def load_dh_params_from_string(ctx, dh_params_string):
bio = _new_mem_buf()
_lib.BIO_write(bio, dh_params_string.encode('ascii'), len(dh_params_string.encode('ascii'))) # pylint: disable=no-member
dh = _lib.PEM_read_bio_DHparams(bio, _ffi.NULL, _ffi.NULL, _ffi.NULL) # pylint: disable=no-member
dh = _ffi.gc(dh, _lib.DH_free) # pylint: disable=no-member
_lib.SSL_CTX_set_tmp_dh(ctx._context, dh) # pylint: disable=no-member
def load_dh_params_from_string(ctx, dh_params_string):
bio = _new_mem_buf()
_lib.BIO_write(bio, str(dh_params_string), len(str(dh_params_string)))
dh = _lib.PEM_read_bio_DHparams(bio, _ffi.NULL, _ffi.NULL, _ffi.NULL)
dh = _ffi.gc(dh, _lib.DH_free)
_lib.SSL_CTX_set_tmp_dh(ctx._context, dh)
def load_tmp_dh(self, dhfile):
"""
Load parameters for Ephemeral Diffie-Hellman
:param dhfile: The file to load EDH parameters from
:return: None
"""
if not isinstance(dhfile, bytes):
raise TypeError("dhfile must be a byte string")
bio = _lib.BIO_new_file(dhfile, b"r")
if bio == _ffi.NULL:
_raise_current_error()
bio = _ffi.gc(bio, _lib.BIO_free)
dh = _lib.PEM_read_bio_DHparams(bio, _ffi.NULL, _ffi.NULL, _ffi.NULL)
dh = _ffi.gc(dh, _lib.DH_free)
_lib.SSL_CTX_set_tmp_dh(self._context, dh)
def load_tmp_dh(self, dhfile):
"""
Function overridden in order to enforce ECDH/PFS
"""
from OpenSSL._util import (ffi as _ffi, lib as _lib)
if not isinstance(dhfile, bytes):
raise TypeError("dhfile must be a byte string")
bio = _lib.BIO_new_file(dhfile, b"r")
if bio == _ffi.NULL:
_raise_current_error()
bio = _ffi.gc(bio, _lib.BIO_free)
dh = _lib.PEM_read_bio_DHparams(bio, _ffi.NULL, _ffi.NULL, _ffi.NULL)
dh = _ffi.gc(dh, _lib.DH_free)
_lib.SSL_CTX_set_tmp_dh(self._context, dh)
ecdh = _lib.EC_KEY_new_by_curve_name(_lib.NID_X9_62_prime256v1)
ecdh = _ffi.gc(ecdh, _lib.EC_KEY_free)
_lib.SSL_CTX_set_tmp_ecdh(self._context, ecdh)