[openssl] master update
Matt Caswell
matt at openssl.org
Mon Dec 16 14:32:53 UTC 2019
The branch master has been updated
via e295de1d8433ed07092845cb6c56aa424ff35c6d (commit)
via 32c869ffaba67822602ea9fec611272ff8e8db58 (commit)
from 1aeec3dbc2d62f902698b1eba9ed31cbd436f9dc (commit)
- Log -----------------------------------------------------------------
commit e295de1d8433ed07092845cb6c56aa424ff35c6d
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 9 12:03:02 2019 +0000
Test that EVP_PKEY_set1_DH() correctly identifies the DH type
Provide a test to check tat when we assign a DH object we know whether
we are dealing with PKCS#3 or X9.42 DH keys.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)
commit 32c869ffaba67822602ea9fec611272ff8e8db58
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 9 11:51:48 2019 +0000
Ensure EVP_PKEY_set1_DH detects X9.42 keys
OpenSSL supports both PKCS#3 and X9.42 DH keys. By default we use PKCS#3
keys. The function `EVP_PKEY_set1_DH` was assuming that the supplied DH
key was a PKCS#3 key. It should detect what type of key it is and assign
the correct type as appropriate.
Fixes #10592
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/p_lib.c | 4 +++-
test/evp_extra_test.c | 38 ++++++++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 8e6682fff4..99d6063e3e 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -569,7 +569,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
{
- int ret = EVP_PKEY_assign_DH(pkey, key);
+ int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
+ int ret = EVP_PKEY_assign(pkey, type, key);
+
if (ret)
DH_up_ref(key);
return ret;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index ce487049f3..93680796ea 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -22,6 +22,7 @@
#include <openssl/provider.h>
#include <openssl/core_names.h>
#include <openssl/dsa.h>
+#include <openssl/dh.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
@@ -1412,6 +1413,41 @@ static int test_decrypt_null_chunks(void)
}
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
+static int test_EVP_PKEY_set1_DH(void)
+{
+ DH *x942dh, *pkcs3dh;
+ EVP_PKEY *pkey1, *pkey2;
+ int ret = 0;
+
+ x942dh = DH_get_2048_256();
+ pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
+ pkey1 = EVP_PKEY_new();
+ pkey2 = EVP_PKEY_new();
+ if (!TEST_ptr(x942dh)
+ || !TEST_ptr(pkcs3dh)
+ || !TEST_ptr(pkey1)
+ || !TEST_ptr(pkey2))
+ goto err;
+
+ if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
+ || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
+ goto err;
+
+
+ if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
+ || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
+ goto err;
+
+ ret = 1;
+ err:
+ EVP_PKEY_free(pkey1);
+ EVP_PKEY_free(pkey2);
+ DH_free(x942dh);
+ DH_free(pkcs3dh);
+
+ return ret;
+}
+
int setup_tests(void)
{
ADD_ALL_TESTS(test_EVP_DigestSignInit, 4);
@@ -1447,5 +1483,7 @@ int setup_tests(void)
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ADD_TEST(test_decrypt_null_chunks);
#endif
+ ADD_TEST(test_EVP_PKEY_set1_DH);
+
return 1;
}
More information about the openssl-commits
mailing list