diff options
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/dh.h | 286 | ||||
| -rw-r--r-- | crypto/dh/dh_asn1.c | 34 | ||||
| -rw-r--r-- | crypto/dh/dh_check.c | 143 | ||||
| -rw-r--r-- | crypto/dh/dh_depr.c | 29 | ||||
| -rw-r--r-- | crypto/dh/dh_err.c | 66 | ||||
| -rw-r--r-- | crypto/dh/dh_gen.c | 190 | ||||
| -rw-r--r-- | crypto/dh/dh_key.c | 317 | ||||
| -rw-r--r-- | crypto/dh/dh_lib.c | 290 | ||||
| -rw-r--r-- | crypto/dh/dhtest.c | 303 | ||||
| -rw-r--r-- | crypto/dh/p1024.c | 62 | ||||
| -rw-r--r-- | crypto/dh/p192.c | 38 | ||||
| -rw-r--r-- | crypto/dh/p512.c | 48 |
12 files changed, 920 insertions, 886 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 10475ac4b3c3..10d9f78741ac 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,36 +57,39 @@ */ #ifndef HEADER_DH_H -#define HEADER_DH_H +# define HEADER_DH_H -#include <openssl/e_os2.h> +# include <openssl/e_os2.h> -#ifdef OPENSSL_NO_DH -#error DH is disabled. -#endif +# ifdef OPENSSL_NO_DH +# error DH is disabled. +# endif -#ifndef OPENSSL_NO_BIO -#include <openssl/bio.h> -#endif -#include <openssl/ossl_typ.h> -#ifndef OPENSSL_NO_DEPRECATED -#include <openssl/bn.h> -#endif - -#ifndef OPENSSL_DH_MAX_MODULUS_BITS -# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -#endif +# ifndef OPENSSL_NO_BIO +# include <openssl/bio.h> +# endif +# include <openssl/ossl_typ.h> +# ifndef OPENSSL_NO_DEPRECATED +# include <openssl/bn.h> +# endif + +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif -#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -#define DH_FLAG_CACHE_MONT_P 0x01 -#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. - */ +# define DH_FLAG_CACHE_MONT_P 0x01 + +/* + * new with 0.9.7h; the built-in DH + * implementation now uses constant time + * modular exponentiation for secret exponents + * by default. This flag causes the + * faster variable sliding window method to + * be used for all exponents. + */ +# define DH_FLAG_NO_EXP_CONSTTIME 0x02 #ifdef __cplusplus extern "C" { @@ -96,124 +99,127 @@ extern "C" { /* typedef struct dh_st DH; */ /* typedef struct dh_method DH_METHOD; */ -struct dh_method - { - const char *name; - /* Methods here */ - int (*generate_key)(DH *dh); - int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); - int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - - int (*init)(DH *dh); - int (*finish)(DH *dh); - int flags; - char *app_data; - /* If this is non-NULL, it will be used to generate parameters */ - int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); - }; - -struct dh_st - { - /* This first argument is used to pick up errors when - * a DH is passed instead of a EVP_PKEY */ - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - long length; /* optional */ - BIGNUM *pub_key; /* g^x */ - BIGNUM *priv_key; /* x */ - - int flags; - BN_MONT_CTX *method_mont_p; - /* Place holders if we want to do X9.42 DH */ - BIGNUM *q; - BIGNUM *j; - unsigned char *seed; - int seedlen; - BIGNUM *counter; - - int references; - CRYPTO_EX_DATA ex_data; - const DH_METHOD *meth; - ENGINE *engine; - }; - -#define DH_GENERATOR_2 2 -/* #define DH_GENERATOR_3 3 */ -#define DH_GENERATOR_5 5 +struct dh_method { + const char *name; + /* Methods here */ + int (*generate_key) (DH *dh); + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); + /* Can be null */ + int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + int (*init) (DH *dh); + int (*finish) (DH *dh); + int flags; + char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params) (DH *dh, int prime_len, int generator, + BN_GENCB *cb); +}; + +struct dh_st { + /* + * This first argument is used to pick up errors when a DH is passed + * instead of a EVP_PKEY + */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; /* optional */ + BIGNUM *pub_key; /* g^x */ + BIGNUM *priv_key; /* x */ + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + int references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +# define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_5 5 /* DH_check error codes */ -#define DH_CHECK_P_NOT_PRIME 0x01 -#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 -#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 -#define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 /* DH_check_pub_key error codes */ -#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 -#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 -/* primes p where (p-1)/2 is prime too are called "safe"; we define - this for backward compatibility: */ -#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) -#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ - (unsigned char *)(x)) -#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) +# define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) +# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ + (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) +# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) const DH_METHOD *DH_OpenSSL(void); -#ifdef OPENSSL_FIPS -DH * FIPS_dh_new(void); -void FIPS_dh_free(DH *dh); -#endif +# ifdef OPENSSL_FIPS +DH *FIPS_dh_new(void); +void FIPS_dh_free(DH *dh); +# endif void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); int DH_set_method(DH *dh, const DH_METHOD *meth); DH *DH_new_method(ENGINE *engine); -DH * DH_new(void); -void DH_free(DH *dh); -int DH_up_ref(DH *dh); -int DH_size(const DH *dh); +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_size(const DH *dh); int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); /* Deprecated version */ -#ifndef OPENSSL_NO_DEPRECATED -DH * DH_generate_parameters(int prime_len,int generator, - void (*callback)(int,int,void *),void *cb_arg); -#endif /* !defined(OPENSSL_NO_DEPRECATED) */ +# ifndef OPENSSL_NO_DEPRECATED +DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, void *), void *cb_arg); +# endif /* !defined(OPENSSL_NO_DEPRECATED) */ /* New version */ -int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); - -int DH_check(const DH *dh,int *codes); -int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); -int DH_generate_key(DH *dh); -int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); -DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); -int i2d_DHparams(const DH *a,unsigned char **pp); -#ifndef OPENSSL_NO_FP_API -int DHparams_print_fp(FILE *fp, const DH *x); -#endif -#ifndef OPENSSL_NO_BIO -int DHparams_print(BIO *bp, const DH *x); -#else -int DHparams_print(char *bp, const DH *x); -#endif +int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +int DH_check(const DH *dh, int *codes); +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); +int i2d_DHparams(const DH *a, unsigned char **pp); +# ifndef OPENSSL_NO_FP_API +int DHparams_print_fp(FILE *fp, const DH *x); +# endif +# ifndef OPENSSL_NO_BIO +int DHparams_print(BIO *bp, const DH *x); +# else +int DHparams_print(char *bp, const DH *x); +# endif /* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_DH_strings(void); @@ -221,23 +227,23 @@ void ERR_load_DH_strings(void); /* Error codes for the DH functions. */ /* Function codes. */ -#define DH_F_COMPUTE_KEY 102 -#define DH_F_DHPARAMS_PRINT 100 -#define DH_F_DHPARAMS_PRINT_FP 101 -#define DH_F_DH_BUILTIN_GENPARAMS 106 -#define DH_F_DH_COMPUTE_KEY 107 -#define DH_F_DH_GENERATE_KEY 108 -#define DH_F_DH_GENERATE_PARAMETERS 109 -#define DH_F_DH_NEW_METHOD 105 -#define DH_F_GENERATE_KEY 103 -#define DH_F_GENERATE_PARAMETERS 104 +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT 100 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_COMPUTE_KEY 107 +# define DH_F_DH_GENERATE_KEY 108 +# define DH_F_DH_GENERATE_PARAMETERS 109 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_GENERATE_KEY 103 +# define DH_F_GENERATE_PARAMETERS 104 /* Reason codes. */ -#define DH_R_BAD_GENERATOR 101 -#define DH_R_INVALID_PUBKEY 102 -#define DH_R_KEY_SIZE_TOO_SMALL 104 -#define DH_R_MODULUS_TOO_LARGE 103 -#define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_BAD_GENERATOR 101 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KEY_SIZE_TOO_SMALL 104 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NO_PRIVATE_VALUE 100 #ifdef __cplusplus } diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 76740af2bd16..d534986abda9 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -1,6 +1,7 @@ /* dh_asn1.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2000. */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,22 +67,23 @@ /* Override the default free and new methods */ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) { - if(operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)DH_new(); - if(*pval) return 2; - return 0; - } else if(operation == ASN1_OP_FREE_PRE) { - DH_free((DH *)*pval); - *pval = NULL; - return 2; - } - return 1; + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)DH_new(); + if (*pval) + return 2; + return 0; + } else if (operation == ASN1_OP_FREE_PRE) { + DH_free((DH *)*pval); + *pval = NULL; + return 2; + } + return 1; } ASN1_SEQUENCE_cb(DHparams, dh_cb) = { - ASN1_SIMPLE(DH, p, BIGNUM), - ASN1_SIMPLE(DH, g, BIGNUM), - ASN1_OPT(DH, length, ZLONG), + ASN1_SIMPLE(DH, p, BIGNUM), + ASN1_SIMPLE(DH, g, BIGNUM), + ASN1_OPT(DH, length, ZLONG), } ASN1_SEQUENCE_END_cb(DH, DHparams) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 316cb9221dff..7909fd6cd1b0 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,7 +61,8 @@ #include <openssl/bn.h> #include <openssl/dh.h> -/* Check that p is a safe prime and +/*- + * Check that p is a safe prime and * if g is 2, 3 or 5, check that it is a suitable generator * where * for 2, p mod 24 == 11 @@ -73,74 +74,78 @@ #ifndef OPENSSL_FIPS int DH_check(const DH *dh, int *ret) - { - int ok=0; - BN_CTX *ctx=NULL; - BN_ULONG l; - BIGNUM *q=NULL; +{ + int ok = 0; + BN_CTX *ctx = NULL; + BN_ULONG l; + BIGNUM *q = NULL; - *ret=0; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - q=BN_new(); - if (q == NULL) goto err; + *ret = 0; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + q = BN_new(); + if (q == NULL) + goto err; - if (BN_is_word(dh->g,DH_GENERATOR_2)) - { - l=BN_mod_word(dh->p,24); - if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; - } -#if 0 - else if (BN_is_word(dh->g,DH_GENERATOR_3)) - { - l=BN_mod_word(dh->p,12); - if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; - } -#endif - else if (BN_is_word(dh->g,DH_GENERATOR_5)) - { - l=BN_mod_word(dh->p,10); - if ((l != 3) && (l != 7)) - *ret|=DH_NOT_SUITABLE_GENERATOR; - } - else - *ret|=DH_UNABLE_TO_CHECK_GENERATOR; + if (BN_is_word(dh->g, DH_GENERATOR_2)) { + l = BN_mod_word(dh->p, 24); + if (l != 11) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } +# if 0 + else if (BN_is_word(dh->g, DH_GENERATOR_3)) { + l = BN_mod_word(dh->p, 12); + if (l != 5) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } +# endif + else if (BN_is_word(dh->g, DH_GENERATOR_5)) { + l = BN_mod_word(dh->p, 10); + if ((l != 3) && (l != 7)) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } else + *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_PRIME; - else - { - if (!BN_rshift1(q,dh->p)) goto err; - if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_SAFE_PRIME; - } - ok=1; -err: - if (ctx != NULL) BN_CTX_free(ctx); - if (q != NULL) BN_free(q); - return(ok); - } + if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_P_NOT_PRIME; + else { + if (!BN_rshift1(q, dh->p)) + goto err; + if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_P_NOT_SAFE_PRIME; + } + ok = 1; + err: + if (ctx != NULL) + BN_CTX_free(ctx); + if (q != NULL) + BN_free(q); + return (ok); +} int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) - { - int ok=0; - BIGNUM *q=NULL; +{ + int ok = 0; + BIGNUM *q = NULL; - *ret=0; - q=BN_new(); - if (q == NULL) goto err; - BN_set_word(q,1); - if (BN_cmp(pub_key,q) <= 0) - *ret|=DH_CHECK_PUBKEY_TOO_SMALL; - BN_copy(q,dh->p); - BN_sub_word(q,1); - if (BN_cmp(pub_key,q) >= 0) - *ret|=DH_CHECK_PUBKEY_TOO_LARGE; + *ret = 0; + q = BN_new(); + if (q == NULL) + goto err; + BN_set_word(q, 1); + if (BN_cmp(pub_key, q) <= 0) + *ret |= DH_CHECK_PUBKEY_TOO_SMALL; + BN_copy(q, dh->p); + BN_sub_word(q, 1); + if (BN_cmp(pub_key, q) >= 0) + *ret |= DH_CHECK_PUBKEY_TOO_LARGE; - ok = 1; -err: - if (q != NULL) BN_free(q); - return(ok); - } + ok = 1; + err: + if (q != NULL) + BN_free(q); + return (ok); +} #endif diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index acc05f252c1e..b6221199302c 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,6 @@ * */ - /* This file contains deprecated functions as wrappers to the new ones */ #include <stdio.h> @@ -61,23 +60,23 @@ #include <openssl/bn.h> #include <openssl/dh.h> -static void *dummy=&dummy; +static void *dummy = &dummy; #ifndef OPENSSL_NO_DEPRECATED DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) - { - BN_GENCB cb; - DH *ret=NULL; + void (*callback) (int, int, void *), void *cb_arg) +{ + BN_GENCB cb; + DH *ret = NULL; - if((ret=DH_new()) == NULL) - return NULL; + if ((ret = DH_new()) == NULL) + return NULL; - BN_GENCB_set_old(&cb, callback, cb_arg); + BN_GENCB_set_old(&cb, callback, cb_arg); - if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) - return ret; - DH_free(ret); - return NULL; - } + if (DH_generate_parameters_ex(ret, prime_len, generator, &cb)) + return ret; + DH_free(ret); + return NULL; +} #endif diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index 13263c81c1b0..7e8ce8295bca 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,8 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -65,44 +66,41 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) -static ERR_STRING_DATA DH_str_functs[]= - { -{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, -{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, -{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, -{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, -{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, -{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, -{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, -{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, -{0,NULL} - }; +static ERR_STRING_DATA DH_str_functs[] = { + {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, + {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, + {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, + {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, + {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, + {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, + {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, + {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, + {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, + {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, + {0, NULL} +}; -static ERR_STRING_DATA DH_str_reasons[]= - { -{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, -{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, -{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, -{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, -{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, -{0,NULL} - }; +static ERR_STRING_DATA DH_str_reasons[] = { + {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"}, + {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, + {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, + {0, NULL} +}; #endif void ERR_load_DH_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DH_str_functs[0].error) == NULL) - { - ERR_load_strings(0,DH_str_functs); - ERR_load_strings(0,DH_str_reasons); - } + if (ERR_func_error_string(DH_str_functs[0].error) == NULL) { + ERR_load_strings(0, DH_str_functs); + ERR_load_strings(0, DH_str_reasons); + } #endif - } +} diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 999e1deb4092..560d4bbe824f 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,16 +49,16 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -/* NB: These functions have been upgraded - the previous prototypes are in - * dh_depr.c as wrappers to these ones. - * - Geoff +/* + * NB: These functions have been upgraded - the previous prototypes are in + * dh_depr.c as wrappers to these ones. - Geoff */ #include <stdio.h> @@ -68,16 +68,19 @@ #ifndef OPENSSL_FIPS -static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb); -int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) - { - if(ret->meth->generate_params) - return ret->meth->generate_params(ret, prime_len, generator, cb); - return dh_builtin_genparams(ret, prime_len, generator, cb); - } +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, + BN_GENCB *cb) +{ + if (ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); +} -/* We generate DH parameters as follows +/*- + * We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q * For this case, g is a generator if @@ -98,82 +101,93 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c * Since DH should be using a safe prime (both p and q are prime), * this generator function can take a very very long time to run. */ -/* Actually there is no reason to insist that 'generator' be a generator. +/* + * Actually there is no reason to insist that 'generator' be a generator. * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) - { - BIGNUM *t1,*t2; - int g,ok= -1; - BN_CTX *ctx=NULL; +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb) +{ + BIGNUM *t1, *t2; + int g, ok = -1; + BN_CTX *ctx = NULL; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t1 == NULL || t2 == NULL) goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t1 == NULL || t2 == NULL) + goto err; - /* Make sure 'ret' has the necessary elements */ - if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; - if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; - - if (generator <= 1) - { - DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); - goto err; - } - if (generator == DH_GENERATOR_2) - { - if (!BN_set_word(t1,24)) goto err; - if (!BN_set_word(t2,11)) goto err; - g=2; - } -#if 0 /* does not work for safe primes */ - else if (generator == DH_GENERATOR_3) - { - if (!BN_set_word(t1,12)) goto err; - if (!BN_set_word(t2,5)) goto err; - g=3; - } -#endif - else if (generator == DH_GENERATOR_5) - { - if (!BN_set_word(t1,10)) goto err; - if (!BN_set_word(t2,3)) goto err; - /* BN_set_word(t3,7); just have to miss - * out on these ones :-( */ - g=5; - } - else - { - /* in the general case, don't worry if 'generator' is a - * generator or not: since we are using safe primes, - * it will generate either an order-q or an order-2q group, - * which both is OK */ - if (!BN_set_word(t1,2)) goto err; - if (!BN_set_word(t2,1)) goto err; - g=generator; - } - - if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; - if(!BN_GENCB_call(cb, 3, 0)) goto err; - if (!BN_set_word(ret->g,g)) goto err; - ok=1; -err: - if (ok == -1) - { - DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); - ok=0; - } + /* Make sure 'ret' has the necessary elements */ + if (!ret->p && ((ret->p = BN_new()) == NULL)) + goto err; + if (!ret->g && ((ret->g = BN_new()) == NULL)) + goto err; + + if (generator <= 1) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); + goto err; + } + if (generator == DH_GENERATOR_2) { + if (!BN_set_word(t1, 24)) + goto err; + if (!BN_set_word(t2, 11)) + goto err; + g = 2; + } +# if 0 /* does not work for safe primes */ + else if (generator == DH_GENERATOR_3) { + if (!BN_set_word(t1, 12)) + goto err; + if (!BN_set_word(t2, 5)) + goto err; + g = 3; + } +# endif + else if (generator == DH_GENERATOR_5) { + if (!BN_set_word(t1, 10)) + goto err; + if (!BN_set_word(t2, 3)) + goto err; + /* + * BN_set_word(t3,7); just have to miss out on these ones :-( + */ + g = 5; + } else { + /* + * in the general case, don't worry if 'generator' is a generator or + * not: since we are using safe primes, it will generate either an + * order-q or an order-2q group, which both is OK + */ + if (!BN_set_word(t1, 2)) + goto err; + if (!BN_set_word(t2, 1)) + goto err; + g = generator; + } + + if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb)) + goto err; + if (!BN_GENCB_call(cb, 3, 0)) + goto err; + if (!BN_set_word(ret->g, g)) + goto err; + ok = 1; + err: + if (ok == -1) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB); + ok = 0; + } - if (ctx != NULL) - { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; - } + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; +} #endif diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 79dd33186341..4de8e277084f 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -67,201 +67,192 @@ static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int dh_init(DH *dh); static int dh_finish(DH *dh); int DH_generate_key(DH *dh) - { - return dh->meth->generate_key(dh); - } +{ + return dh->meth->generate_key(dh); +} int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - return dh->meth->compute_key(key, pub_key, dh); - } +{ + return dh->meth->compute_key(key, pub_key, dh); +} static DH_METHOD dh_ossl = { -"OpenSSL DH Method", -generate_key, -compute_key, -dh_bn_mod_exp, -dh_init, -dh_finish, -0, -NULL, -NULL + "OpenSSL DH Method", + generate_key, + compute_key, + dh_bn_mod_exp, + dh_init, + dh_finish, + 0, + NULL, + NULL }; const DH_METHOD *DH_OpenSSL(void) { - return &dh_ossl; + return &dh_ossl; } static int generate_key(DH *dh) - { - int ok=0; - int generate_new_key=0; - unsigned l; - BN_CTX *ctx; - BN_MONT_CTX *mont=NULL; - BIGNUM *pub_key=NULL,*priv_key=NULL; +{ + int ok = 0; + int generate_new_key = 0; + unsigned l; + BN_CTX *ctx; + BN_MONT_CTX *mont = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; - ctx = BN_CTX_new(); - if (ctx == NULL) goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; - if (dh->priv_key == NULL) - { - priv_key=BN_new(); - if (priv_key == NULL) goto err; - generate_new_key=1; - } - else - priv_key=dh->priv_key; + if (dh->priv_key == NULL) { + priv_key = BN_new(); + if (priv_key == NULL) + goto err; + generate_new_key = 1; + } else + priv_key = dh->priv_key; - if (dh->pub_key == NULL) - { - pub_key=BN_new(); - if (pub_key == NULL) goto err; - } - else - pub_key=dh->pub_key; + if (dh->pub_key == NULL) { + pub_key = BN_new(); + if (pub_key == NULL) + goto err; + } else + pub_key = dh->pub_key; + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if (!mont) + goto err; + } - if (dh->flags & DH_FLAG_CACHE_MONT_P) - { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - CRYPTO_LOCK_DH, dh->p, ctx); - if (!mont) - goto err; - } + if (generate_new_key) { + l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; /* secret + * exponent + * length */ + if (!BN_rand(priv_key, l, 0, 0)) + goto err; + } - if (generate_new_key) - { - l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ - if (!BN_rand(priv_key, l, 0, 0)) goto err; - } + { + BIGNUM local_prk; + BIGNUM *prk; - { - BIGNUM local_prk; - BIGNUM *prk; + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { + BN_init(&local_prk); + prk = &local_prk; + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); + } else + prk = priv_key; - if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) - { - BN_init(&local_prk); - prk = &local_prk; - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - } - else - prk = priv_key; + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) + goto err; + } - if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err; - } - - dh->pub_key=pub_key; - dh->priv_key=priv_key; - ok=1; -err: - if (ok != 1) - DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); + dh->pub_key = pub_key; + dh->priv_key = priv_key; + ok = 1; + err: + if (ok != 1) + DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB); - if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); - if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); - BN_CTX_free(ctx); - return(ok); - } + if ((pub_key != NULL) && (dh->pub_key == NULL)) + BN_free(pub_key); + if ((priv_key != NULL) && (dh->priv_key == NULL)) + BN_free(priv_key); + BN_CTX_free(ctx); + return (ok); +} static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - BN_CTX *ctx=NULL; - BN_MONT_CTX *mont=NULL; - BIGNUM *tmp; - int ret= -1; - int check_result; +{ + BN_CTX *ctx = NULL; + BN_MONT_CTX *mont = NULL; + BIGNUM *tmp; + int ret = -1; + int check_result; - if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) - { - DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); - goto err; - } + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); + goto err; + } - ctx = BN_CTX_new(); - if (ctx == NULL) goto err; - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - - if (dh->priv_key == NULL) - { - DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); - goto err; - } + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); - if (dh->flags & DH_FLAG_CACHE_MONT_P) - { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - CRYPTO_LOCK_DH, dh->p, ctx); - if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) - { - /* XXX */ - BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); - } - if (!mont) - goto err; - } + if (dh->priv_key == NULL) { + DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE); + goto err; + } - if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) - { - DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); - goto err; - } + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { + /* XXX */ + BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); + } + if (!mont) + goto err; + } - if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) - { - DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); - goto err; - } + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) { + DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY); + goto err; + } - ret=BN_bn2bin(tmp,key); -err: - if (ctx != NULL) - { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return(ret); - } + if (!dh-> + meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) { + DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); + goto err; + } -static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - /* If a is only one word long and constant time is false, use the faster - * exponenentiation function. - */ - if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) - { - BN_ULONG A = a->d[0]; - return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); - } - else - return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); - } + ret = BN_bn2bin(tmp, key); + err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return (ret); +} +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + /* + * If a is only one word long and constant time is false, use the faster + * exponenentiation function. + */ + if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) { + BN_ULONG A = a->d[0]; + return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx); + } else + return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); +} static int dh_init(DH *dh) - { - dh->flags |= DH_FLAG_CACHE_MONT_P; - return(1); - } +{ + dh->flags |= DH_FLAG_CACHE_MONT_P; + return (1); +} static int dh_finish(DH *dh) - { - if(dh->method_mont_p) - BN_MONT_CTX_free(dh->method_mont_p); - return(1); - } +{ + if (dh->method_mont_p) + BN_MONT_CTX_free(dh->method_mont_p); + return (1); +} #endif diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 7aef080e7abb..0b8a5a0ab9c0 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,187 +61,191 @@ #include <openssl/bn.h> #include <openssl/dh.h> #ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> +# include <openssl/engine.h> #endif -const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT; +const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT; static const DH_METHOD *default_DH_method = NULL; void DH_set_default_method(const DH_METHOD *meth) - { - default_DH_method = meth; - } +{ + default_DH_method = meth; +} const DH_METHOD *DH_get_default_method(void) - { - if(!default_DH_method) - default_DH_method = DH_OpenSSL(); - return default_DH_method; - } +{ + if (!default_DH_method) + default_DH_method = DH_OpenSSL(); + return default_DH_method; +} int DH_set_method(DH *dh, const DH_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ - const DH_METHOD *mtmp; - mtmp = dh->meth; - if (mtmp->finish) mtmp->finish(dh); +{ + /* + * NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. + */ + const DH_METHOD *mtmp; + mtmp = dh->meth; + if (mtmp->finish) + mtmp->finish(dh); #ifndef OPENSSL_NO_ENGINE - if (dh->engine) - { - ENGINE_finish(dh->engine); - dh->engine = NULL; - } + if (dh->engine) { + ENGINE_finish(dh->engine); + dh->engine = NULL; + } #endif - dh->meth = meth; - if (meth->init) meth->init(dh); - return 1; - } + dh->meth = meth; + if (meth->init) + meth->init(dh); + return 1; +} DH *DH_new(void) - { - return DH_new_method(NULL); - } +{ + return DH_new_method(NULL); +} DH *DH_new_method(ENGINE *engine) - { - DH *ret; +{ + DH *ret; - ret=(DH *)OPENSSL_malloc(sizeof(DH)); - if (ret == NULL) - { - DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); - } + ret = (DH *)OPENSSL_malloc(sizeof(DH)); + if (ret == NULL) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return (NULL); + } - ret->meth = DH_get_default_method(); + ret->meth = DH_get_default_method(); #ifndef OPENSSL_NO_ENGINE - if (engine) - { - if (!ENGINE_init(engine)) - { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); - return NULL; - } - ret->engine = engine; - } - else - ret->engine = ENGINE_get_default_DH(); - if(ret->engine) - { - ret->meth = ENGINE_get_DH(ret->engine); - if(!ret->meth) - { - DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; - } - } + if (engine) { + if (!ENGINE_init(engine)) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } else + ret->engine = ENGINE_get_default_DH(); + if (ret->engine) { + ret->meth = ENGINE_get_DH(ret->engine); + if (!ret->meth) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } #endif - ret->pad=0; - ret->version=0; - ret->p=NULL; - ret->g=NULL; - ret->length=0; - ret->pub_key=NULL; - ret->priv_key=NULL; - ret->q=NULL; - ret->j=NULL; - ret->seed = NULL; - ret->seedlen = 0; - ret->counter = NULL; - ret->method_mont_p=NULL; - ret->references = 1; - ret->flags=ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { + ret->pad = 0; + ret->version = 0; + ret->p = NULL; + ret->g = NULL; + ret->length = 0; + ret->pub_key = NULL; + ret->priv_key = NULL; + ret->q = NULL; + ret->j = NULL; + ret->seed = NULL; + ret->seedlen = 0; + ret->counter = NULL; + ret->method_mont_p = NULL; + ret->references = 1; + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { #ifndef OPENSSL_NO_ENGINE - if (ret->engine) - ENGINE_finish(ret->engine); + if (ret->engine) + ENGINE_finish(ret->engine); #endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } - return(ret); - } + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); + OPENSSL_free(ret); + ret = NULL; + } + return (ret); +} void DH_free(DH *r) - { - int i; - if(r == NULL) return; - i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); +{ + int i; + if (r == NULL) + return; + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); #ifdef REF_PRINT - REF_PRINT("DH",r); + REF_PRINT("DH", r); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"DH_free, bad reference count\n"); - abort(); - } + if (i < 0) { + fprintf(stderr, "DH_free, bad reference count\n"); + abort(); + } #endif - if (r->meth->finish) - r->meth->finish(r); + if (r->meth->finish) + r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); + if (r->engine) + ENGINE_finish(r->engine); #endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); - - if (r->p != NULL) BN_clear_free(r->p); - if (r->g != NULL) BN_clear_free(r->g); - if (r->q != NULL) BN_clear_free(r->q); - if (r->j != NULL) BN_clear_free(r->j); - if (r->seed) OPENSSL_free(r->seed); - if (r->counter != NULL) BN_clear_free(r->counter); - if (r->pub_key != NULL) BN_clear_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - OPENSSL_free(r); - } + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); + + if (r->p != NULL) + BN_clear_free(r->p); + if (r->g != NULL) + BN_clear_free(r->g); + if (r->q != NULL) + BN_clear_free(r->q); + if (r->j != NULL) + BN_clear_free(r->j); + if (r->seed) + OPENSSL_free(r->seed); + if (r->counter != NULL) + BN_clear_free(r->counter); + if (r->pub_key != NULL) + BN_clear_free(r->pub_key); + if (r->priv_key != NULL) + BN_clear_free(r->priv_key); + OPENSSL_free(r); +} int DH_up_ref(DH *r) - { - int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); +{ + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); #ifdef REF_PRINT - REF_PRINT("DH",r); + REF_PRINT("DH", r); #endif #ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "DH_up, bad reference count\n"); - abort(); - } + if (i < 2) { + fprintf(stderr, "DH_up, bad reference count\n"); + abort(); + } #endif - return ((i > 1) ? 1 : 0); - } + return ((i > 1) ? 1 : 0); +} int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, - new_func, dup_func, free_func); - } + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, + new_func, dup_func, free_func); +} int DH_set_ex_data(DH *d, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); - } +{ + return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); +} void *DH_get_ex_data(DH *d, int idx) - { - return(CRYPTO_get_ex_data(&d->ex_data,idx)); - } +{ + return (CRYPTO_get_ex_data(&d->ex_data, idx)); +} int DH_size(const DH *dh) - { - return(BN_num_bytes(dh->p)); - } +{ + return (BN_num_bytes(dh->p)); +} diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 882f5c310a79..5a4ee9a35d83 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,17 +49,19 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -/* Until the key-gen callbacks are modified to use newer prototypes, we allow - * deprecated functions for openssl-internal code */ +/* + * Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code + */ #ifdef OPENSSL_NO_DEPRECATED -#undef OPENSSL_NO_DEPRECATED +# undef OPENSSL_NO_DEPRECATED #endif #include <stdio.h> @@ -78,149 +80,162 @@ int main(int argc, char *argv[]) { printf("No DH support\n"); - return(0); + return (0); } #else -#include <openssl/dh.h> +# include <openssl/dh.h> -#ifdef OPENSSL_SYS_WIN16 -#define MS_CALLBACK _far _loadds -#else -#define MS_CALLBACK -#endif +# ifdef OPENSSL_SYS_WIN16 +# define MS_CALLBACK _far _loadds +# else +# define MS_CALLBACK +# endif static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; int main(int argc, char *argv[]) - { - BN_GENCB _cb; - DH *a; - DH *b=NULL; - char buf[12]; - unsigned char *abuf=NULL,*bbuf=NULL; - int i,alen,blen,aout,bout,ret=1; - BIO *out; - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - -#ifdef OPENSSL_SYS_WIN32 - CRYPTO_malloc_init(); -#endif - - RAND_seed(rnd_seed, sizeof rnd_seed); - - out=BIO_new(BIO_s_file()); - if (out == NULL) EXIT(1); - BIO_set_fp(out,stdout,BIO_NOCLOSE); - - BN_GENCB_set(&_cb, &cb, out); - if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, - DH_GENERATOR_5, &_cb)) - goto err; - - if (!DH_check(a, &i)) goto err; - if (i & DH_CHECK_P_NOT_PRIME) - BIO_puts(out, "p value is not prime\n"); - if (i & DH_CHECK_P_NOT_SAFE_PRIME) - BIO_puts(out, "p value is not a safe prime\n"); - if (i & DH_UNABLE_TO_CHECK_GENERATOR) - BIO_puts(out, "unable to check the generator value\n"); - if (i & DH_NOT_SUITABLE_GENERATOR) - BIO_puts(out, "the g value is not a generator\n"); - - BIO_puts(out,"\np ="); - BN_print(out,a->p); - BIO_puts(out,"\ng ="); - BN_print(out,a->g); - BIO_puts(out,"\n"); - - b=DH_new(); - if (b == NULL) goto err; - - b->p=BN_dup(a->p); - b->g=BN_dup(a->g); - if ((b->p == NULL) || (b->g == NULL)) goto err; - - /* Set a to run with normal modexp and b to use constant time */ - a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; - b->flags |= DH_FLAG_NO_EXP_CONSTTIME; - - if (!DH_generate_key(a)) goto err; - BIO_puts(out,"pri 1="); - BN_print(out,a->priv_key); - BIO_puts(out,"\npub 1="); - BN_print(out,a->pub_key); - BIO_puts(out,"\n"); - - if (!DH_generate_key(b)) goto err; - BIO_puts(out,"pri 2="); - BN_print(out,b->priv_key); - BIO_puts(out,"\npub 2="); - BN_print(out,b->pub_key); - BIO_puts(out,"\n"); - - alen=DH_size(a); - abuf=(unsigned char *)OPENSSL_malloc(alen); - aout=DH_compute_key(abuf,b->pub_key,a); - - BIO_puts(out,"key1 ="); - for (i=0; i<aout; i++) - { - sprintf(buf,"%02X",abuf[i]); - BIO_puts(out,buf); - } - BIO_puts(out,"\n"); - - blen=DH_size(b); - bbuf=(unsigned char *)OPENSSL_malloc(blen); - bout=DH_compute_key(bbuf,a->pub_key,b); - - BIO_puts(out,"key2 ="); - for (i=0; i<bout; i++) - { - sprintf(buf,"%02X",bbuf[i]); - BIO_puts(out,buf); - } - BIO_puts(out,"\n"); - if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) - { - fprintf(stderr,"Error in DH routines\n"); - ret=1; - } - else - ret=0; -err: - ERR_print_errors_fp(stderr); - - if (abuf != NULL) OPENSSL_free(abuf); - if (bbuf != NULL) OPENSSL_free(bbuf); - if(b != NULL) DH_free(b); - if(a != NULL) DH_free(a); - BIO_free(out); -#ifdef OPENSSL_SYS_NETWARE - if (ret) printf("ERROR: %d\n", ret); -#endif - EXIT(ret); - return(ret); - } +{ + BN_GENCB _cb; + DH *a; + DH *b = NULL; + char buf[12]; + unsigned char *abuf = NULL, *bbuf = NULL; + int i, alen, blen, aout, bout, ret = 1; + BIO *out; + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +# ifdef OPENSSL_SYS_WIN32 + CRYPTO_malloc_init(); +# endif + + RAND_seed(rnd_seed, sizeof rnd_seed); + + out = BIO_new(BIO_s_file()); + if (out == NULL) + EXIT(1); + BIO_set_fp(out, stdout, BIO_NOCLOSE); + + BN_GENCB_set(&_cb, &cb, out); + if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, + &_cb)) + goto err; + + if (!DH_check(a, &i)) + goto err; + if (i & DH_CHECK_P_NOT_PRIME) + BIO_puts(out, "p value is not prime\n"); + if (i & DH_CHECK_P_NOT_SAFE_PRIME) + BIO_puts(out, "p value is not a safe prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + BIO_puts(out, "unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + BIO_puts(out, "the g value is not a generator\n"); + + BIO_puts(out, "\np ="); + BN_print(out, a->p); + BIO_puts(out, "\ng ="); + BN_print(out, a->g); + BIO_puts(out, "\n"); + + b = DH_new(); + if (b == NULL) + goto err; + + b->p = BN_dup(a->p); + b->g = BN_dup(a->g); + if ((b->p == NULL) || (b->g == NULL)) + goto err; + + /* Set a to run with normal modexp and b to use constant time */ + a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; + b->flags |= DH_FLAG_NO_EXP_CONSTTIME; + + if (!DH_generate_key(a)) + goto err; + BIO_puts(out, "pri 1="); + BN_print(out, a->priv_key); + BIO_puts(out, "\npub 1="); + BN_print(out, a->pub_key); + BIO_puts(out, "\n"); + + if (!DH_generate_key(b)) + goto err; + BIO_puts(out, "pri 2="); + BN_print(out, b->priv_key); + BIO_puts(out, "\npub 2="); + BN_print(out, b->pub_key); + BIO_puts(out, "\n"); + + alen = DH_size(a); + abuf = (unsigned char *)OPENSSL_malloc(alen); + aout = DH_compute_key(abuf, b->pub_key, a); + + BIO_puts(out, "key1 ="); + for (i = 0; i < aout; i++) { + sprintf(buf, "%02X", abuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + + blen = DH_size(b); + bbuf = (unsigned char *)OPENSSL_malloc(blen); + bout = DH_compute_key(bbuf, a->pub_key, b); + + BIO_puts(out, "key2 ="); + for (i = 0; i < bout; i++) { + sprintf(buf, "%02X", bbuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { + fprintf(stderr, "Error in DH routines\n"); + ret = 1; + } else + ret = 0; + err: + ERR_print_errors_fp(stderr); + + if (abuf != NULL) + OPENSSL_free(abuf); + if (bbuf != NULL) + OPENSSL_free(bbuf); + if (b != NULL) + DH_free(b); + if (a != NULL) + DH_free(a); + BIO_free(out); +# ifdef OPENSSL_SYS_NETWARE + if (ret) + printf("ERROR: %d\n", ret); +# endif + EXIT(ret); + return (ret); +} static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) - { - char c='*'; - - if (p == 0) c='.'; - if (p == 1) c='+'; - if (p == 2) c='*'; - if (p == 3) c='\n'; - BIO_write(arg->arg,&c,1); - (void)BIO_flush(arg->arg); -#ifdef LINT - p=n; -#endif - return 1; - } +{ + char c = '*'; + + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + BIO_write(arg->arg, &c, 1); + (void)BIO_flush(arg->arg); +# ifdef LINT + p = n; +# endif + return 1; +} #endif diff --git a/crypto/dh/p1024.c b/crypto/dh/p1024.c index 368ceca4eb06..a4b014b6a3e3 100644 --- a/crypto/dh/p1024.c +++ b/crypto/dh/p1024.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,31 +62,31 @@ #include <openssl/dh.h> #include <openssl/pem.h> -unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD, - 0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3, - 0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8, - 0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF, - 0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9, - 0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78, - 0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E, - 0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6, - 0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B, - 0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89, - 0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19, - 0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03, - 0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B, - 0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21, - 0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE, - 0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB, - }; +unsigned char data[] = { 0x97, 0xF6, 0x42, 0x61, 0xCA, 0xB5, 0x05, 0xDD, + 0x28, 0x28, 0xE1, 0x3F, 0x1D, 0x68, 0xB6, 0xD3, + 0xDB, 0xD0, 0xF3, 0x13, 0x04, 0x7F, 0x40, 0xE8, + 0x56, 0xDA, 0x58, 0xCB, 0x13, 0xB8, 0xA1, 0xBF, + 0x2B, 0x78, 0x3A, 0x4C, 0x6D, 0x59, 0xD5, 0xF9, + 0x2A, 0xFC, 0x6C, 0xFF, 0x3D, 0x69, 0x3F, 0x78, + 0xB2, 0x3D, 0x4F, 0x31, 0x60, 0xA9, 0x50, 0x2E, + 0x3E, 0xFA, 0xF7, 0xAB, 0x5E, 0x1A, 0xD5, 0xA6, + 0x5E, 0x55, 0x43, 0x13, 0x82, 0x8D, 0xA8, 0x3B, + 0x9F, 0xF2, 0xD9, 0x41, 0xDE, 0xE9, 0x56, 0x89, + 0xFA, 0xDA, 0xEA, 0x09, 0x36, 0xAD, 0xDF, 0x19, + 0x71, 0xFE, 0x63, 0x5B, 0x20, 0xAF, 0x47, 0x03, + 0x64, 0x60, 0x3C, 0x2D, 0xE0, 0x59, 0xF5, 0x4B, + 0x65, 0x0A, 0xD8, 0xFA, 0x0C, 0xF7, 0x01, 0x21, + 0xC7, 0x47, 0x99, 0xD7, 0x58, 0x71, 0x32, 0xBE, + 0x9B, 0x99, 0x9B, 0xB9, 0xB7, 0x87, 0xE8, 0xAB, +}; main() - { - DH *dh; +{ + DH *dh; - dh=DH_new(); - dh->p=BN_bin2bn(data,sizeof(data),NULL); - dh->g=BN_new(); - BN_set_word(dh->g,2); - PEM_write_DHparams(stdout,dh); - } + dh = DH_new(); + dh->p = BN_bin2bn(data, sizeof(data), NULL); + dh->g = BN_new(); + BN_set_word(dh->g, 2); + PEM_write_DHparams(stdout, dh); +} diff --git a/crypto/dh/p192.c b/crypto/dh/p192.c index 7bdf40410eb0..9f49f76835e2 100644 --- a/crypto/dh/p192.c +++ b/crypto/dh/p192.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,19 +62,19 @@ #include <openssl/dh.h> #include <openssl/pem.h> -unsigned char data[]={ -0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E, -0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76, -0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B, - }; +unsigned char data[] = { + 0xD4, 0xA0, 0xBA, 0x02, 0x50, 0xB6, 0xFD, 0x2E, + 0xC6, 0x26, 0xE7, 0xEF, 0xD6, 0x37, 0xDF, 0x76, + 0xC7, 0x16, 0xE2, 0x2D, 0x09, 0x44, 0xB8, 0x8B, +}; main() - { - DH *dh; +{ + DH *dh; - dh=DH_new(); - dh->p=BN_bin2bn(data,sizeof(data),NULL); - dh->g=BN_new(); - BN_set_word(dh->g,3); - PEM_write_DHparams(stdout,dh); - } + dh = DH_new(); + dh->p = BN_bin2bn(data, sizeof(data), NULL); + dh->g = BN_new(); + BN_set_word(dh->g, 3); + PEM_write_DHparams(stdout, dh); +} diff --git a/crypto/dh/p512.c b/crypto/dh/p512.c index a9b6aa83f034..606fa4d6c369 100644 --- a/crypto/dh/p512.c +++ b/crypto/dh/p512.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,24 +62,24 @@ #include <openssl/dh.h> #include <openssl/pem.h> -unsigned char data[]={ -0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89, -0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92, -0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, -0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED, -0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29, -0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, -0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6, -0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33, - }; +unsigned char data[] = { + 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, + 0xD0, 0xE4, 0xAF, 0x75, 0x6F, 0x4C, 0xCA, 0x92, + 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F, + 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, + 0x57, 0x46, 0x50, 0xD3, 0x69, 0x99, 0xDB, 0x29, + 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12, + 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, + 0xD8, 0x00, 0x3E, 0x7C, 0x47, 0x74, 0xE8, 0x33, +}; main() - { - DH *dh; +{ + DH *dh; - dh=DH_new(); - dh->p=BN_bin2bn(data,sizeof(data),NULL); - dh->g=BN_new(); - BN_set_word(dh->g,2); - PEM_write_DHparams(stdout,dh); - } + dh = DH_new(); + dh->p = BN_bin2bn(data, sizeof(data), NULL); + dh->g = BN_new(); + BN_set_word(dh->g, 2); + PEM_write_DHparams(stdout, dh); +} |