From 21fb7067228e39633755aeba251e925634e64870 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 4 Sep 2019 10:58:59 +0100 Subject: Enable DH "keys" which only contain domain parameters It is valid for a pub_key and priv_key to be missing from a DH "key". Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) --- crypto/dh/dh_ameth.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'crypto/dh/dh_ameth.c') diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 7b75bd1a1a..84f1f8b952 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -559,13 +559,12 @@ static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) OSSL_PARAM *params; void *provkey = NULL; - if (p == NULL || g == NULL || pub_key == NULL) + if (p == NULL || g == NULL) return NULL; ossl_param_bld_init(&tmpl); if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g) - || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) + || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g)) return NULL; if (q != NULL) { @@ -573,10 +572,20 @@ static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) return NULL; } - if (priv_key != NULL) { - if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, - priv_key)) + /* + * This may be used to pass domain parameters only without any key data - + * so "pub_key" is optional. We can never have a "priv_key" without a + * corresponding "pub_key" though. + */ + if (pub_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) return NULL; + + if (priv_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, + priv_key)) + return NULL; + } } params = ossl_param_bld_to_param(&tmpl); -- cgit v1.2.3