From 6666a1818ac1d3e126bf632132f941e2aeb0e351 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Tue, 1 Sep 2015 10:04:05 +0200
Subject: [PATCH] Add DH::from_pem() to load DH parameters from a file

---
 openssl-sys/src/lib.rs    |  3 ++-
 openssl/src/dh/mod.rs     | 28 +++++++++++++++++++++++++++-
 openssl/test/dhparams.pem |  8 ++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 openssl/test/dhparams.pem

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 9b5fd744..c2c6157c 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -477,7 +477,8 @@ extern "C" {
     #[cfg_attr(target_os = "nacl", link_name = "HMAC_Update")]
     pub fn HMAC_Update_shim(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint) -> c_int;
 
-
+    pub fn PEM_read_bio_DHparams(bio: *mut BIO, out: *mut *mut DH, callback: Option<PasswordCallback>,
+                             user_data: *mut c_void) -> *mut DH;
     pub fn PEM_read_bio_X509(bio: *mut BIO, out: *mut *mut X509, callback: Option<PasswordCallback>,
                              user_data: *mut c_void) -> *mut X509;
     pub fn PEM_read_bio_X509_REQ(bio: *mut BIO, out: *mut *mut X509_REQ, callback: Option<PasswordCallback>,
diff --git a/openssl/src/dh/mod.rs b/openssl/src/dh/mod.rs
index cbf9d3ab..7be5dd04 100644
--- a/openssl/src/dh/mod.rs
+++ b/openssl/src/dh/mod.rs
@@ -1,5 +1,8 @@
 use ffi;
-use ssl::error::SslError;
+use std::io;
+use std::io::prelude::*;
+use ssl::error::{SslError, StreamError};
+use bio::MemBio;
 use bn::BigNum;
 use std::mem;
 use std::ptr;
@@ -18,6 +21,16 @@ impl DH {
         Ok(DH(dh))
     }
 
+    pub fn from_pem<R>(reader: &mut R) -> Result<DH, SslError> where R: Read {
+        let mut mem_bio = try!(MemBio::new());
+        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
+        let dh = unsafe {
+            ffi::PEM_read_bio_DHparams(mem_bio.get_handle(), ptr::null_mut(), None, ptr::null_mut())
+        };
+        try_ssl_null!(dh);
+        Ok(DH(dh))
+    }
+
     #[cfg(feature = "rfc5114")]
     pub fn get_1024_160() -> Result<DH, SslError> {
         let dh = unsafe { ffi::DH_get_1024_160() };
@@ -68,6 +81,8 @@ impl Drop for DH {
 
 #[cfg(test)]
 mod tests {
+    use std::fs::File;
+    use std::path::Path;
     use super::DH;
     use bn::BigNum;
     use ssl::SslContext;
@@ -94,4 +109,15 @@ mod tests {
         let dh = DH::from_params(p, g, q).unwrap();
         ctx.set_tmp_dh(dh).unwrap();
     }
+
+    #[test]
+    fn test_dh_from_pem() {
+        let ctx = SslContext::new(Sslv23).unwrap();
+        let pem_path = Path::new("test/dhparams.pem");
+        let mut file = File::open(&pem_path)
+            .ok()
+            .expect("Failed to open `test/dhparams.pem`");
+        let dh = DH::from_pem(&mut file).ok().expect("Failed to load PEM");
+        ctx.set_tmp_dh(dh).unwrap();
+    }
 }
diff --git a/openssl/test/dhparams.pem b/openssl/test/dhparams.pem
new file mode 100644
index 00000000..6e4d4c68
--- /dev/null
+++ b/openssl/test/dhparams.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAh3Betv+hf5jNsOmGXU8oxuABD2B8r0yU8FVgjnCZBSVo61qJ0A2d
+J6r8rYKbjtolnrZN/V4IPSzYvxurHbu8nbiFVyhOySPchI2Fu+YT/HsSe/0MH9bW
+gJTNzmutWoy9VxtWLCmXnOSZHep3MZ1ZNimno6Kh2qQ7VJr0+KF8GbxUKOPv4SqK
+NBwouIQXFc0pE9kGhcGKbr7TnHhyJFCRLNP1OVDQZbcoKjk1Vh+5sy7vM2VUTQmM
+yOToT2LEZVAUJXNumcYMki9MIwfYCwYZbNt0ZEolyHzUEesuyHfU1eJd6+sKEjUz
+5GteQIR7AehxZIS+cytu7BXO7B0owLJ2awIBAg==
+-----END DH PARAMETERS-----