Remove useless DH file configuration from TLS library wrappers
These operations do not really have any effect since tls_connection_set_params() is used only in the TLS client case and the client receives the DH parameters from the server instead of local configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
86877bbc32
commit
4a774cf317
3 changed files with 0 additions and 131 deletions
|
|
@ -3940,80 +3940,6 @@ static int tls_global_private_key(struct tls_data *data,
|
|||
}
|
||||
|
||||
|
||||
static int tls_connection_dh(struct tls_connection *conn, const char *dh_file)
|
||||
{
|
||||
#ifdef OPENSSL_NO_DH
|
||||
if (dh_file == NULL)
|
||||
return 0;
|
||||
wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but "
|
||||
"dh_file specified");
|
||||
return -1;
|
||||
#else /* OPENSSL_NO_DH */
|
||||
DH *dh;
|
||||
BIO *bio;
|
||||
|
||||
/* TODO: add support for dh_blob */
|
||||
if (dh_file == NULL)
|
||||
return 0;
|
||||
if (conn == NULL)
|
||||
return -1;
|
||||
|
||||
bio = BIO_new_file(dh_file, "r");
|
||||
if (bio == NULL) {
|
||||
wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s",
|
||||
dh_file, ERR_error_string(ERR_get_error(), NULL));
|
||||
return -1;
|
||||
}
|
||||
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
||||
BIO_free(bio);
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
while (dh == NULL) {
|
||||
DSA *dsa;
|
||||
wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -"
|
||||
" trying to parse as DSA params", dh_file,
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
bio = BIO_new_file(dh_file, "r");
|
||||
if (bio == NULL)
|
||||
break;
|
||||
dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
|
||||
BIO_free(bio);
|
||||
if (!dsa) {
|
||||
wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file "
|
||||
"'%s': %s", dh_file,
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
break;
|
||||
}
|
||||
|
||||
wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format");
|
||||
dh = DSA_dup_DH(dsa);
|
||||
DSA_free(dsa);
|
||||
if (dh == NULL) {
|
||||
wpa_printf(MSG_INFO, "TLS: Failed to convert DSA "
|
||||
"params into DH params");
|
||||
break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif /* !OPENSSL_NO_DSA */
|
||||
if (dh == NULL) {
|
||||
wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "
|
||||
"'%s'", dh_file);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (SSL_set_tmp_dh(conn->ssl, dh) != 1) {
|
||||
wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
|
||||
"%s", dh_file,
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
DH_free(dh);
|
||||
return -1;
|
||||
}
|
||||
DH_free(dh);
|
||||
return 0;
|
||||
#endif /* OPENSSL_NO_DH */
|
||||
}
|
||||
|
||||
|
||||
static int tls_global_dh(struct tls_data *data, const char *dh_file)
|
||||
{
|
||||
#ifdef OPENSSL_NO_DH
|
||||
|
|
@ -5225,12 +5151,6 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (tls_connection_dh(conn, params->dh_file)) {
|
||||
wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'",
|
||||
params->dh_file);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ciphers = params->openssl_ciphers;
|
||||
#ifdef CONFIG_SUITEB
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue