 | if (!CBB_add_u16_length_prefixed(cbb, &dh_g)) | 122 | if (!CBB_add_u16_length_prefixed(cbb, &dh_g)) |
| 123 | return 0; | 123 | return 0; |
| 124 | if (!CBB_add_space(&dh_g, &data, dh_g_len)) | 124 | if (!CBB_add_space(&dh_g, &data, dh_g_len)) |
| 125 | return 0; | 125 | return 0; |
| 126 | if (BN_bn2bin(dh->g, data) != dh_g_len) | 126 | if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len) |
| 127 | return 0; | 127 | return 0; |
| 128 | 128 | ||
| 129 | if (!CBB_flush(cbb)) | 129 | if (!CBB_flush(cbb)) |
| @@ -139,14 +139,14 @@ ssl_kex_public_dhe(DH *dh, CBB *cbb) | |||
| 139 | int dh_y_len; | 139 | int dh_y_len; |
| 140 | CBB dh_y; | 140 | CBB dh_y; |
| 141 | 141 | ||
| 142 | if ((dh_y_len = BN_num_bytes(dh->pub_key)) <= 0) | 142 | if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0) |
| 143 | return 0; | 143 | return 0; |
| 144 | 144 | ||
| 145 | if (!CBB_add_u16_length_prefixed(cbb, &dh_y)) | 145 | if (!CBB_add_u16_length_prefixed(cbb, &dh_y)) |
| 146 | return 0; | 146 | return 0; |
| 147 | if (!CBB_add_space(&dh_y, &data, dh_y_len)) | 147 | if (!CBB_add_space(&dh_y, &data, dh_y_len)) |
| 148 | return 0; | 148 | return 0; |
| 149 | if (BN_bn2bin(dh->pub_key, data) != dh_y_len) | 149 | if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len) |
| 150 | return 0; | 150 | return 0; |
| 151 | 151 | ||
| 152 | if (!CBB_flush(cbb)) | 152 | if (!CBB_flush(cbb)) |
| @@ -224,7 +224,7 @@ ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error, | |||
| 224 | goto err; | 224 | goto err; |
| 225 | pub_key = NULL; | 225 | pub_key = NULL; |
| 226 | 226 | ||
| 227 | if (!DH_check_pub_key(dh, dh->pub_key, &check_flags)) | 227 | if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags)) |
| 228 | goto err; | 228 | goto err; |
| 229 | if (check_flags != 0) | 229 | if (check_flags != 0) |
| 230 | *invalid_key = 1; | 230 | *invalid_key = 1; |
| @@ -250,7 +250,7 @@ ssl_kex_derive_dhe(DH *dh, DH *dh_peer, | |||
| 250 | if ((key = calloc(1, key_len)) == NULL) | 250 | if ((key = calloc(1, key_len)) == NULL) |
| 251 | goto err; | 251 | goto err; |
| 252 | 252 | ||
| 253 | if ((key_len = DH_compute_key(key, dh_peer->pub_key, dh)) <= 0) | 253 | if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0) |
| 254 | goto err; | 254 | goto err; |
| 255 | 255 | ||
| 256 | *shared_key = key; | 256 | *shared_key = key; |