From 0aeddcfa61250a6c474c4f8b3533772a63192f1b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 6 Apr 2016 17:49:48 +0100 Subject: [PATCH] Make DH opaque Move the dh_st structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: Richard Levitte --- apps/dhparam.c | 36 +++++++++++------ apps/s_cb.c | 2 +- crypto/dh/dh_ameth.c | 2 +- crypto/dh/dh_asn1.c | 2 +- crypto/dh/dh_check.c | 2 +- crypto/dh/dh_gen.c | 2 +- crypto/dh/dh_key.c | 2 +- crypto/dh/dh_lib.c | 85 +++++++++++++++++++++++++++++++++++++++- crypto/dh/dh_locl.h | 38 ++++++++++++++++++ crypto/dh/dh_pmeth.c | 2 +- crypto/dh/dh_rfc5114.c | 2 +- crypto/dsa/dsa_lib.c | 40 +++++++++++++------ include/openssl/dh.h | 39 ++++++------------ ssl/statem/statem_clnt.c | 42 +++++++++++++++----- ssl/statem/statem_srvr.c | 15 ++++--- ssl/t1_lib.c | 15 ++++--- test/dhtest.c | 65 +++++++++++++++++++----------- test/ssltest_old.c | 29 +++++++++----- 18 files changed, 305 insertions(+), 115 deletions(-) create mode 100644 crypto/dh/dh_locl.h diff --git a/apps/dhparam.c b/apps/dhparam.c index 58baff822a..9ad80edef6 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -384,40 +384,50 @@ int dhparam_main(int argc, char **argv) if (C) { unsigned char *data; int len, bits; + BIGNUM *pbn, *gbn; - len = BN_num_bytes(dh->p); - bits = BN_num_bits(dh->p); + len = DH_size(dh); + bits = DH_bits(dh); + DH_get0_pqg(dh, &pbn, NULL, &gbn); data = app_malloc(len, "print a BN"); BIO_printf(out, "#ifndef HEADER_DH_H\n" "# include \n" "#endif\n" "\n"); BIO_printf(out, "DH *get_dh%d()\n{\n", bits); - print_bignum_var(out, dh->p, "dhp", bits, data); - print_bignum_var(out, dh->g, "dhg", bits, data); - BIO_printf(out, " DH *dh = DN_new();\n" + print_bignum_var(out, pbn, "dhp", bits, data); + print_bignum_var(out, gbn, "dhg", bits, data); + BIO_printf(out, " DH *dh = DH_new();\n" + " BIGNUM *dhp_bn, *dhg_bn;\n" "\n" " if (dh == NULL)\n" " return NULL;\n"); - BIO_printf(out, " dh->p = BN_bin2bn(dhp_%d, sizeof (dhp_%d), NULL);\n", - bits, bits); - BIO_printf(out, " dh->g = BN_bin2bn(dhg_%d, sizeof (dhg_%d), NULL);\n", - bits, bits); - BIO_printf(out, " if (!dh->p || !dh->g) {\n" + BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof (dhp_%d), NULL);\n", + bits, bits); + BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof (dhg_%d), NULL);\n", + bits, bits); + BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n" + " || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n" " DH_free(dh);\n" + " BN_free(dhp_bn);\n" + " BN_free(dhg_bn);\n" " return NULL;\n" " }\n"); - if (dh->length) + if (DH_get_length(dh) > 0) BIO_printf(out, - " dh->length = %ld;\n", dh->length); + " if (!DH_set_length(dh, %ld)) {\n" + " DH_free(dh);\n" + " }\n", DH_get_length(dh)); BIO_printf(out, " return dh;\n}\n"); OPENSSL_free(data); } if (!noout) { + BIGNUM *q; + DH_get0_pqg(dh, NULL, &q, NULL); if (outformat == FORMAT_ASN1) i = i2d_DHparams_bio(out, dh); - else if (dh->q) + else if (q != NULL) i = PEM_write_bio_DHxparams(out, dh); else i = PEM_write_bio_DHparams(out, dh); diff --git a/apps/s_cb.c b/apps/s_cb.c index b75ff31025..49f3acd65f 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1371,7 +1371,7 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, case SSL_SECOP_OTHER_DH: { DH *dh = other; - BIO_printf(sdb->out, "%d", BN_num_bits(dh->p)); + BIO_printf(sdb->out, "%d", DH_bits(dh)); break; } #endif diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index fc03d8fb0d..54d5ba5d34 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -60,7 +60,7 @@ #include "internal/cryptlib.h" #include #include -#include +#include "dh_locl.h" #include #include "internal/asn1_int.h" #include "internal/evp_int.h" diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 8ea9550000..aa802915a8 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -59,7 +59,7 @@ #include #include "internal/cryptlib.h" #include -#include +#include "dh_locl.h" #include #include diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 2cc218dbdc..5d14265802 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -58,7 +58,7 @@ #include #include "internal/cryptlib.h" #include -#include +#include "dh_locl.h" /*- * Check that p is a safe prime and diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index bfa2376c39..5c96dacdba 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -63,7 +63,7 @@ #include #include "internal/cryptlib.h" #include -#include +#include "dh_locl.h" static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 558ec8c3cd..d9575503d1 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -58,7 +58,7 @@ #include #include "internal/cryptlib.h" #include -#include +#include "dh_locl.h" #include "internal/bn_int.h" static int generate_key(DH *dh); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 1a0c054eeb..bf9f8d3317 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -58,7 +58,7 @@ #include #include "internal/cryptlib.h" #include -#include +#include "dh_locl.h" #include static const DH_METHOD *default_DH_method = NULL; @@ -231,3 +231,86 @@ int DH_security_bits(const DH *dh) N = -1; return BN_security_bits(BN_num_bits(dh->p), N); } + + +void DH_get0_pqg(const DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g) +{ + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} + +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + /* q is optional */ + if (p == NULL || g == NULL) + return 0; + BN_free(dh->p); + BN_free(dh->q); + BN_free(dh->g); + dh->p = p; + dh->q = q; + dh->g = g; + + if (q != NULL) { + dh->length = BN_num_bits(q); + } + + return 1; +} + +long DH_get_length(const DH *dh) +{ + return dh->length; +} + +int DH_set_length(DH *dh, long length) +{ + dh->length = length; + return 1; +} + +void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = dh->pub_key; + if (priv_key != NULL) + *priv_key = dh->priv_key; +} + +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) +{ + /* Note that it is valid for priv_key to be NULL */ + if (pub_key == NULL) + return 0; + + BN_free(dh->pub_key); + BN_free(dh->priv_key); + dh->pub_key = pub_key; + dh->priv_key = priv_key; + + return 1; +} + +void DH_clear_flags(DH *dh, int flags) +{ + dh->flags &= ~flags; +} + +int DH_test_flags(const DH *dh, int flags) +{ + return dh->flags & flags; +} + +void DH_set_flags(DH *dh, int flags) +{ + dh->flags |= flags; +} + +ENGINE *DH_get0_engine(DH *dh) +{ + return dh->engine; +} diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h new file mode 100644 index 0000000000..5d51e591fe --- /dev/null +++ b/crypto/dh/dh_locl.h @@ -0,0 +1,38 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL licenses, (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include + +struct dh_st { + /* + * This first argument is used to pick up errors when a DH is passed + * instead of a EVP_PKEY + */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; /* optional */ + BIGNUM *pub_key; /* g^x % p */ + BIGNUM *priv_key; /* x */ + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + int references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; + CRYPTO_RWLOCK *lock; +}; diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 93bada0058..5d357a3801 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -61,7 +61,7 @@ #include #include #include -#include +#include "dh_locl.h" #include #include #include diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c index da998f574f..48b199dfce 100644 --- a/crypto/dh/dh_rfc5114.c +++ b/crypto/dh/dh_rfc5114.c @@ -58,7 +58,7 @@ #include #include "internal/cryptlib.h" -#include +#include "dh_locl.h" #include #include "internal/bn_dh.h" diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 4d5281a428..0fe455703f 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -254,33 +254,49 @@ DH *DSA_dup_DH(const DSA *r) */ DH *ret = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; if (r == NULL) goto err; ret = DH_new(); if (ret == NULL) goto err; - if (r->p != NULL) - if ((ret->p = BN_dup(r->p)) == NULL) + if (r->p != NULL || r->g != NULL || r->q != NULL) { + if (r->p == NULL || r->g == NULL || r->q == NULL) { + /* Shouldn't happen */ goto err; - if (r->q != NULL) { - ret->length = BN_num_bits(r->q); - if ((ret->q = BN_dup(r->q)) == NULL) + } + p = BN_dup(r->p); + g = BN_dup(r->g); + q = BN_dup(r->q); + if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g)) goto err; } - if (r->g != NULL) - if ((ret->g = BN_dup(r->g)) == NULL) - goto err; - if (r->pub_key != NULL) - if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) + + if (r->pub_key != NULL) { + pub_key = BN_dup(r->pub_key); + if (pub_key == NULL) goto err; - if (r->priv_key != NULL) - if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) + if (r->priv_key != NULL) { + priv_key = BN_dup(r->priv_key); + if (priv_key == NULL) + goto err; + } + if (!DH_set0_key(ret, pub_key, priv_key)) goto err; + } else if (r->priv_key != NULL) { + /* Shouldn't happen */ + goto err; + } return ret; err: + BN_free(p); + BN_free(g); + BN_free(q); + BN_free(pub_key); + BN_free(priv_key); DH_free(ret); return NULL; } diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 2e021e235b..c4708c4f68 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -121,33 +121,6 @@ struct dh_method { BN_GENCB *cb); }; -struct dh_st { - /* - * This first argument is used to pick up errors when a DH is passed - * instead of a EVP_PKEY - */ - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - long length; /* optional */ - BIGNUM *pub_key; /* g^x % p */ - BIGNUM *priv_key; /* x */ - int flags; - BN_MONT_CTX *method_mont_p; - /* Place holders if we want to do X9.42 DH */ - BIGNUM *q; - BIGNUM *j; - unsigned char *seed; - int seedlen; - BIGNUM *counter; - int references; - CRYPTO_EX_DATA ex_data; - const DH_METHOD *meth; - ENGINE *engine; - CRYPTO_RWLOCK *lock; -}; - DECLARE_ASN1_ITEM(DHparams) # define DH_GENERATOR_2 2 @@ -238,6 +211,18 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); # endif +void DH_get0_pqg(const DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +ENGINE *DH_get0_engine(DH *d); +long DH_get_length(const DH *dh); +int DH_set_length(DH *dh, long length); + + # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index fe1cde69e1..5b53b8605d 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1527,6 +1527,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) PACKET prime, generator, pub_key; DH *dh; + BIGNUM *p, *g, *bnpub_key; if (!PACKET_get_length_prefixed_2(pkt, &prime) || !PACKET_get_length_prefixed_2(pkt, &generator) @@ -1550,22 +1551,41 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) goto err; } - if ((dh->p = BN_bin2bn(PACKET_data(&prime), - PACKET_remaining(&prime), NULL)) == NULL - || (dh->g = BN_bin2bn(PACKET_data(&generator), - PACKET_remaining(&generator), NULL)) == NULL - || (dh->pub_key = - BN_bin2bn(PACKET_data(&pub_key), - PACKET_remaining(&pub_key), NULL)) == NULL) { + p = BN_bin2bn(PACKET_data(&prime), PACKET_remaining(&prime), NULL); + g = BN_bin2bn(PACKET_data(&generator), PACKET_remaining(&generator), + NULL); + bnpub_key = BN_bin2bn(PACKET_data(&pub_key), PACKET_remaining(&pub_key), + NULL); + if (p == NULL || g == NULL || bnpub_key == NULL) { SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); + BN_free(p); + BN_free(g); + BN_free(bnpub_key); goto err; } - if (BN_is_zero(dh->p) || BN_is_zero(dh->g) || BN_is_zero(dh->pub_key)) { + if (BN_is_zero(p) || BN_is_zero(g) || BN_is_zero(bnpub_key)) { SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_DH_VALUE); + BN_free(p); + BN_free(g); + BN_free(bnpub_key); goto f_err; } + if (!DH_set0_pqg(dh, p, NULL, g)) { + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); + BN_free(p); + BN_free(g); + BN_free(bnpub_key); + goto err; + } + + if (!DH_set0_key(dh, bnpub_key, NULL)) { + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); + BN_free(bnpub_key); + goto err; + } + if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL); @@ -2254,6 +2274,7 @@ psk_err: #ifndef OPENSSL_NO_DH else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { DH *dh_clnt = NULL; + BIGNUM *pub_key; skey = s->s3->peer_tmp; if (skey == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, @@ -2271,9 +2292,10 @@ psk_err: /* send off the data */ - n = BN_num_bytes(dh_clnt->pub_key); + DH_get0_key(dh_clnt, &pub_key, NULL); + n = BN_num_bytes(pub_key); s2n(n, p); - BN_bn2bin(dh_clnt->pub_key, p); + BN_bn2bin(pub_key, p); n += 2; EVP_PKEY_free(ckey); ckey = NULL; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 23e790356c..38fa9455ff 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1772,9 +1772,8 @@ int tls_construct_server_key_exchange(SSL *s) EVP_PKEY_free(pkdh); pkdh = NULL; - r[0] = dh->p; - r[1] = dh->g; - r[2] = dh->pub_key; + DH_get0_pqg(dh, &r[0], NULL, &r[1]); + DH_get0_key(dh, &r[2], NULL); } else #endif #ifndef OPENSSL_NO_EC @@ -2301,6 +2300,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) EVP_PKEY *skey = NULL; DH *cdh; unsigned int i; + BIGNUM *pub_key; if (!PACKET_get_net_2(pkt, &i)) { if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { @@ -2343,9 +2343,12 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) goto err; } cdh = EVP_PKEY_get0_DH(ckey); - cdh->pub_key = BN_bin2bn(data, i, NULL); - if (cdh->pub_key == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB); + pub_key = BN_bin2bn(data, i, NULL); + + if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) { + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + if (pub_key != NULL) + BN_free(pub_key); goto err; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 6e7b5edbc4..a4cd23ab39 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4091,17 +4091,20 @@ DH *ssl_get_auto_dh(SSL *s) if (dh_secbits >= 128) { DH *dhp = DH_new(); + BIGNUM *p, *g; if (dhp == NULL) return NULL; - dhp->g = BN_new(); - if (dhp->g != NULL) - BN_set_word(dhp->g, 2); + g = BN_new(); + if (g != NULL) + BN_set_word(g, 2); if (dh_secbits >= 192) - dhp->p = get_rfc3526_prime_8192(NULL); + p = get_rfc3526_prime_8192(NULL); else - dhp->p = get_rfc3526_prime_3072(NULL); - if (dhp->p == NULL || dhp->g == NULL) { + p = get_rfc3526_prime_3072(NULL); + if (p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { DH_free(dhp); + BN_free(p); + BN_free(g); return NULL; } return dhp; diff --git a/test/dhtest.c b/test/dhtest.c index 8fad6da4fd..fb1c2df23b 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -88,6 +88,8 @@ int main(int argc, char *argv[]) BN_GENCB *_cb = NULL; DH *a = NULL; DH *b = NULL; + BIGNUM *ap = NULL, *ag = NULL, *bp = NULL, *bg = NULL, *apub_key = NULL; + BIGNUM *bpub_key = NULL, *priv_key = NULL; char buf[12] = {0}; unsigned char *abuf = NULL; unsigned char *bbuf = NULL; @@ -124,39 +126,43 @@ int main(int argc, char *argv[]) if (i & DH_NOT_SUITABLE_GENERATOR) BIO_puts(out, "the g value is not a generator\n"); + DH_get0_pqg(a, &ap, NULL, &ag); BIO_puts(out, "\np ="); - BN_print(out, a->p); + BN_print(out, ap); BIO_puts(out, "\ng ="); - BN_print(out, a->g); + BN_print(out, ag); BIO_puts(out, "\n"); b = DH_new(); if (b == NULL) goto err; - b->p = BN_dup(a->p); - b->g = BN_dup(a->g); - if ((b->p == NULL) || (b->g == NULL)) + bp = BN_dup(ap); + bg = BN_dup(ag); + if ((bp == NULL) || (bg == NULL) || !DH_set0_pqg(b, bp, NULL, bg)) goto err; + bp = bg = NULL; /* Set a to run with normal modexp and b to use constant time */ - a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; - b->flags |= DH_FLAG_NO_EXP_CONSTTIME; + DH_clear_flags(a, DH_FLAG_NO_EXP_CONSTTIME); + DH_set_flags(b, DH_FLAG_NO_EXP_CONSTTIME); if (!DH_generate_key(a)) goto err; + DH_get0_key(a, &apub_key, &priv_key); BIO_puts(out, "pri 1="); - BN_print(out, a->priv_key); + BN_print(out, priv_key); BIO_puts(out, "\npub 1="); - BN_print(out, a->pub_key); + BN_print(out, apub_key); BIO_puts(out, "\n"); if (!DH_generate_key(b)) goto err; + DH_get0_key(b, &bpub_key, &priv_key); BIO_puts(out, "pri 2="); - BN_print(out, b->priv_key); + BN_print(out, priv_key); BIO_puts(out, "\npub 2="); - BN_print(out, b->pub_key); + BN_print(out, bpub_key); BIO_puts(out, "\n"); alen = DH_size(a); @@ -164,7 +170,7 @@ int main(int argc, char *argv[]) if (abuf == NULL) goto err; - aout = DH_compute_key(abuf, b->pub_key, a); + aout = DH_compute_key(abuf, bpub_key, a); BIO_puts(out, "key1 ="); for (i = 0; i < aout; i++) { @@ -178,7 +184,7 @@ int main(int argc, char *argv[]) if (bbuf == NULL) goto err; - bout = DH_compute_key(bbuf, a->pub_key, b); + bout = DH_compute_key(bbuf, apub_key, b); BIO_puts(out, "key2 ="); for (i = 0; i < bout; i++) { @@ -201,6 +207,8 @@ int main(int argc, char *argv[]) OPENSSL_free(bbuf); DH_free(b); DH_free(a); + BN_free(bp); + BN_free(bg); BN_GENCB_free(_cb); BIO_free(out); @@ -519,7 +527,7 @@ static int run_rfc5114_tests(void) unsigned char *Z1 = NULL; unsigned char *Z2 = NULL; const rfc5114_td *td = NULL; - BIGNUM *bady = NULL; + BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL; for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) { td = rfctd + i; @@ -529,15 +537,19 @@ static int run_rfc5114_tests(void) if ((dhA == NULL) || (dhB == NULL)) goto bad_err; - dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL); - dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL); + priv_key = BN_bin2bn(td->xA, td->xA_len, NULL); + pub_key = BN_bin2bn(td->yA, td->yA_len, NULL); + if (priv_key == NULL || pub_key == NULL + || !DH_set0_key(dhA, pub_key, priv_key)) + goto bad_err; - dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL); - dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL); + priv_key = BN_bin2bn(td->xB, td->xB_len, NULL); + pub_key = BN_bin2bn(td->yB, td->yB_len, NULL); - if ((dhA->priv_key == NULL) || (dhA->pub_key == NULL) - || (dhB->priv_key == NULL) || (dhB->pub_key == NULL)) + if (priv_key == NULL || pub_key == NULL + || !DH_set0_key(dhB, pub_key, priv_key)) goto bad_err; + priv_key = pub_key = NULL; if ((td->Z_len != (size_t)DH_size(dhA)) || (td->Z_len != (size_t)DH_size(dhB))) @@ -551,10 +563,17 @@ static int run_rfc5114_tests(void) * Work out shared secrets using both sides and compare with expected * values. */ - if (DH_compute_key(Z1, dhB->pub_key, dhA) == -1) + DH_get0_key(dhB, &pub_key, NULL); + if (DH_compute_key(Z1, pub_key, dhA) == -1) { + pub_key = NULL; goto bad_err; - if (DH_compute_key(Z2, dhA->pub_key, dhB) == -1) + } + DH_get0_key(dhA, &pub_key, NULL); + if (DH_compute_key(Z2, pub_key, dhB) == -1) { + pub_key = NULL; goto bad_err; + } + pub_key = NULL; if (memcmp(Z1, td->Z, td->Z_len)) goto err; @@ -611,6 +630,8 @@ static int run_rfc5114_tests(void) BN_free(bady); DH_free(dhA); DH_free(dhB); + BN_free(pub_key); + BN_free(priv_key); OPENSSL_free(Z1); OPENSSL_free(Z2); diff --git a/test/ssltest_old.c b/test/ssltest_old.c index e3f8d774cb..2cc25db018 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -3527,13 +3527,16 @@ static DH *get_dh512() 0x02, }; DH *dh; + BIGNUM *p, *g; if ((dh = DH_new()) == NULL) return (NULL); - dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { + p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); + g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); + BN_free(p); + BN_free(g); return (NULL); } return (dh); @@ -3568,13 +3571,16 @@ static DH *get_dh1024() 0x02, }; DH *dh; + BIGNUM *p, *g; if ((dh = DH_new()) == NULL) return (NULL); - dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); - dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { + p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); + BN_free(p); + BN_free(g); return (NULL); } return (dh); @@ -3629,16 +3635,19 @@ static DH *get_dh1024dsa() 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, }; DH *dh; + BIGNUM *p, *g; if ((dh = DH_new()) == NULL) return (NULL); - dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); - dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) { + p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); + BN_free(p); + BN_free(g); return (NULL); } - dh->length = 160; + DH_set_length(dh, 160); return (dh); } #endif -- 2.39.5