#define KEYTYPES "RSA or DSA"
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+/* OpenSSL Pre-1.1.0 compatibility */
+/* Taken from OpenSSL 1.1.0 snapshot 20160410 */
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* q is optional */
+ if (p == NULL || g == NULL)
+ return 0;
+ BN_free(dh->p);
+ BN_free(dh->q);
+ BN_free(dh->g);
+ dh->p = p;
+ dh->q = q;
+ dh->g = g;
+
+ if (q != NULL) {
+ dh->length = BN_num_bits(q);
+ }
+
+ return 1;
+}
+#endif
+
/*
* Grab well-defined DH parameters from OpenSSL, see the get_rfc*
* functions in <openssl/bn.h> for all available primes.
*/
-static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen)
+static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *))
{
DH *dh = DH_new();
+ BIGNUM *p, *g;
if (!dh) {
return NULL;
}
- dh->p = prime(NULL);
- BN_dec2bn(&dh->g, gen);
- if (!dh->p || !dh->g) {
+ p = prime(NULL);
+ g = BN_new();
+ if (g != NULL) {
+ BN_set_word(g, 2);
+ }
+ if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) {
DH_free(dh);
+ BN_free(p);
+ BN_free(g);
return NULL;
}
return dh;
unsigned n;
for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++)
- dhparams[n].dh = make_dh_params(dhparams[n].prime, "2");
+ dhparams[n].dh = make_dh_params(dhparams[n].prime);
}
static void free_dh_params(void)
SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
"Custom DH parameters (%d bits) for %s loaded from %s",
- BN_num_bits(dhparams->p), vhost_id, certfile);
+ DH_bits(dhparams), vhost_id, certfile);
DH_free(dhparams);
}
#define BIO_set_data(x,v) (x->ptr=v)
#define BIO_get_shutdown(x) (x->shutdown)
#define BIO_set_shutdown(x,v) (x->shutdown=v)
+#define DH_bits(x) (BN_num_bits(x->p))
#else
void init_bio_methods(void);
void free_bio_methods(void);
projects / apache / commitdiff