Convert ssl_kex.c to opaque DH

Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing
author: tb <> 2022-01-14 09:11:22 +0000
committer: tb <> 2022-01-14 09:11:22 +0000
commit: 971bbef45c2d6baed8d7955cf82726f084fa8398 (patch)
tree: 86206ffd3cf4bac478a24987068db519cf069a7b /src/lib/libssl/ssl_kex.c
parent: 92e24deafd830acc2ff30d7a707ad2be74d523b4 (diff)
download: openbsd-971bbef45c2d6baed8d7955cf82726f084fa8398.tar.gz
openbsd-971bbef45c2d6baed8d7955cf82726f084fa8398.tar.bz2
openbsd-971bbef45c2d6baed8d7955cf82726f084fa8398.zip
1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c
index cd6713b8b2..cab2f1c78d 100644
--- a/src/lib/libssl/ssl_kex.c
+++ b/src/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_kex.c,v 1.9 2022/01/11 18:28:41 jsing Exp $ */
+/* $OpenBSD: ssl_kex.c,v 1.10 2022/01/14 09:11:22 tb Exp $ */
 /*
 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
 *
@@ -34,9 +34,9 @@ ssl_kex_generate_dhe(DH *dh, DH *dh_params)
        BIGNUM *p = NULL, *g = NULL;
        int ret = 0;
-        if ((p = BN_dup(dh_params->p)) == NULL)
+        if ((p = BN_dup(DH_get0_p(dh_params))) == NULL)
                goto err;
-        if ((g = BN_dup(dh_params->g)) == NULL)
+        if ((g = BN_dup(DH_get0_g(dh_params))) == NULL)
                goto err;
        if (!DH_set0_pqg(dh, p, NULL, g))
@@ -107,23 +107,23 @@ ssl_kex_params_dhe(DH *dh, CBB *cbb)
        CBB dh_p, dh_g;
        uint8_t *data;
-        if ((dh_p_len = BN_num_bytes(dh->p)) <= 0)
+        if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0)
                return 0;
-        if ((dh_g_len = BN_num_bytes(dh->g)) <= 0)
+        if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0)
                return 0;
        if (!CBB_add_u16_length_prefixed(cbb, &dh_p))
                return 0;
        if (!CBB_add_space(&dh_p, &data, dh_p_len))
                return 0;
-        if (BN_bn2bin(dh->p, data) != dh_p_len)
+        if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len)
                return 0;
        if (!CBB_add_u16_length_prefixed(cbb, &dh_g))
                return 0;
        if (!CBB_add_space(&dh_g, &data, dh_g_len))
                return 0;
-        if (BN_bn2bin(dh->g, data) != dh_g_len)
+        if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len)
                return 0;
        if (!CBB_flush(cbb))
@@ -139,14 +139,14 @@ ssl_kex_public_dhe(DH *dh, CBB *cbb)
        int dh_y_len;
        CBB dh_y;
-        if ((dh_y_len = BN_num_bytes(dh->pub_key)) <= 0)
+        if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0)
                return 0;
        if (!CBB_add_u16_length_prefixed(cbb, &dh_y))
                return 0;
        if (!CBB_add_space(&dh_y, &data, dh_y_len))
                return 0;
-        if (BN_bn2bin(dh->pub_key, data) != dh_y_len)
+        if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len)
                return 0;
        if (!CBB_flush(cbb))
@@ -224,7 +224,7 @@ ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error,
                goto err;
        pub_key = NULL;
-        if (!DH_check_pub_key(dh, dh->pub_key, &check_flags))
+        if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags))
                goto err;
        if (check_flags != 0)
                *invalid_key = 1;
@@ -250,7 +250,7 @@ ssl_kex_derive_dhe(DH *dh, DH *dh_peer,
        if ((key = calloc(1, key_len)) == NULL)
                goto err;
-        if ((key_len = DH_compute_key(key, dh_peer->pub_key, dh)) <= 0)
+        if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0)
                goto err;
        *shared_key = key;
author	tb <>	2022-01-14 09:11:22 +0000
committer	tb <>	2022-01-14 09:11:22 +0000
commit	971bbef45c2d6baed8d7955cf82726f084fa8398 (patch)
tree	86206ffd3cf4bac478a24987068db519cf069a7b /src/lib/libssl/ssl_kex.c
parent	92e24deafd830acc2ff30d7a707ad2be74d523b4 (diff)
download	openbsd-971bbef45c2d6baed8d7955cf82726f084fa8398.tar.gz openbsd-971bbef45c2d6baed8d7955cf82726f084fa8398.tar.bz2 openbsd-971bbef45c2d6baed8d7955cf82726f084fa8398.zip

diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c index cd6713b8b2..cab2f1c78d 100644 --- a/src/lib/libssl/ssl_kex.c +++ b/src/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_kex.c,v 1.9 2022/01/11 18:28:41 jsing Exp $ */	1	/* $OpenBSD: ssl_kex.c,v 1.10 2022/01/14 09:11:22 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -34,9 +34,9 @@ ssl_kex_generate_dhe(DH dh, DH dh_params)
34	BIGNUM p = NULL, g = NULL;	34	BIGNUM p = NULL, g = NULL;
35	int ret = 0;	35	int ret = 0;
36		36
37	if ((p = BN_dup(dh_params->p)) == NULL)	37	if ((p = BN_dup(DH_get0_p(dh_params))) == NULL)
38	goto err;	38	goto err;
39	if ((g = BN_dup(dh_params->g)) == NULL)	39	if ((g = BN_dup(DH_get0_g(dh_params))) == NULL)
40	goto err;	40	goto err;
41		41
42	if (!DH_set0_pqg(dh, p, NULL, g))	42	if (!DH_set0_pqg(dh, p, NULL, g))
@@ -107,23 +107,23 @@ ssl_kex_params_dhe(DH dh, CBB cbb)
107	CBB dh_p, dh_g;	107	CBB dh_p, dh_g;
108	uint8_t *data;	108	uint8_t *data;
109		109
110	if ((dh_p_len = BN_num_bytes(dh->p)) <= 0)	110	if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0)
111	return 0;	111	return 0;
112	if ((dh_g_len = BN_num_bytes(dh->g)) <= 0)	112	if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0)
113	return 0;	113	return 0;
114		114
115	if (!CBB_add_u16_length_prefixed(cbb, &dh_p))	115	if (!CBB_add_u16_length_prefixed(cbb, &dh_p))
116	return 0;	116	return 0;
117	if (!CBB_add_space(&dh_p, &data, dh_p_len))	117	if (!CBB_add_space(&dh_p, &data, dh_p_len))
118	return 0;	118	return 0;
119	if (BN_bn2bin(dh->p, data) != dh_p_len)	119	if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len)
120	return 0;	120	return 0;
121		121
122	if (!CBB_add_u16_length_prefixed(cbb, &dh_g))	122	if (!CBB_add_u16_length_prefixed(cbb, &dh_g))
123	return 0;	123	return 0;
124	if (!CBB_add_space(&dh_g, &data, dh_g_len))	124	if (!CBB_add_space(&dh_g, &data, dh_g_len))
125	return 0;	125	return 0;
126	if (BN_bn2bin(dh->g, data) != dh_g_len)	126	if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len)
127	return 0;	127	return 0;
128		128
129	if (!CBB_flush(cbb))	129	if (!CBB_flush(cbb))
@@ -139,14 +139,14 @@ ssl_kex_public_dhe(DH dh, CBB cbb)
139	int dh_y_len;	139	int dh_y_len;
140	CBB dh_y;	140	CBB dh_y;
141		141
142	if ((dh_y_len = BN_num_bytes(dh->pub_key)) <= 0)	142	if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0)
143	return 0;	143	return 0;
144		144
145	if (!CBB_add_u16_length_prefixed(cbb, &dh_y))	145	if (!CBB_add_u16_length_prefixed(cbb, &dh_y))
146	return 0;	146	return 0;
147	if (!CBB_add_space(&dh_y, &data, dh_y_len))	147	if (!CBB_add_space(&dh_y, &data, dh_y_len))
148	return 0;	148	return 0;
149	if (BN_bn2bin(dh->pub_key, data) != dh_y_len)	149	if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len)
150	return 0;	150	return 0;
151		151
152	if (!CBB_flush(cbb))	152	if (!CBB_flush(cbb))
@@ -224,7 +224,7 @@ ssl_kex_peer_public_dhe(DH dh, CBS cbs, int *decode_error,
224	goto err;	224	goto err;
225	pub_key = NULL;	225	pub_key = NULL;
226		226
227	if (!DH_check_pub_key(dh, dh->pub_key, &check_flags))	227	if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags))
228	goto err;	228	goto err;
229	if (check_flags != 0)	229	if (check_flags != 0)
230	*invalid_key = 1;	230	*invalid_key = 1;
@@ -250,7 +250,7 @@ ssl_kex_derive_dhe(DH dh, DH dh_peer,
250	if ((key = calloc(1, key_len)) == NULL)	250	if ((key = calloc(1, key_len)) == NULL)
251	goto err;	251	goto err;
252		252
253	if ((key_len = DH_compute_key(key, dh_peer->pub_key, dh)) <= 0)	253	if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0)
254	goto err;	254	goto err;
255		255
256	*shared_key = key;	256	*shared_key = key;