]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
Initial experimental support for X9.42 DH parameter format to handle
authorDr. Stephen Henson <steve@openssl.org>
Wed, 7 Dec 2011 00:32:34 +0000 (00:32 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 7 Dec 2011 00:32:34 +0000 (00:32 +0000)
RFC5114 parameters and X9.42 DH public and private keys.

15 files changed:
CHANGES
crypto/asn1/ameth_lib.c
crypto/dh/dh.h
crypto/dh/dh_ameth.c
crypto/dh/dh_asn1.c
crypto/dh/dh_pmeth.c
crypto/ecdsa/ecdsatest.c
crypto/evp/evp.h
crypto/evp/pmeth_lib.c
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt
crypto/pem/pem.h
crypto/pem/pem_all.c

diff --git a/CHANGES b/CHANGES
index a453a7bf8dad12f35605633eee6cb33db2535486..4a0ce55c564d989cb9d4ad95b9ac3655742b5ced 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Initial experimental support for X9.42 DH parameter format: mainly
+     to support use of 'q' parameter for RFC5114 parameters.
+     [Steve Henson]
+
   *) Add DH parameters from RFC5114 including test data to dhtest.
      [Steve Henson]
 
   *) Add DH parameters from RFC5114 including test data to dhtest.
      [Steve Henson]
 
index a19e058fca693f429868bd3e5d9be5ecec133fac..5fff22612010cb7bd069d35f24e1e28f980c414b 100644 (file)
@@ -67,6 +67,7 @@
 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
@@ -92,7 +93,10 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] =
        &eckey_asn1_meth,
 #endif
        &hmac_asn1_meth,
        &eckey_asn1_meth,
 #endif
        &hmac_asn1_meth,
-       &cmac_asn1_meth
+       &cmac_asn1_meth,
+#ifndef OPENSSL_NO_DH
+       &dhx_asn1_meth
+#endif
        };
 
 typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
        };
 
 typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
index 9b90197acfd1a26f931c736d829497a681b70efb..ce5fee9c7955356280a82cbba7da8da13c521f70 100644 (file)
@@ -223,6 +223,8 @@ int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
 int    DH_compute_key_padded(unsigned char *key,const BIGNUM *pub_key,DH *dh);
 DH *   d2i_DHparams(DH **a,const unsigned char **pp, long length);
 int    i2d_DHparams(const DH *a,unsigned char **pp);
 int    DH_compute_key_padded(unsigned char *key,const BIGNUM *pub_key,DH *dh);
 DH *   d2i_DHparams(DH **a,const unsigned char **pp, long length);
 int    i2d_DHparams(const DH *a,unsigned char **pp);
+DH *   d2i_DHxparams(DH **a,const unsigned char **pp, long length);
+int    i2d_DHxparams(const DH *a,unsigned char **pp);
 #ifndef OPENSSL_NO_FP_API
 int    DHparams_print_fp(FILE *fp, const DH *x);
 #endif
 #ifndef OPENSSL_NO_FP_API
 int    DHparams_print_fp(FILE *fp, const DH *x);
 #endif
@@ -245,8 +247,17 @@ DH *DH_get_2048_256(void);
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
 
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
 
+#define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                       EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+#define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                       EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
 #define        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
 #define        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
 #define        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
 #define        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
+#define        EVP_PKEY_CTRL_DH_RFC5114                (EVP_PKEY_ALG_CTRL + 3)
                
 
 /* BEGIN ERROR CODES */
                
 
 /* BEGIN ERROR CODES */
index f3e910e105aa6631cd749e8df55392cbcfe44c6b..8d0fe2e3f72498a4dcb6e4eee0af65621edaa1cd 100644 (file)
 #include <openssl/bn.h>
 #include "asn1_locl.h"
 
 #include <openssl/bn.h>
 #include "asn1_locl.h"
 
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+
+/* i2d/d2i like DH parameter functions which use the appropriate routine
+ * for PKCS#3 DH or X9.42 DH.
+ */
+
+static DH * d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, long length)
+       {
+       if (pkey->ameth == &dhx_asn1_meth)
+               return d2i_DHxparams(NULL, pp, length);
+       return d2i_DHparams(NULL, pp, length);
+       }
+
+static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
+       {
+       if (pkey->ameth == &dhx_asn1_meth)
+               return i2d_DHxparams(a, pp);
+       return i2d_DHparams(a, pp);
+       }
+
 static void int_dh_free(EVP_PKEY *pkey)
        {
        DH_free(pkey->pkey.dh);
 static void int_dh_free(EVP_PKEY *pkey)
        {
        DH_free(pkey->pkey.dh);
@@ -94,7 +114,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
        pm = pstr->data;
        pmlen = pstr->length;
 
        pm = pstr->data;
        pmlen = pstr->length;
 
-       if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+       if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
                {
                DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
                goto err;
                {
                DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
                goto err;
@@ -114,7 +134,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
                }
 
        ASN1_INTEGER_free(public_key);
                }
 
        ASN1_INTEGER_free(public_key);
-       EVP_PKEY_assign_DH(pkey, dh);
+       EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
        return 1;
 
        err:
        return 1;
 
        err:
@@ -139,7 +159,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
        dh=pkey->pkey.dh;
 
        str = ASN1_STRING_new();
        dh=pkey->pkey.dh;
 
        str = ASN1_STRING_new();
-       str->length = i2d_DHparams(dh, &str->data);
+       str->length = i2d_dhp(pkey, dh, &str->data);
        if (str->length <= 0)
                {
                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
        if (str->length <= 0)
                {
                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
@@ -162,7 +182,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
                goto err;
                }
 
                goto err;
                }
 
-       if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
+       if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
                                ptype, pval, penc, penclen))
                return 1;
 
                                ptype, pval, penc, penclen))
                return 1;
 
@@ -208,7 +228,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
        pstr = pval;    
        pm = pstr->data;
        pmlen = pstr->length;
        pstr = pval;    
        pm = pstr->data;
        pmlen = pstr->length;
-       if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+       if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
                goto decerr;
        /* We have parameters now set private key */
        if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
                goto decerr;
        /* We have parameters now set private key */
        if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
@@ -220,7 +240,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
        if (!DH_generate_key(dh))
                goto dherr;
 
        if (!DH_generate_key(dh))
                goto dherr;
 
-       EVP_PKEY_assign_DH(pkey, dh);
+       EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
 
        ASN1_INTEGER_free(privkey);
 
 
        ASN1_INTEGER_free(privkey);
 
@@ -248,7 +268,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
                goto err;
                }
 
                goto err;
                }
 
-       params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
+       params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
        if (params->length <= 0)
                {
                DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
        if (params->length <= 0)
                {
                DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
@@ -269,7 +289,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
        ASN1_INTEGER_free(prkey);
 
 
        ASN1_INTEGER_free(prkey);
 
-       if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
+       if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
                                V_ASN1_SEQUENCE, params, dp, dplen))
                goto err;
 
                                V_ASN1_SEQUENCE, params, dp, dplen))
                goto err;
 
@@ -299,18 +319,18 @@ static int dh_param_decode(EVP_PKEY *pkey,
                                        const unsigned char **pder, int derlen)
        {
        DH *dh;
                                        const unsigned char **pder, int derlen)
        {
        DH *dh;
-       if (!(dh = d2i_DHparams(NULL, pder, derlen)))
+       if (!(dh = d2i_dhp(pkey, pder, derlen)))
                {
                DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
                return 0;
                }
                {
                DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
                return 0;
                }
-       EVP_PKEY_assign_DH(pkey, dh);
+       EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
        return 1;
        }
 
 static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
        {
        return 1;
        }
 
 static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
        {
-       return i2d_DHparams(pkey->pkey.dh, pder);
+       return i2d_dhp(pkey, pkey->pkey.dh, pder);
        }
 
 static int do_dh_print(BIO *bp, const DH *x, int indent,
        }
 
 static int do_dh_print(BIO *bp, const DH *x, int indent,
@@ -348,11 +368,11 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
        update_buflen(priv_key, &buf_len);
 
        if (ptype == 2)
        update_buflen(priv_key, &buf_len);
 
        if (ptype == 2)
-               ktype = "PKCS#3 DH Private-Key";
+               ktype = "DH Private-Key";
        else if (ptype == 1)
        else if (ptype == 1)
-               ktype = "PKCS#3 DH Public-Key";
+               ktype = "DH Public-Key";
        else
        else
-               ktype = "PKCS#3 DH Parameters";
+               ktype = "DH Parameters";
 
        m= OPENSSL_malloc(buf_len+10);
        if (m == NULL)
 
        m= OPENSSL_malloc(buf_len+10);
        if (m == NULL)
@@ -405,8 +425,12 @@ static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
        if (    BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
                BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
                return 0;
        if (    BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
                BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
                return 0;
-       else
-               return 1;
+       else if (a->ameth == &dhx_asn1_meth)
+               {
+               if (BN_cmp(a->pkey.dh->q,b->pkey.dh->q))
+                       return 0;
+               }
+       return 1;
        }
 
 static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
        }
 
 static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
@@ -424,6 +448,15 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
        if (to->pkey.dh->g != NULL)
                BN_free(to->pkey.dh->g);
        to->pkey.dh->g=a;
        if (to->pkey.dh->g != NULL)
                BN_free(to->pkey.dh->g);
        to->pkey.dh->g=a;
+       if (from->ameth == &dhx_asn1_meth)
+               {
+               a = BN_dup(from->pkey.dh->q);
+               if (!a)
+                       return 0;
+               if (to->pkey.dh->q)
+                       BN_free(to->pkey.dh->q);
+               to->pkey.dh->q = a;
+               }
 
        return 1;
        }
 
        return 1;
        }
@@ -501,3 +534,36 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
        0
        };
 
        0
        };
 
+const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = 
+       {
+       EVP_PKEY_DHX,
+       EVP_PKEY_DHX,
+       0,
+
+       "X9.42 DH",
+       "OpenSSL X9.42 DH method",
+
+       dh_pub_decode,
+       dh_pub_encode,
+       dh_pub_cmp,
+       dh_public_print,
+
+       dh_priv_decode,
+       dh_priv_encode,
+       dh_private_print,
+
+       int_dh_size,
+       dh_bits,
+
+       dh_param_decode,
+       dh_param_encode,
+       dh_missing_parameters,
+       dh_copy_parameters,
+       dh_cmp_parameters,
+       dh_param_print,
+       0,
+
+       int_dh_free,
+       0
+       };
+
index 0b4357d60530f3e20e355e98f373538287a82335..6de297f17e9b5a9493b1d0491f99f49715e8177b 100644 (file)
@@ -91,3 +91,108 @@ DH *DHparams_dup(DH *dh)
        {
        return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
        }
        {
        return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
        }
+
+/* Internal only structures for handling X9.42 DH: this gets translated
+ * to or from a DH structure straight away.
+ */
+
+typedef struct
+       {
+       ASN1_BIT_STRING *seed;
+       BIGNUM *counter;
+       } int_dhvparams;
+
+typedef struct 
+       {
+       BIGNUM *p;
+       BIGNUM *q;
+       BIGNUM *g;
+       BIGNUM *j;
+       int_dhvparams *vparams;
+       } int_dhx942_dh;
+
+ASN1_SEQUENCE(DHvparams) = {
+       ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
+       ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
+} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
+
+ASN1_SEQUENCE(DHxparams) = {
+       ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
+       ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
+       ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
+       ASN1_OPT(int_dhx942_dh, j, BIGNUM),
+       ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
+} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
+
+int_dhx942_dh *        d2i_int_dhx(int_dhx942_dh **a,
+                               const unsigned char **pp, long length);
+int    i2d_int_dhx(const int_dhx942_dh *a,unsigned char **pp);
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
+
+/* Application leve function: read in X9.42 DH parameters into DH structure */
+
+DH *   d2i_DHxparams(DH **a,const unsigned char **pp, long length)
+       {
+       int_dhx942_dh *dhx = NULL;
+       DH *dh = NULL;
+       dh = DH_new();
+       if (!dh)
+               return NULL;
+       dhx = d2i_int_dhx(NULL, pp, length);
+       if (!dhx)
+               {
+               DH_free(dh);
+               return NULL;
+               }
+
+       if (a)
+               {
+               if (*a)
+                       DH_free(*a);
+               *a = dh;
+               }
+
+       dh->p = dhx->p;
+       dh->q = dhx->q;
+       dh->g = dhx->g;
+       dh->j = dhx->j;
+
+       if (dhx->vparams)
+               {
+               dh->seed = dhx->vparams->seed->data;
+               dh->seedlen = dhx->vparams->seed->length;
+               dh->counter = dhx->vparams->counter;
+               dhx->vparams->seed->data = NULL;
+               ASN1_BIT_STRING_free(dhx->vparams->seed);
+               OPENSSL_free(dhx->vparams);
+               dhx->vparams = NULL;
+               }
+
+       OPENSSL_free(dhx);
+       return dh;
+       }
+
+int    i2d_DHxparams(const DH *dh,unsigned char **pp)
+       {
+       int_dhx942_dh dhx;
+       int_dhvparams dhv;
+       ASN1_BIT_STRING bs;
+       dhx.p = dh->p;
+       dhx.g = dh->g;
+       dhx.q = dh->q;
+       dhx.j = dh->j;
+       if (dh->counter && dh->seed && dh->seedlen > 0)
+               {
+               bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
+               bs.data = dh->seed;
+               bs.length = dh->seedlen;
+               dhv.seed = &bs;
+               dhv.counter = dh->counter;
+               dhx.vparams = &dhv;
+               }
+       else
+               dhx.vparams = NULL;
+
+       return i2d_int_dhx(&dhx, pp);
+       }
index 5ae72b7d4cc271481279309140fb6b976fd365d3..58283132c757237a18563fd1aac173514da85921 100644 (file)
@@ -72,6 +72,7 @@ typedef struct
        int prime_len;
        int generator;
        int use_dsa;
        int prime_len;
        int generator;
        int use_dsa;
+       int rfc5114_param;
        /* Keygen callback info */
        int gentmp[2];
        /* message digest */
        /* Keygen callback info */
        int gentmp[2];
        /* message digest */
@@ -86,6 +87,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
        dctx->prime_len = 1024;
        dctx->generator = 2;
        dctx->use_dsa = 0;
        dctx->prime_len = 1024;
        dctx->generator = 2;
        dctx->use_dsa = 0;
+       dctx->rfc5114_param = 0;
 
        ctx->data = dctx;
        ctx->keygen_info = dctx->gentmp;
 
        ctx->data = dctx;
        ctx->keygen_info = dctx->gentmp;
@@ -104,6 +106,7 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
        dctx->prime_len = sctx->prime_len;
        dctx->generator = sctx->generator;
        dctx->use_dsa = sctx->use_dsa;
        dctx->prime_len = sctx->prime_len;
        dctx->generator = sctx->generator;
        dctx->use_dsa = sctx->use_dsa;
+       dctx->rfc5114_param = sctx->rfc5114_param;
        return 1;
        }
 
        return 1;
        }
 
@@ -129,6 +132,12 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                dctx->generator = p1;
                return 1;
 
                dctx->generator = p1;
                return 1;
 
+               case EVP_PKEY_CTRL_DH_RFC5114:
+               if (p1 < 1 || p1 > 3)
+                       return -2;
+               dctx->rfc5114_param = p1;
+               return 1;
+
                case EVP_PKEY_CTRL_PEER_KEY:
                /* Default behaviour is OK */
                return 1;
                case EVP_PKEY_CTRL_PEER_KEY:
                /* Default behaviour is OK */
                return 1;
@@ -149,6 +158,16 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
                len = atoi(value);
                return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
                }
                len = atoi(value);
                return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
                }
+       if (!strcmp(type, "dh_rfc5114"))
+               {
+               DH_PKEY_CTX *dctx = ctx->data;
+               int len;
+               len = atoi(value);
+               if (len < 0 || len > 3)
+                       return -2;
+               dctx->rfc5114_param = len;
+               return 1;
+               }
        if (!strcmp(type, "dh_paramgen_generator"))
                {
                int len;
        if (!strcmp(type, "dh_paramgen_generator"))
                {
                int len;
@@ -164,6 +183,29 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
        DH_PKEY_CTX *dctx = ctx->data;
        BN_GENCB *pcb, cb;
        int ret;
        DH_PKEY_CTX *dctx = ctx->data;
        BN_GENCB *pcb, cb;
        int ret;
+       if (dctx->rfc5114_param)
+               {
+               switch (dctx->rfc5114_param)
+                       {
+                       case 1:
+                       dh = DH_get_1024_160();
+                       break;
+
+                       case 2:
+                       dh = DH_get_2048_224();
+                       break;
+
+                       case 3:
+                       dh = DH_get_2048_256();
+                       break;
+       
+                       default:
+                       return -2;
+                       }
+               EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+               return 1;
+               }
+
        if (ctx->pkey_gencb)
                {
                pcb = &cb;
        if (ctx->pkey_gencb)
                {
                pcb = &cb;
@@ -194,7 +236,7 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
        dh = DH_new();
        if (!dh)
                return 0;
        dh = DH_new();
        if (!dh)
                return 0;
-       EVP_PKEY_assign_DH(pkey, dh);
+       EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
        /* Note: if error return, pkey is freed by parent routine */
        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
                return 0;
        /* Note: if error return, pkey is freed by parent routine */
        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
                return 0;
@@ -252,3 +294,39 @@ const EVP_PKEY_METHOD dh_pkey_meth =
        pkey_dh_ctrl_str
 
        };
        pkey_dh_ctrl_str
 
        };
+
+const EVP_PKEY_METHOD dhx_pkey_meth = 
+       {
+       EVP_PKEY_DHX,
+       EVP_PKEY_FLAG_AUTOARGLEN,
+       pkey_dh_init,
+       pkey_dh_copy,
+       pkey_dh_cleanup,
+
+       0,
+       pkey_dh_paramgen,
+
+       0,
+       pkey_dh_keygen,
+
+       0,
+       0,
+
+       0,
+       0,
+
+       0,0,
+
+       0,0,0,0,
+
+       0,0,
+
+       0,0,
+
+       0,
+       pkey_dh_derive,
+
+       pkey_dh_ctrl,
+       pkey_dh_ctrl_str
+
+       };
index fdadbd9614459844212a925f140dc819bb558714..03b82a810e89ef233e9a59731fd6ee27b85dfa47 100644 (file)
@@ -299,6 +299,7 @@ int test_builtin(BIO *out)
        unsigned char   digest[20], wrong_digest[20];
        unsigned char   *signature = NULL;
        unsigned char   *sig_ptr;
        unsigned char   digest[20], wrong_digest[20];
        unsigned char   *signature = NULL;
        unsigned char   *sig_ptr;
+       const unsigned char *csig_ptr;
        unsigned char   *raw_buf = NULL;
        unsigned int    sig_len, degree, r_len, s_len, bn_len, buf_len;
        int             nid, ret =  0;
        unsigned char   *raw_buf = NULL;
        unsigned int    sig_len, degree, r_len, s_len, bn_len, buf_len;
        int             nid, ret =  0;
@@ -440,8 +441,8 @@ int test_builtin(BIO *out)
                /* Modify a single byte of the signature: to ensure we don't
                 * garble the ASN1 structure, we read the raw signature and
                 * modify a byte in one of the bignums directly. */
                /* Modify a single byte of the signature: to ensure we don't
                 * garble the ASN1 structure, we read the raw signature and
                 * modify a byte in one of the bignums directly. */
-               sig_ptr = signature;
-               if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
+               csig_ptr = signature;
+               if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &csig_ptr, sig_len)) == NULL)
                        {
                        BIO_printf(out, " failed\n");
                        goto builtin_err;
                        {
                        BIO_printf(out, " failed\n");
                        goto builtin_err;
index de910ae7a08dfd6528af8332737e581fde38849e..7f57e6aa71ec17b03a9c4e85469d298a9986573d 100644 (file)
 #define EVP_PKEY_DSA3  NID_dsaWithSHA1
 #define EVP_PKEY_DSA4  NID_dsaWithSHA1_2
 #define EVP_PKEY_DH    NID_dhKeyAgreement
 #define EVP_PKEY_DSA3  NID_dsaWithSHA1
 #define EVP_PKEY_DSA4  NID_dsaWithSHA1_2
 #define EVP_PKEY_DH    NID_dhKeyAgreement
+#define EVP_PKEY_DHX   NID_dhpublicnumber
 #define EVP_PKEY_EC    NID_X9_62_id_ecPublicKey
 #define EVP_PKEY_HMAC  NID_hmac
 #define EVP_PKEY_CMAC  NID_cmac
 #define EVP_PKEY_EC    NID_X9_62_id_ecPublicKey
 #define EVP_PKEY_HMAC  NID_hmac
 #define EVP_PKEY_CMAC  NID_cmac
index acfa7b6f873d48fba49d22ea2a8b66b0530989cb..c64f907fdac037fa5e2ac4aaef150bead72b071d 100644 (file)
@@ -74,6 +74,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
 
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth;
 
 static const EVP_PKEY_METHOD *standard_methods[] =
        {
 
 static const EVP_PKEY_METHOD *standard_methods[] =
        {
@@ -90,7 +91,10 @@ static const EVP_PKEY_METHOD *standard_methods[] =
        &ec_pkey_meth,
 #endif
        &hmac_pkey_meth,
        &ec_pkey_meth,
 #endif
        &hmac_pkey_meth,
-       &cmac_pkey_meth
+       &cmac_pkey_meth,
+#ifndef OPENSSL_NO_DH
+       &dhx_pkey_meth
+#endif
        };
 
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
        };
 
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
index 7dd278f5b8bc9d9543817003b1edeea226701160..619461caf26ba41c9dacf66a97a3acde3654212d 100644 (file)
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 919
-#define NUM_SN 912
-#define NUM_LN 912
-#define NUM_OBJ 856
+#define NUM_NID 920
+#define NUM_SN 913
+#define NUM_LN 913
+#define NUM_OBJ 857
 
 
-static const unsigned char lvalues[5971]={
+static const unsigned char lvalues[5978]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -924,6 +924,7 @@ static const unsigned char lvalues[5971]={
 0x55,0x1D,0x25,0x00,                         /* [5948] OBJ_anyExtendedKeyUsage */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */
 0x55,0x1D,0x25,0x00,                         /* [5948] OBJ_anyExtendedKeyUsage */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */
+0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,          /* [5970] OBJ_dhpublicnumber */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2404,6 +2405,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
        NID_aes_192_cbc_hmac_sha1,0,NULL,0},
 {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
        NID_aes_256_cbc_hmac_sha1,0,NULL,0},
        NID_aes_192_cbc_hmac_sha1,0,NULL,0},
 {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
        NID_aes_256_cbc_hmac_sha1,0,NULL,0},
+{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5970]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -2672,6 +2674,7 @@ static const unsigned int sn_objs[NUM_SN]={
 107,   /* "description" */
 871,   /* "destinationIndicator" */
 28,    /* "dhKeyAgreement" */
 107,   /* "description" */
 871,   /* "destinationIndicator" */
 28,    /* "dhKeyAgreement" */
+919,   /* "dhpublicnumber" */
 382,   /* "directory" */
 887,   /* "distinguishedName" */
 892,   /* "dmdName" */
 382,   /* "directory" */
 887,   /* "distinguishedName" */
 892,   /* "dmdName" */
@@ -3455,6 +3458,7 @@ static const unsigned int ln_objs[NUM_LN]={
 85,    /* "X509v3 Subject Alternative Name" */
 769,   /* "X509v3 Subject Directory Attributes" */
 82,    /* "X509v3 Subject Key Identifier" */
 85,    /* "X509v3 Subject Alternative Name" */
 769,   /* "X509v3 Subject Directory Attributes" */
 82,    /* "X509v3 Subject Key Identifier" */
+919,   /* "X9.42 DH" */
 184,   /* "X9.57" */
 185,   /* "X9.57 CM ?" */
 478,   /* "aRecord" */
 184,   /* "X9.57" */
 185,   /* "X9.57 CM ?" */
 478,   /* "aRecord" */
@@ -4611,6 +4615,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 416,   /* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
 791,   /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
 792,   /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
 416,   /* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
 791,   /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
 792,   /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
+919,   /* OBJ_dhpublicnumber               1 2 840 10046 2 1 */
 258,   /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
 175,   /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 259,   /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
 258,   /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
 175,   /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 259,   /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
index 02fc4095aa8ba3f30bfcb8ef759b6bd931fd56dd..4372307094374226aa9b0e3019e9b48186e2df2c 100644 (file)
 #define LN_aes_256_cbc_hmac_sha1               "aes-256-cbc-hmac-sha1"
 #define NID_aes_256_cbc_hmac_sha1              918
 
 #define LN_aes_256_cbc_hmac_sha1               "aes-256-cbc-hmac-sha1"
 #define NID_aes_256_cbc_hmac_sha1              918
 
+#define SN_dhpublicnumber              "dhpublicnumber"
+#define LN_dhpublicnumber              "X9.42 DH"
+#define NID_dhpublicnumber             919
+#define OBJ_dhpublicnumber             OBJ_ISO_US,10046L,2L,1L
+
index a50aa577090208715296652c0fd118eb38c583b2..c40a8bfcc2f34de9d8bf3aaa04fba00b54aa3431 100644 (file)
@@ -916,3 +916,4 @@ rc4_hmac_md5                915
 aes_128_cbc_hmac_sha1          916
 aes_192_cbc_hmac_sha1          917
 aes_256_cbc_hmac_sha1          918
 aes_128_cbc_hmac_sha1          916
 aes_192_cbc_hmac_sha1          917
 aes_256_cbc_hmac_sha1          918
+dhpublicnumber         919
index 183806e39f98ff50740aa5478b3c45f64e6209e5..1923721710af2f5b4b7e8cffa984b1c729cc4c25 100644 (file)
@@ -1289,3 +1289,5 @@ kisa 1 6                : SEED-OFB      : seed-ofb
                        : AES-128-CBC-HMAC-SHA1         : aes-128-cbc-hmac-sha1
                        : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
                        : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1
                        : AES-128-CBC-HMAC-SHA1         : aes-128-cbc-hmac-sha1
                        : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
                        : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1
+
+ISO-US 10046 2 1       : dhpublicnumber                : X9.42 DH
index fb704975b74d927594b1725c55f9a0202a21b970..e09ce80c4c07f1ab0d29f221f6666aa8c07fe1bd 100644 (file)
@@ -129,6 +129,7 @@ extern "C" {
 #define PEM_STRING_PKCS8       "ENCRYPTED PRIVATE KEY"
 #define PEM_STRING_PKCS8INF    "PRIVATE KEY"
 #define PEM_STRING_DHPARAMS    "DH PARAMETERS"
 #define PEM_STRING_PKCS8       "ENCRYPTED PRIVATE KEY"
 #define PEM_STRING_PKCS8INF    "PRIVATE KEY"
 #define PEM_STRING_DHPARAMS    "DH PARAMETERS"
+#define PEM_STRING_DHXPARAMS   "X9.42 DH PARAMETERS"
 #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS   "DSA PARAMETERS"
 #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
 #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS   "DSA PARAMETERS"
 #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
@@ -503,6 +504,7 @@ DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
 #ifndef OPENSSL_NO_DH
 
 DECLARE_PEM_rw_const(DHparams, DH)
 #ifndef OPENSSL_NO_DH
 
 DECLARE_PEM_rw_const(DHparams, DH)
+DECLARE_PEM_write_const(DHxparams, DH)
 
 #endif
 
 
 #endif
 
index 3e7a6093ad82388a2f9a1c853b3c14f9ac869298..e09b24ad7a3af98860a01088435f7b7338844eef 100644 (file)
@@ -290,6 +290,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
 #ifndef OPENSSL_NO_DH
 
 IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 #ifndef OPENSSL_NO_DH
 
 IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
 
 #endif
 
 
 #endif