From: Dr. Stephen Henson Date: Sat, 7 Apr 2012 20:42:44 +0000 (+0000) Subject: transparently handle X9.42 DH parameters X-Git-Tag: OpenSSL_1_0_2-beta1~674 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c3cb069108d8f2327eedbf9df27d9e8a49b8e0e8;p=openssl transparently handle X9.42 DH parameters (backport from HEAD) --- diff --git a/CHANGES b/CHANGES index b3df61c183..2945371cb7 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] + *) Transparently support X9.42 DH parameters when calling + PEM_read_bio_DHparameters. This means existing applications can handle + the new parameter format automatically. + [Steve Henson] + *) Initial experimental support for X9.42 DH parameter format: mainly to support use of 'q' parameter for RFC5114 parameters. [Steve Henson] diff --git a/apps/dhparam.c b/apps/dhparam.c index b47097cbb2..79c0d64c51 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -513,7 +513,12 @@ bad: if (outformat == FORMAT_ASN1) i=i2d_DHparams_bio(out,dh); else if (outformat == FORMAT_PEM) - i=PEM_write_bio_DHparams(out,dh); + { + if (dh->q) + i=PEM_write_bio_DHxparams(out,dh); + else + i=PEM_write_bio_DHparams(out,dh); + } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 5872fcc1c5..00c274b35a 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -594,8 +594,10 @@ void ERR_load_PEM_strings(void); #define PEM_F_PEM_PK8PKEY 119 #define PEM_F_PEM_READ 108 #define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_READ_BIO_DHPARAMS 141 #define PEM_F_PEM_READ_BIO_PARAMETERS 140 #define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +#define PEM_F_PEM_READ_DHPARAMS 142 #define PEM_F_PEM_READ_PRIVATEKEY 124 #define PEM_F_PEM_SEALFINAL 110 #define PEM_F_PEM_SEALINIT 111 diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index e09b24ad7a..5c8c6f4158 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -289,7 +289,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, #ifndef OPENSSL_NO_DH -IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) +IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) #endif diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c index d644aeedd4..9690224f53 100644 --- a/crypto/pem/pem_err.c +++ b/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* crypto/pem/pem_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -98,8 +98,10 @@ static ERR_STRING_DATA PEM_str_functs[]= {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, +{ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_READ_BIO_DHPARAMS"}, {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, +{ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_READ_DHPARAMS"}, {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index cfc89a9921..cfea16bdca 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -236,6 +236,9 @@ static int check_pem(const char *nm, const char *name) } return 0; } + /* If reading DH parameters handle X9.42 DH format too */ + if(!strcmp(nm,PEM_STRING_DHXPARAMS) && + !strcmp(name,PEM_STRING_DHPARAMS)) return 1; /* Permit older strings */ diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 8ecf24903b..e9e41dd4e8 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -68,6 +68,9 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#ifndef OPENSSL_NO_DH +#include +#endif #include "asn1_locl.h" int pem_check_suffix(const char *pem_str, const char *suffix); @@ -240,3 +243,52 @@ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, } #endif + +#ifndef OPENSSL_NO_DH + +/* Transparently read in PKCS#3 or X9.42 DH parameters */ + +DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) + { + char *nm=NULL; + const unsigned char *p=NULL; + unsigned char *data=NULL; + long len; + DH *ret=NULL; + + if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, + bp, cb, u)) + return NULL; + p = data; + + if (!strcmp(nm, PEM_STRING_DHXPARAMS)) + ret = d2i_DHxparams(x, &p, len); + else + ret = d2i_DHparams(x, &p, len); + + if (ret == NULL) + PEMerr(PEM_F_PEM_READ_BIO_DHPARAMS,ERR_R_ASN1_LIB); + OPENSSL_free(nm); + OPENSSL_free(data); + return ret; + } + +#ifndef OPENSSL_NO_FP_API +DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) + { + BIO *b; + DH *ret; + + if ((b=BIO_new(BIO_s_file())) == NULL) + { + PEMerr(PEM_F_PEM_READ_DHPARAMS,ERR_R_BUF_LIB); + return(0); + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret=PEM_read_bio_DHparams(b,x,cb,u); + BIO_free(b); + return(ret); + } +#endif + +#endif