-/* ssl/s3_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
+static const SSL_CIPHER ssl3_ciphers[] = {
/* The RSA ciphers */
/* Cipher 01 */
},
#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- /* Cipher FF */
- {
- 1,
- "SCSV",
- SSL3_CK_SCSV,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0,
- 0},
-#endif
-
#ifndef OPENSSL_NO_EC
- /* Cipher C001 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_eNULL,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
- /* Cipher C002 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C003 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
- /* Cipher C004 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C005 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
- },
/* Cipher C006 */
{
256,
},
- /* Cipher C00B */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_eNULL,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
- /* Cipher C00C */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_DEFAULT | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C00D */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_3DES,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 112,
- 168,
- },
-
- /* Cipher C00E */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-
- /* Cipher C00F */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 256,
- 256,
- },
-
/* Cipher C010 */
{
1,
256,
},
- /* Cipher C025 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C026 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
/* Cipher C027 */
{
256,
},
- /* Cipher C029 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C02A */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
/* Cipher C02B */
256,
},
- /* Cipher C02D */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C02E */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
/* Cipher C02F */
{
1,
256,
},
- /* Cipher C031 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES128GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128,
- },
-
- /* Cipher C032 */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_AES256GCM,
- SSL_AEAD,
- SSL_TLSV1_2,
- SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256,
- },
-
/* PSK ciphersuites from RFC 5489 */
/* Cipher C033 */
{
256,
256},
- { /* Cipher C074 */
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_CAMELLIA128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128},
-
- { /* Cipher C075 */
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
- TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
- SSL_kECDHe,
- SSL_aECDH,
- SSL_CAMELLIA256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256},
-
{ /* Cipher C076 */
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
256,
256},
- { /* Cipher C078 */
- 1,
- TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_CAMELLIA128,
- SSL_SHA256,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
- 128},
-
- { /* Cipher C079 */
- 1,
- TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
- TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
- SSL_kECDHr,
- SSL_aECDH,
- SSL_CAMELLIA256,
- SSL_SHA384,
- SSL_TLSV1_2,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
- 256,
- 256},
# endif /* OPENSSL_NO_CAMELLIA */
#endif /* OPENSSL_NO_EC */
SSL_GOST12_256,
SSL_TLSV1,
SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
0,
0},
#endif
if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
goto err;
s->s3 = s3;
-
+
#ifndef OPENSSL_NO_SRP
if (!SSL_SRP_CTX_init(s))
goto err;
ssl3_cleanup_key_block(s);
-#ifndef OPENSSL_NO_DH
- DH_free(s->s3->tmp.dh);
-#endif
-
-#ifndef OPENSSL_NO_EC
- EVP_PKEY_free(s->s3->tmp.pkey);
- s->s3->tmp.pkey = NULL;
-#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->peer_tmp);
s->s3->peer_tmp = NULL;
+ EVP_PKEY_free(s->s3->tmp.pkey);
+ s->s3->tmp.pkey = NULL;
#endif
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
-#ifndef OPENSSL_NO_DH
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
-#endif
#ifndef OPENSSL_NO_EC
- EVP_PKEY_free(s->s3->tmp.pkey);
- s->s3->tmp.pkey = NULL;
s->s3->is_probably_safari = 0;
#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+ EVP_PKEY_free(s->s3->tmp.pkey);
+ s->s3->tmp.pkey = NULL;
EVP_PKEY_free(s->s3->peer_tmp);
s->s3->peer_tmp = NULL;
#endif /* !OPENSSL_NO_EC */
int ret = 0;
switch (cmd) {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret = s->hit;
- break;
case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
break;
case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
case SSL_CTRL_SET_TMP_DH:
{
DH *dh = (DH *)parg;
+ EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return (ret);
}
+ pkdh = ssl_dh_to_pkey(dh);
+ if (pkdh == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (!ssl_security(s, SSL_SECOP_TMP_DH,
- DH_security_bits(dh), 0, dh)) {
+ EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
- return (ret);
- }
- if ((dh = DHparams_dup(dh)) == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return (ret);
+ EVP_PKEY_free(pkdh);
+ return ret;
}
- DH_free(s->cert->dh_tmp);
- s->cert->dh_tmp = dh;
+ EVP_PKEY_free(s->cert->dh_tmp);
+ s->cert->dh_tmp = pkdh;
ret = 1;
}
break;
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
+ size_t len;
+
OPENSSL_free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
ret = 1;
if (parg == NULL)
break;
- if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+ len = strlen((char *)parg);
+ if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
break;
#ifndef OPENSSL_NO_HEARTBEATS
- case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
+ case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
if (SSL_IS_DTLS(s))
ret = dtls1_heartbeat(s);
- else
- ret = tls1_heartbeat(s);
break;
- case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
- ret = s->tlsext_hb_pending;
+ case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
+ if (SSL_IS_DTLS(s))
+ ret = s->tlsext_hb_pending;
break;
- case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
- if (larg)
- s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
- else
- s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
- ret = 1;
+ case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
+ if (SSL_IS_DTLS(s)) {
+ if (larg)
+ s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
+ else
+ s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS;
+ ret = 1;
+ }
break;
#endif
}
#endif
- case SSL_CTRL_CHECK_PROTO_VERSION:
- /*
- * For library-internal use; checks that the current protocol is the
- * highest enabled version (according to s->ctx->method, as version
- * negotiation may have changed s->method).
- */
- if (s->version == s->ctx->method->version)
- return 1;
- /*
- * Apparently we're using a version-flexible SSL_METHOD (not at its
- * highest protocol version).
- */
- if (s->ctx->method->version == TLS_method()->version) {
-#if TLS_MAX_VERSION != TLS1_2_VERSION
-# error Code needs update for TLS_method() support beyond TLS1_2_VERSION.
-#endif
- if (!(s->options & SSL_OP_NO_TLSv1_2))
- return s->version == TLS1_2_VERSION;
- if (!(s->options & SSL_OP_NO_TLSv1_1))
- return s->version == TLS1_1_VERSION;
- if (!(s->options & SSL_OP_NO_TLSv1))
- return s->version == TLS1_VERSION;
- if (!(s->options & SSL_OP_NO_SSLv3))
- return s->version == SSL3_VERSION;
- }
- return 0; /* Unexpected state; fail closed. */
-
default:
break;
}
#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->tlsext_debug_cb = (void (*)(SSL *, int, int,
- unsigned char *, int, void *))fp;
+ const unsigned char *, int, void *))fp;
break;
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
{
- DH *new = NULL, *dh;
- CERT *cert;
-
- cert = ctx->cert;
- dh = (DH *)parg;
- if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
- DH_security_bits(dh), 0, dh)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+ DH *dh = (DH *)parg;
+ EVP_PKEY *pkdh = NULL;
+ if (dh == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if ((new = DHparams_dup(dh)) == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+ pkdh = ssl_dh_to_pkey(dh);
+ if (pkdh == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
}
- if (!DH_generate_key(new)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
- DH_free(new);
- return 0;
+ if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
+ EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+ EVP_PKEY_free(pkdh);
+ return 1;
}
- DH_free(cert->dh_tmp);
- cert->dh_tmp = new;
+ EVP_PKEY_free(ctx->cert->dh_tmp);
+ ctx->cert->dh_tmp = pkdh;
return 1;
}
/*
id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1];
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
- if (cp == NULL)
- fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
return cp;
}
return (2);
}
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *srvr)
{
- SSL_CIPHER *c, *ret = NULL;
+ const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok;
unsigned long alg_k, alg_a, mask_k, mask_a;
if (ii >= 0) {
/* Check security callback permits this cipher */
if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
- c->strength_bits, 0, c))
+ c->strength_bits, 0, (void *)c))
continue;
#if !defined(OPENSSL_NO_EC)
if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
# ifndef OPENSSL_NO_DSA
p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
# endif
- }
#endif /* !OPENSSL_NO_DH */
+ }
#ifndef OPENSSL_NO_RSA
if (!(alg_a & SSL_aRSA))
p[ret++] = SSL3_CT_RSA_SIGN;
EVP_PKEY_CTX_free(pctx);
return rv;
}
+
+#ifndef OPENSSL_NO_DH
+EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+{
+ EVP_PKEY *ret;
+ if (dh == NULL)
+ return NULL;
+ ret = EVP_PKEY_new();
+ if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
+ EVP_PKEY_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+#endif
projects / openssl.git / blobdiff