aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2016-06-27 11:47:26 +0200
committerTobias Brunner <tobias@strongswan.org>2016-06-29 11:09:37 +0200
commit54d629b7ad997a1ab5db655901c27622e5ff8187 (patch)
tree99c415f5c82bdf9f2b019f1a0915795300c69156
parent1b36fbedf5707ea4318ae9216d3c65aebe1917da (diff)
downloadstrongswan-54d629b7ad997a1ab5db655901c27622e5ff8187.tar.bz2
strongswan-54d629b7ad997a1ab5db655901c27622e5ff8187.tar.xz
openssl: Update DH API to OpenSSL 1.1.0
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c52
1 files changed, 41 insertions, 11 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 5b1859b35..f08dfff7e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -22,9 +22,17 @@
#include <openssl/dh.h>
#include "openssl_diffie_hellman.h"
+#include "openssl_util.h"
#include <utils/debug.h>
+/* these were added with 1.1.0 when DH was made opaque */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key)
+OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g)
+#define DH_set_length(dh, len) ({ (dh)->length = len; 1; })
+#endif
+
typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
/**
@@ -65,10 +73,12 @@ struct private_openssl_diffie_hellman_t {
METHOD(diffie_hellman_t, get_my_public_value, bool,
private_openssl_diffie_hellman_t *this, chunk_t *value)
{
+ const BIGNUM *pubkey;
+
*value = chunk_alloc(DH_size(this->dh));
memset(value->ptr, 0, value->len);
- BN_bn2bin(this->dh->pub_key,
- value->ptr + value->len - BN_num_bytes(this->dh->pub_key));
+ DH_get0_key(this->dh, &pubkey, NULL);
+ BN_bn2bin(pubkey, value->ptr + value->len - BN_num_bytes(pubkey));
return TRUE;
}
@@ -116,8 +126,15 @@ METHOD(diffie_hellman_t, set_other_public_value, bool,
METHOD(diffie_hellman_t, set_private_value, bool,
private_openssl_diffie_hellman_t *this, chunk_t value)
{
- if (BN_bin2bn(value.ptr, value.len, this->dh->priv_key))
+ BIGNUM *privkey;
+
+ privkey = BN_bin2bn(value.ptr, value.len, NULL);
+ if (privkey)
{
+ if (!DH_set0_key(this->dh, NULL, privkey))
+ {
+ return FALSE;
+ }
chunk_clear(&this->shared_secret);
this->computed = FALSE;
return DH_generate_key(this->dh);
@@ -136,19 +153,28 @@ METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
*/
static status_t set_modulus(private_openssl_diffie_hellman_t *this)
{
+ BIGNUM *p, *g;
+
diffie_hellman_params_t *params = diffie_hellman_get_params(this->group);
if (!params)
{
return NOT_FOUND;
}
- this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL);
- this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL);
+ p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL);
+ g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL);
+ if (!DH_set0_pqg(this->dh, p, NULL, g))
+ {
+ return FAILED;
+ }
if (params->exp_len != params->prime.len)
{
#ifdef OPENSSL_IS_BORINGSSL
this->dh->priv_length = params->exp_len * 8;
#else
- this->dh->length = params->exp_len * 8;
+ if (!DH_set_length(this->dh, params->exp_len * 8))
+ {
+ return FAILED;
+ }
#endif
}
return SUCCESS;
@@ -170,6 +196,7 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(
diffie_hellman_group_t group, chunk_t g, chunk_t p)
{
private_openssl_diffie_hellman_t *this;
+ const BIGNUM *privkey;
INIT(this,
.public = {
@@ -198,8 +225,12 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(
if (group == MODP_CUSTOM)
{
- this->dh->p = BN_bin2bn(p.ptr, p.len, NULL);
- this->dh->g = BN_bin2bn(g.ptr, g.len, NULL);
+ if (!DH_set0_pqg(this->dh, BN_bin2bn(p.ptr, p.len, NULL), NULL,
+ BN_bin2bn(g.ptr, g.len, NULL)))
+ {
+ destroy(this);
+ return NULL;
+ }
}
else
{
@@ -217,9 +248,8 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(
destroy(this);
return NULL;
}
- DBG2(DBG_LIB, "size of DH secret exponent: %d bits",
- BN_num_bits(this->dh->priv_key));
-
+ DH_get0_key(this->dh, NULL, &privkey);
+ DBG2(DBG_LIB, "size of DH secret exponent: %d bits", BN_num_bits(privkey));
return &this->public;
}