[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Mon Apr 3 19:10:19 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  133b9756e7357128954f28d4fcbb4db8b39d4f9a (commit)
       via  d0c50e80a8b773ceec27c7e60fae7ccf4947df78 (commit)
      from  8a4eee0b18cf5f927c528d6e7bd0470c1cb679cb (commit)


- Log -----------------------------------------------------------------
commit 133b9756e7357128954f28d4fcbb4db8b39d4f9a
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 3 12:42:58 2017 +0100

    Ensure dhparams can handle X9.42 params in DER
    
    dhparams correctly handles X9.42 params in PEM format. However it failed
    to correctly processes them when reading/writing DER format.
    
    Fixes #3102
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3111)
    (cherry picked from commit 18d20b5eb66fda0ada2e65c2b19aeae75827bdf8)

commit d0c50e80a8b773ceec27c7e60fae7ccf4947df78
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 3 12:41:04 2017 +0100

    Add missing macros for DHxparams
    
    DHparams has d2i_DHparams_fp, d2i_DHxparams_bio etc, but the equivalent
    macros for DHxparams were omitted.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3111)
    (cherry picked from commit ff79a24402108ba2cc313f52c745b69d473eb4b1)

-----------------------------------------------------------------------

Summary of changes:
 apps/dhparam.c       | 22 +++++++++++++++++-----
 include/openssl/dh.h | 29 +++++++++++++++++++++++------
 2 files changed, 40 insertions(+), 11 deletions(-)

diff --git a/apps/dhparam.c b/apps/dhparam.c
index 2223e1a..0616333 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -242,10 +242,19 @@ int dhparam_main(int argc, char **argv)
         } else
 # endif
         {
-            if (informat == FORMAT_ASN1)
+            if (informat == FORMAT_ASN1) {
+                /*
+                 * We have no PEM header to determine what type of DH params it
+                 * is. We'll just try both.
+                 */
                 dh = d2i_DHparams_bio(in, NULL);
-            else                /* informat == FORMAT_PEM */
+                /* BIO_reset() returns 0 for success for file BIOs only!!! */
+                if (dh == NULL && BIO_reset(in) == 0)
+                    dh = d2i_DHxparams_bio(in, NULL);
+            } else {
+                /* informat == FORMAT_PEM */
                 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+            }
 
             if (dh == NULL) {
                 BIO_printf(bio_err, "unable to load DH parameters\n");
@@ -340,9 +349,12 @@ int dhparam_main(int argc, char **argv)
     if (!noout) {
         const BIGNUM *q;
         DH_get0_pqg(dh, NULL, &q, NULL);
-        if (outformat == FORMAT_ASN1)
-            i = i2d_DHparams_bio(out, dh);
-        else if (q != NULL)
+        if (outformat == FORMAT_ASN1) {
+            if (q != NULL)
+                i = i2d_DHxparams_bio(out, dh);
+            else
+                i = i2d_DHparams_bio(out, dh);
+        } else if (q != NULL)
             i = PEM_write_bio_DHxparams(out, dh);
         else
             i = PEM_write_bio_DHparams(out, dh);
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 6d149bc..fbd4790 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -87,12 +87,29 @@ DECLARE_ASN1_ITEM(DHparams)
  */
 # define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
 
-# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
-                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
-# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
-                (unsigned char *)(x))
-# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
-# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+# define d2i_DHparams_fp(fp,x) \
+    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                      (char *(*)())d2i_DHparams, \
+                      (fp), \
+                      (unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) \
+    ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) \
+    ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
+# define i2d_DHparams_bio(bp,x) \
+    ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+
+# define d2i_DHxparams_fp(fp,x) \
+    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                      (char *(*)())d2i_DHxparams, \
+                      (fp), \
+                      (unsigned char **)(x))
+# define i2d_DHxparams_fp(fp,x) \
+    ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
+# define d2i_DHxparams_bio(bp,x) \
+    ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
+# define i2d_DHxparams_bio(bp,x) \
+    ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x)
 
 DH *DHparams_dup(DH *);
 


More information about the openssl-commits mailing list