From 702ba65b1c458c40e6fbf9496727135793129682 Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Mon, 27 Sep 2021 15:37:11 -0500
Subject: [PATCH 1/2] Add support for X9.42 header

---
 src/ssl.c                      | 9 +++++++++
 wolfcrypt/src/asn.c            | 7 +++++++
 wolfssl/wolfcrypt/asn_public.h | 1 +
 3 files changed, 17 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index cdbd8bb8b..60e1653b5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -16073,6 +16073,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                 FreeDer(&der);
                 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
                                NULL, NULL);
+                if (ret < 0) {
+                    /* Also try X9.42 format */
+                    ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, ctx->heap,
+                               NULL, NULL);
+                }
     #ifdef WOLFSSL_WPAS
         #ifndef NO_DSA
                 if (ret < 0) {
@@ -44834,6 +44839,10 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x,
     }
 
     ret = PemToDer(mem, size, DH_PARAM_TYPE, &der, NULL, NULL, NULL);
+    if (ret < 0) {
+        /* Also try X9.42 format */
+        ret = PemToDer(mem, size, X942_PARAM_TYPE, &der, NULL, NULL, NULL);
+    }
     if (ret != 0)
         goto end;
 
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index e33e17d2c..b80543310 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -18215,6 +18215,8 @@ wcchar END_CERT             = "-----END CERTIFICATE-----";
 #ifndef NO_DH
     wcchar BEGIN_DH_PARAM   = "-----BEGIN DH PARAMETERS-----";
     wcchar END_DH_PARAM     = "-----END DH PARAMETERS-----";
+    wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----";
+    wcchar END_X942_PARAM   = "-----END X9.42 DH PARAMETERS-----";
 #endif
 #ifndef NO_DSA
     wcchar BEGIN_DSA_PARAM  = "-----BEGIN DSA PARAMETERS-----";
@@ -18289,6 +18291,11 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
             if (footer) *footer = END_DH_PARAM;
             ret = 0;
             break;
+        case X942_PARAM_TYPE:
+            if (header) *header = BEGIN_X942_PARAM;
+            if (footer) *footer = END_X942_PARAM;
+            ret = 0;
+            break;
     #endif
     #ifndef NO_DSA
         case DSA_PARAM_TYPE:
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index f39272a8a..778ea65e1 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -133,6 +133,7 @@ enum CertType {
     PKCS8_ENC_PRIVATEKEY_TYPE,
     DETECT_CERT_TYPE,
     DH_PRIVATEKEY_TYPE,
+    X942_PARAM_TYPE,
 };
 
 

From 1440b8966d0bd3a8ec03adcd7a1022962d151bac Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Mon, 27 Sep 2021 16:16:57 -0500
Subject: [PATCH 2/2] Add test for X9.42 parsing

---
 certs/include.am     |  3 ++-
 certs/x942dh2048.pem | 14 ++++++++++++++
 tests/api.c          |  7 ++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 certs/x942dh2048.pem

diff --git a/certs/include.am b/certs/include.am
index 9625b5d32..7824d8e9f 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -59,7 +59,8 @@ EXTRA_DIST += \
 	     certs/csr.signed.der \
 	     certs/csr.ext.der \
 	     certs/entity-no-ca-bool-cert.pem \
-	     certs/entity-no-ca-bool-key.pem
+	     certs/entity-no-ca-bool-key.pem \
+	     certs/x942dh2048.pem
 
 EXTRA_DIST += \
 	     certs/ca-key.der \
diff --git a/certs/x942dh2048.pem b/certs/x942dh2048.pem
new file mode 100644
index 000000000..8887cb174
--- /dev/null
+++ b/certs/x942dh2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN X9.42 DH PARAMETERS-----
+MIICKQKCAQEArRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW
+26+aPEB7od8V6z1oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5
+S3rVt9C2wSIHyfmNEe002/bGugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF
+2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9WgdBWYfZrcCkhtzfk6zEQyg4cxXXXhmMZB
+pIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55djybU9z0uoCinj+3PBa451
+uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTwKCAQEArEAy708tmuOd8wtcj/2sUGze
+vnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3OddwDCn1LFfbF8YgqGUr5e
+kAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJk51U2nRgzbX2
+xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4rLcK
+gTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHh
+vP6UswJp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+gId
+AIAcDTTFjZP+mXF3EB+AU1pHOM68vziambNjces=
+-----END X9.42 DH PARAMETERS-----
diff --git a/tests/api.c b/tests/api.c
index a77bb55f6..d8a5f3dae 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -38907,8 +38907,13 @@ static void test_wolfSSL_PEM_read_DHparams(void)
     derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
     AssertIntEQ(derOutSz, derExpectedSz);
     AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
-    DH_free(dh);
 
+    /* Test parsing with X9.42 header */
+    fp = XFOPEN("./certs/x942dh2048.pem", "rb");
+    AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
+    XFCLOSE(fp);
+
+    DH_free(dh);
     printf(resultFmt, passed);
 #endif
 }