PROTON-1381, PROTON-1326: Modify openssl DH code to work with openssl 1.1 Modified patch from Volker Diels-Grabsch
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/bc872440 Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/bc872440 Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/bc872440 Branch: refs/heads/go1 Commit: bc872440428073e86ce2631276dc8b7f62da4c33 Parents: 31d9942 Author: Andrew Stitcher <astitc...@apache.org> Authored: Tue Jan 17 02:10:48 2017 -0500 Committer: Andrew Stitcher <astitc...@apache.org> Committed: Thu Aug 3 12:47:44 2017 -0400 ---------------------------------------------------------------------- proton-c/src/ssl/openssl.c | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/bc872440/proton-c/src/ssl/openssl.c ---------------------------------------------------------------------- diff --git a/proton-c/src/ssl/openssl.c b/proton-c/src/ssl/openssl.c index 0b7d157..0c51c03 100644 --- a/proton-c/src/ssl/openssl.c +++ b/proton-c/src/ssl/openssl.c @@ -356,12 +356,22 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) return preverify_ok; } +// This was introduced in v1.1 +#if OPENSSL_VERSION_NUMBER < 0x10100000 +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + dh->p = p; + dh->q = q; + dh->g = g; + return 1; +} +#endif // this code was generated using the command: // "openssl dhparam -C -2 2048" static DH *get_dh2048(void) { - static const unsigned char dh2048_p[]={ + static const unsigned char dhp_2048[]={ 0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81, 0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9, 0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C, @@ -385,17 +395,24 @@ static DH *get_dh2048(void) 0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0, 0x23,0x1C,0x09,0x33, }; - static const unsigned char dh2048_g[]={ + static const unsigned char dhg_2048[]={ 0x02, }; - DH *dh; - - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - { DH_free(dh); return(NULL); } - return(dh); + DH *dh = DH_new(); + BIGNUM *dhp_bn, *dhg_bn; + + if (dh == NULL) + return NULL; + dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL); + dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL); + if (dhp_bn == NULL || dhg_bn == NULL + || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { + DH_free(dh); + BN_free(dhp_bn); + BN_free(dhg_bn); + return NULL; + } + return dh; } typedef struct { --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org
