From patchwork Tue Oct 19 18:31:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [Openvpn-devel,v3,05/21,OSSL,3.0] Use EVP_PKEY based API for loading DH keys X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2032 Message-Id: <20211019183127.614175-6-arne@rfc2549.org> To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:31:11 +0200 From: Arne Schwabe List-Id: OpenSSL 3.0 replaces the DH API with a generic EVP_KEY based API to load DH parameters. Signed-off-by: Arne Schwabe Acked-by: Max Fillinger --- src/openvpn/ssl_openssl.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 9a7cb9c64..a44d4f85c 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -649,7 +649,6 @@ void tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, bool dh_file_inline) { - DH *dh; BIO *bio; ASSERT(NULL != ctx); @@ -670,7 +669,26 @@ tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, } } - dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + EVP_PKEY *dh = PEM_read_bio_Parameters(bio, NULL); + BIO_free(bio); + + if (!dh) + { + crypto_msg(M_FATAL, "Cannot load DH parameters from %s", + print_key_filename(dh_file, dh_file_inline)); + } + if (!SSL_CTX_set0_tmp_dh_pkey(ctx->ctx, dh)) + { + crypto_msg(M_FATAL, "SSL_CTX_set_tmp_dh"); + } + + msg(D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key", + 8 * EVP_PKEY_get_size(dh)); + + EVP_PKEY_free(dh); +#else + DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); BIO_free(bio); if (!dh) @@ -687,6 +705,7 @@ tls_ctx_load_dh_params(struct tls_root_ctx *ctx, const char *dh_file, 8 * DH_size(dh)); DH_free(dh); +#endif } void