Loading crypto/engine/eng_cryptodev.c +10 −1 Original line number Diff line number Diff line Loading @@ -55,7 +55,9 @@ # include <errno.h> # include <string.h> #endif #ifndef OPENSSL_NO_DH # include <openssl/dh.h> #endif #include <openssl/dsa.h> #include <openssl/err.h> #include <openssl/rsa.h> Loading Loading @@ -125,11 +127,13 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); #ifndef OPENSSL_NO_DH static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); #endif static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); void ENGINE_load_cryptodev(void); Loading Loading @@ -1364,6 +1368,7 @@ static DSA_METHOD cryptodev_dsa = { NULL /* app_data */ }; #ifndef OPENSSL_NO_DH static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, Loading Loading @@ -1425,6 +1430,8 @@ static DH_METHOD cryptodev_dh = { NULL /* app_data */ }; #endif /* ndef OPENSSL_NO_DH */ /* * ctrl right now is just a wrapper that doesn't do much * but I expect we'll want some options soon. Loading Loading @@ -1512,6 +1519,7 @@ void ENGINE_load_cryptodev(void) cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; } #ifndef OPENSSL_NO_DH if (ENGINE_set_DH(engine, &cryptodev_dh)) { const DH_METHOD *dh_meth = DH_OpenSSL(); Loading @@ -1524,6 +1532,7 @@ void ENGINE_load_cryptodev(void) cryptodev_dh.compute_key = cryptodev_dh_compute_key; } } #endif ENGINE_add(engine); ENGINE_free(engine); Loading ssl/s3_lib.c +3 −9 Original line number Diff line number Diff line Loading @@ -4250,16 +4250,14 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { CERT *cert; cert = ctx->cert; switch (cmd) { #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { DH *new = NULL, *dh; CERT *cert; cert = ctx->cert; dh = (DH *)parg; if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { Loading Loading @@ -4464,15 +4462,11 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) { CERT *cert; cert = ctx->cert; switch (cmd) { #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; cxt->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; } break; #endif Loading ssl/statem/statem_srvr.c +2 −2 Original line number Diff line number Diff line Loading @@ -1729,7 +1729,6 @@ int tls_construct_server_key_exchange(SSL *s) int al, i; unsigned long type; int n; CERT *cert; BIGNUM *r[4]; int nr[4], kn; BUF_MEM *buf; Loading @@ -1742,7 +1741,6 @@ int tls_construct_server_key_exchange(SSL *s) } type = s->s3->tmp.new_cipher->algorithm_mkey; cert = s->cert; buf = s->init_buf; Loading @@ -1763,6 +1761,8 @@ int tls_construct_server_key_exchange(SSL *s) #endif /* !OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_DH if (type & (SSL_kDHE | SSL_kDHEPSK)) { CERT *cert = s->cert; if (s->cert->dh_tmp_auto) { dhp = ssl_get_auto_dh(s); if (dhp == NULL) { Loading test/recipes/70-test_sslskewith0p.t +4 −0 Original line number Diff line number Diff line Loading @@ -54,6 +54,7 @@ use strict; use OpenSSL::Test qw/:DEFAULT cmdstr top_file top_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; my $test_name = "test_sslskewith0p"; Loading @@ -64,6 +65,9 @@ plan skip_all => "$test_name can only be performed with OpenSSL configured share grep { /^SHARED_LIBS=/ } do { local @ARGV = ( top_file("Makefile") ); <> })[0] ne ""; plan skip_all => "dh is not supported by this OpenSSL build" if disabled("dh"); $ENV{OPENSSL_ENGINES} = top_dir("engines"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( Loading Loading
crypto/engine/eng_cryptodev.c +10 −1 Original line number Diff line number Diff line Loading @@ -55,7 +55,9 @@ # include <errno.h> # include <string.h> #endif #ifndef OPENSSL_NO_DH # include <openssl/dh.h> #endif #include <openssl/dsa.h> #include <openssl/err.h> #include <openssl/rsa.h> Loading Loading @@ -125,11 +127,13 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); #ifndef OPENSSL_NO_DH static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); #endif static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); void ENGINE_load_cryptodev(void); Loading Loading @@ -1364,6 +1368,7 @@ static DSA_METHOD cryptodev_dsa = { NULL /* app_data */ }; #ifndef OPENSSL_NO_DH static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, Loading Loading @@ -1425,6 +1430,8 @@ static DH_METHOD cryptodev_dh = { NULL /* app_data */ }; #endif /* ndef OPENSSL_NO_DH */ /* * ctrl right now is just a wrapper that doesn't do much * but I expect we'll want some options soon. Loading Loading @@ -1512,6 +1519,7 @@ void ENGINE_load_cryptodev(void) cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; } #ifndef OPENSSL_NO_DH if (ENGINE_set_DH(engine, &cryptodev_dh)) { const DH_METHOD *dh_meth = DH_OpenSSL(); Loading @@ -1524,6 +1532,7 @@ void ENGINE_load_cryptodev(void) cryptodev_dh.compute_key = cryptodev_dh_compute_key; } } #endif ENGINE_add(engine); ENGINE_free(engine); Loading
ssl/s3_lib.c +3 −9 Original line number Diff line number Diff line Loading @@ -4250,16 +4250,14 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { CERT *cert; cert = ctx->cert; switch (cmd) { #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { DH *new = NULL, *dh; CERT *cert; cert = ctx->cert; dh = (DH *)parg; if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { Loading Loading @@ -4464,15 +4462,11 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) { CERT *cert; cert = ctx->cert; switch (cmd) { #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; cxt->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; } break; #endif Loading
ssl/statem/statem_srvr.c +2 −2 Original line number Diff line number Diff line Loading @@ -1729,7 +1729,6 @@ int tls_construct_server_key_exchange(SSL *s) int al, i; unsigned long type; int n; CERT *cert; BIGNUM *r[4]; int nr[4], kn; BUF_MEM *buf; Loading @@ -1742,7 +1741,6 @@ int tls_construct_server_key_exchange(SSL *s) } type = s->s3->tmp.new_cipher->algorithm_mkey; cert = s->cert; buf = s->init_buf; Loading @@ -1763,6 +1761,8 @@ int tls_construct_server_key_exchange(SSL *s) #endif /* !OPENSSL_NO_PSK */ #ifndef OPENSSL_NO_DH if (type & (SSL_kDHE | SSL_kDHEPSK)) { CERT *cert = s->cert; if (s->cert->dh_tmp_auto) { dhp = ssl_get_auto_dh(s); if (dhp == NULL) { Loading
test/recipes/70-test_sslskewith0p.t +4 −0 Original line number Diff line number Diff line Loading @@ -54,6 +54,7 @@ use strict; use OpenSSL::Test qw/:DEFAULT cmdstr top_file top_dir/; use OpenSSL::Test::Utils; use TLSProxy::Proxy; my $test_name = "test_sslskewith0p"; Loading @@ -64,6 +65,9 @@ plan skip_all => "$test_name can only be performed with OpenSSL configured share grep { /^SHARED_LIBS=/ } do { local @ARGV = ( top_file("Makefile") ); <> })[0] ne ""; plan skip_all => "dh is not supported by this OpenSSL build" if disabled("dh"); $ENV{OPENSSL_ENGINES} = top_dir("engines"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>