Initial experimental support for X9.42 DH parameter format to handle

RFC5114 parameters and X9.42 DH public and private keys. (backport from HEAD)
2012-04-07 20:22:11 +00:00 · 2012-04-07 20:22:11 +00:00 · 491734eb21
commit 491734eb21
parent 4e891a191d
14 changed files with 313 additions and 24 deletions
--- a/4
+++ b/4
@ -4,6 +4,10 @@
 Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]
  *) Initial experimental support for X9.42 DH parameter format: mainly
     to support use of 'q' parameter for RFC5114 parameters.
     [Steve Henson]
  *) Add DH parameters from RFC5114 including test data to dhtest.
     [Steve Henson]
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@ -67,6 +67,7 @@
 extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
@ -92,7 +93,10 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] =
 	&eckey_asn1_meth,
 #endif
 	&hmac_asn1_meth,
-	&cmac_asn1_meth
+	&cmac_asn1_meth,
 #ifndef OPENSSL_NO_DH
 	&dhx_asn1_meth
 #endif
 	};
 typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@ -215,6 +215,8 @@ int	DH_generate_key(DH *dh);
 int	DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
 DH *	d2i_DHparams(DH **a,const unsigned char **pp, long length);
 int	i2d_DHparams(const DH *a,unsigned char **pp);
 DH *	d2i_DHxparams(DH **a,const unsigned char **pp, long length);
 int	i2d_DHxparams(const DH *a,unsigned char **pp);
 #ifndef OPENSSL_NO_FP_API
 int	DHparams_print_fp(FILE *fp, const DH *x);
 #endif
@ -237,8 +239,17 @@ DH *DH_get_2048_256(void);
 	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
 			EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
 #define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
 	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
 			EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
 #define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
 	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
 			EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
 #define	EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN	(EVP_PKEY_ALG_CTRL + 1)
 #define	EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR	(EVP_PKEY_ALG_CTRL + 2)
 #define	EVP_PKEY_CTRL_DH_RFC5114		(EVP_PKEY_ALG_CTRL + 3)
 /* BEGIN ERROR CODES */
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@ -63,6 +63,26 @@
 #include <openssl/bn.h>
 #include "asn1_locl.h"
 extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
 /* i2d/d2i like DH parameter functions which use the appropriate routine
 * for PKCS#3 DH or X9.42 DH.
 */
 static DH * d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, long length)
 	{
 	if (pkey->ameth == &dhx_asn1_meth)
 		return d2i_DHxparams(NULL, pp, length);
 	return d2i_DHparams(NULL, pp, length);
 	}
 static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
 	{
 	if (pkey->ameth == &dhx_asn1_meth)
 		return i2d_DHxparams(a, pp);
 	return i2d_DHparams(a, pp);
 	}
 static void int_dh_free(EVP_PKEY *pkey)
 	{
 	DH_free(pkey->pkey.dh);
@ -94,7 +114,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 	pm = pstr->data;
 	pmlen = pstr->length;
-	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+	if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
 		{
 		DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
 		goto err;
@ -114,7 +134,7 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 		}
 	ASN1_INTEGER_free(public_key);
-	EVP_PKEY_assign_DH(pkey, dh);
+	EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
 	return 1;
 	err:
@ -139,7 +159,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 	dh=pkey->pkey.dh;
 	str = ASN1_STRING_new();
-	str->length = i2d_DHparams(dh, &str->data);
+	str->length = i2d_dhp(pkey, dh, &str->data);
 	if (str->length <= 0)
 		{
 		DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
@ -162,7 +182,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 		goto err;
 		}
-	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
+	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
 				ptype, pval, penc, penclen))
 		return 1;
@ -208,7 +228,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
 	pstr = pval;	
 	pm = pstr->data;
 	pmlen = pstr->length;
-	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+	if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
 		goto decerr;
 	/* We have parameters now set private key */
 	if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
@ -220,7 +240,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
 	if (!DH_generate_key(dh))
 		goto dherr;
-	EVP_PKEY_assign_DH(pkey, dh);
+	EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
 	ASN1_INTEGER_free(privkey);
@ -248,7 +268,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 		goto err;
 		}
-	params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
+	params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
 	if (params->length <= 0)
 		{
 		DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
@ -269,7 +289,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 	ASN1_INTEGER_free(prkey);
-	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
+	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
 				V_ASN1_SEQUENCE, params, dp, dplen))
 		goto err;
@ -299,18 +319,18 @@ static int dh_param_decode(EVP_PKEY *pkey,
 					const unsigned char **pder, int derlen)
 	{
 	DH *dh;
-	if (!(dh = d2i_DHparams(NULL, pder, derlen)))
+	if (!(dh = d2i_dhp(pkey, pder, derlen)))
 		{
 		DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
 		return 0;
 		}
-	EVP_PKEY_assign_DH(pkey, dh);
+	EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
 	return 1;
 	}
 static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
 	{
-	return i2d_DHparams(pkey->pkey.dh, pder);
+	return i2d_dhp(pkey, pkey->pkey.dh, pder);
 	}
 static int do_dh_print(BIO *bp, const DH *x, int indent,
@ -347,11 +367,11 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
 	update_buflen(priv_key, &buf_len);
 	if (ptype == 2)
-		ktype = "PKCS#3 DH Private-Key";
+		ktype = "DH Private-Key";
 	else if (ptype == 1)
-		ktype = "PKCS#3 DH Public-Key";
+		ktype = "DH Public-Key";
 	else
-		ktype = "PKCS#3 DH Parameters";
+		ktype = "DH Parameters";
 	m= OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
@ -403,8 +423,12 @@ static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 	if (	BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
 		BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
 		return 0;
-	else
+	else if (a->ameth == &dhx_asn1_meth)
-		return 1;
+		{
 		if (BN_cmp(a->pkey.dh->q,b->pkey.dh->q))
 			return 0;
 		}
 	return 1;
 	}
 static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
@ -422,6 +446,15 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 	if (to->pkey.dh->g != NULL)
 		BN_free(to->pkey.dh->g);
 	to->pkey.dh->g=a;
 	if (from->ameth == &dhx_asn1_meth)
 		{
 		a = BN_dup(from->pkey.dh->q);
 		if (!a)
 			return 0;
 		if (to->pkey.dh->q)
 			BN_free(to->pkey.dh->q);
 		to->pkey.dh->q = a;
 		}
 	return 1;
 	}
@ -499,3 +532,36 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
 	0
 	};
 const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = 
 	{
 	EVP_PKEY_DHX,
 	EVP_PKEY_DHX,
 	0,
 	"X9.42 DH",
 	"OpenSSL X9.42 DH method",
 	dh_pub_decode,
 	dh_pub_encode,
 	dh_pub_cmp,
 	dh_public_print,
 	dh_priv_decode,
 	dh_priv_encode,
 	dh_private_print,
 	int_dh_size,
 	dh_bits,
 	dh_param_decode,
 	dh_param_encode,
 	dh_missing_parameters,
 	dh_copy_parameters,
 	dh_cmp_parameters,
 	dh_param_print,
 	0,
 	int_dh_free,
 	0
 	};
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@ -91,3 +91,108 @@ DH *DHparams_dup(DH *dh)
 	{
 	return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
 	}
 /* Internal only structures for handling X9.42 DH: this gets translated
 * to or from a DH structure straight away.
 */
 typedef struct
 	{
 	ASN1_BIT_STRING *seed;
 	BIGNUM *counter;
 	} int_dhvparams;
 typedef struct 
 	{
 	BIGNUM *p;
 	BIGNUM *q;
 	BIGNUM *g;
 	BIGNUM *j;
 	int_dhvparams *vparams;
 	} int_dhx942_dh;
 ASN1_SEQUENCE(DHvparams) = {
 	ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
 	ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
 } ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
 ASN1_SEQUENCE(DHxparams) = {
 	ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
 	ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
 	ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
 	ASN1_OPT(int_dhx942_dh, j, BIGNUM),
 	ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
 } ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
 int_dhx942_dh *	d2i_int_dhx(int_dhx942_dh **a,
 				const unsigned char **pp, long length);
 int	i2d_int_dhx(const int_dhx942_dh *a,unsigned char **pp);
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
 /* Application leve function: read in X9.42 DH parameters into DH structure */
 DH *	d2i_DHxparams(DH **a,const unsigned char **pp, long length)
 	{
 	int_dhx942_dh *dhx = NULL;
 	DH *dh = NULL;
 	dh = DH_new();
 	if (!dh)
 		return NULL;
 	dhx = d2i_int_dhx(NULL, pp, length);
 	if (!dhx)
 		{
 		DH_free(dh);
 		return NULL;
 		}
 	if (a)
 		{
 		if (*a)
 			DH_free(*a);
 		*a = dh;
 		}
 	dh->p = dhx->p;
 	dh->q = dhx->q;
 	dh->g = dhx->g;
 	dh->j = dhx->j;
 	if (dhx->vparams)
 		{
 		dh->seed = dhx->vparams->seed->data;
 		dh->seedlen = dhx->vparams->seed->length;
 		dh->counter = dhx->vparams->counter;
 		dhx->vparams->seed->data = NULL;
 		ASN1_BIT_STRING_free(dhx->vparams->seed);
 		OPENSSL_free(dhx->vparams);
 		dhx->vparams = NULL;
 		}
 	OPENSSL_free(dhx);
 	return dh;
 	}
 int	i2d_DHxparams(const DH *dh,unsigned char **pp)
 	{
 	int_dhx942_dh dhx;
 	int_dhvparams dhv;
 	ASN1_BIT_STRING bs;
 	dhx.p = dh->p;
 	dhx.g = dh->g;
 	dhx.q = dh->q;
 	dhx.j = dh->j;
 	if (dh->counter && dh->seed && dh->seedlen > 0)
 		{
 		bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
 		bs.data = dh->seed;
 		bs.length = dh->seedlen;
 		dhv.seed = &bs;
 		dhv.counter = dh->counter;
 		dhx.vparams = &dhv;
 		}
 	else
 		dhx.vparams = NULL;
 	return i2d_int_dhx(&dhx, pp);
 	}
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@ -72,6 +72,7 @@ typedef struct
 	int prime_len;
 	int generator;
 	int use_dsa;
 	int rfc5114_param;
 	/* Keygen callback info */
 	int gentmp[2];
 	/* message digest */
@ -86,6 +87,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
 	dctx->prime_len = 1024;
 	dctx->generator = 2;
 	dctx->use_dsa = 0;
 	dctx->rfc5114_param = 0;
 	ctx->data = dctx;
 	ctx->keygen_info = dctx->gentmp;
@ -104,6 +106,7 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 	dctx->prime_len = sctx->prime_len;
 	dctx->generator = sctx->generator;
 	dctx->use_dsa = sctx->use_dsa;
 	dctx->rfc5114_param = sctx->rfc5114_param;
 	return 1;
 	}
@ -129,6 +132,12 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		dctx->generator = p1;
 		return 1;
 		case EVP_PKEY_CTRL_DH_RFC5114:
 		if (p1 < 1 || p1 > 3)
 			return -2;
 		dctx->rfc5114_param = p1;
 		return 1;
 		case EVP_PKEY_CTRL_PEER_KEY:
 		/* Default behaviour is OK */
 		return 1;
@ -149,6 +158,16 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
 		len = atoi(value);
 		return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
 		}
 	if (!strcmp(type, "dh_rfc5114"))
 		{
 		DH_PKEY_CTX *dctx = ctx->data;
 		int len;
 		len = atoi(value);
 		if (len < 0 || len > 3)
 			return -2;
 		dctx->rfc5114_param = len;
 		return 1;
 		}
 	if (!strcmp(type, "dh_paramgen_generator"))
 		{
 		int len;
@ -164,6 +183,29 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 	DH_PKEY_CTX *dctx = ctx->data;
 	BN_GENCB *pcb, cb;
 	int ret;
 	if (dctx->rfc5114_param)
 		{
 		switch (dctx->rfc5114_param)
 			{
 			case 1:
 			dh = DH_get_1024_160();
 			break;
 			case 2:
 			dh = DH_get_2048_224();
 			break;
 			case 3:
 			dh = DH_get_2048_256();
 			break;
 			default:
 			return -2;
 			}
 		EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
 		return 1;
 		}
 	if (ctx->pkey_gencb)
 		{
 		pcb = &cb;
@ -194,7 +236,7 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 	dh = DH_new();
 	if (!dh)
 		return 0;
-	EVP_PKEY_assign_DH(pkey, dh);
+	EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
 	/* Note: if error return, pkey is freed by parent routine */
 	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
 		return 0;
@ -252,3 +294,39 @@ const EVP_PKEY_METHOD dh_pkey_meth =
 	pkey_dh_ctrl_str
 	};
 const EVP_PKEY_METHOD dhx_pkey_meth = 
 	{
 	EVP_PKEY_DHX,
 	EVP_PKEY_FLAG_AUTOARGLEN,
 	pkey_dh_init,
 	pkey_dh_copy,
 	pkey_dh_cleanup,
 	0,
 	pkey_dh_paramgen,
 	0,
 	pkey_dh_keygen,
 	0,
 	0,
 	0,
 	0,
 	0,0,
 	0,0,0,0,
 	0,0,
 	0,0,
 	0,
 	pkey_dh_derive,
 	pkey_dh_ctrl,
 	pkey_dh_ctrl_str
 	};
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@ -114,6 +114,7 @@
 #define EVP_PKEY_DSA3	NID_dsaWithSHA1
 #define EVP_PKEY_DSA4	NID_dsaWithSHA1_2
 #define EVP_PKEY_DH	NID_dhKeyAgreement
 #define EVP_PKEY_DHX	NID_dhpublicnumber
 #define EVP_PKEY_EC	NID_X9_62_id_ecPublicKey
 #define EVP_PKEY_HMAC	NID_hmac
 #define EVP_PKEY_CMAC	NID_cmac
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@ -74,6 +74,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
 extern const EVP_PKEY_METHOD dhx_pkey_meth;
 static const EVP_PKEY_METHOD *standard_methods[] =
 	{
@ -90,7 +91,10 @@ static const EVP_PKEY_METHOD *standard_methods[] =
 	&ec_pkey_meth,
 #endif
 	&hmac_pkey_meth,
-	&cmac_pkey_meth
+	&cmac_pkey_meth,
 #ifndef OPENSSL_NO_DH
 	&dhx_pkey_meth
 #endif
 	};
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@ -62,12 +62,12 @@
 * [including the GNU Public Licence.]
 */
-#define NUM_NID 920
+#define NUM_NID 921
-#define NUM_SN 913
+#define NUM_SN 914
-#define NUM_LN 913
+#define NUM_LN 914
-#define NUM_OBJ 857
+#define NUM_OBJ 858
-static const unsigned char lvalues[5980]={
+static const unsigned char lvalues[5987]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@ -925,6 +925,7 @@ static const unsigned char lvalues[5980]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5970] OBJ_rsaesOaep */
 0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,          /* [5979] OBJ_dhpublicnumber */
 };
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@ -2406,6 +2407,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
 	NID_aes_256_cbc_hmac_sha1,0,NULL,0},
 {"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5970]),0},
 {"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5979]),0},
 };
 static const unsigned int sn_objs[NUM_SN]={
@ -2675,6 +2677,7 @@ static const unsigned int sn_objs[NUM_SN]={
 107,	/* "description" */
 871,	/* "destinationIndicator" */
 28,	/* "dhKeyAgreement" */
 920,	/* "dhpublicnumber" */
 382,	/* "directory" */
 887,	/* "distinguishedName" */
 892,	/* "dmdName" */
@ -3458,6 +3461,7 @@ static const unsigned int ln_objs[NUM_LN]={
 85,	/* "X509v3 Subject Alternative Name" */
 769,	/* "X509v3 Subject Directory Attributes" */
 82,	/* "X509v3 Subject Key Identifier" */
 920,	/* "X9.42 DH" */
 184,	/* "X9.57" */
 185,	/* "X9.57 CM ?" */
 478,	/* "aRecord" */
@ -4615,6 +4619,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 416,	/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
 791,	/* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
 792,	/* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
 920,	/* OBJ_dhpublicnumber               1 2 840 10046 2 1 */
 258,	/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
 175,	/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 259,	/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@ -4030,3 +4030,8 @@
 #define LN_aes_256_cbc_hmac_sha1		"aes-256-cbc-hmac-sha1"
 #define NID_aes_256_cbc_hmac_sha1		918
 #define SN_dhpublicnumber		"dhpublicnumber"
 #define LN_dhpublicnumber		"X9.42 DH"
 #define NID_dhpublicnumber		920
 #define OBJ_dhpublicnumber		OBJ_ISO_US,10046L,2L,1L
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@ -917,3 +917,4 @@ aes_128_cbc_hmac_sha1		916
 aes_192_cbc_hmac_sha1		917
 aes_256_cbc_hmac_sha1		918
 rsaesOaep		919
 dhpublicnumber		920
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@ -1290,3 +1290,5 @@ kisa 1 6                : SEED-OFB      : seed-ofb
 			: AES-128-CBC-HMAC-SHA1		: aes-128-cbc-hmac-sha1
 			: AES-192-CBC-HMAC-SHA1		: aes-192-cbc-hmac-sha1
 			: AES-256-CBC-HMAC-SHA1		: aes-256-cbc-hmac-sha1
 ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@ -129,6 +129,7 @@ extern "C" {
 #define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"
 #define PEM_STRING_PKCS8INF	"PRIVATE KEY"
 #define PEM_STRING_DHPARAMS	"DH PARAMETERS"
 #define PEM_STRING_DHXPARAMS	"X9.42 DH PARAMETERS"
 #define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
 #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
@ -503,6 +504,7 @@ DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
 #ifndef OPENSSL_NO_DH
 DECLARE_PEM_rw_const(DHparams, DH)
 DECLARE_PEM_write_const(DHxparams, DH)
 #endif
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@ -290,6 +290,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
 #ifndef OPENSSL_NO_DH
 IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
 #endif