Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533

* changes:
  Handle RDRAND failures.
  dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
  Fix for CVE-2015-1789.
  Fixes for CVE-2015-1791.

1 files changed, 19 insertions, 3 deletions

diff --git a/src/crypto/evp/p_dsa_asn1.c b/src/crypto/evp/p_dsa_asn1.c
index 0ac7da7..826d4e4 100644
--- a/src/crypto/evp/p_dsa_asn1.c
+++ b/src/crypto/evp/p_dsa_asn1.c
@@ -129,21 +129,37 @@ err:
 
 static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) {
   DSA *dsa;
-  void *pval = NULL;
+  ASN1_STRING *pval = NULL;
   uint8_t *penc = NULL;
   int penclen;
 
   dsa = pkey->pkey.dsa;
   dsa->write_params = 0;
 
-  penclen = i2d_DSAPublicKey(dsa, &penc);
+  int ptype;
+  if (dsa->p && dsa->q && dsa->g) {
+    pval = ASN1_STRING_new();
+    if (!pval) {
+      OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+    pval->length = i2d_DSAparams(dsa, &pval->data);
+    if (pval->length <= 0) {
+      OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+    ptype = V_ASN1_SEQUENCE;
+  } else {
+    ptype = V_ASN1_UNDEF;
+  }
 
+  penclen = i2d_DSAPublicKey(dsa, &penc);
   if (penclen <= 0) {
     OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE);
     goto err;
   }
 
-  if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), V_ASN1_UNDEF, pval,
+  if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval,
                              penc, penclen)) {
     return 1;
   }