[openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Mon Dec 16 14:39:35 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 517f24130e83b9b3c2262758f34a7c09a7f63089 (commit)
via e6d06e11e9cea84e41b0b68f63dacb4d4db356cc (commit)
from 39d9123891845f203465dfda181f5c24b45756d1 (commit)
- Log -----------------------------------------------------------------
commit 517f24130e83b9b3c2262758f34a7c09a7f63089
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 9 12:03:02 2019 +0000
Test that EVP_PKEY_set1_DH() correctly identifies the DH type
Provide a test to check tat when we assign a DH object we know whether
we are dealing with PKCS#3 or X9.42 DH keys.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)
(cherry picked from commit e295de1d8433ed07092845cb6c56aa424ff35c6d)
commit e6d06e11e9cea84e41b0b68f63dacb4d4db356cc
Author: Matt Caswell <matt at openssl.org>
Date: Mon Dec 9 11:51:48 2019 +0000
Ensure EVP_PKEY_set1_DH detects X9.42 keys
OpenSSL supports both PKCS#3 and X9.42 DH keys. By default we use PKCS#3
keys. The function `EVP_PKEY_set1_DH` was assuming that the supplied DH
key was a PKCS#3 key. It should detect what type of key it is and assign
the correct type as appropriate.
Fixes #10592
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)
(cherry picked from commit 32c869ffaba67822602ea9fec611272ff8e8db58)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/p_lib.c | 4 +++-
test/evp_extra_test.c | 38 ++++++++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 451bc95eae..9f1a485a5b 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -540,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
{
- int ret = EVP_PKEY_assign_DH(pkey, key);
+ int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
+ int ret = EVP_PKEY_assign(pkey, type, key);
+
if (ret)
DH_up_ref(key);
return ret;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index b9caa30d2e..2ca78a921f 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -18,6 +18,7 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/kdf.h>
+#include <openssl/dh.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
@@ -1135,6 +1136,41 @@ static int test_decrypt_null_chunks(void)
}
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
+static int test_EVP_PKEY_set1_DH(void)
+{
+ DH *x942dh, *pkcs3dh;
+ EVP_PKEY *pkey1, *pkey2;
+ int ret = 0;
+
+ x942dh = DH_get_2048_256();
+ pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
+ pkey1 = EVP_PKEY_new();
+ pkey2 = EVP_PKEY_new();
+ if (!TEST_ptr(x942dh)
+ || !TEST_ptr(pkcs3dh)
+ || !TEST_ptr(pkey1)
+ || !TEST_ptr(pkey2))
+ goto err;
+
+ if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
+ || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
+ goto err;
+
+
+ if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
+ || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
+ goto err;
+
+ ret = 1;
+ err:
+ EVP_PKEY_free(pkey1);
+ EVP_PKEY_free(pkey2);
+ DH_free(x942dh);
+ DH_free(pkcs3dh);
+
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
@@ -1167,5 +1203,7 @@ int setup_tests(void)
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ADD_TEST(test_decrypt_null_chunks);
#endif
+ ADD_TEST(test_EVP_PKEY_set1_DH);
+
return 1;
}
More information about the openssl-commits
mailing list