XRootD
XrdCryptosslCipher.cc File Reference
#include <cstring>
#include <cassert>
#include "XrdSut/XrdSutRndm.hh"
#include "XrdCrypto/XrdCryptosslTrace.hh"
#include "XrdCrypto/XrdCryptosslCipher.hh"
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/dh.h>
+ Include dependency graph for XrdCryptosslCipher.cc:

Go to the source code of this file.

Functions

static void DH_get0_key (const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
 
static void DH_get0_pqg (const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 
static int DH_set0_key (DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
 
static int DH_set0_pqg (DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
 
static int DSA_set0_key (DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
 
static DH * EVP_PKEY_get0_DH (EVP_PKEY *pkey)
 
static EVP_PKEY * getFixedDHParams ()
 
static int XrdCheckDH (EVP_PKEY *pkey)
 

Variables

static const char dh_param_enc []
 

Function Documentation

◆ DH_get0_key()

static void DH_get0_key ( const DH *  dh,
const BIGNUM **  pub_key,
const BIGNUM **  priv_key 
)
static

Definition at line 121 of file XrdCryptosslCipher.cc.

123 {
124  if (pub_key != NULL)
125  *pub_key = dh->pub_key;
126  if (priv_key != NULL)
127  *priv_key = dh->priv_key;
128 }

Referenced by XrdCryptosslCipher::XrdCryptosslCipher(), XrdCryptosslCipher::AsBucket(), and XrdCryptosslCipher::Public().

+ Here is the caller graph for this function:

◆ DH_get0_pqg()

static void DH_get0_pqg ( const DH *  dh,
const BIGNUM **  p,
const BIGNUM **  q,
const BIGNUM **  g 
)
static

Definition at line 85 of file XrdCryptosslCipher.cc.

87 {
88  if (p != NULL)
89  *p = dh->p;
90  if (q != NULL)
91  *q = dh->q;
92  if (g != NULL)
93  *g = dh->g;
94 }

Referenced by XrdCryptosslCipher::XrdCryptosslCipher(), and XrdCryptosslCipher::AsBucket().

+ Here is the caller graph for this function:

◆ DH_set0_key()

static int DH_set0_key ( DH *  dh,
BIGNUM *  pub_key,
BIGNUM *  priv_key 
)
static

Definition at line 130 of file XrdCryptosslCipher.cc.

131 {
132  /* If the field pub_key in dh is NULL, the corresponding input
133  * parameters MUST be non-NULL. The priv_key field may
134  * be left NULL.
135  */
136  if (dh->pub_key == NULL && pub_key == NULL)
137  return 0;
138  if (pub_key != NULL) {
139  BN_free(dh->pub_key);
140  dh->pub_key = pub_key;
141  }
142  if (priv_key != NULL) {
143  BN_free(dh->priv_key);
144  dh->priv_key = priv_key;
145  }
146  return 1;
147 }

Referenced by XrdCryptosslCipher::XrdCryptosslCipher(), and XrdCryptosslCipher::Finalize().

+ Here is the caller graph for this function:

◆ DH_set0_pqg()

static int DH_set0_pqg ( DH *  dh,
BIGNUM *  p,
BIGNUM *  q,
BIGNUM *  g 
)
static

Definition at line 96 of file XrdCryptosslCipher.cc.

97 {
98  /* If the fields p and g in d are NULL, the corresponding input
99  * parameters MUST be non-NULL. q may remain NULL.
100  */
101  if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
102  return 0;
103  if (p != NULL) {
104  BN_free(dh->p);
105  dh->p = p;
106  }
107  if (q != NULL) {
108  BN_free(dh->q);
109  dh->q = q;
110  }
111  if (g != NULL) {
112  BN_free(dh->g);
113  dh->g = g;
114  }
115  if (q != NULL) {
116  dh->length = BN_num_bits(q);
117  }
118  return 1;
119 }

Referenced by XrdCryptosslCipher::XrdCryptosslCipher().

+ Here is the caller graph for this function:

◆ DSA_set0_key()

static int DSA_set0_key ( DSA *  d,
BIGNUM *  pub_key,
BIGNUM *  priv_key 
)
static

Definition at line 149 of file XrdCryptosslCipher.cc.

150 {
151  /* If the field pub_key in d is NULL, the corresponding input
152  * parameters MUST be non-NULL. The priv_key field may
153  * be left NULL.
154  */
155  if (d->pub_key == NULL && pub_key == NULL)
156  return 0;
157  if (pub_key != NULL) {
158  BN_free(d->pub_key);
159  d->pub_key = pub_key;
160  }
161  if (priv_key != NULL) {
162  BN_free(d->priv_key);
163  d->priv_key = priv_key;
164  }
165  return 1;
166 }

◆ EVP_PKEY_get0_DH()

static DH* EVP_PKEY_get0_DH ( EVP_PKEY *  pkey)
static

Definition at line 77 of file XrdCryptosslCipher.cc.

78 {
79  if (pkey->type != EVP_PKEY_DH) {
80  return NULL;
81  }
82  return pkey->pkey.dh;
83 }

Referenced by XrdCryptosslCipher::XrdCryptosslCipher(), XrdCryptosslCipher::AsBucket(), XrdCryptosslCipher::Public(), and XrdCheckDH().

+ Here is the caller graph for this function:

◆ getFixedDHParams()

static EVP_PKEY* getFixedDHParams ( )
static

Definition at line 169 of file XrdCryptosslCipher.cc.

169  {
170  static EVP_PKEY *dhparms = [] {
171  EVP_PKEY *dhParam = 0;
172 
173  BIO *biop = BIO_new(BIO_s_mem());
174  BIO_write(biop, dh_param_enc, strlen(dh_param_enc));
175  PEM_read_bio_Parameters(biop, &dhParam);
176  BIO_free(biop);
177  return dhParam;
178  }();
179 
180  assert(dhparms);
181  return dhparms;
182 }
static const char dh_param_enc[]

References dh_param_enc.

Referenced by XrdCryptosslCipher::XrdCryptosslCipher(), and XrdCheckDH().

+ Here is the caller graph for this function:

◆ XrdCheckDH()

static int XrdCheckDH ( EVP_PKEY *  pkey)
static

Definition at line 184 of file XrdCryptosslCipher.cc.

184  {
185  // If the DH parameters we received are our fixed set we know they
186  // are acceptable. The parameter check requires computation and more
187  // with openssl 3 than previously. So skip if DH params are known.
188  const EVP_PKEY *dhparms = getFixedDHParams();
189 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
190  const bool skipcheck = EVP_PKEY_parameters_eq(pkey, dhparms);
191 #else
192  const bool skipcheck = EVP_PKEY_cmp_parameters(pkey, dhparms);
193 #endif
194  if (skipcheck) return 1;
195 
196  int rc;
197 #if OPENSSL_VERSION_NUMBER < 0x10101000L
198  DH *dh = EVP_PKEY_get0_DH(pkey);
199  if (dh) {
200  DH_check(dh, &rc);
201  rc = (rc == 0 ? 1 : 0);
202  }
203  else {
204  rc = -2;
205  }
206 #else
207  EVP_PKEY_CTX *ckctx = EVP_PKEY_CTX_new(pkey, 0);
208  rc = EVP_PKEY_param_check(ckctx);
209  EVP_PKEY_CTX_free(ckctx);
210 #endif
211  return rc;
212 }
static DH * EVP_PKEY_get0_DH(EVP_PKEY *pkey)
static EVP_PKEY * getFixedDHParams()

References EVP_PKEY_get0_DH(), and getFixedDHParams().

Referenced by XrdCryptosslCipher::XrdCryptosslCipher().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ dh_param_enc

const char dh_param_enc[]
static
Initial value:
=
R"(
-----BEGIN DH PARAMETERS-----
MIIBiAKCAYEAzcEAf3ZCkm0FxJLgKd1YoT16Hietl7QV8VgJNc5CYKmRu/gKylxT
MVZJqtUmoh2IvFHCfbTGEmZM5LdVaZfMLQf7yXjecg0nSGklYZeQQ3P0qshFLbI9
u3z1XhEeCbEZPq84WWwXacSAAxwwRRrN5nshgAavqvyDiGNi+GqYpqGPb9JE38R3
GJ51FTPutZlvQvEycjCbjyajhpItBB+XvIjWj2GQyvi+cqB0WrPQAsxCOPrBTCZL
OjM0NfJ7PQfllw3RDQev2u1Q+Rt8QyScJQCFUj/SWoxpw2ydpWdgAkrqTmdVYrev
x5AoXE52cVIC8wfOxaaJ4cBpnJui3Y0jZcOQj0FtC0wf4WcBpHnLLBzKSOQwbxts
WE8LkskPnwwrup/HqWimFFg40bC9F5Lm3CTDCb45mtlBxi3DydIbRLFhGAjlKzV3
s9G3opHwwfgXpFf3+zg7NPV3g1//HLgWCvooOvMqaO+X7+lXczJJLMafEaarcAya
Kyo8PGKIAORrAgEF
-----END DH PARAMETERS-----
)"

Definition at line 55 of file XrdCryptosslCipher.cc.

Referenced by getFixedDHParams().