Browse code

tls: update DH initialization for OpenSSL 1.1.x

For OpenSSL 3.x, this will fix a deprecation warning.

SPChan authored on 22/11/2021 14:55:30 • Daniel-Constantin Mierla committed on 23/11/2021 19:02:37
Showing 1 changed files
... ...
@@ -89,6 +89,10 @@ static void setup_ecdh(SSL_CTX *ctx)
89 89
 
90 90
 #ifndef OPENSSL_NO_DH
91 91
 
92
+/*
93
+ * not needed for OpenSSL 1.1.0+ and LibreSSL
94
+ */
95
+#if !defined(SSL_CTX_set_dh_auto)
92 96
 static unsigned char dh3072_p[] = {
93 97
    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
94 98
    0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
... ...
@@ -126,9 +130,15 @@ static unsigned char dh3072_p[] = {
126 130
 };
127 131
 
128 132
 static unsigned char dh3072_g[] = { 0x02 };
133
+#endif
129 134
 
130 135
 static void setup_dh(SSL_CTX *ctx)
131 136
 {
137
+/*
138
+ * not needed for OpenSSL 1.1.0+ and LibreSSL
139
+ * DH_new() is deprecated in OpenSSL 3
140
+ */
141
+#if !defined(SSL_CTX_set_dh_auto)
132 142
 	DH *dh;
133 143
 	BIGNUM *p;
134 144
 	BIGNUM *g;
... ...
@@ -146,19 +156,17 @@ static void setup_dh(SSL_CTX *ctx)
146 156
 		return;
147 157
 	}
148 158
 
149
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
150
-	/* libssl >= v1.1.0 */
151
-	DH_set0_pqg(dh, p, NULL, g);
152
-#else
153 159
 	dh->p = p;
154 160
 	dh->g = g;
155
-#endif
156 161
 
157 162
 
158 163
    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
159 164
    SSL_CTX_set_tmp_dh(ctx, dh);
160 165
 
161 166
    DH_free(dh);
167
+#else
168
+   SSL_CTX_set_dh_auto(ctx, 1);
169
+#endif
162 170
 }
163 171
 #endif
164 172