diff options
| author | beck <> | 2000-03-19 11:13:58 +0000 |
|---|---|---|
| committer | beck <> | 2000-03-19 11:13:58 +0000 |
| commit | 796d609550df3a33fc11468741c5d2f6d3df4c11 (patch) | |
| tree | 6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/dh/dh_gen.c | |
| parent | 5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff) | |
| download | openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2 openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip | |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/dh/dh_gen.c')
| -rw-r--r-- | src/lib/libcrypto/dh/dh_gen.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index b7bcd2c7a4..7a6a38fbb4 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c | |||
| @@ -72,14 +72,14 @@ | |||
| 72 | * Having said all that, | 72 | * Having said all that, |
| 73 | * there is another special case method for the generators 2, 3 and 5. | 73 | * there is another special case method for the generators 2, 3 and 5. |
| 74 | * for 2, p mod 24 == 11 | 74 | * for 2, p mod 24 == 11 |
| 75 | * for 3, p mod 12 == 5 <<<<< does not work for strong primes. | 75 | * for 3, p mod 12 == 5 <<<<< does not work for safe primes. |
| 76 | * for 5, p mod 10 == 3 or 7 | 76 | * for 5, p mod 10 == 3 or 7 |
| 77 | * | 77 | * |
| 78 | * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the | 78 | * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the |
| 79 | * special generators and for answering some of my questions. | 79 | * special generators and for answering some of my questions. |
| 80 | * | 80 | * |
| 81 | * I've implemented the second simple method :-). | 81 | * I've implemented the second simple method :-). |
| 82 | * Since DH should be using a strong prime (both p and q are prime), | 82 | * Since DH should be using a safe prime (both p and q are prime), |
| 83 | * this generator function can take a very very long time to run. | 83 | * this generator function can take a very very long time to run. |
| 84 | */ | 84 | */ |
| 85 | 85 | ||
| @@ -95,9 +95,10 @@ DH *DH_generate_parameters(int prime_len, int generator, | |||
| 95 | if (ret == NULL) goto err; | 95 | if (ret == NULL) goto err; |
| 96 | ctx=BN_CTX_new(); | 96 | ctx=BN_CTX_new(); |
| 97 | if (ctx == NULL) goto err; | 97 | if (ctx == NULL) goto err; |
| 98 | t1= &(ctx->bn[0]); | 98 | BN_CTX_start(ctx); |
| 99 | t2= &(ctx->bn[1]); | 99 | t1 = BN_CTX_get(ctx); |
| 100 | ctx->tos=2; | 100 | t2 = BN_CTX_get(ctx); |
| 101 | if (t1 == NULL || t2 == NULL) goto err; | ||
| 101 | 102 | ||
| 102 | if (generator == DH_GENERATOR_2) | 103 | if (generator == DH_GENERATOR_2) |
| 103 | { | 104 | { |
| @@ -105,7 +106,7 @@ DH *DH_generate_parameters(int prime_len, int generator, | |||
| 105 | BN_set_word(t2,11); | 106 | BN_set_word(t2,11); |
| 106 | g=2; | 107 | g=2; |
| 107 | } | 108 | } |
| 108 | #ifdef undef /* does not work for strong primes */ | 109 | #ifdef undef /* does not work for safe primes */ |
| 109 | else if (generator == DH_GENERATOR_3) | 110 | else if (generator == DH_GENERATOR_3) |
| 110 | { | 111 | { |
| 111 | BN_set_word(t1,12); | 112 | BN_set_word(t1,12); |
| @@ -138,7 +139,11 @@ err: | |||
| 138 | ok=0; | 139 | ok=0; |
| 139 | } | 140 | } |
| 140 | 141 | ||
| 141 | if (ctx != NULL) BN_CTX_free(ctx); | 142 | if (ctx != NULL) |
| 143 | { | ||
| 144 | BN_CTX_end(ctx); | ||
| 145 | BN_CTX_free(ctx); | ||
| 146 | } | ||
| 142 | if (!ok && (ret != NULL)) | 147 | if (!ok && (ret != NULL)) |
| 143 | { | 148 | { |
| 144 | DH_free(ret); | 149 | DH_free(ret); |