From 491734eb21c29807ff64fddf273f073b6bafb0b0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 7 Apr 2012 20:22:11 +0000 Subject: [PATCH] Initial experimental support for X9.42 DH parameter format to handle RFC5114 parameters and X9.42 DH public and private keys. (backport from HEAD) --- CHANGES | 4 ++ crypto/asn1/ameth_lib.c | 6 ++- crypto/dh/dh.h | 11 ++++ crypto/dh/dh_ameth.c | 98 ++++++++++++++++++++++++++++------ crypto/dh/dh_asn1.c | 105 +++++++++++++++++++++++++++++++++++++ crypto/dh/dh_pmeth.c | 80 +++++++++++++++++++++++++++- crypto/evp/evp.h | 1 + crypto/evp/pmeth_lib.c | 6 ++- crypto/objects/obj_dat.h | 15 ++++-- crypto/objects/obj_mac.h | 5 ++ crypto/objects/obj_mac.num | 1 + crypto/objects/objects.txt | 2 + crypto/pem/pem.h | 2 + crypto/pem/pem_all.c | 1 + 14 files changed, 313 insertions(+), 24 deletions(-) diff --git a/CHANGES b/CHANGES index 9632bb887b..b3df61c183 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] + *) Initial experimental support for X9.42 DH parameter format: mainly + to support use of 'q' parameter for RFC5114 parameters. + [Steve Henson] + *) Add DH parameters from RFC5114 including test data to dhtest. [Steve Henson] diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index a19e058fca..5fff226120 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -67,6 +67,7 @@ extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; @@ -92,7 +93,10 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = &eckey_asn1_meth, #endif &hmac_asn1_meth, - &cmac_asn1_meth + &cmac_asn1_meth, +#ifndef OPENSSL_NO_DH + &dhx_asn1_meth +#endif }; typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index c1440fb9b3..523d3464ac 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -215,6 +215,8 @@ int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); int i2d_DHparams(const DH *a,unsigned char **pp); +DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a,unsigned char **pp); #ifndef OPENSSL_NO_FP_API int DHparams_print_fp(FILE *fp, const DH *x); #endif @@ -237,8 +239,17 @@ DH *DH_get_2048_256(void); EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) +#define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +#define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + #define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) #define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) /* BEGIN ERROR CODES */ diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 02ec2d47b4..7d1254ecd8 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -63,6 +63,26 @@ #include #include "asn1_locl.h" +extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; + +/* i2d/d2i like DH parameter functions which use the appropriate routine + * for PKCS#3 DH or X9.42 DH. + */ + +static DH * d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, long length) + { + if (pkey->ameth == &dhx_asn1_meth) + return d2i_DHxparams(NULL, pp, length); + return d2i_DHparams(NULL, pp, length); + } + +static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp) + { + if (pkey->ameth == &dhx_asn1_meth) + return i2d_DHxparams(a, pp); + return i2d_DHparams(a, pp); + } + static void int_dh_free(EVP_PKEY *pkey) { DH_free(pkey->pkey.dh); @@ -94,7 +114,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) pm = pstr->data; pmlen = pstr->length; - if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + if (!(dh = d2i_dhp(pkey, &pm, pmlen))) { DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); goto err; @@ -114,7 +134,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) } ASN1_INTEGER_free(public_key); - EVP_PKEY_assign_DH(pkey, dh); + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); return 1; err: @@ -139,7 +159,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh=pkey->pkey.dh; str = ASN1_STRING_new(); - str->length = i2d_DHparams(dh, &str->data); + str->length = i2d_dhp(pkey, dh, &str->data); if (str->length <= 0) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); @@ -162,7 +182,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) goto err; } - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), ptype, pval, penc, penclen)) return 1; @@ -208,7 +228,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) pstr = pval; pm = pstr->data; pmlen = pstr->length; - if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + if (!(dh = d2i_dhp(pkey, &pm, pmlen))) goto decerr; /* We have parameters now set private key */ if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) @@ -220,7 +240,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (!DH_generate_key(dh)) goto dherr; - EVP_PKEY_assign_DH(pkey, dh); + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); ASN1_INTEGER_free(privkey); @@ -248,7 +268,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) goto err; } - params->length = i2d_DHparams(pkey->pkey.dh, ¶ms->data); + params->length = i2d_dhp(pkey, pkey->pkey.dh, ¶ms->data); if (params->length <= 0) { DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); @@ -269,7 +289,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) ASN1_INTEGER_free(prkey); - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, V_ASN1_SEQUENCE, params, dp, dplen)) goto err; @@ -299,18 +319,18 @@ static int dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { DH *dh; - if (!(dh = d2i_DHparams(NULL, pder, derlen))) + if (!(dh = d2i_dhp(pkey, pder, derlen))) { DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); return 0; } - EVP_PKEY_assign_DH(pkey, dh); + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); return 1; } static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) { - return i2d_DHparams(pkey->pkey.dh, pder); + return i2d_dhp(pkey, pkey->pkey.dh, pder); } static int do_dh_print(BIO *bp, const DH *x, int indent, @@ -347,11 +367,11 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, update_buflen(priv_key, &buf_len); if (ptype == 2) - ktype = "PKCS#3 DH Private-Key"; + ktype = "DH Private-Key"; else if (ptype == 1) - ktype = "PKCS#3 DH Public-Key"; + ktype = "DH Public-Key"; else - ktype = "PKCS#3 DH Parameters"; + ktype = "DH Parameters"; m= OPENSSL_malloc(buf_len+10); if (m == NULL) @@ -403,8 +423,12 @@ static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) || BN_cmp(a->pkey.dh->g,b->pkey.dh->g)) return 0; - else - return 1; + else if (a->ameth == &dhx_asn1_meth) + { + if (BN_cmp(a->pkey.dh->q,b->pkey.dh->q)) + return 0; + } + return 1; } static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) @@ -422,6 +446,15 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) if (to->pkey.dh->g != NULL) BN_free(to->pkey.dh->g); to->pkey.dh->g=a; + if (from->ameth == &dhx_asn1_meth) + { + a = BN_dup(from->pkey.dh->q); + if (!a) + return 0; + if (to->pkey.dh->q) + BN_free(to->pkey.dh->q); + to->pkey.dh->q = a; + } return 1; } @@ -499,3 +532,36 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = 0 }; +const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = + { + EVP_PKEY_DHX, + EVP_PKEY_DHX, + 0, + + "X9.42 DH", + "OpenSSL X9.42 DH method", + + dh_pub_decode, + dh_pub_encode, + dh_pub_cmp, + dh_public_print, + + dh_priv_decode, + dh_priv_encode, + dh_private_print, + + int_dh_size, + dh_bits, + + dh_param_decode, + dh_param_encode, + dh_missing_parameters, + dh_copy_parameters, + dh_cmp_parameters, + dh_param_print, + 0, + + int_dh_free, + 0 + }; + diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 0b4357d605..6de297f17e 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -91,3 +91,108 @@ DH *DHparams_dup(DH *dh) { return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh); } + +/* Internal only structures for handling X9.42 DH: this gets translated + * to or from a DH structure straight away. + */ + +typedef struct + { + ASN1_BIT_STRING *seed; + BIGNUM *counter; + } int_dhvparams; + +typedef struct + { + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + BIGNUM *j; + int_dhvparams *vparams; + } int_dhx942_dh; + +ASN1_SEQUENCE(DHvparams) = { + ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), + ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) +} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) + +ASN1_SEQUENCE(DHxparams) = { + ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), + ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM), + ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), + ASN1_OPT(int_dhx942_dh, j, BIGNUM), + ASN1_OPT(int_dhx942_dh, vparams, DHvparams), +} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) + +int_dhx942_dh * d2i_int_dhx(int_dhx942_dh **a, + const unsigned char **pp, long length); +int i2d_int_dhx(const int_dhx942_dh *a,unsigned char **pp); + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx) + +/* Application leve function: read in X9.42 DH parameters into DH structure */ + +DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length) + { + int_dhx942_dh *dhx = NULL; + DH *dh = NULL; + dh = DH_new(); + if (!dh) + return NULL; + dhx = d2i_int_dhx(NULL, pp, length); + if (!dhx) + { + DH_free(dh); + return NULL; + } + + if (a) + { + if (*a) + DH_free(*a); + *a = dh; + } + + dh->p = dhx->p; + dh->q = dhx->q; + dh->g = dhx->g; + dh->j = dhx->j; + + if (dhx->vparams) + { + dh->seed = dhx->vparams->seed->data; + dh->seedlen = dhx->vparams->seed->length; + dh->counter = dhx->vparams->counter; + dhx->vparams->seed->data = NULL; + ASN1_BIT_STRING_free(dhx->vparams->seed); + OPENSSL_free(dhx->vparams); + dhx->vparams = NULL; + } + + OPENSSL_free(dhx); + return dh; + } + +int i2d_DHxparams(const DH *dh,unsigned char **pp) + { + int_dhx942_dh dhx; + int_dhvparams dhv; + ASN1_BIT_STRING bs; + dhx.p = dh->p; + dhx.g = dh->g; + dhx.q = dh->q; + dhx.j = dh->j; + if (dh->counter && dh->seed && dh->seedlen > 0) + { + bs.flags = ASN1_STRING_FLAG_BITS_LEFT; + bs.data = dh->seed; + bs.length = dh->seedlen; + dhv.seed = &bs; + dhv.counter = dh->counter; + dhx.vparams = &dhv; + } + else + dhx.vparams = NULL; + + return i2d_int_dhx(&dhx, pp); + } diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 5ae72b7d4c..58283132c7 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -72,6 +72,7 @@ typedef struct int prime_len; int generator; int use_dsa; + int rfc5114_param; /* Keygen callback info */ int gentmp[2]; /* message digest */ @@ -86,6 +87,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx) dctx->prime_len = 1024; dctx->generator = 2; dctx->use_dsa = 0; + dctx->rfc5114_param = 0; ctx->data = dctx; ctx->keygen_info = dctx->gentmp; @@ -104,6 +106,7 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->prime_len = sctx->prime_len; dctx->generator = sctx->generator; dctx->use_dsa = sctx->use_dsa; + dctx->rfc5114_param = sctx->rfc5114_param; return 1; } @@ -129,6 +132,12 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->generator = p1; return 1; + case EVP_PKEY_CTRL_DH_RFC5114: + if (p1 < 1 || p1 > 3) + return -2; + dctx->rfc5114_param = p1; + return 1; + case EVP_PKEY_CTRL_PEER_KEY: /* Default behaviour is OK */ return 1; @@ -149,6 +158,16 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, len = atoi(value); return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); } + if (!strcmp(type, "dh_rfc5114")) + { + DH_PKEY_CTX *dctx = ctx->data; + int len; + len = atoi(value); + if (len < 0 || len > 3) + return -2; + dctx->rfc5114_param = len; + return 1; + } if (!strcmp(type, "dh_paramgen_generator")) { int len; @@ -164,6 +183,29 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) DH_PKEY_CTX *dctx = ctx->data; BN_GENCB *pcb, cb; int ret; + if (dctx->rfc5114_param) + { + switch (dctx->rfc5114_param) + { + case 1: + dh = DH_get_1024_160(); + break; + + case 2: + dh = DH_get_2048_224(); + break; + + case 3: + dh = DH_get_2048_256(); + break; + + default: + return -2; + } + EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); + return 1; + } + if (ctx->pkey_gencb) { pcb = &cb; @@ -194,7 +236,7 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) dh = DH_new(); if (!dh) return 0; - EVP_PKEY_assign_DH(pkey, dh); + EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); /* Note: if error return, pkey is freed by parent routine */ if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) return 0; @@ -252,3 +294,39 @@ const EVP_PKEY_METHOD dh_pkey_meth = pkey_dh_ctrl_str }; + +const EVP_PKEY_METHOD dhx_pkey_meth = + { + EVP_PKEY_DHX, + EVP_PKEY_FLAG_AUTOARGLEN, + pkey_dh_init, + pkey_dh_copy, + pkey_dh_cleanup, + + 0, + pkey_dh_paramgen, + + 0, + pkey_dh_keygen, + + 0, + 0, + + 0, + 0, + + 0,0, + + 0,0,0,0, + + 0,0, + + 0,0, + + 0, + pkey_dh_derive, + + pkey_dh_ctrl, + pkey_dh_ctrl_str + + }; diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 0d1b20a7d3..093cbdba5e 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -114,6 +114,7 @@ #define EVP_PKEY_DSA3 NID_dsaWithSHA1 #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_DHX NID_dhpublicnumber #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey #define EVP_PKEY_HMAC NID_hmac #define EVP_PKEY_CMAC NID_cmac diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index acfa7b6f87..c64f907fda 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -74,6 +74,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; +extern const EVP_PKEY_METHOD dhx_pkey_meth; static const EVP_PKEY_METHOD *standard_methods[] = { @@ -90,7 +91,10 @@ static const EVP_PKEY_METHOD *standard_methods[] = &ec_pkey_meth, #endif &hmac_pkey_meth, - &cmac_pkey_meth + &cmac_pkey_meth, +#ifndef OPENSSL_NO_DH + &dhx_pkey_meth +#endif }; DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index d404ad07c9..e3a7a3ff4f 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 920 -#define NUM_SN 913 -#define NUM_LN 913 -#define NUM_OBJ 857 +#define NUM_NID 921 +#define NUM_SN 914 +#define NUM_LN 914 +#define NUM_OBJ 858 -static const unsigned char lvalues[5980]={ +static const unsigned char lvalues[5987]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -925,6 +925,7 @@ static const unsigned char lvalues[5980]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5970] OBJ_rsaesOaep */ +0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5979] OBJ_dhpublicnumber */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2406,6 +2407,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1,0,NULL,0}, {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5970]),0}, +{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5979]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2675,6 +2677,7 @@ static const unsigned int sn_objs[NUM_SN]={ 107, /* "description" */ 871, /* "destinationIndicator" */ 28, /* "dhKeyAgreement" */ +920, /* "dhpublicnumber" */ 382, /* "directory" */ 887, /* "distinguishedName" */ 892, /* "dmdName" */ @@ -3458,6 +3461,7 @@ static const unsigned int ln_objs[NUM_LN]={ 85, /* "X509v3 Subject Alternative Name" */ 769, /* "X509v3 Subject Directory Attributes" */ 82, /* "X509v3 Subject Key Identifier" */ +920, /* "X9.42 DH" */ 184, /* "X9.57" */ 185, /* "X9.57 CM ?" */ 478, /* "aRecord" */ @@ -4615,6 +4619,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ 791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ 792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ +920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ 258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ 175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ 259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index b5ea7cdab4..8e0a72855e 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -4030,3 +4030,8 @@ #define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" #define NID_aes_256_cbc_hmac_sha1 918 +#define SN_dhpublicnumber "dhpublicnumber" +#define LN_dhpublicnumber "X9.42 DH" +#define NID_dhpublicnumber 920 +#define OBJ_dhpublicnumber OBJ_ISO_US,10046L,2L,1L + diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 1d0a7c802d..b274ebeae8 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1 916 aes_192_cbc_hmac_sha1 917 aes_256_cbc_hmac_sha1 918 rsaesOaep 919 +dhpublicnumber 920 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index d3bfad72a2..962375a8ee 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1290,3 +1290,5 @@ kisa 1 6 : SEED-OFB : seed-ofb : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1 : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 + +ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 8a6ababe3a..5872fcc1c5 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -129,6 +129,7 @@ extern "C" { #define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" #define PEM_STRING_PKCS8INF "PRIVATE KEY" #define PEM_STRING_DHPARAMS "DH PARAMETERS" +#define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS" #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" @@ -503,6 +504,7 @@ DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) #ifndef OPENSSL_NO_DH DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) #endif diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 3e7a6093ad..e09b24ad7a 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -290,6 +290,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, #ifndef OPENSSL_NO_DH IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) +IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) #endif -- 2.34.1