diff options
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/dh_check.c | 28 | ||||
| -rw-r--r-- | crypto/dh/dh_gen.c | 8 | ||||
| -rw-r--r-- | crypto/dh/dh_key.c | 8 | ||||
| -rw-r--r-- | crypto/dh/dh_pmeth.c | 4 |
4 files changed, 20 insertions, 28 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index fc45577101d0..c7e1dbf4ac0f 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,8 @@ #include <openssl/bn.h> #include "dh_locl.h" +# define DH_NUMBER_ITERATIONS_FOR_PRIME 64 + /*- * Check that p and g are suitable enough * @@ -58,10 +60,8 @@ int DH_check_params(const DH *dh, int *ret) ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } @@ -127,7 +127,7 @@ int DH_check(const DH *dh, int *ret) if (!BN_is_one(t1)) *ret |= DH_NOT_SUITABLE_GENERATOR; } - r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); + r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); if (r < 0) goto err; if (!r) @@ -155,7 +155,7 @@ int DH_check(const DH *dh, int *ret) } else *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); + r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); if (r < 0) goto err; if (!r) @@ -163,7 +163,7 @@ int DH_check(const DH *dh, int *ret) else if (!dh->q) { if (!BN_rshift1(t1, dh->p)) goto err; - r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); + r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL); if (r < 0) goto err; if (!r) @@ -171,10 +171,8 @@ int DH_check(const DH *dh, int *ret) } ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } @@ -225,9 +223,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 59137e0f05aa..887fc4c3aede 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, ok = 0; } - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 4f85be7e49bd..99c00e5a05d1 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -205,10 +205,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) ret = BN_bn2bin(tmp, key); err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ret; } diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index cce2d9e26efc..568831f1c2a7 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -54,7 +54,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx) DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE); return 0; } - dctx->prime_len = 1024; + dctx->prime_len = 2048; dctx->subprime_len = -1; dctx->generator = 2; dctx->kdf_type = EVP_PKEY_DH_KDF_NONE; |