commit 292a88ce94a0d0b56252be1f89f26a31f891415d
author Remi Tricot-Le Breton <rlebreton@haproxy.com> Fri Feb 11 12:04:49 2022 +0100
committer William Lallemand <wlallemand@haproxy.org> Mon Feb 14 10:07:14 2022 +0100
tree 0b108268aeb796d81ced49b3cfad5215d50ca5ac
parent 09ebb3359af32fd94368a7e785b6deaf2fdf9bbf

MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name

In the upcoming OpenSSLv3 specific patches, we will make use of the
newly created ssl_get_tmp_dh that returns an EVP_PKEY containing DH
parameters of the same size as a bind line's RSA or DSA private key.
The previously named ssl_get_tmp_dh function was renamed
ssl_get_tmp_dh_cbk because it is only used as a callback passed to
OpenSSL through SSL_CTX_set_tmp_dh_callback calls.

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 41a7165..d615593 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -471,7 +471,7 @@
 static DH *local_dh_1024 = NULL;
 static DH *local_dh_2048 = NULL;
 static DH *local_dh_4096 = NULL;
-static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
+static DH *ssl_get_tmp_dh_cbk(SSL *ssl, int export, int keylen);
 #endif /* OPENSSL_NO_DH */
 
 #if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
@@ -2237,7 +2237,7 @@
 	if (newcrt) X509_free(newcrt);
 
 #ifndef OPENSSL_NO_DH
-	SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
+	SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh_cbk);
 #endif
 
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
@@ -3050,13 +3050,11 @@
 	return dh;
 }
 
-/* Returns Diffie-Hellman parameters matching the private key length
-   but not exceeding global_ssl.default_dh_param */
-static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
+static DH *ssl_get_tmp_dh(EVP_PKEY *pkey)
 {
 	DH *dh = NULL;
-	EVP_PKEY *pkey = SSL_get_privatekey(ssl);
 	int type;
+	int keylen = 0;
 
 	type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
 
@@ -3084,6 +3082,15 @@
 	return dh;
 }
 
+/* Returns Diffie-Hellman parameters matching the private key length
+   but not exceeding global_ssl.default_dh_param */
+static DH *ssl_get_tmp_dh_cbk(SSL *ssl, int export, int keylen)
+{
+	EVP_PKEY *pkey = SSL_get_privatekey(ssl);
+
+	return ssl_get_tmp_dh(pkey);
+}
+
 HASSL_DH *ssl_sock_get_dh_from_bio(BIO *bio)
 {
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
@@ -3351,7 +3358,7 @@
 			}
 		}
 		else {
-			SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
+			SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh_cbk);
 		}
 	}