diff options
author | Matt Caswell <matt@openssl.org> | 2019-09-04 10:58:59 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-09-09 14:00:00 +0100 |
commit | 21fb7067228e39633755aeba251e925634e64870 (patch) | |
tree | bd632412508b9e64432922647bb0b97a9b92282f /crypto/dh | |
parent | 4f62f5d9af4fb4c7765859967ee39252e34ceeb9 (diff) | |
download | openssl-21fb7067228e39633755aeba251e925634e64870.zip openssl-21fb7067228e39633755aeba251e925634e64870.tar.gz openssl-21fb7067228e39633755aeba251e925634e64870.tar.bz2 |
Enable DH "keys" which only contain domain parameters
It is valid for a pub_key and priv_key to be missing from a DH "key".
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9753)
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_ameth.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 7b75bd1..84f1f8b 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -559,13 +559,12 @@ static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) OSSL_PARAM *params; void *provkey = NULL; - if (p == NULL || g == NULL || pub_key == NULL) + if (p == NULL || g == NULL) return NULL; ossl_param_bld_init(&tmpl); if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g) - || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) + || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g)) return NULL; if (q != NULL) { @@ -573,10 +572,20 @@ static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) return NULL; } - if (priv_key != NULL) { - if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, - priv_key)) + /* + * This may be used to pass domain parameters only without any key data - + * so "pub_key" is optional. We can never have a "priv_key" without a + * corresponding "pub_key" though. + */ + if (pub_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) return NULL; + + if (priv_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, + priv_key)) + return NULL; + } } params = ossl_param_bld_to_param(&tmpl); |