Print

Print

This should address the problem described in #1662.

  1. EVP_PKEY_derive_set_peer requires the peer's public certificate to have exactly the same DH parameters, hence we need to merge the OSSL_PARAMs containing the public key with the DH parameters:

    xrootd/src/XrdCrypto/openssl3/XrdCryptosslCipher.cc

    Lines 580 to 586 in 7a4871c

    OSSL_PARAM *params1 = 0;
    EVP_PKEY_todata( dhParam, EVP_PKEY_KEY_PARAMETERS, &params1 );
    OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
    OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, bnpub);
    OSSL_PARAM *params2 = OSSL_PARAM_BLD_to_param(bld);
    OSSL_PARAM_BLD_free(bld);
    OSSL_PARAM *params = OSSL_PARAM_merge( params1, params2 );

  2. EVP_PKEY_derive requires for the keylen argument to contain the length of key buffer (if not null):
    https://www.openssl.org/docs/man1.0.2/man3/EVP_PKEY_derive.html

If key is not NULL then before the call the keylen parameter should contain the length of the key buffer, if the call is successful the shared secret is written to key and the amount of data written to keylen.

You can view, comment on, or merge this pull request online at:

  https://github.com/xrootd/xrootd/pull/1665

Commit Summary

File Changes

(1 file)

Patch Links:


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/pull/1665@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1665", "url": "https://github.com/xrootd/xrootd/pull/1665", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1