Store prime and generator in intermediate BIGNUMs, then set them on the
DH. DH_set0_pqg() can't actually fail in this situation, but I prefer
to do error checking mechanically.
There is one more access to dh->pub_key which I will take care of once
we have DH_get0_pub_key() (using DH_get0_key() is too annoying).
Index: dh.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/dh.c,v
retrieving revision 1.22
diff -u -p -r1.22 dh.c
--- dh.c 13 May 2021 14:28:03 -0000 1.22
+++ dh.c 25 Nov 2021 20:00:46 -0000
@@ -334,14 +334,24 @@ int
modp_init(struct group *group)
{
DH *dh;
+ BIGNUM *p = NULL, *g = NULL;
if ((dh = DH_new()) == NULL)
return (-1);
group->dh = dh;
- if (!BN_hex2bn(&dh->p, group->spec->prime) ||
- !BN_hex2bn(&dh->g, group->spec->generator))
+ if (!BN_hex2bn(&p, group->spec->prime) ||
+ !BN_hex2bn(&g, group->spec->generator)) {
+ BN_free(p);
+ BN_free(g);
return (-1);
+ }
+
+ if (!DH_set0_pqg(dh, p, NULL, g)) {
+ BN_free(p);
+ BN_free(g);
+ return (-1);
+ }
return (0);
}
