KNF

author: miod <> 2014-07-09 10:16:24 +0000
committer: miod <> 2014-07-09 10:16:24 +0000
commit: 30a9e395f6ab6a5767151ca9805a33262b3acbe0 (patch)
tree: 9316d73cdc8c916f7b3c4bf0de6c3ad956b5f6da /src/lib/libcrypto/dsa/dsa_gen.c
parent: 962b62471b32ccf7900a7f2658ec172fc691e25a (diff)
download: openbsd-30a9e395f6ab6a5767151ca9805a33262b3acbe0.tar.gz
openbsd-30a9e395f6ab6a5767151ca9805a33262b3acbe0.tar.bz2
openbsd-30a9e395f6ab6a5767151ca9805a33262b3acbe0.zip
1 files changed, 137 insertions, 137 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index 22c388b9d1..d97f988688 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.13 2014/07/09 10:16:24 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -56,19 +56,6 @@
 * [including the GNU Public Licence.]
 */
-#undef GENUINE_DSA
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH    EVP_sha1()
-#endif 
 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
 #ifndef OPENSSL_NO_SHA
@@ -81,51 +68,47 @@
 #include <openssl/sha.h>
 #include "dsa_locl.h"
-int DSA_generate_parameters_ex(DSA *ret, int bits,
+int
-                const unsigned char *seed_in, int seed_len,
+DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+    int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
-        {
+{
-        if(ret->meth->dsa_paramgen)
+        if (ret->meth->dsa_paramgen)
                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
-                                counter_ret, h_ret, cb);
+                    counter_ret, h_ret, cb);
-        else
+        else {
-                {
                const EVP_MD *evpmd;
-                size_t qbits = bits >= 2048 ? 256 : 160;
+                size_t qbits;
-                if (bits >= 2048)
+                if (bits >= 2048) {
-                        {
                        qbits = 256;
                        evpmd = EVP_sha256();
-                        }
+                } else {
-                else
-                        {
                        qbits = 160;
                        evpmd = EVP_sha1();
-                        }
-                return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
-                        seed_in, seed_len, NULL, counter_ret, h_ret, cb);
                }
-        }
-int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in,
-        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+                    seed_len, NULL, counter_ret, h_ret, cb);
-        unsigned char *seed_out,
+        }
-        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+}
-        {
-        int ok=0;
+int
+dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
+    const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out,
+    int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+{
+        int ok = 0;
        unsigned char seed[SHA256_DIGEST_LENGTH];
        unsigned char md[SHA256_DIGEST_LENGTH];
-        unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
+        unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
-        BIGNUM *r0,*W,*X,*c,*test;
+        BIGNUM *r0, *W, *X, *c, *test;
-        BIGNUM *g=NULL,*q=NULL,*p=NULL;
+        BIGNUM *g = NULL, *q = NULL, *p = NULL;
-        BN_MONT_CTX *mont=NULL;
+        BN_MONT_CTX *mont = NULL;
-        int i, k, n=0, m=0, qsize = qbits >> 3;
+        int i, k, n = 0, m = 0, qsize = qbits >> 3;
-        int counter=0;
+        int counter = 0;
-        int r=0;
+        int r = 0;
-        BN_CTX *ctx=NULL;
+        BN_CTX *ctx = NULL;
-        unsigned int h=2;
+        unsigned int h = 2;
        if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
            qsize != SHA256_DIGEST_LENGTH)
@@ -139,16 +122,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        if (bits < 512)
                bits = 512;
-        bits = (bits+63)/64*64;
+        bits = (bits + 63) / 64 * 64;
-        /* NB: seed_len == 0 is special case: copy generated seed to
+        /*
+         * NB: seed_len == 0 is special case: copy generated seed to
         * seed_in if it is not NULL.
         */
-        if (seed_len && (seed_len < (size_t)qsize))
+        if (seed_len && seed_len < (size_t)qsize)
                seed_in = NULL;         /* seed buffer too small -- ignore */
+        /*
+         * App. 2.2 of FIPS PUB 186 allows larger SEED,
+         * but our internal buffers are restricted to 160 bits
+         */
        if (seed_len > (size_t)qsize) 
-                seed_len = qsize;       /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+                seed_len = qsize;
-                                         * but our internal buffers are restricted to 160 bits*/
        if (seed_in != NULL)
                memcpy(seed, seed_in, seed_len);
@@ -168,38 +155,34 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        p = BN_CTX_get(ctx);
        test = BN_CTX_get(ctx);
-        if (!BN_lshift(test,BN_value_one(),bits-1))
+        if (!BN_lshift(test, BN_value_one(), bits - 1))
                goto err;
-        for (;;)
+        for (;;) {
-                {
+                for (;;) { /* find q */
-                for (;;) /* find q */
-                        {
                        int seed_is_random;
                        /* step 1 */
-                        if(!BN_GENCB_call(cb, 0, m++))
+                        if (!BN_GENCB_call(cb, 0, m++))
                                goto err;
-                        if (!seed_len)
+                        if (!seed_len) {
-                                {
                                RAND_pseudo_bytes(seed, qsize);
                                seed_is_random = 1;
-                                }
+                        } else {
-                        else
-                                {
                                seed_is_random = 0;
-                                seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
+                                /* use random seed if 'seed_in' turns out
-                                }
+                                   to be bad */
-                        memcpy(buf , seed, qsize);
+                                seed_len = 0;
+                        }
+                        memcpy(buf, seed, qsize);
                        memcpy(buf2, seed, qsize);
                        /* precompute "SEED + 1" for step 7: */
-                        for (i = qsize-1; i >= 0; i--)
+                        for (i = qsize - 1; i >= 0; i--) {
-                                {
                                buf[i]++;
                                if (buf[i] != 0)
                                        break;
-                                }
+                        }
                        /* step 2 */
                        if (!EVP_Digest(seed, qsize, md,   NULL, evpmd, NULL))
@@ -207,17 +190,17 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
                        if (!EVP_Digest(buf,  qsize, buf2, NULL, evpmd, NULL))
                                goto err;
                        for (i = 0; i < qsize; i++)
-                                md[i]^=buf2[i];
+                                md[i] ^= buf2[i];
                        /* step 3 */
                        md[0] |= 0x80;
-                        md[qsize-1] |= 0x01;
+                        md[qsize - 1] |= 0x01;
                        if (!BN_bin2bn(md, qsize, q))
                                goto err;
                        /* step 4 */
                        r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
-                                        seed_is_random, cb);
+                            seed_is_random, cb);
                        if (r > 0)
                                break;
                        if (r != 0)
@@ -225,127 +208,144 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
                        /* do a callback call */
                        /* step 5 */
-                        }
+                }
-                if(!BN_GENCB_call(cb, 2, 0)) goto err;
+                if (!BN_GENCB_call(cb, 2, 0))
-                if(!BN_GENCB_call(cb, 3, 0)) goto err;
+                        goto err;
+                if (!BN_GENCB_call(cb, 3, 0))
+                        goto err;
                /* step 6 */
-                counter=0;
+                counter = 0;
                /* "offset = 2" */
-                n=(bits-1)/160;
+                n = (bits - 1) / 160;
-                for (;;)
+                for (;;) {
-                        {
+                        if (counter != 0 && !BN_GENCB_call(cb, 0, counter))
-                        if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
                                goto err;
                        /* step 7 */
                        BN_zero(W);
                        /* now 'buf' contains "SEED + offset - 1" */
-                        for (k=0; k<=n; k++)
+                        for (k = 0; k <= n; k++) {
-                                {
                                /* obtain "SEED + offset + k" by incrementing: */
-                                for (i = qsize-1; i >= 0; i--)
+                                for (i = qsize - 1; i >= 0; i--) {
-                                        {
                                        buf[i]++;
                                        if (buf[i] != 0)
                                                break;
-                                        }
+                                }
                                if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,
-                                                                        NULL))
+                                    NULL))
                                        goto err;
                                /* step 8 */
                                if (!BN_bin2bn(md, qsize, r0))
                                        goto err;
-                                if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
+                                if (!BN_lshift(r0, r0, (qsize << 3) * k))
-                                if (!BN_add(W,W,r0)) goto err;
+                                        goto err;
-                                }
+                                if (!BN_add(W, W, r0))
+                                        goto err;
+                        }
                        /* more of step 8 */
-                        if (!BN_mask_bits(W,bits-1)) goto err;
+                        if (!BN_mask_bits(W, bits - 1))
-                        if (!BN_copy(X,W)) goto err;
+                                goto err;
-                        if (!BN_add(X,X,test)) goto err;
+                        if (!BN_copy(X, W))
+                                goto err;
+                        if (!BN_add(X, X, test))
+                                goto err;
                        /* step 9 */
-                        if (!BN_lshift1(r0,q)) goto err;
+                        if (!BN_lshift1(r0, q))
-                        if (!BN_mod(c,X,r0,ctx)) goto err;
+                                goto err;
-                        if (!BN_sub(r0,c,BN_value_one())) goto err;
+                        if (!BN_mod(c, X, r0, ctx))
-                        if (!BN_sub(p,X,r0)) goto err;
+                                goto err;
+                        if (!BN_sub(r0, c, BN_value_one()))
+                                goto err;
+                        if (!BN_sub(p, X, r0))
+                                goto err;
                        /* step 10 */
-                        if (BN_cmp(p,test) >= 0)
+                        if (BN_cmp(p, test) >= 0) {
-                                {
                                /* step 11 */
                                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
-                                                ctx, 1, cb);
+                                    ctx, 1, cb);
                                if (r > 0)
-                                                goto end; /* found it */
+                                        goto end; /* found it */
                                if (r != 0)
                                        goto err;
-                                }
+                        }
                        /* step 13 */
                        counter++;
                        /* "offset = offset + n + 1" */
                        /* step 14 */
-                        if (counter >= 4096) break;
+                        if (counter >= 4096)
-                        }
+                                break;
                }
+        }
 end:
-        if(!BN_GENCB_call(cb, 2, 1))
+        if (!BN_GENCB_call(cb, 2, 1))
                goto err;
        /* We now need to generate g */
        /* Set r0=(p-1)/q */
-        if (!BN_sub(test,p,BN_value_one())) goto err;
+        if (!BN_sub(test, p, BN_value_one()))
-        if (!BN_div(r0,NULL,test,q,ctx)) goto err;
+                goto err;
+        if (!BN_div(r0, NULL, test, q, ctx))
+                goto err;
-        if (!BN_set_word(test,h)) goto err;
+        if (!BN_set_word(test, h))
-        if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
+                goto err;
+        if (!BN_MONT_CTX_set(mont, p, ctx))
+                goto err;
-        for (;;)
+        for (;;) {
-                {
                /* g=test^r0%p */
-                if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
+                if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
-                if (!BN_is_one(g)) break;
+                        goto err;
-                if (!BN_add(test,test,BN_value_one())) goto err;
+                if (!BN_is_one(g))
+                        break;
+                if (!BN_add(test, test, BN_value_one()))
+                        goto err;
                h++;
-                }
+        }
-        if(!BN_GENCB_call(cb, 3, 1))
+        if (!BN_GENCB_call(cb, 3, 1))
                goto err;
-        ok=1;
+        ok = 1;
 err:
-        if (ok)
+        if (ok) {
-                {
+                if (ret->p)
-                if(ret->p) BN_free(ret->p);
+                        BN_free(ret->p);
-                if(ret->q) BN_free(ret->q);
+                if (ret->q)
-                if(ret->g) BN_free(ret->g);
+                        BN_free(ret->q);
-                ret->p=BN_dup(p);
+                if (ret->g)
-                ret->q=BN_dup(q);
+                        BN_free(ret->g);
-                ret->g=BN_dup(g);
+                ret->p = BN_dup(p);
-                if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
+                ret->q = BN_dup(q);
-                        {
+                ret->g = BN_dup(g);
-                        ok=0;
+                if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+                        ok = 0;
                        goto err;
-                        }
+                }
-                if (counter_ret != NULL) *counter_ret=counter;
+                if (counter_ret != NULL)
-                if (h_ret != NULL) *h_ret=h;
+                        *counter_ret = counter;
+                if (h_ret != NULL)
+                        *h_ret = h;
                if (seed_out)
                        memcpy(seed_out, seed, qsize);
-                }
+        }
-        if(ctx)
+        if (ctx) {
-                {
                BN_CTX_end(ctx);
                BN_CTX_free(ctx);
-                }
-        if (mont != NULL) BN_MONT_CTX_free(mont);
-        return ok;
        }
+        if (mont != NULL)
+                BN_MONT_CTX_free(mont);
+        return ok;
+}
 #endif
author	miod <>	2014-07-09 10:16:24 +0000
committer	miod <>	2014-07-09 10:16:24 +0000
commit	30a9e395f6ab6a5767151ca9805a33262b3acbe0 (patch)
tree	9316d73cdc8c916f7b3c4bf0de6c3ad956b5f6da /src/lib/libcrypto/dsa/dsa_gen.c
parent	962b62471b32ccf7900a7f2658ec172fc691e25a (diff)
download	openbsd-30a9e395f6ab6a5767151ca9805a33262b3acbe0.tar.gz openbsd-30a9e395f6ab6a5767151ca9805a33262b3acbe0.tar.bz2 openbsd-30a9e395f6ab6a5767151ca9805a33262b3acbe0.zip

diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index 22c388b9d1..d97f988688 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_gen.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */	1	/* $OpenBSD: dsa_gen.c,v 1.13 2014/07/09 10:16:24 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -56,19 +56,6 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
59	#undef GENUINE_DSA
60
61	#ifdef GENUINE_DSA
62	/* Parameter generation follows the original release of FIPS PUB 186,
63	* Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
64	#define HASH EVP_sha()
65	#else
66	/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
67	* also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
68	* FIPS PUB 180-1) */
69	#define HASH EVP_sha1()
70	#endif
71
72	#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */	59	#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
73		60
74	#ifndef OPENSSL_NO_SHA	61	#ifndef OPENSSL_NO_SHA
@@ -81,51 +68,47 @@
81	#include <openssl/sha.h>	68	#include <openssl/sha.h>
82	#include "dsa_locl.h"	69	#include "dsa_locl.h"
83		70
84	int DSA_generate_parameters_ex(DSA *ret, int bits,	71	int
85	const unsigned char *seed_in, int seed_len,	72	DSA_generate_parameters_ex(DSA ret, int bits, const unsigned char seed_in,
86	int counter_ret, unsigned long h_ret, BN_GENCB *cb)	73	int seed_len, int counter_ret, unsigned long h_ret, BN_GENCB *cb)
87	{	74	{
88	if(ret->meth->dsa_paramgen)	75	if (ret->meth->dsa_paramgen)
89	return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,	76	return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
90	counter_ret, h_ret, cb);	77	counter_ret, h_ret, cb);
91	else	78	else {
92	{
93	const EVP_MD *evpmd;	79	const EVP_MD *evpmd;
94	size_t qbits = bits >= 2048 ? 256 : 160;	80	size_t qbits;
95		81
96	if (bits >= 2048)	82	if (bits >= 2048) {
97	{
98	qbits = 256;	83	qbits = 256;
99	evpmd = EVP_sha256();	84	evpmd = EVP_sha256();
100	}	85	} else {
101	else
102	{
103	qbits = 160;	86	qbits = 160;
104	evpmd = EVP_sha1();	87	evpmd = EVP_sha1();
105	}
106
107	return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
108	seed_in, seed_len, NULL, counter_ret, h_ret, cb);
109	}	88	}
110	}
111		89
112	int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,	90	return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in,
113	const EVP_MD evpmd, const unsigned char seed_in, size_t seed_len,	91	seed_len, NULL, counter_ret, h_ret, cb);
114	unsigned char *seed_out,	92	}
115	int counter_ret, unsigned long h_ret, BN_GENCB *cb)	93	}
116	{	94
117	int ok=0;	95	int
		96	dsa_builtin_paramgen(DSA ret, size_t bits, size_t qbits, const EVP_MD evpmd,
		97	const unsigned char seed_in, size_t seed_len, unsigned char seed_out,
		98	int counter_ret, unsigned long h_ret, BN_GENCB *cb)
		99	{
		100	int ok = 0;
118	unsigned char seed[SHA256_DIGEST_LENGTH];	101	unsigned char seed[SHA256_DIGEST_LENGTH];
119	unsigned char md[SHA256_DIGEST_LENGTH];	102	unsigned char md[SHA256_DIGEST_LENGTH];
120	unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];	103	unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
121	BIGNUM r0,W,X,c,*test;	104	BIGNUM r0, W, X, c, *test;
122	BIGNUM g=NULL,q=NULL,*p=NULL;	105	BIGNUM g = NULL, q = NULL, *p = NULL;
123	BN_MONT_CTX *mont=NULL;	106	BN_MONT_CTX *mont = NULL;
124	int i, k, n=0, m=0, qsize = qbits >> 3;	107	int i, k, n = 0, m = 0, qsize = qbits >> 3;
125	int counter=0;	108	int counter = 0;
126	int r=0;	109	int r = 0;
127	BN_CTX *ctx=NULL;	110	BN_CTX *ctx = NULL;
128	unsigned int h=2;	111	unsigned int h = 2;
129		112
130	if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&	113	if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
131	qsize != SHA256_DIGEST_LENGTH)	114	qsize != SHA256_DIGEST_LENGTH)
@@ -139,16 +122,20 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
139	if (bits < 512)	122	if (bits < 512)
140	bits = 512;	123	bits = 512;
141		124
142	bits = (bits+63)/64*64;	125	bits = (bits + 63) / 64 * 64;
143		126
144	/* NB: seed_len == 0 is special case: copy generated seed to	127	/*
		128	* NB: seed_len == 0 is special case: copy generated seed to
145	* seed_in if it is not NULL.	129	* seed_in if it is not NULL.
146	*/	130	*/
147	if (seed_len && (seed_len < (size_t)qsize))	131	if (seed_len && seed_len < (size_t)qsize)
148	seed_in = NULL; /* seed buffer too small -- ignore */	132	seed_in = NULL; /* seed buffer too small -- ignore */
		133	/*
		134	* App. 2.2 of FIPS PUB 186 allows larger SEED,
		135	* but our internal buffers are restricted to 160 bits
		136	*/
149	if (seed_len > (size_t)qsize)	137	if (seed_len > (size_t)qsize)
150	seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,	138	seed_len = qsize;
151	* but our internal buffers are restricted to 160 bits*/
152	if (seed_in != NULL)	139	if (seed_in != NULL)
153	memcpy(seed, seed_in, seed_len);	140	memcpy(seed, seed_in, seed_len);
154		141
@@ -168,38 +155,34 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
168	p = BN_CTX_get(ctx);	155	p = BN_CTX_get(ctx);
169	test = BN_CTX_get(ctx);	156	test = BN_CTX_get(ctx);
170		157
171	if (!BN_lshift(test,BN_value_one(),bits-1))	158	if (!BN_lshift(test, BN_value_one(), bits - 1))
172	goto err;	159	goto err;
173		160
174	for (;;)	161	for (;;) {
175	{	162	for (;;) { /* find q */
176	for (;;) /* find q */
177	{
178	int seed_is_random;	163	int seed_is_random;
179		164
180	/* step 1 */	165	/* step 1 */
181	if(!BN_GENCB_call(cb, 0, m++))	166	if (!BN_GENCB_call(cb, 0, m++))
182	goto err;	167	goto err;
183		168
184	if (!seed_len)	169	if (!seed_len) {
185	{
186	RAND_pseudo_bytes(seed, qsize);	170	RAND_pseudo_bytes(seed, qsize);
187	seed_is_random = 1;	171	seed_is_random = 1;
188	}	172	} else {
189	else
190	{
191	seed_is_random = 0;	173	seed_is_random = 0;
192	seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/	174	/* use random seed if 'seed_in' turns out
193	}	175	to be bad */
194	memcpy(buf , seed, qsize);	176	seed_len = 0;
		177	}
		178	memcpy(buf, seed, qsize);
195	memcpy(buf2, seed, qsize);	179	memcpy(buf2, seed, qsize);
196	/* precompute "SEED + 1" for step 7: */	180	/* precompute "SEED + 1" for step 7: */
197	for (i = qsize-1; i >= 0; i--)	181	for (i = qsize - 1; i >= 0; i--) {
198	{
199	buf[i]++;	182	buf[i]++;
200	if (buf[i] != 0)	183	if (buf[i] != 0)
201	break;	184	break;
202	}	185	}
203		186
204	/* step 2 */	187	/* step 2 */
205	if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))	188	if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
@@ -207,17 +190,17 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
207	if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))	190	if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
208	goto err;	191	goto err;
209	for (i = 0; i < qsize; i++)	192	for (i = 0; i < qsize; i++)
210	md[i]^=buf2[i];	193	md[i] ^= buf2[i];
211		194
212	/* step 3 */	195	/* step 3 */
213	md[0] \|= 0x80;	196	md[0] \|= 0x80;
214	md[qsize-1] \|= 0x01;	197	md[qsize - 1] \|= 0x01;
215	if (!BN_bin2bn(md, qsize, q))	198	if (!BN_bin2bn(md, qsize, q))
216	goto err;	199	goto err;
217		200
218	/* step 4 */	201	/* step 4 */
219	r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,	202	r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
220	seed_is_random, cb);	203	seed_is_random, cb);
221	if (r > 0)	204	if (r > 0)
222	break;	205	break;
223	if (r != 0)	206	if (r != 0)
@@ -225,127 +208,144 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
225		208
226	/* do a callback call */	209	/* do a callback call */
227	/* step 5 */	210	/* step 5 */
228	}	211	}
229		212
230	if(!BN_GENCB_call(cb, 2, 0)) goto err;	213	if (!BN_GENCB_call(cb, 2, 0))
231	if(!BN_GENCB_call(cb, 3, 0)) goto err;	214	goto err;
		215	if (!BN_GENCB_call(cb, 3, 0))
		216	goto err;
232		217
233	/* step 6 */	218	/* step 6 */
234	counter=0;	219	counter = 0;
235	/* "offset = 2" */	220	/* "offset = 2" */
236		221
237	n=(bits-1)/160;	222	n = (bits - 1) / 160;
238		223
239	for (;;)	224	for (;;) {
240	{	225	if (counter != 0 && !BN_GENCB_call(cb, 0, counter))
241	if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
242	goto err;	226	goto err;
243		227
244	/* step 7 */	228	/* step 7 */
245	BN_zero(W);	229	BN_zero(W);
246	/* now 'buf' contains "SEED + offset - 1" */	230	/* now 'buf' contains "SEED + offset - 1" */
247	for (k=0; k<=n; k++)	231	for (k = 0; k <= n; k++) {
248	{
249	/* obtain "SEED + offset + k" by incrementing: */	232	/* obtain "SEED + offset + k" by incrementing: */
250	for (i = qsize-1; i >= 0; i--)	233	for (i = qsize - 1; i >= 0; i--) {
251	{
252	buf[i]++;	234	buf[i]++;
253	if (buf[i] != 0)	235	if (buf[i] != 0)
254	break;	236	break;
255	}	237	}
256		238
257	if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,	239	if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,
258	NULL))	240	NULL))
259	goto err;	241	goto err;
260		242
261	/* step 8 */	243	/* step 8 */
262	if (!BN_bin2bn(md, qsize, r0))	244	if (!BN_bin2bn(md, qsize, r0))
263	goto err;	245	goto err;
264	if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;	246	if (!BN_lshift(r0, r0, (qsize << 3) * k))
265	if (!BN_add(W,W,r0)) goto err;	247	goto err;
266	}	248	if (!BN_add(W, W, r0))
		249	goto err;
		250	}
267		251
268	/* more of step 8 */	252	/* more of step 8 */
269	if (!BN_mask_bits(W,bits-1)) goto err;	253	if (!BN_mask_bits(W, bits - 1))
270	if (!BN_copy(X,W)) goto err;	254	goto err;
271	if (!BN_add(X,X,test)) goto err;	255	if (!BN_copy(X, W))
		256	goto err;
		257	if (!BN_add(X, X, test))
		258	goto err;
272		259
273	/* step 9 */	260	/* step 9 */
274	if (!BN_lshift1(r0,q)) goto err;	261	if (!BN_lshift1(r0, q))
275	if (!BN_mod(c,X,r0,ctx)) goto err;	262	goto err;
276	if (!BN_sub(r0,c,BN_value_one())) goto err;	263	if (!BN_mod(c, X, r0, ctx))
277	if (!BN_sub(p,X,r0)) goto err;	264	goto err;
		265	if (!BN_sub(r0, c, BN_value_one()))
		266	goto err;
		267	if (!BN_sub(p, X, r0))
		268	goto err;
278		269
279	/* step 10 */	270	/* step 10 */
280	if (BN_cmp(p,test) >= 0)	271	if (BN_cmp(p, test) >= 0) {
281	{
282	/* step 11 */	272	/* step 11 */
283	r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,	273	r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
284	ctx, 1, cb);	274	ctx, 1, cb);
285	if (r > 0)	275	if (r > 0)
286	goto end; /* found it */	276	goto end; /* found it */
287	if (r != 0)	277	if (r != 0)
288	goto err;	278	goto err;
289	}	279	}
290		280
291	/* step 13 */	281	/* step 13 */
292	counter++;	282	counter++;
293	/* "offset = offset + n + 1" */	283	/* "offset = offset + n + 1" */
294		284
295	/* step 14 */	285	/* step 14 */
296	if (counter >= 4096) break;	286	if (counter >= 4096)
297	}	287	break;
298	}	288	}
		289	}
299	end:	290	end:
300	if(!BN_GENCB_call(cb, 2, 1))	291	if (!BN_GENCB_call(cb, 2, 1))
301	goto err;	292	goto err;
302		293
303	/* We now need to generate g */	294	/* We now need to generate g */
304	/* Set r0=(p-1)/q */	295	/* Set r0=(p-1)/q */
305	if (!BN_sub(test,p,BN_value_one())) goto err;	296	if (!BN_sub(test, p, BN_value_one()))
306	if (!BN_div(r0,NULL,test,q,ctx)) goto err;	297	goto err;
		298	if (!BN_div(r0, NULL, test, q, ctx))
		299	goto err;
307		300
308	if (!BN_set_word(test,h)) goto err;	301	if (!BN_set_word(test, h))
309	if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;	302	goto err;
		303	if (!BN_MONT_CTX_set(mont, p, ctx))
		304	goto err;
310		305
311	for (;;)	306	for (;;) {
312	{
313	/* g=test^r0%p */	307	/* g=test^r0%p */
314	if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;	308	if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
315	if (!BN_is_one(g)) break;	309	goto err;
316	if (!BN_add(test,test,BN_value_one())) goto err;	310	if (!BN_is_one(g))
		311	break;
		312	if (!BN_add(test, test, BN_value_one()))
		313	goto err;
317	h++;	314	h++;
318	}	315	}
319		316
320	if(!BN_GENCB_call(cb, 3, 1))	317	if (!BN_GENCB_call(cb, 3, 1))
321	goto err;	318	goto err;
322		319
323	ok=1;	320	ok = 1;
324	err:	321	err:
325	if (ok)	322	if (ok) {
326	{	323	if (ret->p)
327	if(ret->p) BN_free(ret->p);	324	BN_free(ret->p);
328	if(ret->q) BN_free(ret->q);	325	if (ret->q)
329	if(ret->g) BN_free(ret->g);	326	BN_free(ret->q);
330	ret->p=BN_dup(p);	327	if (ret->g)
331	ret->q=BN_dup(q);	328	BN_free(ret->g);
332	ret->g=BN_dup(g);	329	ret->p = BN_dup(p);
333	if (ret->p == NULL \|\| ret->q == NULL \|\| ret->g == NULL)	330	ret->q = BN_dup(q);
334	{	331	ret->g = BN_dup(g);
335	ok=0;	332	if (ret->p == NULL \|\| ret->q == NULL \|\| ret->g == NULL) {
		333	ok = 0;
336	goto err;	334	goto err;
337	}	335	}
338	if (counter_ret != NULL) *counter_ret=counter;	336	if (counter_ret != NULL)
339	if (h_ret != NULL) *h_ret=h;	337	*counter_ret = counter;
		338	if (h_ret != NULL)
		339	*h_ret = h;
340	if (seed_out)	340	if (seed_out)
341	memcpy(seed_out, seed, qsize);	341	memcpy(seed_out, seed, qsize);
342	}	342	}
343	if(ctx)	343	if (ctx) {
344	{
345	BN_CTX_end(ctx);	344	BN_CTX_end(ctx);
346	BN_CTX_free(ctx);	345	BN_CTX_free(ctx);
347	}
348	if (mont != NULL) BN_MONT_CTX_free(mont);
349	return ok;
350	}	346	}
		347	if (mont != NULL)
		348	BN_MONT_CTX_free(mont);
		349	return ok;
		350	}
351	#endif	351	#endif