From ac3e8d62ba14d4ee376fd3c9f20bccc3e53e7371 Mon Sep 17 00:00:00 2001 From: Adriaan de Jong Date: Mon, 27 Jun 2011 13:03:07 +0200 Subject: [PATCH] Refactored DH paramater loading Signed-off-by: Adriaan de Jong Acked-by: Gert Doering Signed-off-by: David Sommerseth --- ssl.c | 31 +++---------------------------- ssl_backend.h | 15 +++++++++++++++ ssl_openssl.c | 40 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 28 deletions(-) diff --git a/ssl.c b/ssl.c index 19e63ccac..c5a23c13b 100644 --- a/ssl.c +++ b/ssl.c @@ -2019,8 +2019,6 @@ void init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) { SSL_CTX *ctx = NULL; - DH *dh; - BIO *bio; bool using_cert_file = false; ASSERT(NULL != new_ctx); @@ -2030,38 +2028,15 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) if (options->tls_server) { tls_ctx_server_new(new_ctx); - ctx = new_ctx->ctx; - -#if ENABLE_INLINE_FILES - if (!strcmp (options->dh_file, INLINE_FILE_TAG) && options->dh_file_inline) - { - if (!(bio = BIO_new_mem_buf ((char *)options->dh_file_inline, -1))) - msg (M_SSLERR, "Cannot open memory BIO for inline DH parameters"); - } - else -#endif - { - /* Get Diffie Hellman Parameters */ - if (!(bio = BIO_new_file (options->dh_file, "r"))) - msg (M_SSLERR, "Cannot open %s for DH parameters", options->dh_file); - } - - dh = PEM_read_bio_DHparams (bio, NULL, NULL, NULL); - BIO_free (bio); - if (!dh) - msg (M_SSLERR, "Cannot load DH parameters from %s", options->dh_file); - if (!SSL_CTX_set_tmp_dh (ctx, dh)) - msg (M_SSLERR, "SSL_CTX_set_tmp_dh"); - msg (D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", - 8 * DH_size (dh)); - DH_free (dh); + tls_ctx_load_dh_params(new_ctx, options->dh_file, options->dh_file_inline); } else /* if client */ { tls_ctx_client_new(new_ctx); - ctx = new_ctx->ctx; } + ctx = new_ctx->ctx; + /* Set SSL options */ SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_options (ctx, SSL_OP_SINGLE_DH_USE); diff --git a/ssl_backend.h b/ssl_backend.h index dfa716386..d97427956 100644 --- a/ssl_backend.h +++ b/ssl_backend.h @@ -94,6 +94,21 @@ void tls_ctx_free(struct tls_root_ctx *ctx); */ bool tls_ctx_initialised(struct tls_root_ctx *ctx); +/** + * Load Diffie Hellman Parameters, and load them into the library-specific + * TLS context. + * + * @param ctx TLS context to use + * @param dh_file The file name to load the parameters from, or + * "[[INLINE]]" in the case of inline files. + * @param dh_file_inline A string containing the parameters + */ +void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file +#if ENABLE_INLINE_FILES + , const char *dh_file_inline +#endif /* ENABLE_INLINE_FILES */ + ); + /* * Show the TLS ciphers that are available for us to use in the OpenSSL * library. diff --git a/ssl_openssl.c b/ssl_openssl.c index c03fb5459..886ca9b8b 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -130,6 +130,46 @@ bool tls_ctx_initialised(struct tls_root_ctx *ctx) return NULL != ctx->ctx; } +void +tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file +#if ENABLE_INLINE_FILES + , const char *dh_file_inline +#endif /* ENABLE_INLINE_FILES */ + ) +{ + DH *dh; + BIO *bio; + + ASSERT(NULL != ctx); + +#if ENABLE_INLINE_FILES + if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline) + { + if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1))) + msg (M_SSLERR, "Cannot open memory BIO for inline DH parameters"); + } + else +#endif /* ENABLE_INLINE_FILES */ + { + /* Get Diffie Hellman Parameters */ + if (!(bio = BIO_new_file (dh_file, "r"))) + msg (M_SSLERR, "Cannot open %s for DH parameters", dh_file); + } + + dh = PEM_read_bio_DHparams (bio, NULL, NULL, NULL); + BIO_free (bio); + + if (!dh) + msg (M_SSLERR, "Cannot load DH parameters from %s", dh_file); + if (!SSL_CTX_set_tmp_dh (ctx->ctx, dh)) + msg (M_SSLERR, "SSL_CTX_set_tmp_dh"); + + msg (D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", + 8 * DH_size (dh)); + + DH_free (dh); +} + void show_available_tls_ciphers () { -- 2.47.2