resolve conflicts

7 files changed, 108 insertions, 92 deletions

diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index 582b34329f..0afabc7dd3 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -59,6 +59,8 @@
 #ifndef HEADER_DH_H
 #define HEADER_DH_H
 
+#include <openssl/e_os2.h>
+
 #ifdef OPENSSL_NO_DH
 #error DH is disabled.
 #endif
@@ -66,11 +68,14 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
         
-#define OPENSSL_DH_MAX_MODULUS_BITS     10000
+#ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS    10000
+#endif
 
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
@@ -85,9 +90,12 @@
 extern "C" {
 #endif
 
-typedef struct dh_st DH;
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
 
-typedef struct dh_method {
+struct dh_method
+        {
         const char *name;
         /* Methods here */
         int (*generate_key)(DH *dh);
@@ -100,7 +108,9 @@ typedef struct dh_method {
         int (*finish)(DH *dh);
         int flags;
         char *app_data;
-} DH_METHOD;
+        /* If this is non-NULL, it will be used to generate parameters */
+        int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
+        };
 
 struct dh_st
         {
@@ -115,7 +125,7 @@ struct dh_st
         BIGNUM *priv_key;       /* x */
 
         int flags;
-        char *method_mont_p;
+        BN_MONT_CTX *method_mont_p;
         /* Place holders if we want to do X9.42 DH */
         BIGNUM *q;
         BIGNUM *j;
@@ -147,21 +157,13 @@ struct dh_st
    this for backward compatibility: */
 #define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
 
-#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
-                (char *(*)())d2i_DHparams,(char *)(x))
+#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
 #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
                 (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
 #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
                 (unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
-                (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
-#ifdef  __cplusplus
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
-                (unsigned char *)(x))
-#else
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
-                (unsigned char *)(x))
-#endif
+#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
 
 const DH_METHOD *DH_OpenSSL(void);
 
@@ -178,8 +180,16 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
              CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DH_set_ex_data(DH *d, int idx, void *arg);
 void *DH_get_ex_data(DH *d, int idx);
+
+/* Deprecated version */
+#ifndef OPENSSL_NO_DEPRECATED
 DH *    DH_generate_parameters(int prime_len,int generator,
                 void (*callback)(int,int,void *),void *cb_arg);
+#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* New version */
+int     DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
+
 int     DH_check(const DH *dh,int *codes);
 int     DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
 int     DH_generate_key(DH *dh);
@@ -204,15 +214,18 @@ void ERR_load_DH_strings(void);
 /* Error codes for the DH functions. */
 
 /* Function codes. */
+#define DH_F_COMPUTE_KEY                                 102
 #define DH_F_DHPARAMS_PRINT                              100
 #define DH_F_DHPARAMS_PRINT_FP                           101
-#define DH_F_DH_COMPUTE_KEY                              102
-#define DH_F_DH_GENERATE_KEY                             103
-#define DH_F_DH_GENERATE_PARAMETERS                      104
+#define DH_F_DH_BUILTIN_GENPARAMS                        106
 #define DH_F_DH_NEW_METHOD                               105
+#define DH_F_GENERATE_KEY                                103
+#define DH_F_GENERATE_PARAMETERS                         104
 
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR                               101
+#define DH_R_INVALID_PUBKEY                              102
+#define DH_R_MODULUS_TOO_LARGE                           103
 #define DH_R_NO_PRIVATE_VALUE                            100
 #define DH_R_INVALID_PUBKEY                              102
 #define DH_R_MODULUS_TOO_LARGE                           103
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index 17debff62d..b846913004 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -62,7 +62,7 @@
 #include <openssl/dh.h>
 
 /* Check that p is a safe prime and
- * if g is 2, 3 or 5, check that is is a suitable generator
+ * if g is 2, 3 or 5, check that it is a suitable generator
  * where
  * for 2, p mod 24 == 11
  * for 3, p mod 12 == 5
@@ -70,8 +70,6 @@
  * should hold.
  */
 
-#ifndef OPENSSL_FIPS
-
 int DH_check(const DH *dh, int *ret)
         {
         int ok=0;
@@ -106,12 +104,12 @@ int DH_check(const DH *dh, int *ret)
         else
                 *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
 
-        if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+        if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
                 *ret|=DH_CHECK_P_NOT_PRIME;
         else
                 {
                 if (!BN_rshift1(q,dh->p)) goto err;
-                if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+                if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
                         *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
                 }
         ok=1;
@@ -142,5 +140,3 @@ err:
         if (q != NULL) BN_free(q);
         return(ok);
         }
-
-#endif
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index 611067ef4a..b2361c7389 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -70,18 +70,21 @@
 
 static ERR_STRING_DATA DH_str_functs[]=
         {
+{ERR_FUNC(DH_F_COMPUTE_KEY),    "COMPUTE_KEY"},
 {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
 {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),      "DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY),        "DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
+{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),   "DH_BUILTIN_GENPARAMS"},
 {ERR_FUNC(DH_F_DH_NEW_METHOD),  "DH_new_method"},
+{ERR_FUNC(DH_F_GENERATE_KEY),   "GENERATE_KEY"},
+{ERR_FUNC(DH_F_GENERATE_PARAMETERS),    "GENERATE_PARAMETERS"},
 {0,NULL}
         };
 
 static ERR_STRING_DATA DH_str_reasons[]=
         {
 {ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
+{ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
+{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
 {ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
@@ -92,15 +95,12 @@ static ERR_STRING_DATA DH_str_reasons[]=
 
 void ERR_load_DH_strings(void)
         {
-        static int init=1;
+#ifndef OPENSSL_NO_ERR
 
-        if (init)
+        if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
                 {
-                init=0;
-#ifndef OPENSSL_NO_ERR
                 ERR_load_strings(0,DH_str_functs);
                 ERR_load_strings(0,DH_str_reasons);
-#endif
-
                 }
+#endif
         }
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 23777f5a16..cfd5b11868 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -56,11 +56,25 @@
  * [including the GNU Public Licence.]
  */
 
+/* NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones.
+ *  - Geoff
+ */
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+        {
+        if(ret->meth->generate_params)
+                return ret->meth->generate_params(ret, prime_len, generator, cb);
+        return dh_builtin_genparams(ret, prime_len, generator, cb);
+        }
+
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
  * p=(2*q)+1 or (p-1)/2 = q
@@ -86,29 +100,26 @@
  * It's just as OK (and in some sense better) to use a generator of the
  * order-q subgroup.
  */
-
-#ifndef OPENSSL_FIPS
-
-DH *DH_generate_parameters(int prime_len, int generator,
-             void (*callback)(int,int,void *), void *cb_arg)
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
         {
-        BIGNUM *p=NULL,*t1,*t2;
-        DH *ret=NULL;
+        BIGNUM *t1,*t2;
         int g,ok= -1;
         BN_CTX *ctx=NULL;
 
-        ret=DH_new();
-        if (ret == NULL) goto err;
         ctx=BN_CTX_new();
         if (ctx == NULL) goto err;
         BN_CTX_start(ctx);
         t1 = BN_CTX_get(ctx);
         t2 = BN_CTX_get(ctx);
         if (t1 == NULL || t2 == NULL) goto err;
+
+        /* Make sure 'ret' has the necessary elements */
+        if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
+        if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
         
         if (generator <= 1)
                 {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
+                DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
                 goto err;
                 }
         if (generator == DH_GENERATOR_2)
@@ -144,18 +155,14 @@ DH *DH_generate_parameters(int prime_len, int generator,
                 g=generator;
                 }
         
-        p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
-        if (p == NULL) goto err;
-        if (callback != NULL) callback(3,0,cb_arg);
-        ret->p=p;
-        ret->g=BN_new();
-        if (ret->g == NULL) goto err;
+        if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
+        if(!BN_GENCB_call(cb, 3, 0)) goto err;
         if (!BN_set_word(ret->g,g)) goto err;
         ok=1;
 err:
         if (ok == -1)
                 {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
+                DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
                 ok=0;
                 }
 
@@ -164,12 +171,5 @@ err:
                 BN_CTX_end(ctx);
                 BN_CTX_free(ctx);
                 }
-        if (!ok && (ret != NULL))
-                {
-                DH_free(ret);
-                ret=NULL;
-                }
-        return(ret);
+        return ok;
         }
-
-#endif
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 74de589204..e7db440342 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -62,8 +62,6 @@
 #include <openssl/rand.h>
 #include <openssl/dh.h>
 
-#ifndef OPENSSL_FIPS
-
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -91,6 +89,7 @@ dh_bn_mod_exp,
 dh_init,
 dh_finish,
 0,
+NULL,
 NULL
 };
 
@@ -131,8 +130,7 @@ static int generate_key(DH *dh)
 
         if (dh->flags & DH_FLAG_CACHE_MONT_P)
                 {
-                mont = BN_MONT_CTX_set_locked(
-                                (BN_MONT_CTX **)&dh->method_mont_p,
+                mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
                                 CRYPTO_LOCK_DH, dh->p, ctx);
                 if (!mont)
                         goto err;
@@ -152,7 +150,7 @@ static int generate_key(DH *dh)
                         {
                         BN_init(&local_prk);
                         prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
                         }
                 else
                         prk = priv_key;
@@ -165,7 +163,7 @@ static int generate_key(DH *dh)
         ok=1;
 err:
         if (ok != 1)
-                DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+                DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
 
         if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
         if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
@@ -175,16 +173,16 @@ err:
 
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         {
-        BN_CTX *ctx;
+        BN_CTX *ctx=NULL;
         BN_MONT_CTX *mont=NULL;
         BIGNUM *tmp;
         int ret= -1;
-        int check_result;
+        int check_result;
 
         if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
                 {
-                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
-                return -1;
+                DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+                goto err;
                 }
 
         ctx = BN_CTX_new();
@@ -194,31 +192,32 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         
         if (dh->priv_key == NULL)
                 {
-                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+                DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
                 goto err;
                 }
 
         if (dh->flags & DH_FLAG_CACHE_MONT_P)
                 {
-                mont = BN_MONT_CTX_set_locked(
-                                (BN_MONT_CTX **)&dh->method_mont_p,
+                mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
                                 CRYPTO_LOCK_DH, dh->p, ctx);
                 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
                         {
                         /* XXX */
-                        BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
+                        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
                         }
                 if (!mont)
                         goto err;
                 }
-        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
+
+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
                 {
-                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+                DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
                 goto err;
                 }
+
         if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
                 {
-                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+                DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
                 goto err;
                 }
 
@@ -259,8 +258,6 @@ static int dh_init(DH *dh)
 static int dh_finish(DH *dh)
         {
         if(dh->method_mont_p)
-                BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
+                BN_MONT_CTX_free(dh->method_mont_p);
         return(1);
         }
-
-#endif
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 09965ee2ea..7aef080e7a 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -64,7 +64,7 @@
 #include <openssl/engine.h>
 #endif
 
-const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
 
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
index b76dede771..882f5c310a 100644
--- a/src/lib/libcrypto/dh/dhtest.c
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -56,6 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -83,12 +89,13 @@ int main(int argc, char *argv[])
 #define MS_CALLBACK
 #endif
 
-static void MS_CALLBACK cb(int p, int n, void *arg);
+static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);
 
 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 
 int main(int argc, char *argv[])
         {
+        BN_GENCB _cb;
         DH *a;
         DH *b=NULL;
         char buf[12];
@@ -110,8 +117,10 @@ int main(int argc, char *argv[])
         if (out == NULL) EXIT(1);
         BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
-        a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
-        if (a == NULL) goto err;
+        BN_GENCB_set(&_cb, &cb, out);
+        if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
+                                DH_GENERATOR_5, &_cb))
+                goto err;
 
         if (!DH_check(a, &i)) goto err;
         if (i & DH_CHECK_P_NOT_PRIME)
@@ -192,14 +201,14 @@ err:
         if(b != NULL) DH_free(b);
         if(a != NULL) DH_free(a);
         BIO_free(out);
-        CRYPTO_cleanup_all_ex_data();
-        ERR_remove_state(0);
-        CRYPTO_mem_leaks_fp(stderr);
+#ifdef OPENSSL_SYS_NETWARE
+    if (ret) printf("ERROR: %d\n", ret);
+#endif
         EXIT(ret);
         return(ret);
         }
 
-static void MS_CALLBACK cb(int p, int n, void *arg)
+static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)
         {
         char c='*';
 
@@ -207,10 +216,11 @@ static void MS_CALLBACK cb(int p, int n, void *arg)
         if (p == 1) c='+';
         if (p == 2) c='*';
         if (p == 3) c='\n';
-        BIO_write((BIO *)arg,&c,1);
-        (void)BIO_flush((BIO *)arg);
+        BIO_write(arg->arg,&c,1);
+        (void)BIO_flush(arg->arg);
 #ifdef LINT
         p=n;
 #endif
+        return 1;
         }
 #endif