#ifndef OPENSSL_NO_DH
DH *ssl_get_auto_dh(SSL *s)
{
+ DH *dhp;
+ BIGNUM *p, *g;
int dh_secbits = 80;
- if (s->cert->dh_tmp_auto == 2)
- return DH_get_1024_160();
- if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
- if (s->s3.tmp.new_cipher->strength_bits == 256)
- dh_secbits = 128;
- else
- dh_secbits = 80;
- } else {
- if (s->s3.tmp.cert == NULL)
- return NULL;
- dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey);
+ if (s->cert->dh_tmp_auto != 2) {
+ if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+ if (s->s3.tmp.new_cipher->strength_bits == 256)
+ dh_secbits = 128;
+ else
+ dh_secbits = 80;
+ } else {
+ if (s->s3.tmp.cert == NULL)
+ return NULL;
+ dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey);
+ }
}
- if (dh_secbits >= 128) {
- DH *dhp = DH_new();
- BIGNUM *p, *g;
- if (dhp == NULL)
- return NULL;
- g = BN_new();
- if (g == NULL || !BN_set_word(g, 2)) {
- DH_free(dhp);
- BN_free(g);
- return NULL;
- }
- if (dh_secbits >= 192)
- p = BN_get_rfc3526_prime_8192(NULL);
- else
- p = BN_get_rfc3526_prime_3072(NULL);
- if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
- DH_free(dhp);
- BN_free(p);
- BN_free(g);
- return NULL;
- }
- return dhp;
+ dhp = DH_new();
+ if (dhp == NULL)
+ return NULL;
+ g = BN_new();
+ if (g == NULL || !BN_set_word(g, 2)) {
+ DH_free(dhp);
+ BN_free(g);
+ return NULL;
+ }
+ if (dh_secbits >= 192)
+ p = BN_get_rfc3526_prime_8192(NULL);
+ else if (dh_secbits >= 152)
+ p = BN_get_rfc3526_prime_4096(NULL);
+ else if (dh_secbits >= 128)
+ p = BN_get_rfc3526_prime_3072(NULL);
+ else if (dh_secbits >= 112)
+ p = BN_get_rfc3526_prime_2048(NULL);
+ else
+ p = BN_get_rfc2409_prime_1024(NULL);
+ if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+ DH_free(dhp);
+ BN_free(p);
+ BN_free(g);
+ return NULL;
}
- if (dh_secbits >= 112)
- return DH_get_2048_224();
- return DH_get_1024_160();
+ return dhp;
}
#endif
}
#endif
mac = EVP_MAC_fetch(ctx->libctx, "HMAC", NULL);
- if (mac == NULL || (ret->ctx = EVP_MAC_CTX_new(mac)) == NULL)
+ if (mac == NULL || (ret->ctx = EVP_MAC_new_ctx(mac)) == NULL)
goto err;
EVP_MAC_free(mac);
return ret;
err:
- EVP_MAC_CTX_free(ret->ctx);
+ EVP_MAC_free_ctx(ret->ctx);
EVP_MAC_free(mac);
OPENSSL_free(ret);
return NULL;
void ssl_hmac_free(SSL_HMAC *ctx)
{
if (ctx != NULL) {
- EVP_MAC_CTX_free(ctx->ctx);
+ EVP_MAC_free_ctx(ctx->ctx);
#ifndef OPENSSL_NO_DEPRECATED_3_0
HMAC_CTX_free(ctx->old_ctx);
#endif
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, md, 0);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, len);
*p = OSSL_PARAM_construct_end();
- if (EVP_MAC_CTX_set_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx))
+ if (EVP_MAC_set_ctx_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx))
return 1;
}
#ifndef OPENSSL_NO_DEPRECATED_3_0