mirror of
https://git.freebsd.org/ports.git
synced 2025-04-29 18:16:48 -04:00
63 lines
1.7 KiB
C
63 lines
1.7 KiB
C
--- include/dh_ecdh_config.h.orig 2024-07-12 19:15:25 UTC
|
|
+++ include/dh_ecdh_config.h
|
|
@@ -39,7 +39,7 @@ namespace {
|
|
#endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
|
|
|
|
namespace {
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
/* Following primes are from https://www.rfc-editor.org/rfc/rfc7919#appendix-A
|
|
*/
|
|
|
|
@@ -258,6 +258,7 @@ bool set_dh(SSL_CTX *ctx) {
|
|
|
|
DH *dh = nullptr;
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+#if !defined(LIBRESSL_VERSION_NUMBER)
|
|
switch (security_level) {
|
|
case 1:
|
|
[[fallthrough]];
|
|
@@ -276,6 +277,43 @@ bool set_dh(SSL_CTX *ctx) {
|
|
default:
|
|
break;
|
|
};
|
|
+#else
|
|
+ dh = DH_new();
|
|
+ if (!dh) return true;
|
|
+
|
|
+ BIGNUM *dhp = nullptr;
|
|
+ BIGNUM *dhg = nullptr;
|
|
+ switch (security_level) {
|
|
+ case 1:
|
|
+ [[fallthrough]];
|
|
+ case 2:
|
|
+ dhp =
|
|
+ BN_bin2bn(rfc7919_ffdhe2048_p, sizeof(rfc7919_ffdhe2048_p), nullptr);
|
|
+ break;
|
|
+ case 3:
|
|
+ dhp =
|
|
+ BN_bin2bn(rfc7919_ffdhe3072_p, sizeof(rfc7919_ffdhe3072_p), nullptr);
|
|
+ break;
|
|
+ case 4:
|
|
+ dhp =
|
|
+ BN_bin2bn(rfc7919_ffdhe8192_p, sizeof(rfc7919_ffdhe8192_p), nullptr);
|
|
+ break;
|
|
+ case 5:
|
|
+ /* There is no RFC7919 approved prime for sec level 5 */
|
|
+ [[fallthrough]];
|
|
+ default:
|
|
+ DH_free(dh);
|
|
+ return true;
|
|
+ };
|
|
+
|
|
+ dhg = BN_bin2bn(rfc7919_g, sizeof(rfc7919_g), nullptr);
|
|
+ if (!dhp || !dhg || !DH_set0_pqg(dh, dhp, nullptr, dhg)) {
|
|
+ DH_free(dh);
|
|
+ BN_free(dhg);
|
|
+ BN_free(dhp);
|
|
+ return true;
|
|
+ }
|
|
+#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
|
|
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
|
|
dh = DH_new();
|
|
if (!dh) return true;
|