自学教程：C++ DH_size函数代码示例

x4s_buf x4_dh_shared(const uint8 * g, size_t glen,                     const uint8 * p, size_t plen,                     const uint8 * x, size_t xlen,                     const uint8 * gx, size_t gxlen,                     const uint8 * gy, size_t gylen){  DH     * dh;  BIGNUM * bn;  x4s_buf gxy = { 0 };  /*  */  x4_assert(gx && gxlen && gy && gylen);  /*  */  dh = _dh_init(g,glen, p,plen, x,xlen);  x4_assert(dh);  dh->pub_key = BN_bin2bn(gx, gxlen, 0);  x4_assert(dh->pub_key);  bn = BN_bin2bn(gy, gylen, 0);  x4_assert(bn);  x4_buf_resize(&gxy, DH_size(dh));  DH_compute_key(gxy.data, bn, dh);  DH_free(dh);  return gxy;}

booltr_dh_make_key (tr_dh_ctx_t   raw_handle,                size_t        private_key_length,                uint8_t     * public_key,                size_t      * public_key_length){  DH * handle = raw_handle;  int dh_size, my_public_key_length;  const BIGNUM * hand_pub_key;  assert (handle != NULL);  assert (public_key != NULL);  DH_set_length(handle, private_key_length * 8);  if (!check_result (DH_generate_key (handle)))    return false;  DH_get0_key (handle, &hand_pub_key, NULL);  my_public_key_length = BN_bn2bin (hand_pub_key, public_key);  dh_size = DH_size (handle);  tr_dh_align_key (public_key, my_public_key_length, dh_size);  if (public_key_length != NULL)    *public_key_length = dh_size;  return true;}

voidtls_ctx_load_dh_params (struct tls_root_ctx *ctx, const char *dh_file,    const char *dh_file_inline    ){  DH *dh;  BIO *bio;  ASSERT(NULL != ctx);  if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_file_inline)    {      if (!(bio = BIO_new_mem_buf ((char *)dh_file_inline, -1)))	msg (M_SSLDHERR, "Cannot open memory BIO for inline DH parameters");    }  else    {      /* Get Diffie Hellman Parameters */      if (!(bio = BIO_new_file (dh_file, "r")))	msg (M_SSLDHERR, "Cannot open %s for DH parameters", dh_file);    }  dh = PEM_read_bio_DHparams (bio, NULL, NULL, NULL);  BIO_free (bio);  if (!dh)    msg (M_SSLDHERR, "Cannot load DH parameters from %s", dh_file);  if (!SSL_CTX_set_tmp_dh (ctx->ctx, dh))    msg (M_SSLDHERR, "SSL_CTX_set_tmp_dh");  msg (D_TLS_DEBUG_LOW, "Diffie-Hellman initialized with %d bit key",       8 * DH_size (dh));  DH_free (dh);}

static isc_result_topenssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,                        isc_buffer_t *secret){    DH *dhpub, *dhpriv;    int ret;    isc_region_t r;    unsigned int len;    REQUIRE(pub->keydata.dh != NULL);    REQUIRE(priv->keydata.dh != NULL);    dhpub = pub->keydata.dh;    dhpriv = priv->keydata.dh;    len = DH_size(dhpriv);    isc_buffer_availableregion(secret, &r);    if (r.length < len)        return (ISC_R_NOSPACE);    ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv);    if (ret == 0)        return (dst__openssl_toresult2("DH_compute_key",                                       DST_R_COMPUTESECRETFAILURE));    isc_buffer_add(secret, len);    return (ISC_R_SUCCESS);}

static int init_dh(SSL_CTX *ctx, const char *cert) {    DH *dh;    BIO *bio;    assert(cert);    bio = BIO_new_file(cert, "r");    if (!bio) {      ERR_print_errors_fp(stderr);      return -1;    }    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);    BIO_free(bio);    if (!dh) {        ERR("{core} Note: no DH parameters found in %s/n", cert);        return -1;    }    LOG("{core} Using DH parameters from %s/n", cert);    SSL_CTX_set_tmp_dh(ctx, dh);    LOG("{core} DH initialized with %d bit key/n", 8*DH_size(dh));    DH_free(dh);    return 0;}

ERL_NIF_TERM dh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]){/* (OthersPublicKey, MyPrivateKey, DHParams=[P,G]) */    BIGNUM *other_pub_key = NULL,        *dh_p = NULL,        *dh_g = NULL;    DH *dh_priv = DH_new();    /* Check the arguments and get          my private key (dh_priv),          the peer's public key (other_pub_key),          the parameters p & q    */    {        BIGNUM *dummy_pub_key = NULL,               *priv_key = NULL;        ERL_NIF_TERM head, tail;        if (!get_bn_from_bin(env, argv[0], &other_pub_key)            || !get_bn_from_bin(env, argv[1], &priv_key)            || !enif_get_list_cell(env, argv[2], &head, &tail)            || !get_bn_from_bin(env, head, &dh_p)            || !enif_get_list_cell(env, tail, &head, &tail)            || !get_bn_from_bin(env, head, &dh_g)            || !enif_is_empty_list(env, tail)            /* Note: DH_set0_key() does not allow setting only the             * private key, although DH_compute_key() does not use the             * public key. Work around this limitation by setting             * the public key to a copy of the private key.             */            || !(dummy_pub_key = BN_dup(priv_key))            || !DH_set0_key(dh_priv, dummy_pub_key, priv_key)            || !DH_set0_pqg(dh_priv, dh_p, NULL, dh_g)            ) {            if (dh_p) BN_free(dh_p);            if (dh_g) BN_free(dh_g);            if (other_pub_key) BN_free(other_pub_key);            if (dummy_pub_key) BN_free(dummy_pub_key);            if (priv_key) BN_free(priv_key);            return enif_make_badarg(env);        }    }    {        ErlNifBinary ret_bin;        int size;        enif_alloc_binary(DH_size(dh_priv), &ret_bin);        size = DH_compute_key(ret_bin.data, other_pub_key, dh_priv);        BN_free(other_pub_key);        DH_free(dh_priv);        if (size<=0) {            enif_release_binary(&ret_bin);            return atom_error;        }        if (size != ret_bin.size) enif_realloc_binary(&ret_bin, size);        return enif_make_binary(env, &ret_bin);    }}

tr_dh_secret_ttr_dh_agree (tr_dh_ctx_t     handle,             const uint8_t * other_public_key,             size_t          other_public_key_length){  struct tr_dh_secret * ret;  int dh_size, secret_key_length;  BIGNUM * other_key;  assert (handle != NULL);  assert (other_public_key != NULL);  if (!check_pointer (other_key = BN_bin2bn (other_public_key, other_public_key_length, NULL)))    return NULL;  dh_size = DH_size (handle);  ret = tr_dh_secret_new (dh_size);  secret_key_length = DH_compute_key (ret->key, other_key, handle);  if (check_result_neq (secret_key_length, -1))    {      tr_dh_secret_align (ret, secret_key_length);    }  else    {      tr_dh_secret_free (ret);      ret = NULL;    }  BN_free (other_key);  return ret;}

	// Set the prime P and the generator, generate local public key	DH_key_exchange::DH_key_exchange ()	{		m_DH = DH_new ();		m_DH->p = BN_bin2bn (m_dh_prime, sizeof(m_dh_prime), NULL);		m_DH->g = BN_bin2bn (m_dh_generator, sizeof(m_dh_generator), NULL);		assert (sizeof(m_dh_prime) == DH_size(m_DH));				DH_generate_key (m_DH); // TODO Check != 0		assert (m_DH->pub_key);		// DH can generate key sizes that are smaller than the size of		// P with exponentially decreasing probability, in which case		// the msb's of m_dh_local_key need to be zeroed		// appropriately.		int key_size = get_local_key_size();		int len_dh = sizeof(m_dh_prime); // must equal DH_size(m_DH)		if (key_size != len_dh)		{			assert(key_size > 0 && key_size < len_dh);			int pad_zero_size = len_dh - key_size;			std::fill(m_dh_local_key, m_dh_local_key + pad_zero_size, 0);			BN_bn2bin(m_DH->pub_key, (unsigned char*)m_dh_local_key + pad_zero_size);		}		else			BN_bn2bin(m_DH->pub_key, (unsigned char*)m_dh_local_key); // TODO Check return value	}

struct sec performDH(char *pubkeyRec,DH *privkey){		struct sec s;	int secret_size;	/* Send the public key to the peer.	* How this occurs will be specific to your situation (see main text below) */	/* Receive the public key from the peer. In this example we're just hard coding a value */	BIGNUM *pubkey = NULL;	if(0 == (BN_dec2bn(&pubkey, pubkeyRec))) handleErrors();	/* Compute the shared secret */	unsigned char *secret;	if(NULL == (secret = OPENSSL_malloc(sizeof(unsigned char) * (DH_size(privkey))))) handleErrors();	if(0 > (secret_size = DH_compute_key(secret, pubkey, privkey))) handleErrors();	/* Do something with the shared secret */	/* Note secret_size may be less than DH_size(privkey) */	printf("The shared secret is:/n");		strcpy(s.value,secret);	s.length=secret_size;	/* Clean up */	OPENSSL_free(secret);	BN_free(pubkey);	DH_free(privkey);	return s;}

void openssl_dh_crypt(){	BIO *b;	DH *d1, *d2;	int i, len1, len2;	unsigned char skey1[COMM_LEN], skey2[COMM_LEN];	d1 = DH_new();	d2 = DH_new();	DH_generate_parameters_ex(d1, 64, DH_GENERATOR_2, NULL);	DH_check(d1, &i);	printf("/nDH key size: %d/n", DH_size(d1));	DH_generate_key(d1);	d2->p = BN_dup(d1->p);	d2->g = BN_dup(d1->g);	DH_generate_key(d2);	DH_check_pub_key(d1, d1->pub_key, &i);	len1 = DH_compute_key(skey1, d2->pub_key, d1);	len2 = DH_compute_key(skey2, d1->pub_key, d2);	if ((len1 != len2) || (memcmp(skey1, skey2, len1) != 0)) {		printf("DH_compute_key err!/n");		DH_free(d1);		DH_free(d2);		return;	}	b = BIO_new(BIO_s_file());	BIO_set_fp(b, stdout, BIO_NOCLOSE);	DHparams_print(b, d1);	BIO_free(b);	DH_free(d1);	DH_free(d2);}

const uint8_t*tr_cryptoComputeSecret( tr_crypto *     crypto,                        const uint8_t * peerPublicKey ){    int      len;    uint8_t  secret[KEY_LEN];    BIGNUM * bn = BN_bin2bn( peerPublicKey, KEY_LEN, NULL );    DH *     dh;    ensureKeyExists( crypto );    dh = crypto->dh;    assert( DH_size( dh ) == KEY_LEN );    len = DH_compute_key( secret, bn, dh );    if( len == -1 )        logErrorFromSSL( );    else {        int offset;        assert( len <= KEY_LEN );        offset = KEY_LEN - len;        memset( crypto->mySecret, 0, offset );        memcpy( crypto->mySecret + offset, secret, len );        crypto->mySecretIsSet = 1;    }    BN_free( bn );    return crypto->mySecret;}

int tr_compute_dh_key(unsigned char **pbuf,		      BIGNUM *pub_key,		      DH *priv_dh) {  size_t buflen;  unsigned char *buf = NULL;;  int rc = 0;  if ((!pbuf) ||      (!pub_key) ||      (!priv_dh)) {    tr_debug("tr_compute_dh_key: Invalid parameters.");    return(-1);  }  *pbuf = NULL;  buflen = DH_size(priv_dh);  buf = malloc(buflen);  if (buf == NULL) {    tr_crit("tr_compute_dh_key: out of memory");    return -1;  }  rc = DH_compute_key(buf, pub_key, priv_dh);  if (0 <= rc) {    *pbuf = buf;  }else {    free(buf);  }  return rc;}

std::string avjackif::async_client_hello(boost::asio::yield_context yield_context){	proto::client_hello client_hello;	client_hello.set_client("avim");	client_hello.set_version(0001);	unsigned char to[512];	auto dh = DH_new();	DH_generate_parameters_ex(dh,64,DH_GENERATOR_5,NULL);	DH_generate_key(dh);	// 把 g,p, pubkey 传过去	client_hello.set_random_g((const void*)to, BN_bn2bin(dh->g, to));	client_hello.set_random_p((const void*)to, BN_bn2bin(dh->p, to));	client_hello.set_random_pub_key((const void*)to, BN_bn2bin(dh->pub_key, to));	auto tobesend = av_router::encode(client_hello);	boost::asio::async_write(*m_sock, boost::asio::buffer(tobesend), yield_context);	// 解码	std::unique_ptr<proto::server_hello> server_hello(		(proto::server_hello*)async_read_protobuf_message(*m_sock, yield_context));	m_remote_addr.reset(new proto::av_address(		av_address_from_string(server_hello->server_av_address())));	auto server_pubkey = BN_bin2bn((const unsigned char *) server_hello->random_pub_key().data(),		server_hello->random_pub_key().length(), NULL);	m_shared_key.resize(DH_size(dh));	// 密钥就算出来啦！	DH_compute_key(&m_shared_key[0], server_pubkey, dh);	BN_free(server_pubkey);    std::printf("key = 0x");    for (int i=0; i<DH_size(dh); ++i)	{        std::printf("%x%x", (m_shared_key[i] >> 4) & 0xf, m_shared_key[i] & 0xf);    }    std::printf("/n");	DH_free(dh);	return server_hello->random_pub_key();}

static krb5_error_codegenerate_dh_keyblock(krb5_context context, pk_client_params *client_params,                     krb5_enctype enctype, krb5_keyblock *reply_key){    unsigned char *dh_gen_key = NULL;    krb5_keyblock key;    krb5_error_code ret;    size_t dh_gen_keylen, size;    memset(&key, 0, sizeof(key));    if (!DH_generate_key(client_params->dh)) {	ret = KRB5KRB_ERR_GENERIC;	krb5_set_error_message(context, ret, "Can't generate Diffie-Hellman keys");	goto out;    }    if (client_params->dh_public_key == NULL) {	ret = KRB5KRB_ERR_GENERIC;	krb5_set_error_message(context, ret, "dh_public_key");	goto out;    }    dh_gen_keylen = DH_size(client_params->dh);    size = BN_num_bytes(client_params->dh->p);    if (size < dh_gen_keylen)	size = dh_gen_keylen;    dh_gen_key = malloc(size);    if (dh_gen_key == NULL) {	ret = ENOMEM;	krb5_set_error_message(context, ret, "malloc: out of memory");	goto out;    }    memset(dh_gen_key, 0, size - dh_gen_keylen);    dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),				   client_params->dh_public_key,				   client_params->dh);    if (dh_gen_keylen == -1) {	ret = KRB5KRB_ERR_GENERIC;	krb5_set_error_message(context, ret, "Can't compute Diffie-Hellman key");	goto out;    }    ret = _krb5_pk_octetstring2key(context,				   enctype,				   dh_gen_key, dh_gen_keylen,				   NULL, NULL,				   reply_key); out:    if (dh_gen_key)	free(dh_gen_key);    if (key.keyvalue.data)	krb5_free_keyblock_contents(context, &key);    return ret;}

/* *	Generate an empheral DH key.  Because this can take a long *	time to compute, we can use precomputed parameters of the *	common key sizes. * *	Since few sites will bother to precompute these parameter *	files, we also provide a fallback to the parameters provided *	by the OpenSSL project. * *	These values can be static (once loaded or computed) since *	the OpenSSL library can efficiently generate random keys from *	the information provided. */static DH  *tmp_dh_cb(SSL *s, int is_export, int keylength){	DH		   *r = NULL;	static DH  *dh = NULL;	static DH  *dh512 = NULL;	static DH  *dh1024 = NULL;	static DH  *dh2048 = NULL;	static DH  *dh4096 = NULL;	switch (keylength)	{		case 512:			if (dh512 == NULL)				dh512 = load_dh_file(keylength);			if (dh512 == NULL)				dh512 = load_dh_buffer(file_dh512, sizeof file_dh512);			r = dh512;			break;		case 1024:			if (dh1024 == NULL)				dh1024 = load_dh_file(keylength);			if (dh1024 == NULL)				dh1024 = load_dh_buffer(file_dh1024, sizeof file_dh1024);			r = dh1024;			break;		case 2048:			if (dh2048 == NULL)				dh2048 = load_dh_file(keylength);			if (dh2048 == NULL)				dh2048 = load_dh_buffer(file_dh2048, sizeof file_dh2048);			r = dh2048;			break;		case 4096:			if (dh4096 == NULL)				dh4096 = load_dh_file(keylength);			if (dh4096 == NULL)				dh4096 = load_dh_buffer(file_dh4096, sizeof file_dh4096);			r = dh4096;			break;		default:			if (dh == NULL)				dh = load_dh_file(keylength);			r = dh;	}	/* this may take a long time, but it may be necessary... */	if (r == NULL || 8 * DH_size(r) < keylength)		r = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);	return r;}

ssize_ttls_get_connection_info(struct tls *ctx, char *buf, size_t buflen){	SSL *conn = ctx->ssl_conn;	const char *ocsp_pfx = "", *ocsp_info = "";	const char *proto = "-", *cipher = "-";	char dh[64];	int used_dh_bits = ctx->used_dh_bits, used_ecdh_nid = ctx->used_ecdh_nid;	if (conn != NULL) {		proto = SSL_get_version(conn);		cipher = SSL_get_cipher(conn);#ifdef SSL_get_server_tmp_key		if (ctx->flags & TLS_CLIENT) {			EVP_PKEY *pk = NULL;			int ok = SSL_get_server_tmp_key(conn, &pk);			int pk_type = EVP_PKEY_id(pk);			if (ok && pk) {				if (pk_type == EVP_PKEY_DH) {					DH *dh = EVP_PKEY_get0(pk);					used_dh_bits = DH_size(dh) * 8;				} else if (pk_type == EVP_PKEY_EC) {					EC_KEY *ecdh = EVP_PKEY_get0(pk);					const EC_GROUP *eg = EC_KEY_get0_group(ecdh);					used_ecdh_nid = EC_GROUP_get_curve_name(eg);				}				EVP_PKEY_free(pk);			}		}#endif	}	if (used_dh_bits) {		snprintf(dh, sizeof dh, "/DH=%d", used_dh_bits);	} else if (used_ecdh_nid) {		snprintf(dh, sizeof dh, "/ECDH=%s", OBJ_nid2sn(used_ecdh_nid));	} else {		dh[0] = 0;	}	if (ctx->ocsp_result) {		ocsp_info = ctx->ocsp_result;		ocsp_pfx = "/OCSP=";	}	return snprintf(buf, buflen, "%s/%s%s%s%s", proto, cipher, dh, ocsp_pfx, ocsp_info);}

NOEXPORT int init_dh(SERVICE_OPTIONS *section) {    DH *dh=NULL;    s_log(LOG_DEBUG, "DH initialization");#ifdef HAVE_OSSL_ENGINE_H    if(!section->engine) /* cert is a file and not an identifier */#endif        dh=read_dh(section->cert);    if(!dh)        dh=get_dh2048();    if(!dh) {        s_log(LOG_NOTICE, "DH initialization failed");        return 1; /* FAILED */    }    SSL_CTX_set_tmp_dh(section->ctx, dh);    s_log(LOG_DEBUG, "DH initialized with %d-bit key", 8*DH_size(dh));    DH_free(dh);    return 0; /* OK */}

int s2n_dh_compute_shared_secret_as_client(struct s2n_dh_params *server_dh_params, struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key){    struct s2n_dh_params client_params;    uint8_t *client_pub_key;    uint16_t client_pub_key_size;    int shared_key_size;    GUARD(s2n_dh_params_check(server_dh_params));    GUARD(s2n_dh_params_copy(server_dh_params, &client_params));    GUARD(s2n_dh_generate_ephemeral_key(&client_params));    GUARD(s2n_alloc(shared_key, DH_size(server_dh_params->dh)));    const BIGNUM *client_pub_key_bn = s2n_get_Ys_dh_param(&client_params);    client_pub_key_size = BN_num_bytes(client_pub_key_bn);    GUARD(s2n_stuffer_write_uint16(Yc_out, client_pub_key_size));    client_pub_key = s2n_stuffer_raw_write(Yc_out, client_pub_key_size);    if (client_pub_key == NULL) {        GUARD(s2n_free(shared_key));        GUARD(s2n_dh_params_free(&client_params));        S2N_ERROR(S2N_ERR_DH_WRITING_PUBLIC_KEY);    }    if (BN_bn2bin(client_pub_key_bn, client_pub_key) != client_pub_key_size) {        GUARD(s2n_free(shared_key));        GUARD(s2n_dh_params_free(&client_params));        S2N_ERROR(S2N_ERR_DH_COPYING_PUBLIC_KEY);    }    /* server_dh_params already validated */    const BIGNUM *server_pub_key_bn = s2n_get_Ys_dh_param(server_dh_params);    shared_key_size = DH_compute_key(shared_key->data, server_pub_key_bn, client_params.dh);    if (shared_key_size < 0) {        GUARD(s2n_free(shared_key));        GUARD(s2n_dh_params_free(&client_params));        S2N_ERROR(S2N_ERR_DH_SHARED_SECRET);    }    shared_key->size = shared_key_size;    GUARD(s2n_dh_params_free(&client_params));    return 0;}

static intinit_dh(SSL_CTX * ctx, unsigned char *dhparam){	int             rc = TRUE;	BIO            *bio = 0;	DH             *dh = 0;	if (dhparam == NULL)		return TRUE;	if ((bio = BIO_new_file((char *) dhparam, "r")) == NULL) {		LOG(SPOCP_ERR)		    traceLog(LOG_ERR,"DH: could not read %s: %s", dhparam,			     strerror(errno));		rc = FALSE;	} else {		if ((dh =		     PEM_read_bio_DHparams(bio, NULL, NULL, NULL)) == NULL) {			LOG(SPOCP_ERR)			    traceLog(LOG_ERR,"DH: could not load params from %s",				     dhparam);			rc = FALSE;		} else {			if (SSL_CTX_set_tmp_dh(ctx, dh) < 0) {				LOG(SPOCP_DEBUG)					traceLog(LOG_ERR,					    "Couldn't set Diffie-Hellman parameters");				rc = FALSE;			} else				LOG(SPOCP_DEBUG)				    traceLog(LOG_ERR,					"Diffie-Hellman initialised from %s with %d-bit key",				    	 dhparam, 8 * DH_size(dh));			DH_free(dh);		}		BIO_free(bio);	}	return rc;}

bool OSSLDH::deriveKey(SymmetricKey **ppSymmetricKey, PublicKey* publicKey, PrivateKey* privateKey){	// Check parameters	if ((ppSymmetricKey == NULL) ||	    (publicKey == NULL) ||	    (privateKey == NULL))	{		return false;	}	// Get keys	DH *pub = ((OSSLDHPublicKey *)publicKey)->getOSSLKey();	DH *priv = ((OSSLDHPrivateKey *)privateKey)->getOSSLKey();	if (pub == NULL || pub->pub_key == NULL || priv == NULL)	{		ERROR_MSG("Failed to get OpenSSL DH keys");		return false;	}	// Derive the secret	ByteString secret;	secret.resize(DH_size(priv));;	if (DH_compute_key(&secret[0], pub->pub_key, priv) <= 0)	{		ERROR_MSG("DH key derivation failed (0x%08X)", ERR_get_error());		return false;	}	*ppSymmetricKey = new SymmetricKey;	if (*ppSymmetricKey == NULL)		return false;	if (!(*ppSymmetricKey)->setKeyBits(secret))	{		delete *ppSymmetricKey;		*ppSymmetricKey = NULL;		return false;	}	return true;}

int Condor_Diffie_Hellman :: compute_shared_secret(const char * pk){    // the input pk is assumed to be an encoded string representing    // the binary data for the remote party's public key -- y (or x)    // the local DH knows about g and x, now, it will compute    // (g^x)^y, or (g^y)^x    BIGNUM * remote_pubKey = NULL;    if (BN_hex2bn(&remote_pubKey, pk) == 0) {        dprintf(D_ALWAYS, "Unable to obtain remote public key/n");        goto error;    }    if ((dh_ != NULL) && (remote_pubKey != NULL)) {        secret_ = (unsigned char *) malloc(DH_size(dh_));        // Now compute        keySize_ = DH_compute_key(secret_, remote_pubKey, dh_);        BN_clear_free(remote_pubKey);        if (keySize_ == -1) {            dprintf(D_ALWAYS, "Unable to compute shared secret/n");            goto error;        }    }       else {        goto error;    }    return 1; error:    if (remote_pubKey) {        BN_clear_free(remote_pubKey);    }    if (secret_) {        free(secret_);        secret_ = NULL;    }    return 0;}

static voidtls_info_callback(const SSL *ssl, int where, int rc){	struct tls *ctx = SSL_get_app_data(ssl);	/* steal info about used DH key */	if (ssl->s3 && ssl->s3->tmp.dh && !ctx->used_dh_bits) {		ctx->used_dh_bits = DH_size(ssl->s3->tmp.dh) * 8;	} else if (ssl->s3 && ssl->s3->tmp.ecdh && !ctx->used_ecdh_nid) {		ctx->used_ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ssl->s3->tmp.ecdh));	}	/* detect renegotation on established connection */	if (where & SSL_CB_HANDSHAKE_START) {		if (ctx->state & TLS_STATE_ESTABLISHED)			ctx->state |= TLS_STATE_ABORT;	} else if (where & SSL_CB_HANDSHAKE_DONE) {		ctx->state |= TLS_STATE_ESTABLISHED;	}}

static int init_dh(void) {#ifdef USE_DH    FILE *fp;    DH *dh;    BIO *bio;    fp=fopen(options.cert, "r");    if(!fp) {#ifdef USE_WIN32        /* Win32 doesn't seem to set errno in fopen() */        log(LOG_ERR, "Failed to open %s", options.cert);#else        ioerror(options.cert);#endif        return -1; /* FAILED */    }    bio=BIO_new_fp(fp, BIO_CLOSE|BIO_FP_TEXT);    if(!bio) {        log(LOG_ERR, "BIO_new_fp failed");        return -1; /* FAILED */    }    if((dh=PEM_read_bio_DHparams(bio, NULL, NULL#if SSLEAY_VERSION_NUMBER >= 0x00904000L            , NULL#endif            ))) {        BIO_free(bio);        log(LOG_DEBUG, "Using Diffie-Hellman parameters from %s",            options.cert);    } else { /* Failed to load DH parameters from file */        BIO_free(bio);        log(LOG_NOTICE, "Could not load DH parameters from %s", options.cert);        return -1; /* FAILED */    }    SSL_CTX_set_tmp_dh(ctx, dh);    log(LOG_INFO, "Diffie-Hellman initialized with %d bit key",        8*DH_size(dh));    DH_free(dh);#endif /* USE_DH */    return 0; /* OK */}

/* *	Load precomputed DH parameters. * *	To prevent "downgrade" attacks, we perform a number of checks *	to verify that the DBA-generated DH parameters file contains *	what we expect it to contain. */static DH  *load_dh_file(int keylength){	char		homedir[MAXPGPATH];	char		fnbuf[MAXPGPATH];	FILE	   *fp;	DH		   *dh;	int			codes;	if (!pqGetHomeDirectory(homedir, sizeof(homedir)))		return NULL;	/* attempt to open file.  It's not an error if it doesn't exist. */	snprintf(fnbuf, sizeof(fnbuf), DHFILEPATTERN, homedir, keylength);	if ((fp = fopen(fnbuf, "r")) == NULL)		return NULL;/*	flock(fileno(fp), LOCK_SH); */	dh = PEM_read_DHparams(fp, NULL, NULL, NULL);/*	flock(fileno(fp), LOCK_UN); */	fclose(fp);	/* is the prime the correct size? */	if (dh != NULL && 8 * DH_size(dh) < keylength)		dh = NULL;	/* make sure the DH parameters are usable */	if (dh != NULL)	{		if (DH_check(dh, &codes))			return NULL;		if (codes & DH_CHECK_P_NOT_PRIME)			return NULL;		if ((codes & DH_NOT_SUITABLE_GENERATOR) &&			(codes & DH_CHECK_P_NOT_SAFE_PRIME))			return NULL;	}	return dh;}

/* *  call-seq: *     dh.compute_key(pub_bn) -> aString * * Returns a String containing a shared secret computed from the other party's public value. * See DH_compute_key() for further information. * * === Parameters * * +pub_bn+ is a OpenSSL::BN, *not* the DH instance returned by * DH#public_key as that contains the DH parameters only. */static VALUEossl_dh_compute_key(VALUE self, VALUE pub){    DH *dh;    EVP_PKEY *pkey;    BIGNUM *pub_key;    VALUE str;    int len;    GetPKeyDH(self, pkey);    dh = pkey->pkey.dh;    pub_key = GetBNPtr(pub);    len = DH_size(dh);    str = rb_str_new(0, len);    if ((len = DH_compute_key((unsigned char *)RSTRING_PTR(str), pub_key, dh)) < 0) {	ossl_raise(eDHError, NULL);    }    rb_str_set_len(str, len);    return str;}

/* *  call-seq: *     dh.compute_key(pub_bn) -> aString * * Returns a String containing a shared secret computed from the other party's public value. * See DH_compute_key() for further information. * * === Parameters * * +pub_bn+ is a OpenSSL::BN, *not* the DH instance returned by * DH#public_key as that contains the DH parameters only. */static VALUEossl_dh_compute_key(VALUE self, VALUE pub){    DH *dh;    const BIGNUM *pub_key, *dh_p;    VALUE str;    int len;    GetDH(self, dh);    DH_get0_pqg(dh, &dh_p, NULL, NULL);    if (!dh_p)	ossl_raise(eDHError, "incomplete DH");    pub_key = GetBNPtr(pub);    len = DH_size(dh);    str = rb_str_new(0, len);    if ((len = DH_compute_key((unsigned char *)RSTRING_PTR(str), pub_key, dh)) < 0) {	ossl_raise(eDHError, NULL);    }    rb_str_set_len(str, len);    return str;}

static voidtls_info_callback(const SSL *ssl, int where, int rc){	struct tls *ctx = SSL_get_app_data(ssl);#ifdef USE_LIBSSL_INTERNALS	if (!(ctx->state & TLS_HANDSHAKE_COMPLETE) && ssl->s3) {		/* steal info about used DH key */		if (ssl->s3->tmp.dh && !ctx->used_dh_bits) {			ctx->used_dh_bits = DH_size(ssl->s3->tmp.dh) * 8;		} else if (ssl->s3->tmp.ecdh && !ctx->used_ecdh_nid) {			ctx->used_ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ssl->s3->tmp.ecdh));		}	}#endif	/* detect renegotation on established connection */	if (where & SSL_CB_HANDSHAKE_START) {		if (ctx->state & TLS_HANDSHAKE_COMPLETE)			ctx->state |= TLS_DO_ABORT;	}}

int s2n_pkcs3_to_dh_params(struct s2n_dh_params *dh_params, struct s2n_blob *pkcs3){    uint8_t *original_ptr = pkcs3->data;    dh_params->dh = d2i_DHparams(NULL, (const unsigned char **)(void *)&pkcs3->data, pkcs3->size);    GUARD(s2n_check_p_g_dh_params(dh_params));    if (pkcs3->data - original_ptr != pkcs3->size) {        DH_free(dh_params->dh);        S2N_ERROR(S2N_ERR_INVALID_PKCS3);    }    pkcs3->data = original_ptr;    /* Require at least 2048 bits for the DH size */    if (DH_size(dh_params->dh) < S2N_MIN_DH_PRIME_SIZE_BYTES) {        DH_free(dh_params->dh);        S2N_ERROR(S2N_ERR_DH_TOO_SMALL);    }    /* Check the generator and prime */    GUARD(s2n_dh_params_check(dh_params));    return 0;}