summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authormiod <>2014-07-09 13:26:47 +0000
committermiod <>2014-07-09 13:26:47 +0000
commit7b0280e96c976103d66ebabe5a23f4f9e18a88f1 (patch)
treeefa6e3fe5e9cccf6532f4f9d3fd222d9fbb45764 /src
parent4b7ee752ce92891c2906d9e0a72e420564d3dfd1 (diff)
downloadopenbsd-7b0280e96c976103d66ebabe5a23f4f9e18a88f1.tar.gz
openbsd-7b0280e96c976103d66ebabe5a23f4f9e18a88f1.tar.bz2
openbsd-7b0280e96c976103d66ebabe5a23f4f9e18a88f1.zip
KNF
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/dh/dh_ameth.c295
-rw-r--r--src/lib/libcrypto/dh/dh_asn1.c20
-rw-r--r--src/lib/libcrypto/dh/dh_check.c125
-rw-r--r--src/lib/libcrypto/dh/dh_depr.c17
-rw-r--r--src/lib/libcrypto/dh/dh_gen.c129
-rw-r--r--src/lib/libcrypto/dh/dh_key.c236
-rw-r--r--src/lib/libcrypto/dh/dh_lib.c209
-rw-r--r--src/lib/libcrypto/dh/dh_pmeth.c113
-rw-r--r--src/lib/libcrypto/dh/dh_prn.c22
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_ameth.c295
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_asn1.c20
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_check.c125
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_depr.c17
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_gen.c129
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_key.c236
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_lib.c209
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_pmeth.c113
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_prn.c22
18 files changed, 1198 insertions, 1134 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index 88ef78d98d..9e911c8779 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_ameth.c,v 1.8 2014/06/30 14:15:34 tedu Exp $ */ 1/* $OpenBSD: dh_ameth.c,v 1.9 2014/07/09 13:26:47 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -64,13 +64,15 @@
64#include <openssl/bn.h> 64#include <openssl/bn.h>
65#include "asn1_locl.h" 65#include "asn1_locl.h"
66 66
67static void int_dh_free(EVP_PKEY *pkey) 67static void
68 { 68int_dh_free(EVP_PKEY *pkey)
69{
69 DH_free(pkey->pkey.dh); 70 DH_free(pkey->pkey.dh);
70 } 71}
71 72
72static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 73static int
73 { 74dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
75{
74 const unsigned char *p, *pm; 76 const unsigned char *p, *pm;
75 int pklen, pmlen; 77 int pklen, pmlen;
76 int ptype; 78 int ptype;
@@ -78,57 +80,52 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
78 ASN1_STRING *pstr; 80 ASN1_STRING *pstr;
79 X509_ALGOR *palg; 81 X509_ALGOR *palg;
80 ASN1_INTEGER *public_key = NULL; 82 ASN1_INTEGER *public_key = NULL;
81
82 DH *dh = NULL; 83 DH *dh = NULL;
83 84
84 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) 85 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
85 return 0; 86 return 0;
86 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 87 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
87 88
88 if (ptype != V_ASN1_SEQUENCE) 89 if (ptype != V_ASN1_SEQUENCE) {
89 {
90 DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); 90 DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
91 goto err; 91 goto err;
92 } 92 }
93 93
94 pstr = pval; 94 pstr = pval;
95 pm = pstr->data; 95 pm = pstr->data;
96 pmlen = pstr->length; 96 pmlen = pstr->length;
97 97
98 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) 98 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
99 {
100 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); 99 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
101 goto err; 100 goto err;
102 } 101 }
103 102
104 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) 103 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
105 {
106 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); 104 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
107 goto err; 105 goto err;
108 } 106 }
109 107
110 /* We have parameters now set public key */ 108 /* We have parameters now set public key */
111 if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) 109 if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
112 {
113 DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); 110 DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
114 goto err; 111 goto err;
115 } 112 }
116 113
117 ASN1_INTEGER_free(public_key); 114 ASN1_INTEGER_free(public_key);
118 EVP_PKEY_assign_DH(pkey, dh); 115 EVP_PKEY_assign_DH(pkey, dh);
119 return 1; 116 return 1;
120 117
121 err: 118err:
122 if (public_key) 119 if (public_key)
123 ASN1_INTEGER_free(public_key); 120 ASN1_INTEGER_free(public_key);
124 if (dh) 121 if (dh)
125 DH_free(dh); 122 DH_free(dh);
126 return 0; 123 return 0;
124}
127 125
128 } 126static int
129 127dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
130static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 128{
131 {
132 DH *dh; 129 DH *dh;
133 int ptype; 130 int ptype;
134 unsigned char *penc = NULL; 131 unsigned char *penc = NULL;
@@ -145,11 +142,10 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
145 } 142 }
146 143
147 str->length = i2d_DHparams(dh, &str->data); 144 str->length = i2d_DHparams(dh, &str->data);
148 if (str->length <= 0) 145 if (str->length <= 0) {
149 {
150 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 146 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
151 goto err; 147 goto err;
152 } 148 }
153 ptype = V_ASN1_SEQUENCE; 149 ptype = V_ASN1_SEQUENCE;
154 150
155 pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); 151 pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
@@ -160,32 +156,32 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
160 156
161 ASN1_INTEGER_free(pub_key); 157 ASN1_INTEGER_free(pub_key);
162 158
163 if (penclen <= 0) 159 if (penclen <= 0) {
164 {
165 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 160 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
166 goto err; 161 goto err;
167 } 162 }
168 163
169 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), 164 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,
170 ptype, (void *)str, penc, penclen)) 165 (void *)str, penc, penclen))
171 return 1; 166 return 1;
172 167
173 err: 168err:
174 free(penc); 169 free(penc);
175 if (str) 170 if (str)
176 ASN1_STRING_free(str); 171 ASN1_STRING_free(str);
177 172
178 return 0; 173 return 0;
179 } 174}
180
181 175
182/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in 176/*
177 * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
183 * that the AlgorithmIdentifier contains the paramaters, the private key 178 * that the AlgorithmIdentifier contains the paramaters, the private key
184 * is explcitly included and the pubkey must be recalculated. 179 * is explcitly included and the pubkey must be recalculated.
185 */ 180 */
186 181
187static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 182static int
188 { 183dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
184{
189 const unsigned char *p, *pm; 185 const unsigned char *p, *pm;
190 int pklen, pmlen; 186 int pklen, pmlen;
191 int ptype; 187 int ptype;
@@ -193,7 +189,6 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
193 ASN1_STRING *pstr; 189 ASN1_STRING *pstr;
194 X509_ALGOR *palg; 190 X509_ALGOR *palg;
195 ASN1_INTEGER *privkey = NULL; 191 ASN1_INTEGER *privkey = NULL;
196
197 DH *dh = NULL; 192 DH *dh = NULL;
198 193
199 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) 194 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
@@ -202,23 +197,21 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
202 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 197 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
203 198
204 if (ptype != V_ASN1_SEQUENCE) 199 if (ptype != V_ASN1_SEQUENCE)
205 goto decerr; 200 goto decerr;
206 201
207 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) 202 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
208 goto decerr; 203 goto decerr;
209 204
210
211 pstr = pval; 205 pstr = pval;
212 pm = pstr->data; 206 pm = pstr->data;
213 pmlen = pstr->length; 207 pmlen = pstr->length;
214 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) 208 if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
215 goto decerr; 209 goto decerr;
216 /* We have parameters now set private key */ 210 /* We have parameters now set private key */
217 if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) 211 if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
218 { 212 DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
219 DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
220 goto dherr; 213 goto dherr;
221 } 214 }
222 /* Calculate public key */ 215 /* Calculate public key */
223 if (!DH_generate_key(dh)) 216 if (!DH_generate_key(dh))
224 goto dherr; 217 goto dherr;
@@ -229,14 +222,15 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
229 222
230 return 1; 223 return 1;
231 224
232 decerr: 225decerr:
233 DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); 226 DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
234 dherr: 227dherr:
235 DH_free(dh); 228 DH_free(dh);
236 return 0; 229 return 0;
237 } 230}
238 231
239static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 232static int
233dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
240{ 234{
241 ASN1_STRING *params = NULL; 235 ASN1_STRING *params = NULL;
242 ASN1_INTEGER *prkey = NULL; 236 ASN1_INTEGER *prkey = NULL;
@@ -245,35 +239,32 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
245 239
246 params = ASN1_STRING_new(); 240 params = ASN1_STRING_new();
247 241
248 if (!params) 242 if (!params) {
249 { 243 DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
250 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
251 goto err; 244 goto err;
252 } 245 }
253 246
254 params->length = i2d_DHparams(pkey->pkey.dh, &params->data); 247 params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
255 if (params->length <= 0) 248 if (params->length <= 0) {
256 {
257 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); 249 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
258 goto err; 250 goto err;
259 } 251 }
260 params->type = V_ASN1_SEQUENCE; 252 params->type = V_ASN1_SEQUENCE;
261 253
262 /* Get private key into integer */ 254 /* Get private key into integer */
263 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); 255 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
264 256
265 if (!prkey) 257 if (!prkey) {
266 { 258 DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
267 DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);
268 goto err; 259 goto err;
269 } 260 }
270 261
271 dplen = i2d_ASN1_INTEGER(prkey, &dp); 262 dplen = i2d_ASN1_INTEGER(prkey, &dp);
272 263
273 ASN1_INTEGER_free(prkey); 264 ASN1_INTEGER_free(prkey);
274 265
275 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, 266 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
276 V_ASN1_SEQUENCE, params, dp, dplen)) 267 V_ASN1_SEQUENCE, params, dp, dplen))
277 goto err; 268 goto err;
278 269
279 return 1; 270 return 1;
@@ -287,43 +278,43 @@ err:
287 return 0; 278 return 0;
288} 279}
289 280
290 281static void
291static void update_buflen(const BIGNUM *b, size_t *pbuflen) 282update_buflen(const BIGNUM *b, size_t *pbuflen)
292 { 283{
293 size_t i; 284 size_t i;
285
294 if (!b) 286 if (!b)
295 return; 287 return;
296 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 288 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
297 *pbuflen = i; 289 *pbuflen = i;
298 } 290}
299 291
300static int dh_param_decode(EVP_PKEY *pkey, 292static int
301 const unsigned char **pder, int derlen) 293dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
302 { 294{
303 DH *dh; 295 DH *dh;
304 if (!(dh = d2i_DHparams(NULL, pder, derlen))) 296
305 { 297 if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
306 DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); 298 DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
307 return 0; 299 return 0;
308 } 300 }
309 EVP_PKEY_assign_DH(pkey, dh); 301 EVP_PKEY_assign_DH(pkey, dh);
310 return 1; 302 return 1;
311 } 303}
312 304
313static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 305static int
314 { 306dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
307{
315 return i2d_DHparams(pkey->pkey.dh, pder); 308 return i2d_DHparams(pkey->pkey.dh, pder);
316 } 309}
317
318static int do_dh_print(BIO *bp, const DH *x, int indent,
319 ASN1_PCTX *ctx, int ptype)
320 {
321 unsigned char *m=NULL;
322 int reason=ERR_R_BUF_LIB,ret=0;
323 size_t buf_len=0;
324 310
311static int
312do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype)
313{
314 unsigned char *m = NULL;
315 int reason = ERR_R_BUF_LIB, ret = 0;
316 size_t buf_len = 0;
325 const char *ktype = NULL; 317 const char *ktype = NULL;
326
327 BIGNUM *priv_key, *pub_key; 318 BIGNUM *priv_key, *pub_key;
328 319
329 if (ptype == 2) 320 if (ptype == 2)
@@ -338,11 +329,10 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
338 329
339 update_buflen(x->p, &buf_len); 330 update_buflen(x->p, &buf_len);
340 331
341 if (buf_len == 0) 332 if (buf_len == 0) {
342 {
343 reason = ERR_R_PASSED_NULL_PARAMETER; 333 reason = ERR_R_PASSED_NULL_PARAMETER;
344 goto err; 334 goto err;
345 } 335 }
346 336
347 update_buflen(x->g, &buf_len); 337 update_buflen(x->g, &buf_len);
348 update_buflen(pub_key, &buf_len); 338 update_buflen(pub_key, &buf_len);
@@ -355,118 +345,126 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
355 else 345 else
356 ktype = "PKCS#3 DH Parameters"; 346 ktype = "PKCS#3 DH Parameters";
357 347
358 m= malloc(buf_len+10); 348 m= malloc(buf_len + 10);
359 if (m == NULL) 349 if (m == NULL) {
360 { 350 reason = ERR_R_MALLOC_FAILURE;
361 reason=ERR_R_MALLOC_FAILURE;
362 goto err; 351 goto err;
363 } 352 }
364 353
365 BIO_indent(bp, indent, 128); 354 BIO_indent(bp, indent, 128);
366 if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) 355 if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
367 goto err; 356 goto err;
368 indent += 4; 357 indent += 4;
369 358
370 if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err; 359 if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
371 if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err; 360 goto err;
361 if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
362 goto err;
372 363
373 if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err; 364 if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
374 if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err; 365 goto err;
375 if (x->length != 0) 366 if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
376 { 367 goto err;
368 if (x->length != 0) {
377 BIO_indent(bp, indent, 128); 369 BIO_indent(bp, indent, 128);
378 if (BIO_printf(bp,"recommended-private-length: %d bits\n", 370 if (BIO_printf(bp, "recommended-private-length: %d bits\n",
379 (int)x->length) <= 0) goto err; 371 (int)x->length) <= 0)
380 } 372 goto err;
381 373 }
382 374
383 ret=1; 375 ret = 1;
384 if (0) 376 if (0) {
385 {
386err: 377err:
387 DHerr(DH_F_DO_DH_PRINT,reason); 378 DHerr(DH_F_DO_DH_PRINT,reason);
388 } 379 }
389 free(m); 380 free(m);
390 return(ret); 381 return(ret);
391 } 382}
392 383
393static int int_dh_size(const EVP_PKEY *pkey) 384static int
394 { 385int_dh_size(const EVP_PKEY *pkey)
395 return(DH_size(pkey->pkey.dh)); 386{
396 } 387 return DH_size(pkey->pkey.dh);
388}
397 389
398static int dh_bits(const EVP_PKEY *pkey) 390static int
399 { 391dh_bits(const EVP_PKEY *pkey)
392{
400 return BN_num_bits(pkey->pkey.dh->p); 393 return BN_num_bits(pkey->pkey.dh->p);
401 } 394}
402 395
403static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) 396static int
404 { 397dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
405 if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) || 398{
406 BN_cmp(a->pkey.dh->g,b->pkey.dh->g)) 399 if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
400 BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
407 return 0; 401 return 0;
408 else 402 else
409 return 1; 403 return 1;
410 } 404}
411 405
412static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) 406static int
413 { 407dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
408{
414 BIGNUM *a; 409 BIGNUM *a;
415 410
416 if ((a=BN_dup(from->pkey.dh->p)) == NULL) 411 if ((a = BN_dup(from->pkey.dh->p)) == NULL)
417 return 0; 412 return 0;
418 if (to->pkey.dh->p != NULL) 413 if (to->pkey.dh->p != NULL)
419 BN_free(to->pkey.dh->p); 414 BN_free(to->pkey.dh->p);
420 to->pkey.dh->p=a; 415 to->pkey.dh->p = a;
421 416
422 if ((a=BN_dup(from->pkey.dh->g)) == NULL) 417 if ((a = BN_dup(from->pkey.dh->g)) == NULL)
423 return 0; 418 return 0;
424 if (to->pkey.dh->g != NULL) 419 if (to->pkey.dh->g != NULL)
425 BN_free(to->pkey.dh->g); 420 BN_free(to->pkey.dh->g);
426 to->pkey.dh->g=a; 421 to->pkey.dh->g = a;
427 422
428 return 1; 423 return 1;
429 } 424}
430 425
431static int dh_missing_parameters(const EVP_PKEY *a) 426static int
432 { 427dh_missing_parameters(const EVP_PKEY *a)
428{
433 if (!a->pkey.dh->p || !a->pkey.dh->g) 429 if (!a->pkey.dh->p || !a->pkey.dh->g)
434 return 1; 430 return 1;
435 return 0; 431 return 0;
436 } 432}
437 433
438static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 434static int
439 { 435dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
436{
440 if (dh_cmp_parameters(a, b) == 0) 437 if (dh_cmp_parameters(a, b) == 0)
441 return 0; 438 return 0;
442 if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0) 439 if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
443 return 0; 440 return 0;
444 else 441 else
445 return 1; 442 return 1;
446 } 443}
447 444
448static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, 445static int
449 ASN1_PCTX *ctx) 446dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
450 { 447{
451 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); 448 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
452 } 449}
453 450
454static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, 451static int
455 ASN1_PCTX *ctx) 452dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
456 { 453{
457 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); 454 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
458 } 455}
459 456
460static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, 457static int
461 ASN1_PCTX *ctx) 458dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
462 { 459{
463 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); 460 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
464 } 461}
465 462
466int DHparams_print(BIO *bp, const DH *x) 463int
467 { 464DHparams_print(BIO *bp, const DH *x)
465{
468 return do_dh_print(bp, x, 4, NULL, 0); 466 return do_dh_print(bp, x, 4, NULL, 0);
469 } 467}
470 468
471const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { 469const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
472 .pkey_id = EVP_PKEY_DH, 470 .pkey_id = EVP_PKEY_DH,
@@ -496,4 +494,3 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
496 494
497 .pkey_free = int_dh_free, 495 .pkey_free = int_dh_free,
498}; 496};
499
diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c
index f1afe876ca..ed3a015279 100644
--- a/src/lib/libcrypto/dh/dh_asn1.c
+++ b/src/lib/libcrypto/dh/dh_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_asn1.c,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_asn1.c,v 1.5 2014/07/09 13:26:47 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -64,14 +64,15 @@
64#include <openssl/asn1t.h> 64#include <openssl/asn1t.h>
65 65
66/* Override the default free and new methods */ 66/* Override the default free and new methods */
67static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 67static int
68 void *exarg) 68dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
69{ 69{
70 if(operation == ASN1_OP_NEW_PRE) { 70 if (operation == ASN1_OP_NEW_PRE) {
71 *pval = (ASN1_VALUE *)DH_new(); 71 *pval = (ASN1_VALUE *)DH_new();
72 if(*pval) return 2; 72 if (*pval)
73 return 2;
73 return 0; 74 return 0;
74 } else if(operation == ASN1_OP_FREE_PRE) { 75 } else if (operation == ASN1_OP_FREE_PRE) {
75 DH_free((DH *)*pval); 76 DH_free((DH *)*pval);
76 *pval = NULL; 77 *pval = NULL;
77 return 2; 78 return 2;
@@ -87,7 +88,8 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
87 88
88IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) 89IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
89 90
90DH *DHparams_dup(DH *dh) 91DH *
91 { 92DHparams_dup(DH *dh)
93{
92 return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh); 94 return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
93 } 95}
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index 71ea9c1683..1df8f4cdc7 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_check.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_check.c,v 1.11 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,7 +61,8 @@
61#include <openssl/bn.h> 61#include <openssl/bn.h>
62#include <openssl/dh.h> 62#include <openssl/dh.h>
63 63
64/* Check that p is a safe prime and 64/*
65 * Check that p is a safe prime and
65 * if g is 2, 3 or 5, check that it is a suitable generator 66 * if g is 2, 3 or 5, check that it is a suitable generator
66 * where 67 * where
67 * for 2, p mod 24 == 11 68 * for 2, p mod 24 == 11
@@ -70,73 +71,77 @@
70 * should hold. 71 * should hold.
71 */ 72 */
72 73
73int DH_check(const DH *dh, int *ret) 74int
74 { 75DH_check(const DH *dh, int *ret)
75 int ok=0; 76{
76 BN_CTX *ctx=NULL; 77 int ok = 0;
78 BN_CTX *ctx = NULL;
77 BN_ULONG l; 79 BN_ULONG l;
78 BIGNUM *q=NULL; 80 BIGNUM *q = NULL;
79 81
80 *ret=0; 82 *ret = 0;
81 ctx=BN_CTX_new(); 83 ctx = BN_CTX_new();
82 if (ctx == NULL) goto err; 84 if (ctx == NULL)
83 q=BN_new(); 85 goto err;
84 if (q == NULL) goto err; 86 q = BN_new();
87 if (q == NULL)
88 goto err;
85 89
86 if (BN_is_word(dh->g,DH_GENERATOR_2)) 90 if (BN_is_word(dh->g, DH_GENERATOR_2)) {
87 { 91 l = BN_mod_word(dh->p, 24);
88 l=BN_mod_word(dh->p,24); 92 if (l != 11)
89 if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; 93 *ret |= DH_NOT_SUITABLE_GENERATOR;
90 }
91#if 0 94#if 0
92 else if (BN_is_word(dh->g,DH_GENERATOR_3)) 95 } else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
93 { 96 l = BN_mod_word(dh->p, 12);
94 l=BN_mod_word(dh->p,12); 97 if (l != 5)
95 if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; 98 *ret |= DH_NOT_SUITABLE_GENERATOR;
96 }
97#endif 99#endif
98 else if (BN_is_word(dh->g,DH_GENERATOR_5)) 100 } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
99 { 101 l = BN_mod_word(dh->p, 10);
100 l=BN_mod_word(dh->p,10); 102 if (l != 3 && l != 7)
101 if ((l != 3) && (l != 7)) 103 *ret |= DH_NOT_SUITABLE_GENERATOR;
102 *ret|=DH_NOT_SUITABLE_GENERATOR; 104 } else
103 } 105 *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
104 else
105 *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
106 106
107 if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) 107 if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
108 *ret|=DH_CHECK_P_NOT_PRIME; 108 *ret |= DH_CHECK_P_NOT_PRIME;
109 else 109 else {
110 { 110 if (!BN_rshift1(q, dh->p))
111 if (!BN_rshift1(q,dh->p)) goto err; 111 goto err;
112 if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) 112 if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
113 *ret|=DH_CHECK_P_NOT_SAFE_PRIME; 113 *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
114 }
115 ok=1;
116err:
117 if (ctx != NULL) BN_CTX_free(ctx);
118 if (q != NULL) BN_free(q);
119 return(ok);
120 } 114 }
115 ok = 1;
116err:
117 if (ctx != NULL)
118 BN_CTX_free(ctx);
119 if (q != NULL)
120 BN_free(q);
121 return ok;
122}
121 123
122int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) 124int
123 { 125DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
124 int ok=0; 126{
125 BIGNUM *q=NULL; 127 int ok = 0;
128 BIGNUM *q = NULL;
126 129
127 *ret=0; 130 *ret = 0;
128 q=BN_new(); 131 q = BN_new();
129 if (q == NULL) goto err; 132 if (q == NULL)
130 BN_set_word(q,1); 133 goto err;
131 if (BN_cmp(pub_key,q)<=0) 134 BN_set_word(q, 1);
132 *ret|=DH_CHECK_PUBKEY_TOO_SMALL; 135 if (BN_cmp(pub_key, q) <= 0)
133 BN_copy(q,dh->p); 136 *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
134 BN_sub_word(q,1); 137 BN_copy(q, dh->p);
135 if (BN_cmp(pub_key,q)>=0) 138 BN_sub_word(q, 1);
136 *ret|=DH_CHECK_PUBKEY_TOO_LARGE; 139 if (BN_cmp(pub_key, q) >= 0)
140 *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
137 141
138 ok = 1; 142 ok = 1;
139err: 143err:
140 if (q != NULL) BN_free(q); 144 if (q != NULL)
141 return(ok); 145 BN_free(q);
142 } 146 return ok;
147}
diff --git a/src/lib/libcrypto/dh/dh_depr.c b/src/lib/libcrypto/dh/dh_depr.c
index 61c0f35636..bc7ba16f2b 100644
--- a/src/lib/libcrypto/dh/dh_depr.c
+++ b/src/lib/libcrypto/dh/dh_depr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_depr.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_depr.c,v 1.4 2014/07/09 13:26:47 miod Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -62,20 +62,21 @@
62#include <openssl/dh.h> 62#include <openssl/dh.h>
63 63
64#ifndef OPENSSL_NO_DEPRECATED 64#ifndef OPENSSL_NO_DEPRECATED
65DH *DH_generate_parameters(int prime_len, int generator, 65DH *
66 void (*callback)(int,int,void *), void *cb_arg) 66DH_generate_parameters(int prime_len, int generator,
67 { 67 void (*callback)(int, int, void *), void *cb_arg)
68{
68 BN_GENCB cb; 69 BN_GENCB cb;
69 DH *ret=NULL; 70 DH *ret = NULL;
70 71
71 if((ret=DH_new()) == NULL) 72 if ((ret = DH_new()) == NULL)
72 return NULL; 73 return NULL;
73 74
74 BN_GENCB_set_old(&cb, callback, cb_arg); 75 BN_GENCB_set_old(&cb, callback, cb_arg);
75 76
76 if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) 77 if (DH_generate_parameters_ex(ret, prime_len, generator, &cb))
77 return ret; 78 return ret;
78 DH_free(ret); 79 DH_free(ret);
79 return NULL; 80 return NULL;
80 } 81}
81#endif 82#endif
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 67bdc5f769..453ea3e8e4 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_gen.c,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_gen.c,v 1.12 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -66,16 +66,19 @@
66#include <openssl/bn.h> 66#include <openssl/bn.h>
67#include <openssl/dh.h> 67#include <openssl/dh.h>
68 68
69static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); 69static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
70 BN_GENCB *cb);
70 71
71int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) 72int
72 { 73DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
73 if(ret->meth->generate_params) 74{
75 if (ret->meth->generate_params)
74 return ret->meth->generate_params(ret, prime_len, generator, cb); 76 return ret->meth->generate_params(ret, prime_len, generator, cb);
75 return dh_builtin_genparams(ret, prime_len, generator, cb); 77 return dh_builtin_genparams(ret, prime_len, generator, cb);
76 } 78}
77 79
78/* We generate DH parameters as follows 80/*
81 * We generate DH parameters as follows:
79 * find a prime q which is prime_len/2 bits long. 82 * find a prime q which is prime_len/2 bits long.
80 * p=(2*q)+1 or (p-1)/2 = q 83 * p=(2*q)+1 or (p-1)/2 = q
81 * For this case, g is a generator if 84 * For this case, g is a generator if
@@ -100,76 +103,84 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
100 * It's just as OK (and in some sense better) to use a generator of the 103 * It's just as OK (and in some sense better) to use a generator of the
101 * order-q subgroup. 104 * order-q subgroup.
102 */ 105 */
103static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) 106static int
104 { 107dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
105 BIGNUM *t1,*t2; 108{
106 int g,ok= -1; 109 BIGNUM *t1, *t2;
107 BN_CTX *ctx=NULL; 110 int g, ok = -1;
111 BN_CTX *ctx = NULL;
108 112
109 ctx=BN_CTX_new(); 113 ctx = BN_CTX_new();
110 if (ctx == NULL) goto err; 114 if (ctx == NULL)
115 goto err;
111 BN_CTX_start(ctx); 116 BN_CTX_start(ctx);
112 t1 = BN_CTX_get(ctx); 117 t1 = BN_CTX_get(ctx);
113 t2 = BN_CTX_get(ctx); 118 t2 = BN_CTX_get(ctx);
114 if (t1 == NULL || t2 == NULL) goto err; 119 if (t1 == NULL || t2 == NULL)
120 goto err;
115 121
116 /* Make sure 'ret' has the necessary elements */ 122 /* Make sure 'ret' has the necessary elements */
117 if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; 123 if (!ret->p && ((ret->p = BN_new()) == NULL))
118 if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; 124 goto err;
125 if (!ret->g && ((ret->g = BN_new()) == NULL))
126 goto err;
119 127
120 if (generator <= 1) 128 if (generator <= 1) {
121 {
122 DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); 129 DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
123 goto err; 130 goto err;
124 } 131 }
125 if (generator == DH_GENERATOR_2) 132 if (generator == DH_GENERATOR_2) {
126 { 133 if (!BN_set_word(t1, 24))
127 if (!BN_set_word(t1,24)) goto err; 134 goto err;
128 if (!BN_set_word(t2,11)) goto err; 135 if (!BN_set_word(t2, 11))
129 g=2; 136 goto err;
130 } 137 g = 2;
131#if 0 /* does not work for safe primes */ 138#if 0 /* does not work for safe primes */
132 else if (generator == DH_GENERATOR_3) 139 } else if (generator == DH_GENERATOR_3) {
133 { 140 if (!BN_set_word(t1, 12))
134 if (!BN_set_word(t1,12)) goto err; 141 goto err;
135 if (!BN_set_word(t2,5)) goto err; 142 if (!BN_set_word(t2, 5))
136 g=3; 143 goto err;
137 } 144 g = 3;
138#endif 145#endif
139 else if (generator == DH_GENERATOR_5) 146 } else if (generator == DH_GENERATOR_5) {
140 { 147 if (!BN_set_word(t1, 10))
141 if (!BN_set_word(t1,10)) goto err; 148 goto err;
142 if (!BN_set_word(t2,3)) goto err; 149 if (!BN_set_word(t2, 3))
150 goto err;
143 /* BN_set_word(t3,7); just have to miss 151 /* BN_set_word(t3,7); just have to miss
144 * out on these ones :-( */ 152 * out on these ones :-( */
145 g=5; 153 g = 5;
146 } 154 } else {
147 else 155 /*
148 { 156 * in the general case, don't worry if 'generator' is a
149 /* in the general case, don't worry if 'generator' is a
150 * generator or not: since we are using safe primes, 157 * generator or not: since we are using safe primes,
151 * it will generate either an order-q or an order-2q group, 158 * it will generate either an order-q or an order-2q group,
152 * which both is OK */ 159 * which both is OK
153 if (!BN_set_word(t1,2)) goto err; 160 */
154 if (!BN_set_word(t2,1)) goto err; 161 if (!BN_set_word(t1, 2))
155 g=generator; 162 goto err;
156 } 163 if (!BN_set_word(t2, 1))
164 goto err;
165 g = generator;
166 }
157 167
158 if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; 168 if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
159 if(!BN_GENCB_call(cb, 3, 0)) goto err; 169 goto err;
160 if (!BN_set_word(ret->g,g)) goto err; 170 if (!BN_GENCB_call(cb, 3, 0))
161 ok=1; 171 goto err;
172 if (!BN_set_word(ret->g, g))
173 goto err;
174 ok = 1;
162err: 175err:
163 if (ok == -1) 176 if (ok == -1) {
164 { 177 DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
165 DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); 178 ok = 0;
166 ok=0; 179 }
167 }
168 180
169 if (ctx != NULL) 181 if (ctx != NULL) {
170 {
171 BN_CTX_end(ctx); 182 BN_CTX_end(ctx);
172 BN_CTX_free(ctx); 183 BN_CTX_free(ctx);
173 }
174 return ok;
175 } 184 }
185 return ok;
186}
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index d35eb6e740..4fbedd8daa 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_key.c,v 1.18 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_key.c,v 1.19 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -64,22 +64,22 @@
64 64
65static int generate_key(DH *dh); 65static int generate_key(DH *dh);
66static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); 66static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
67static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, 67static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
68 const BIGNUM *a, const BIGNUM *p, 68 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
69 const BIGNUM *m, BN_CTX *ctx,
70 BN_MONT_CTX *m_ctx);
71static int dh_init(DH *dh); 69static int dh_init(DH *dh);
72static int dh_finish(DH *dh); 70static int dh_finish(DH *dh);
73 71
74int DH_generate_key(DH *dh) 72int
75 { 73DH_generate_key(DH *dh)
74{
76 return dh->meth->generate_key(dh); 75 return dh->meth->generate_key(dh);
77 } 76}
78 77
79int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) 78int
80 { 79DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
80{
81 return dh->meth->compute_key(key, pub_key, dh); 81 return dh->meth->compute_key(key, pub_key, dh);
82 } 82}
83 83
84static DH_METHOD dh_ossl = { 84static DH_METHOD dh_ossl = {
85 .name = "OpenSSL DH Method", 85 .name = "OpenSSL DH Method",
@@ -90,184 +90,176 @@ static DH_METHOD dh_ossl = {
90 .finish = dh_finish, 90 .finish = dh_finish,
91}; 91};
92 92
93const DH_METHOD *DH_OpenSSL(void) 93const DH_METHOD *
94DH_OpenSSL(void)
94{ 95{
95 return &dh_ossl; 96 return &dh_ossl;
96} 97}
97 98
98static int generate_key(DH *dh) 99static int
99 { 100generate_key(DH *dh)
100 int ok=0; 101{
101 int generate_new_key=0; 102 int ok = 0;
103 int generate_new_key = 0;
102 unsigned l; 104 unsigned l;
103 BN_CTX *ctx; 105 BN_CTX *ctx;
104 BN_MONT_CTX *mont=NULL; 106 BN_MONT_CTX *mont = NULL;
105 BIGNUM *pub_key=NULL,*priv_key=NULL; 107 BIGNUM *pub_key = NULL, *priv_key = NULL;
106 108
107 ctx = BN_CTX_new(); 109 ctx = BN_CTX_new();
108 if (ctx == NULL) goto err; 110 if (ctx == NULL)
109 111 goto err;
110 if (dh->priv_key == NULL)
111 {
112 priv_key=BN_new();
113 if (priv_key == NULL) goto err;
114 generate_new_key=1;
115 }
116 else
117 priv_key=dh->priv_key;
118 112
119 if (dh->pub_key == NULL) 113 if (dh->priv_key == NULL) {
120 { 114 priv_key = BN_new();
121 pub_key=BN_new(); 115 if (priv_key == NULL)
122 if (pub_key == NULL) goto err; 116 goto err;
123 } 117 generate_new_key = 1;
124 else 118 } else
125 pub_key=dh->pub_key; 119 priv_key = dh->priv_key;
126 120
121 if (dh->pub_key == NULL) {
122 pub_key = BN_new();
123 if (pub_key == NULL)
124 goto err;
125 } else
126 pub_key = dh->pub_key;
127 127
128 if (dh->flags & DH_FLAG_CACHE_MONT_P) 128 if (dh->flags & DH_FLAG_CACHE_MONT_P) {
129 {
130 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, 129 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
131 CRYPTO_LOCK_DH, dh->p, ctx); 130 CRYPTO_LOCK_DH, dh->p, ctx);
132 if (!mont) 131 if (!mont)
133 goto err; 132 goto err;
134 } 133 }
135 134
136 if (generate_new_key) 135 if (generate_new_key) {
137 { 136 if (dh->q) {
138 if (dh->q) 137 do {
139 {
140 do
141 {
142 if (!BN_rand_range(priv_key, dh->q)) 138 if (!BN_rand_range(priv_key, dh->q))
143 goto err; 139 goto err;
144 } 140 } while (BN_is_zero(priv_key) || BN_is_one(priv_key));
145 while (BN_is_zero(priv_key) || BN_is_one(priv_key)); 141 } else {
146 }
147 else
148 {
149 /* secret exponent length */ 142 /* secret exponent length */
150 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; 143 l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
151 if (!BN_rand(priv_key, l, 0, 0)) goto err; 144 if (!BN_rand(priv_key, l, 0, 0))
152 } 145 goto err;
153 } 146 }
147 }
154 148
155 { 149 {
156 BIGNUM local_prk; 150 BIGNUM local_prk;
157 BIGNUM *prk; 151 BIGNUM *prk;
158 152
159 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) 153 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
160 {
161 BN_init(&local_prk); 154 BN_init(&local_prk);
162 prk = &local_prk; 155 prk = &local_prk;
163 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); 156 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
164 } 157 } else
165 else
166 prk = priv_key; 158 prk = priv_key;
167 159
168 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err; 160 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx,
161 mont))
162 goto err;
169 } 163 }
170 164
171 dh->pub_key=pub_key; 165 dh->pub_key = pub_key;
172 dh->priv_key=priv_key; 166 dh->priv_key = priv_key;
173 ok=1; 167 ok = 1;
174err: 168err:
175 if (ok != 1) 169 if (ok != 1)
176 DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); 170 DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
177 171
178 if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); 172 if (pub_key != NULL && dh->pub_key == NULL)
179 if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); 173 BN_free(pub_key);
174 if (priv_key != NULL && dh->priv_key == NULL)
175 BN_free(priv_key);
180 BN_CTX_free(ctx); 176 BN_CTX_free(ctx);
181 return(ok); 177 return ok;
182 } 178}
183 179
184static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) 180static int
185 { 181compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
186 BN_CTX *ctx=NULL; 182{
187 BN_MONT_CTX *mont=NULL; 183 BN_CTX *ctx = NULL;
184 BN_MONT_CTX *mont = NULL;
188 BIGNUM *tmp; 185 BIGNUM *tmp;
189 int ret= -1; 186 int ret = -1;
190 int check_result; 187 int check_result;
191 188
192 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) 189 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
193 { 190 DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
194 DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
195 goto err; 191 goto err;
196 } 192 }
197 193
198 ctx = BN_CTX_new(); 194 ctx = BN_CTX_new();
199 if (ctx == NULL) goto err; 195 if (ctx == NULL)
196 goto err;
200 BN_CTX_start(ctx); 197 BN_CTX_start(ctx);
201 tmp = BN_CTX_get(ctx); 198 tmp = BN_CTX_get(ctx);
202 199
203 if (dh->priv_key == NULL) 200 if (dh->priv_key == NULL) {
204 { 201 DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
205 DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
206 goto err; 202 goto err;
207 } 203 }
208 204
209 if (dh->flags & DH_FLAG_CACHE_MONT_P) 205 if (dh->flags & DH_FLAG_CACHE_MONT_P) {
210 {
211 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, 206 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
212 CRYPTO_LOCK_DH, dh->p, ctx); 207 CRYPTO_LOCK_DH, dh->p, ctx);
213 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) 208 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
214 {
215 /* XXX */ 209 /* XXX */
216 BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); 210 BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
217 } 211 }
218 if (!mont) 212 if (!mont)
219 goto err; 213 goto err;
220 } 214 }
221 215
222 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) 216 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
223 { 217 DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
224 DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
225 goto err; 218 goto err;
226 } 219 }
227 220
228 if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) 221 if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx,
229 { 222 mont)) {
230 DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); 223 DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
231 goto err; 224 goto err;
232 } 225 }
233 226
234 ret=BN_bn2bin(tmp,key); 227 ret = BN_bn2bin(tmp, key);
235err: 228err:
236 if (ctx != NULL) 229 if (ctx != NULL) {
237 {
238 BN_CTX_end(ctx); 230 BN_CTX_end(ctx);
239 BN_CTX_free(ctx); 231 BN_CTX_free(ctx);
240 }
241 return(ret);
242 } 232 }
233 return ret;
234}
243 235
244static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, 236static int
245 const BIGNUM *a, const BIGNUM *p, 237dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
246 const BIGNUM *m, BN_CTX *ctx, 238 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
247 BN_MONT_CTX *m_ctx) 239{
248 { 240 /*
249 /* If a is only one word long and constant time is false, use the faster 241 * If a is only one word long and constant time is false, use the faster
250 * exponenentiation function. 242 * exponenentiation function.
251 */ 243 */
252 if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) 244 if (a->top == 1 && (dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0) {
253 {
254 BN_ULONG A = a->d[0]; 245 BN_ULONG A = a->d[0];
255 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
256 }
257 else
258 return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
259 }
260 246
247 return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
248 } else
249 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
250}
261 251
262static int dh_init(DH *dh) 252static int
263 { 253dh_init(DH *dh)
254{
264 dh->flags |= DH_FLAG_CACHE_MONT_P; 255 dh->flags |= DH_FLAG_CACHE_MONT_P;
265 return(1); 256 return 1;
266 } 257}
267 258
268static int dh_finish(DH *dh) 259static int
269 { 260dh_finish(DH *dh)
270 if(dh->method_mont_p) 261{
262 if (dh->method_mont_p)
271 BN_MONT_CTX_free(dh->method_mont_p); 263 BN_MONT_CTX_free(dh->method_mont_p);
272 return(1); 264 return 1;
273 } 265}
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 793a8afdce..094a78041d 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_lib.c,v 1.16 2014/07/09 11:10:50 bcook Exp $ */ 1/* $OpenBSD: dh_lib.c,v 1.17 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -66,117 +66,121 @@
66 66
67static const DH_METHOD *default_DH_method = NULL; 67static const DH_METHOD *default_DH_method = NULL;
68 68
69void DH_set_default_method(const DH_METHOD *meth) 69void
70 { 70DH_set_default_method(const DH_METHOD *meth)
71{
71 default_DH_method = meth; 72 default_DH_method = meth;
72 } 73}
73 74
74const DH_METHOD *DH_get_default_method(void) 75const DH_METHOD *
75 { 76DH_get_default_method(void)
76 if(!default_DH_method) 77{
77 { 78 if (!default_DH_method)
78 default_DH_method = DH_OpenSSL(); 79 default_DH_method = DH_OpenSSL();
79 }
80 return default_DH_method; 80 return default_DH_method;
81 } 81}
82 82
83int DH_set_method(DH *dh, const DH_METHOD *meth) 83int
84 { 84DH_set_method(DH *dh, const DH_METHOD *meth)
85 /* NB: The caller is specifically setting a method, so it's not up to us 85{
86 * to deal with which ENGINE it comes from. */ 86 /*
87 * NB: The caller is specifically setting a method, so it's not up to us
88 * to deal with which ENGINE it comes from.
89 */
87 const DH_METHOD *mtmp; 90 const DH_METHOD *mtmp;
91
88 mtmp = dh->meth; 92 mtmp = dh->meth;
89 if (mtmp->finish) mtmp->finish(dh); 93 if (mtmp->finish)
94 mtmp->finish(dh);
90#ifndef OPENSSL_NO_ENGINE 95#ifndef OPENSSL_NO_ENGINE
91 if (dh->engine) 96 if (dh->engine) {
92 {
93 ENGINE_finish(dh->engine); 97 ENGINE_finish(dh->engine);
94 dh->engine = NULL; 98 dh->engine = NULL;
95 } 99 }
96#endif 100#endif
97 dh->meth = meth; 101 dh->meth = meth;
98 if (meth->init) meth->init(dh); 102 if (meth->init)
103 meth->init(dh);
99 return 1; 104 return 1;
100 } 105}
101 106
102DH *DH_new(void) 107DH *
103 { 108DH_new(void)
109{
104 return DH_new_method(NULL); 110 return DH_new_method(NULL);
105 } 111}
106 112
107DH *DH_new_method(ENGINE *engine) 113DH *
108 { 114DH_new_method(ENGINE *engine)
115{
109 DH *ret; 116 DH *ret;
110 117
111 ret = malloc(sizeof(DH)); 118 ret = malloc(sizeof(DH));
112 if (ret == NULL) 119 if (ret == NULL) {
113 { 120 DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
114 DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); 121 return NULL;
115 return(NULL); 122 }
116 }
117 123
118 ret->meth = DH_get_default_method(); 124 ret->meth = DH_get_default_method();
119#ifndef OPENSSL_NO_ENGINE 125#ifndef OPENSSL_NO_ENGINE
120 if (engine) 126 if (engine) {
121 { 127 if (!ENGINE_init(engine)) {
122 if (!ENGINE_init(engine))
123 {
124 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); 128 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
125 free(ret); 129 free(ret);
126 return NULL; 130 return NULL;
127 }
128 ret->engine = engine;
129 } 131 }
130 else 132 ret->engine = engine;
133 } else
131 ret->engine = ENGINE_get_default_DH(); 134 ret->engine = ENGINE_get_default_DH();
132 if(ret->engine) 135 if(ret->engine) {
133 {
134 ret->meth = ENGINE_get_DH(ret->engine); 136 ret->meth = ENGINE_get_DH(ret->engine);
135 if(!ret->meth) 137 if (!ret->meth) {
136 { 138 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
137 DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
138 ENGINE_finish(ret->engine); 139 ENGINE_finish(ret->engine);
139 free(ret); 140 free(ret);
140 return NULL; 141 return NULL;
141 }
142 } 142 }
143 }
143#endif 144#endif
144 145
145 ret->pad=0; 146 ret->pad = 0;
146 ret->version=0; 147 ret->version = 0;
147 ret->p=NULL; 148 ret->p = NULL;
148 ret->g=NULL; 149 ret->g = NULL;
149 ret->length=0; 150 ret->length = 0;
150 ret->pub_key=NULL; 151 ret->pub_key = NULL;
151 ret->priv_key=NULL; 152 ret->priv_key = NULL;
152 ret->q=NULL; 153 ret->q = NULL;
153 ret->j=NULL; 154 ret->j = NULL;
154 ret->seed = NULL; 155 ret->seed = NULL;
155 ret->seedlen = 0; 156 ret->seedlen = 0;
156 ret->counter = NULL; 157 ret->counter = NULL;
157 ret->method_mont_p=NULL; 158 ret->method_mont_p=NULL;
158 ret->references = 1; 159 ret->references = 1;
159 ret->flags=ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; 160 ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
160 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); 161 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
161 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 162 if (ret->meth->init != NULL && !ret->meth->init(ret)) {
162 {
163#ifndef OPENSSL_NO_ENGINE 163#ifndef OPENSSL_NO_ENGINE
164 if (ret->engine) 164 if (ret->engine)
165 ENGINE_finish(ret->engine); 165 ENGINE_finish(ret->engine);
166#endif 166#endif
167 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); 167 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
168 free(ret); 168 free(ret);
169 ret=NULL; 169 ret = NULL;
170 }
171 return(ret);
172 } 170 }
171 return ret;
172}
173 173
174void DH_free(DH *r) 174void
175 { 175DH_free(DH *r)
176{
176 int i; 177 int i;
177 if(r == NULL) return; 178
179 if (r == NULL)
180 return;
178 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); 181 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
179 if (i > 0) return; 182 if (i > 0)
183 return;
180 184
181 if (r->meth->finish) 185 if (r->meth->finish)
182 r->meth->finish(r); 186 r->meth->finish(r);
@@ -187,41 +191,54 @@ void DH_free(DH *r)
187 191
188 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); 192 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
189 193
190 if (r->p != NULL) BN_clear_free(r->p); 194 if (r->p != NULL)
191 if (r->g != NULL) BN_clear_free(r->g); 195 BN_clear_free(r->p);
192 if (r->q != NULL) BN_clear_free(r->q); 196 if (r->g != NULL)
193 if (r->j != NULL) BN_clear_free(r->j); 197 BN_clear_free(r->g);
198 if (r->q != NULL)
199 BN_clear_free(r->q);
200 if (r->j != NULL)
201 BN_clear_free(r->j);
194 free(r->seed); 202 free(r->seed);
195 if (r->counter != NULL) BN_clear_free(r->counter); 203 if (r->counter != NULL)
196 if (r->pub_key != NULL) BN_clear_free(r->pub_key); 204 BN_clear_free(r->counter);
197 if (r->priv_key != NULL) BN_clear_free(r->priv_key); 205 if (r->pub_key != NULL)
206 BN_clear_free(r->pub_key);
207 if (r->priv_key != NULL)
208 BN_clear_free(r->priv_key);
198 free(r); 209 free(r);
199 } 210}
200 211
201int DH_up_ref(DH *r) 212int
202 { 213DH_up_ref(DH *r)
214{
203 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); 215 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
204 return ((i > 1) ? 1 : 0);
205 }
206 216
207int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 217 return i > 1 ? 1 : 0;
208 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 218}
209 { 219
210 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, 220int
211 new_func, dup_func, free_func); 221DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
212 } 222 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
213 223{
214int DH_set_ex_data(DH *d, int idx, void *arg) 224 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, new_func,
215 { 225 dup_func, free_func);
216 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); 226}
217 } 227
218 228int
219void *DH_get_ex_data(DH *d, int idx) 229DH_set_ex_data(DH *d, int idx, void *arg)
220 { 230{
221 return(CRYPTO_get_ex_data(&d->ex_data,idx)); 231 return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
222 } 232}
223 233
224int DH_size(const DH *dh) 234void *
225 { 235DH_get_ex_data(DH *d, int idx)
226 return(BN_num_bytes(dh->p)); 236{
227 } 237 return CRYPTO_get_ex_data(&d->ex_data, idx);
238}
239
240int
241DH_size(const DH *dh)
242{
243 return BN_num_bytes(dh->p);
244}
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
index cb424ac149..fb441b563b 100644
--- a/src/lib/libcrypto/dh/dh_pmeth.c
+++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ 1/* $OpenBSD: dh_pmeth.c,v 1.7 2014/07/09 13:26:47 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -68,8 +68,7 @@
68 68
69/* DH pkey context structure */ 69/* DH pkey context structure */
70 70
71typedef struct 71typedef struct {
72 {
73 /* Parameter gen parameters */ 72 /* Parameter gen parameters */
74 int prime_len; 73 int prime_len;
75 int generator; 74 int generator;
@@ -77,11 +76,13 @@ typedef struct
77 /* Keygen callback info */ 76 /* Keygen callback info */
78 int gentmp[2]; 77 int gentmp[2];
79 /* message digest */ 78 /* message digest */
80 } DH_PKEY_CTX; 79} DH_PKEY_CTX;
81 80
82static int pkey_dh_init(EVP_PKEY_CTX *ctx) 81static int
83 { 82pkey_dh_init(EVP_PKEY_CTX *ctx)
83{
84 DH_PKEY_CTX *dctx; 84 DH_PKEY_CTX *dctx;
85
85 dctx = malloc(sizeof(DH_PKEY_CTX)); 86 dctx = malloc(sizeof(DH_PKEY_CTX));
86 if (!dctx) 87 if (!dctx)
87 return 0; 88 return 0;
@@ -94,11 +95,13 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
94 ctx->keygen_info_count = 2; 95 ctx->keygen_info_count = 2;
95 96
96 return 1; 97 return 1;
97 } 98}
98 99
99static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 100static int
100 { 101pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
102{
101 DH_PKEY_CTX *dctx, *sctx; 103 DH_PKEY_CTX *dctx, *sctx;
104
102 if (!pkey_dh_init(dst)) 105 if (!pkey_dh_init(dst))
103 return 0; 106 return 0;
104 sctx = src->data; 107 sctx = src->data;
@@ -107,43 +110,44 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
107 dctx->generator = sctx->generator; 110 dctx->generator = sctx->generator;
108 dctx->use_dsa = sctx->use_dsa; 111 dctx->use_dsa = sctx->use_dsa;
109 return 1; 112 return 1;
110 } 113}
111 114
112static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) 115static void
113 { 116pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
117{
114 DH_PKEY_CTX *dctx = ctx->data; 118 DH_PKEY_CTX *dctx = ctx->data;
119
115 free(dctx); 120 free(dctx);
116 } 121}
117 122
118static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 123static int
119 { 124pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
125{
120 DH_PKEY_CTX *dctx = ctx->data; 126 DH_PKEY_CTX *dctx = ctx->data;
121 switch (type) 127
122 { 128 switch (type) {
123 case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: 129 case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
124 if (p1 < 256) 130 if (p1 < 256)
125 return -2; 131 return -2;
126 dctx->prime_len = p1; 132 dctx->prime_len = p1;
127 return 1; 133 return 1;
128 134
129 case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: 135 case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
130 dctx->generator = p1; 136 dctx->generator = p1;
131 return 1; 137 return 1;
132 138
133 case EVP_PKEY_CTRL_PEER_KEY: 139 case EVP_PKEY_CTRL_PEER_KEY:
134 /* Default behaviour is OK */ 140 /* Default behaviour is OK */
135 return 1; 141 return 1;
136 142
137 default: 143 default:
138 return -2; 144 return -2;
139
140 }
141 } 145 }
142 146}
143 147
144static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, 148static int
145 const char *type, const char *value) 149pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
146 { 150{
147 long lval; 151 long lval;
148 char *ep; 152 char *ep;
149 int len; 153 int len;
@@ -153,18 +157,19 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
153 lval = strtol(value, &ep, 10); 157 lval = strtol(value, &ep, 10);
154 if (value[0] == '\0' || *ep != '\0') 158 if (value[0] == '\0' || *ep != '\0')
155 goto not_a_number; 159 goto not_a_number;
156 if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || 160 if ((errno == ERANGE &&
161 (lval == LONG_MAX || lval == LONG_MIN)) ||
157 (lval > INT_MAX || lval < INT_MIN)) 162 (lval > INT_MAX || lval < INT_MIN))
158 goto out_of_range; 163 goto out_of_range;
159 len = lval; 164 len = lval;
160 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); 165 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
161 } 166 } else if (!strcmp(type, "dh_paramgen_generator")) {
162 if (!strcmp(type, "dh_paramgen_generator")) {
163 errno = 0; 167 errno = 0;
164 lval = strtol(value, &ep, 10); 168 lval = strtol(value, &ep, 10);
165 if (value[0] == '\0' || *ep != '\0') 169 if (value[0] == '\0' || *ep != '\0')
166 goto not_a_number; 170 goto not_a_number;
167 if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || 171 if ((errno == ERANGE &&
172 (lval == LONG_MAX || lval == LONG_MIN)) ||
168 (lval > INT_MAX || lval < INT_MIN)) 173 (lval > INT_MAX || lval < INT_MIN))
169 goto out_of_range; 174 goto out_of_range;
170 len = lval; 175 len = lval;
@@ -176,39 +181,40 @@ out_of_range:
176 return -2; 181 return -2;
177} 182}
178 183
179static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 184static int
180 { 185pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
186{
181 DH *dh = NULL; 187 DH *dh = NULL;
182 DH_PKEY_CTX *dctx = ctx->data; 188 DH_PKEY_CTX *dctx = ctx->data;
183 BN_GENCB *pcb, cb; 189 BN_GENCB *pcb, cb;
184 int ret; 190 int ret;
185 if (ctx->pkey_gencb) 191
186 { 192 if (ctx->pkey_gencb) {
187 pcb = &cb; 193 pcb = &cb;
188 evp_pkey_set_cb_translate(pcb, ctx); 194 evp_pkey_set_cb_translate(pcb, ctx);
189 } 195 } else
190 else
191 pcb = NULL; 196 pcb = NULL;
192 dh = DH_new(); 197 dh = DH_new();
193 if (!dh) 198 if (!dh)
194 return 0; 199 return 0;
195 ret = DH_generate_parameters_ex(dh, 200 ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator,
196 dctx->prime_len, dctx->generator, pcb); 201 pcb);
197 if (ret) 202 if (ret)
198 EVP_PKEY_assign_DH(pkey, dh); 203 EVP_PKEY_assign_DH(pkey, dh);
199 else 204 else
200 DH_free(dh); 205 DH_free(dh);
201 return ret; 206 return ret;
202 } 207}
203 208
204static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 209static int
205 { 210pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
211{
206 DH *dh = NULL; 212 DH *dh = NULL;
207 if (ctx->pkey == NULL) 213
208 { 214 if (ctx->pkey == NULL) {
209 DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); 215 DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
210 return 0; 216 return 0;
211 } 217 }
212 dh = DH_new(); 218 dh = DH_new();
213 if (!dh) 219 if (!dh)
214 return 0; 220 return 0;
@@ -217,23 +223,24 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
217 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 223 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
218 return 0; 224 return 0;
219 return DH_generate_key(pkey->pkey.dh); 225 return DH_generate_key(pkey->pkey.dh);
220 } 226}
221 227
222static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) 228static int
223 { 229pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
230{
224 int ret; 231 int ret;
225 if (!ctx->pkey || !ctx->peerkey) 232
226 { 233 if (!ctx->pkey || !ctx->peerkey) {
227 DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); 234 DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
228 return 0; 235 return 0;
229 } 236 }
230 ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key, 237 ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
231 ctx->pkey->pkey.dh); 238 ctx->pkey->pkey.dh);
232 if (ret < 0) 239 if (ret < 0)
233 return ret; 240 return ret;
234 *keylen = ret; 241 *keylen = ret;
235 return 1; 242 return 1;
236 } 243}
237 244
238const EVP_PKEY_METHOD dh_pkey_meth = { 245const EVP_PKEY_METHOD dh_pkey_meth = {
239 .pkey_id = EVP_PKEY_DH, 246 .pkey_id = EVP_PKEY_DH,
diff --git a/src/lib/libcrypto/dh/dh_prn.c b/src/lib/libcrypto/dh/dh_prn.c
index a249b650f8..846419691e 100644
--- a/src/lib/libcrypto/dh/dh_prn.c
+++ b/src/lib/libcrypto/dh/dh_prn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_prn.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_prn.c,v 1.4 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,18 +61,18 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/dh.h> 62#include <openssl/dh.h>
63 63
64int DHparams_print_fp(FILE *fp, const DH *x) 64int
65 { 65DHparams_print_fp(FILE *fp, const DH *x)
66{
66 BIO *b; 67 BIO *b;
67 int ret; 68 int ret;
68 69
69 if ((b=BIO_new(BIO_s_file())) == NULL) 70 if ((b = BIO_new(BIO_s_file())) == NULL) {
70 { 71 DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
71 DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); 72 return 0;
72 return(0); 73 }
73 }
74 BIO_set_fp(b,fp,BIO_NOCLOSE); 74 BIO_set_fp(b,fp,BIO_NOCLOSE);
75 ret=DHparams_print(b, x); 75 ret = DHparams_print(b, x);
76 BIO_free(b); 76 BIO_free(b);
77 return(ret); 77 return ret;
78 } 78}
diff --git a/src/lib/libssl/src/crypto/dh/dh_ameth.c b/src/lib/libssl/src/crypto/dh/dh_ameth.c
index 88ef78d98d..9e911c8779 100644
--- a/src/lib/libssl/src/crypto/dh/dh_ameth.c
+++ b/src/lib/libssl/src/crypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_ameth.c,v 1.8 2014/06/30 14:15:34 tedu Exp $ */ 1/* $OpenBSD: dh_ameth.c,v 1.9 2014/07/09 13:26:47 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -64,13 +64,15 @@
64#include <openssl/bn.h> 64#include <openssl/bn.h>
65#include "asn1_locl.h" 65#include "asn1_locl.h"
66 66
67static void int_dh_free(EVP_PKEY *pkey) 67static void
68 { 68int_dh_free(EVP_PKEY *pkey)
69{
69 DH_free(pkey->pkey.dh); 70 DH_free(pkey->pkey.dh);
70 } 71}
71 72
72static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 73static int
73 { 74dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
75{
74 const unsigned char *p, *pm; 76 const unsigned char *p, *pm;
75 int pklen, pmlen; 77 int pklen, pmlen;
76 int ptype; 78 int ptype;
@@ -78,57 +80,52 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
78 ASN1_STRING *pstr; 80 ASN1_STRING *pstr;
79 X509_ALGOR *palg; 81 X509_ALGOR *palg;
80 ASN1_INTEGER *public_key = NULL; 82 ASN1_INTEGER *public_key = NULL;
81
82 DH *dh = NULL; 83 DH *dh = NULL;
83 84
84 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) 85 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
85 return 0; 86 return 0;
86 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 87 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
87 88
88 if (ptype != V_ASN1_SEQUENCE) 89 if (ptype != V_ASN1_SEQUENCE) {
89 {
90 DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); 90 DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
91 goto err; 91 goto err;
92 } 92 }
93 93
94 pstr = pval; 94 pstr = pval;
95 pm = pstr->data; 95 pm = pstr->data;
96 pmlen = pstr->length; 96 pmlen = pstr->length;
97 97
98 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) 98 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
99 {
100 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); 99 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
101 goto err; 100 goto err;
102 } 101 }
103 102
104 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) 103 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
105 {
106 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); 104 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
107 goto err; 105 goto err;
108 } 106 }
109 107
110 /* We have parameters now set public key */ 108 /* We have parameters now set public key */
111 if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) 109 if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
112 {
113 DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); 110 DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
114 goto err; 111 goto err;
115 } 112 }
116 113
117 ASN1_INTEGER_free(public_key); 114 ASN1_INTEGER_free(public_key);
118 EVP_PKEY_assign_DH(pkey, dh); 115 EVP_PKEY_assign_DH(pkey, dh);
119 return 1; 116 return 1;
120 117
121 err: 118err:
122 if (public_key) 119 if (public_key)
123 ASN1_INTEGER_free(public_key); 120 ASN1_INTEGER_free(public_key);
124 if (dh) 121 if (dh)
125 DH_free(dh); 122 DH_free(dh);
126 return 0; 123 return 0;
124}
127 125
128 } 126static int
129 127dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
130static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 128{
131 {
132 DH *dh; 129 DH *dh;
133 int ptype; 130 int ptype;
134 unsigned char *penc = NULL; 131 unsigned char *penc = NULL;
@@ -145,11 +142,10 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
145 } 142 }
146 143
147 str->length = i2d_DHparams(dh, &str->data); 144 str->length = i2d_DHparams(dh, &str->data);
148 if (str->length <= 0) 145 if (str->length <= 0) {
149 {
150 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 146 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
151 goto err; 147 goto err;
152 } 148 }
153 ptype = V_ASN1_SEQUENCE; 149 ptype = V_ASN1_SEQUENCE;
154 150
155 pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); 151 pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
@@ -160,32 +156,32 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
160 156
161 ASN1_INTEGER_free(pub_key); 157 ASN1_INTEGER_free(pub_key);
162 158
163 if (penclen <= 0) 159 if (penclen <= 0) {
164 {
165 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 160 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
166 goto err; 161 goto err;
167 } 162 }
168 163
169 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), 164 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,
170 ptype, (void *)str, penc, penclen)) 165 (void *)str, penc, penclen))
171 return 1; 166 return 1;
172 167
173 err: 168err:
174 free(penc); 169 free(penc);
175 if (str) 170 if (str)
176 ASN1_STRING_free(str); 171 ASN1_STRING_free(str);
177 172
178 return 0; 173 return 0;
179 } 174}
180
181 175
182/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in 176/*
177 * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
183 * that the AlgorithmIdentifier contains the paramaters, the private key 178 * that the AlgorithmIdentifier contains the paramaters, the private key
184 * is explcitly included and the pubkey must be recalculated. 179 * is explcitly included and the pubkey must be recalculated.
185 */ 180 */
186 181
187static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 182static int
188 { 183dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
184{
189 const unsigned char *p, *pm; 185 const unsigned char *p, *pm;
190 int pklen, pmlen; 186 int pklen, pmlen;
191 int ptype; 187 int ptype;
@@ -193,7 +189,6 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
193 ASN1_STRING *pstr; 189 ASN1_STRING *pstr;
194 X509_ALGOR *palg; 190 X509_ALGOR *palg;
195 ASN1_INTEGER *privkey = NULL; 191 ASN1_INTEGER *privkey = NULL;
196
197 DH *dh = NULL; 192 DH *dh = NULL;
198 193
199 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) 194 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
@@ -202,23 +197,21 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
202 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 197 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
203 198
204 if (ptype != V_ASN1_SEQUENCE) 199 if (ptype != V_ASN1_SEQUENCE)
205 goto decerr; 200 goto decerr;
206 201
207 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) 202 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
208 goto decerr; 203 goto decerr;
209 204
210
211 pstr = pval; 205 pstr = pval;
212 pm = pstr->data; 206 pm = pstr->data;
213 pmlen = pstr->length; 207 pmlen = pstr->length;
214 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) 208 if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
215 goto decerr; 209 goto decerr;
216 /* We have parameters now set private key */ 210 /* We have parameters now set private key */
217 if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) 211 if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
218 { 212 DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
219 DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
220 goto dherr; 213 goto dherr;
221 } 214 }
222 /* Calculate public key */ 215 /* Calculate public key */
223 if (!DH_generate_key(dh)) 216 if (!DH_generate_key(dh))
224 goto dherr; 217 goto dherr;
@@ -229,14 +222,15 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
229 222
230 return 1; 223 return 1;
231 224
232 decerr: 225decerr:
233 DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); 226 DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
234 dherr: 227dherr:
235 DH_free(dh); 228 DH_free(dh);
236 return 0; 229 return 0;
237 } 230}
238 231
239static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 232static int
233dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
240{ 234{
241 ASN1_STRING *params = NULL; 235 ASN1_STRING *params = NULL;
242 ASN1_INTEGER *prkey = NULL; 236 ASN1_INTEGER *prkey = NULL;
@@ -245,35 +239,32 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
245 239
246 params = ASN1_STRING_new(); 240 params = ASN1_STRING_new();
247 241
248 if (!params) 242 if (!params) {
249 { 243 DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
250 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
251 goto err; 244 goto err;
252 } 245 }
253 246
254 params->length = i2d_DHparams(pkey->pkey.dh, &params->data); 247 params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
255 if (params->length <= 0) 248 if (params->length <= 0) {
256 {
257 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); 249 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
258 goto err; 250 goto err;
259 } 251 }
260 params->type = V_ASN1_SEQUENCE; 252 params->type = V_ASN1_SEQUENCE;
261 253
262 /* Get private key into integer */ 254 /* Get private key into integer */
263 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); 255 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
264 256
265 if (!prkey) 257 if (!prkey) {
266 { 258 DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
267 DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);
268 goto err; 259 goto err;
269 } 260 }
270 261
271 dplen = i2d_ASN1_INTEGER(prkey, &dp); 262 dplen = i2d_ASN1_INTEGER(prkey, &dp);
272 263
273 ASN1_INTEGER_free(prkey); 264 ASN1_INTEGER_free(prkey);
274 265
275 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, 266 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
276 V_ASN1_SEQUENCE, params, dp, dplen)) 267 V_ASN1_SEQUENCE, params, dp, dplen))
277 goto err; 268 goto err;
278 269
279 return 1; 270 return 1;
@@ -287,43 +278,43 @@ err:
287 return 0; 278 return 0;
288} 279}
289 280
290 281static void
291static void update_buflen(const BIGNUM *b, size_t *pbuflen) 282update_buflen(const BIGNUM *b, size_t *pbuflen)
292 { 283{
293 size_t i; 284 size_t i;
285
294 if (!b) 286 if (!b)
295 return; 287 return;
296 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 288 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
297 *pbuflen = i; 289 *pbuflen = i;
298 } 290}
299 291
300static int dh_param_decode(EVP_PKEY *pkey, 292static int
301 const unsigned char **pder, int derlen) 293dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
302 { 294{
303 DH *dh; 295 DH *dh;
304 if (!(dh = d2i_DHparams(NULL, pder, derlen))) 296
305 { 297 if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
306 DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); 298 DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
307 return 0; 299 return 0;
308 } 300 }
309 EVP_PKEY_assign_DH(pkey, dh); 301 EVP_PKEY_assign_DH(pkey, dh);
310 return 1; 302 return 1;
311 } 303}
312 304
313static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 305static int
314 { 306dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
307{
315 return i2d_DHparams(pkey->pkey.dh, pder); 308 return i2d_DHparams(pkey->pkey.dh, pder);
316 } 309}
317
318static int do_dh_print(BIO *bp, const DH *x, int indent,
319 ASN1_PCTX *ctx, int ptype)
320 {
321 unsigned char *m=NULL;
322 int reason=ERR_R_BUF_LIB,ret=0;
323 size_t buf_len=0;
324 310
311static int
312do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype)
313{
314 unsigned char *m = NULL;
315 int reason = ERR_R_BUF_LIB, ret = 0;
316 size_t buf_len = 0;
325 const char *ktype = NULL; 317 const char *ktype = NULL;
326
327 BIGNUM *priv_key, *pub_key; 318 BIGNUM *priv_key, *pub_key;
328 319
329 if (ptype == 2) 320 if (ptype == 2)
@@ -338,11 +329,10 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
338 329
339 update_buflen(x->p, &buf_len); 330 update_buflen(x->p, &buf_len);
340 331
341 if (buf_len == 0) 332 if (buf_len == 0) {
342 {
343 reason = ERR_R_PASSED_NULL_PARAMETER; 333 reason = ERR_R_PASSED_NULL_PARAMETER;
344 goto err; 334 goto err;
345 } 335 }
346 336
347 update_buflen(x->g, &buf_len); 337 update_buflen(x->g, &buf_len);
348 update_buflen(pub_key, &buf_len); 338 update_buflen(pub_key, &buf_len);
@@ -355,118 +345,126 @@ static int do_dh_print(BIO *bp, const DH *x, int indent,
355 else 345 else
356 ktype = "PKCS#3 DH Parameters"; 346 ktype = "PKCS#3 DH Parameters";
357 347
358 m= malloc(buf_len+10); 348 m= malloc(buf_len + 10);
359 if (m == NULL) 349 if (m == NULL) {
360 { 350 reason = ERR_R_MALLOC_FAILURE;
361 reason=ERR_R_MALLOC_FAILURE;
362 goto err; 351 goto err;
363 } 352 }
364 353
365 BIO_indent(bp, indent, 128); 354 BIO_indent(bp, indent, 128);
366 if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) 355 if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
367 goto err; 356 goto err;
368 indent += 4; 357 indent += 4;
369 358
370 if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err; 359 if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
371 if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err; 360 goto err;
361 if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
362 goto err;
372 363
373 if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err; 364 if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
374 if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err; 365 goto err;
375 if (x->length != 0) 366 if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
376 { 367 goto err;
368 if (x->length != 0) {
377 BIO_indent(bp, indent, 128); 369 BIO_indent(bp, indent, 128);
378 if (BIO_printf(bp,"recommended-private-length: %d bits\n", 370 if (BIO_printf(bp, "recommended-private-length: %d bits\n",
379 (int)x->length) <= 0) goto err; 371 (int)x->length) <= 0)
380 } 372 goto err;
381 373 }
382 374
383 ret=1; 375 ret = 1;
384 if (0) 376 if (0) {
385 {
386err: 377err:
387 DHerr(DH_F_DO_DH_PRINT,reason); 378 DHerr(DH_F_DO_DH_PRINT,reason);
388 } 379 }
389 free(m); 380 free(m);
390 return(ret); 381 return(ret);
391 } 382}
392 383
393static int int_dh_size(const EVP_PKEY *pkey) 384static int
394 { 385int_dh_size(const EVP_PKEY *pkey)
395 return(DH_size(pkey->pkey.dh)); 386{
396 } 387 return DH_size(pkey->pkey.dh);
388}
397 389
398static int dh_bits(const EVP_PKEY *pkey) 390static int
399 { 391dh_bits(const EVP_PKEY *pkey)
392{
400 return BN_num_bits(pkey->pkey.dh->p); 393 return BN_num_bits(pkey->pkey.dh->p);
401 } 394}
402 395
403static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) 396static int
404 { 397dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
405 if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) || 398{
406 BN_cmp(a->pkey.dh->g,b->pkey.dh->g)) 399 if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
400 BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
407 return 0; 401 return 0;
408 else 402 else
409 return 1; 403 return 1;
410 } 404}
411 405
412static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) 406static int
413 { 407dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
408{
414 BIGNUM *a; 409 BIGNUM *a;
415 410
416 if ((a=BN_dup(from->pkey.dh->p)) == NULL) 411 if ((a = BN_dup(from->pkey.dh->p)) == NULL)
417 return 0; 412 return 0;
418 if (to->pkey.dh->p != NULL) 413 if (to->pkey.dh->p != NULL)
419 BN_free(to->pkey.dh->p); 414 BN_free(to->pkey.dh->p);
420 to->pkey.dh->p=a; 415 to->pkey.dh->p = a;
421 416
422 if ((a=BN_dup(from->pkey.dh->g)) == NULL) 417 if ((a = BN_dup(from->pkey.dh->g)) == NULL)
423 return 0; 418 return 0;
424 if (to->pkey.dh->g != NULL) 419 if (to->pkey.dh->g != NULL)
425 BN_free(to->pkey.dh->g); 420 BN_free(to->pkey.dh->g);
426 to->pkey.dh->g=a; 421 to->pkey.dh->g = a;
427 422
428 return 1; 423 return 1;
429 } 424}
430 425
431static int dh_missing_parameters(const EVP_PKEY *a) 426static int
432 { 427dh_missing_parameters(const EVP_PKEY *a)
428{
433 if (!a->pkey.dh->p || !a->pkey.dh->g) 429 if (!a->pkey.dh->p || !a->pkey.dh->g)
434 return 1; 430 return 1;
435 return 0; 431 return 0;
436 } 432}
437 433
438static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 434static int
439 { 435dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
436{
440 if (dh_cmp_parameters(a, b) == 0) 437 if (dh_cmp_parameters(a, b) == 0)
441 return 0; 438 return 0;
442 if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0) 439 if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
443 return 0; 440 return 0;
444 else 441 else
445 return 1; 442 return 1;
446 } 443}
447 444
448static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, 445static int
449 ASN1_PCTX *ctx) 446dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
450 { 447{
451 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); 448 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
452 } 449}
453 450
454static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, 451static int
455 ASN1_PCTX *ctx) 452dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
456 { 453{
457 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); 454 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
458 } 455}
459 456
460static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, 457static int
461 ASN1_PCTX *ctx) 458dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
462 { 459{
463 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); 460 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
464 } 461}
465 462
466int DHparams_print(BIO *bp, const DH *x) 463int
467 { 464DHparams_print(BIO *bp, const DH *x)
465{
468 return do_dh_print(bp, x, 4, NULL, 0); 466 return do_dh_print(bp, x, 4, NULL, 0);
469 } 467}
470 468
471const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { 469const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
472 .pkey_id = EVP_PKEY_DH, 470 .pkey_id = EVP_PKEY_DH,
@@ -496,4 +494,3 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
496 494
497 .pkey_free = int_dh_free, 495 .pkey_free = int_dh_free,
498}; 496};
499
diff --git a/src/lib/libssl/src/crypto/dh/dh_asn1.c b/src/lib/libssl/src/crypto/dh/dh_asn1.c
index f1afe876ca..ed3a015279 100644
--- a/src/lib/libssl/src/crypto/dh/dh_asn1.c
+++ b/src/lib/libssl/src/crypto/dh/dh_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_asn1.c,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_asn1.c,v 1.5 2014/07/09 13:26:47 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -64,14 +64,15 @@
64#include <openssl/asn1t.h> 64#include <openssl/asn1t.h>
65 65
66/* Override the default free and new methods */ 66/* Override the default free and new methods */
67static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 67static int
68 void *exarg) 68dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
69{ 69{
70 if(operation == ASN1_OP_NEW_PRE) { 70 if (operation == ASN1_OP_NEW_PRE) {
71 *pval = (ASN1_VALUE *)DH_new(); 71 *pval = (ASN1_VALUE *)DH_new();
72 if(*pval) return 2; 72 if (*pval)
73 return 2;
73 return 0; 74 return 0;
74 } else if(operation == ASN1_OP_FREE_PRE) { 75 } else if (operation == ASN1_OP_FREE_PRE) {
75 DH_free((DH *)*pval); 76 DH_free((DH *)*pval);
76 *pval = NULL; 77 *pval = NULL;
77 return 2; 78 return 2;
@@ -87,7 +88,8 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
87 88
88IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) 89IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
89 90
90DH *DHparams_dup(DH *dh) 91DH *
91 { 92DHparams_dup(DH *dh)
93{
92 return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh); 94 return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
93 } 95}
diff --git a/src/lib/libssl/src/crypto/dh/dh_check.c b/src/lib/libssl/src/crypto/dh/dh_check.c
index 71ea9c1683..1df8f4cdc7 100644
--- a/src/lib/libssl/src/crypto/dh/dh_check.c
+++ b/src/lib/libssl/src/crypto/dh/dh_check.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_check.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_check.c,v 1.11 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,7 +61,8 @@
61#include <openssl/bn.h> 61#include <openssl/bn.h>
62#include <openssl/dh.h> 62#include <openssl/dh.h>
63 63
64/* Check that p is a safe prime and 64/*
65 * Check that p is a safe prime and
65 * if g is 2, 3 or 5, check that it is a suitable generator 66 * if g is 2, 3 or 5, check that it is a suitable generator
66 * where 67 * where
67 * for 2, p mod 24 == 11 68 * for 2, p mod 24 == 11
@@ -70,73 +71,77 @@
70 * should hold. 71 * should hold.
71 */ 72 */
72 73
73int DH_check(const DH *dh, int *ret) 74int
74 { 75DH_check(const DH *dh, int *ret)
75 int ok=0; 76{
76 BN_CTX *ctx=NULL; 77 int ok = 0;
78 BN_CTX *ctx = NULL;
77 BN_ULONG l; 79 BN_ULONG l;
78 BIGNUM *q=NULL; 80 BIGNUM *q = NULL;
79 81
80 *ret=0; 82 *ret = 0;
81 ctx=BN_CTX_new(); 83 ctx = BN_CTX_new();
82 if (ctx == NULL) goto err; 84 if (ctx == NULL)
83 q=BN_new(); 85 goto err;
84 if (q == NULL) goto err; 86 q = BN_new();
87 if (q == NULL)
88 goto err;
85 89
86 if (BN_is_word(dh->g,DH_GENERATOR_2)) 90 if (BN_is_word(dh->g, DH_GENERATOR_2)) {
87 { 91 l = BN_mod_word(dh->p, 24);
88 l=BN_mod_word(dh->p,24); 92 if (l != 11)
89 if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; 93 *ret |= DH_NOT_SUITABLE_GENERATOR;
90 }
91#if 0 94#if 0
92 else if (BN_is_word(dh->g,DH_GENERATOR_3)) 95 } else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
93 { 96 l = BN_mod_word(dh->p, 12);
94 l=BN_mod_word(dh->p,12); 97 if (l != 5)
95 if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; 98 *ret |= DH_NOT_SUITABLE_GENERATOR;
96 }
97#endif 99#endif
98 else if (BN_is_word(dh->g,DH_GENERATOR_5)) 100 } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
99 { 101 l = BN_mod_word(dh->p, 10);
100 l=BN_mod_word(dh->p,10); 102 if (l != 3 && l != 7)
101 if ((l != 3) && (l != 7)) 103 *ret |= DH_NOT_SUITABLE_GENERATOR;
102 *ret|=DH_NOT_SUITABLE_GENERATOR; 104 } else
103 } 105 *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
104 else
105 *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
106 106
107 if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) 107 if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
108 *ret|=DH_CHECK_P_NOT_PRIME; 108 *ret |= DH_CHECK_P_NOT_PRIME;
109 else 109 else {
110 { 110 if (!BN_rshift1(q, dh->p))
111 if (!BN_rshift1(q,dh->p)) goto err; 111 goto err;
112 if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) 112 if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
113 *ret|=DH_CHECK_P_NOT_SAFE_PRIME; 113 *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
114 }
115 ok=1;
116err:
117 if (ctx != NULL) BN_CTX_free(ctx);
118 if (q != NULL) BN_free(q);
119 return(ok);
120 } 114 }
115 ok = 1;
116err:
117 if (ctx != NULL)
118 BN_CTX_free(ctx);
119 if (q != NULL)
120 BN_free(q);
121 return ok;
122}
121 123
122int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) 124int
123 { 125DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
124 int ok=0; 126{
125 BIGNUM *q=NULL; 127 int ok = 0;
128 BIGNUM *q = NULL;
126 129
127 *ret=0; 130 *ret = 0;
128 q=BN_new(); 131 q = BN_new();
129 if (q == NULL) goto err; 132 if (q == NULL)
130 BN_set_word(q,1); 133 goto err;
131 if (BN_cmp(pub_key,q)<=0) 134 BN_set_word(q, 1);
132 *ret|=DH_CHECK_PUBKEY_TOO_SMALL; 135 if (BN_cmp(pub_key, q) <= 0)
133 BN_copy(q,dh->p); 136 *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
134 BN_sub_word(q,1); 137 BN_copy(q, dh->p);
135 if (BN_cmp(pub_key,q)>=0) 138 BN_sub_word(q, 1);
136 *ret|=DH_CHECK_PUBKEY_TOO_LARGE; 139 if (BN_cmp(pub_key, q) >= 0)
140 *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
137 141
138 ok = 1; 142 ok = 1;
139err: 143err:
140 if (q != NULL) BN_free(q); 144 if (q != NULL)
141 return(ok); 145 BN_free(q);
142 } 146 return ok;
147}
diff --git a/src/lib/libssl/src/crypto/dh/dh_depr.c b/src/lib/libssl/src/crypto/dh/dh_depr.c
index 61c0f35636..bc7ba16f2b 100644
--- a/src/lib/libssl/src/crypto/dh/dh_depr.c
+++ b/src/lib/libssl/src/crypto/dh/dh_depr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_depr.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_depr.c,v 1.4 2014/07/09 13:26:47 miod Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -62,20 +62,21 @@
62#include <openssl/dh.h> 62#include <openssl/dh.h>
63 63
64#ifndef OPENSSL_NO_DEPRECATED 64#ifndef OPENSSL_NO_DEPRECATED
65DH *DH_generate_parameters(int prime_len, int generator, 65DH *
66 void (*callback)(int,int,void *), void *cb_arg) 66DH_generate_parameters(int prime_len, int generator,
67 { 67 void (*callback)(int, int, void *), void *cb_arg)
68{
68 BN_GENCB cb; 69 BN_GENCB cb;
69 DH *ret=NULL; 70 DH *ret = NULL;
70 71
71 if((ret=DH_new()) == NULL) 72 if ((ret = DH_new()) == NULL)
72 return NULL; 73 return NULL;
73 74
74 BN_GENCB_set_old(&cb, callback, cb_arg); 75 BN_GENCB_set_old(&cb, callback, cb_arg);
75 76
76 if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) 77 if (DH_generate_parameters_ex(ret, prime_len, generator, &cb))
77 return ret; 78 return ret;
78 DH_free(ret); 79 DH_free(ret);
79 return NULL; 80 return NULL;
80 } 81}
81#endif 82#endif
diff --git a/src/lib/libssl/src/crypto/dh/dh_gen.c b/src/lib/libssl/src/crypto/dh/dh_gen.c
index 67bdc5f769..453ea3e8e4 100644
--- a/src/lib/libssl/src/crypto/dh/dh_gen.c
+++ b/src/lib/libssl/src/crypto/dh/dh_gen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_gen.c,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_gen.c,v 1.12 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -66,16 +66,19 @@
66#include <openssl/bn.h> 66#include <openssl/bn.h>
67#include <openssl/dh.h> 67#include <openssl/dh.h>
68 68
69static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); 69static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
70 BN_GENCB *cb);
70 71
71int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) 72int
72 { 73DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
73 if(ret->meth->generate_params) 74{
75 if (ret->meth->generate_params)
74 return ret->meth->generate_params(ret, prime_len, generator, cb); 76 return ret->meth->generate_params(ret, prime_len, generator, cb);
75 return dh_builtin_genparams(ret, prime_len, generator, cb); 77 return dh_builtin_genparams(ret, prime_len, generator, cb);
76 } 78}
77 79
78/* We generate DH parameters as follows 80/*
81 * We generate DH parameters as follows:
79 * find a prime q which is prime_len/2 bits long. 82 * find a prime q which is prime_len/2 bits long.
80 * p=(2*q)+1 or (p-1)/2 = q 83 * p=(2*q)+1 or (p-1)/2 = q
81 * For this case, g is a generator if 84 * For this case, g is a generator if
@@ -100,76 +103,84 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
100 * It's just as OK (and in some sense better) to use a generator of the 103 * It's just as OK (and in some sense better) to use a generator of the
101 * order-q subgroup. 104 * order-q subgroup.
102 */ 105 */
103static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) 106static int
104 { 107dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
105 BIGNUM *t1,*t2; 108{
106 int g,ok= -1; 109 BIGNUM *t1, *t2;
107 BN_CTX *ctx=NULL; 110 int g, ok = -1;
111 BN_CTX *ctx = NULL;
108 112
109 ctx=BN_CTX_new(); 113 ctx = BN_CTX_new();
110 if (ctx == NULL) goto err; 114 if (ctx == NULL)
115 goto err;
111 BN_CTX_start(ctx); 116 BN_CTX_start(ctx);
112 t1 = BN_CTX_get(ctx); 117 t1 = BN_CTX_get(ctx);
113 t2 = BN_CTX_get(ctx); 118 t2 = BN_CTX_get(ctx);
114 if (t1 == NULL || t2 == NULL) goto err; 119 if (t1 == NULL || t2 == NULL)
120 goto err;
115 121
116 /* Make sure 'ret' has the necessary elements */ 122 /* Make sure 'ret' has the necessary elements */
117 if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; 123 if (!ret->p && ((ret->p = BN_new()) == NULL))
118 if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; 124 goto err;
125 if (!ret->g && ((ret->g = BN_new()) == NULL))
126 goto err;
119 127
120 if (generator <= 1) 128 if (generator <= 1) {
121 {
122 DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); 129 DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
123 goto err; 130 goto err;
124 } 131 }
125 if (generator == DH_GENERATOR_2) 132 if (generator == DH_GENERATOR_2) {
126 { 133 if (!BN_set_word(t1, 24))
127 if (!BN_set_word(t1,24)) goto err; 134 goto err;
128 if (!BN_set_word(t2,11)) goto err; 135 if (!BN_set_word(t2, 11))
129 g=2; 136 goto err;
130 } 137 g = 2;
131#if 0 /* does not work for safe primes */ 138#if 0 /* does not work for safe primes */
132 else if (generator == DH_GENERATOR_3) 139 } else if (generator == DH_GENERATOR_3) {
133 { 140 if (!BN_set_word(t1, 12))
134 if (!BN_set_word(t1,12)) goto err; 141 goto err;
135 if (!BN_set_word(t2,5)) goto err; 142 if (!BN_set_word(t2, 5))
136 g=3; 143 goto err;
137 } 144 g = 3;
138#endif 145#endif
139 else if (generator == DH_GENERATOR_5) 146 } else if (generator == DH_GENERATOR_5) {
140 { 147 if (!BN_set_word(t1, 10))
141 if (!BN_set_word(t1,10)) goto err; 148 goto err;
142 if (!BN_set_word(t2,3)) goto err; 149 if (!BN_set_word(t2, 3))
150 goto err;
143 /* BN_set_word(t3,7); just have to miss 151 /* BN_set_word(t3,7); just have to miss
144 * out on these ones :-( */ 152 * out on these ones :-( */
145 g=5; 153 g = 5;
146 } 154 } else {
147 else 155 /*
148 { 156 * in the general case, don't worry if 'generator' is a
149 /* in the general case, don't worry if 'generator' is a
150 * generator or not: since we are using safe primes, 157 * generator or not: since we are using safe primes,
151 * it will generate either an order-q or an order-2q group, 158 * it will generate either an order-q or an order-2q group,
152 * which both is OK */ 159 * which both is OK
153 if (!BN_set_word(t1,2)) goto err; 160 */
154 if (!BN_set_word(t2,1)) goto err; 161 if (!BN_set_word(t1, 2))
155 g=generator; 162 goto err;
156 } 163 if (!BN_set_word(t2, 1))
164 goto err;
165 g = generator;
166 }
157 167
158 if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; 168 if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
159 if(!BN_GENCB_call(cb, 3, 0)) goto err; 169 goto err;
160 if (!BN_set_word(ret->g,g)) goto err; 170 if (!BN_GENCB_call(cb, 3, 0))
161 ok=1; 171 goto err;
172 if (!BN_set_word(ret->g, g))
173 goto err;
174 ok = 1;
162err: 175err:
163 if (ok == -1) 176 if (ok == -1) {
164 { 177 DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
165 DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); 178 ok = 0;
166 ok=0; 179 }
167 }
168 180
169 if (ctx != NULL) 181 if (ctx != NULL) {
170 {
171 BN_CTX_end(ctx); 182 BN_CTX_end(ctx);
172 BN_CTX_free(ctx); 183 BN_CTX_free(ctx);
173 }
174 return ok;
175 } 184 }
185 return ok;
186}
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
index d35eb6e740..4fbedd8daa 100644
--- a/src/lib/libssl/src/crypto/dh/dh_key.c
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_key.c,v 1.18 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_key.c,v 1.19 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -64,22 +64,22 @@
64 64
65static int generate_key(DH *dh); 65static int generate_key(DH *dh);
66static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); 66static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
67static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, 67static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
68 const BIGNUM *a, const BIGNUM *p, 68 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
69 const BIGNUM *m, BN_CTX *ctx,
70 BN_MONT_CTX *m_ctx);
71static int dh_init(DH *dh); 69static int dh_init(DH *dh);
72static int dh_finish(DH *dh); 70static int dh_finish(DH *dh);
73 71
74int DH_generate_key(DH *dh) 72int
75 { 73DH_generate_key(DH *dh)
74{
76 return dh->meth->generate_key(dh); 75 return dh->meth->generate_key(dh);
77 } 76}
78 77
79int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) 78int
80 { 79DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
80{
81 return dh->meth->compute_key(key, pub_key, dh); 81 return dh->meth->compute_key(key, pub_key, dh);
82 } 82}
83 83
84static DH_METHOD dh_ossl = { 84static DH_METHOD dh_ossl = {
85 .name = "OpenSSL DH Method", 85 .name = "OpenSSL DH Method",
@@ -90,184 +90,176 @@ static DH_METHOD dh_ossl = {
90 .finish = dh_finish, 90 .finish = dh_finish,
91}; 91};
92 92
93const DH_METHOD *DH_OpenSSL(void) 93const DH_METHOD *
94DH_OpenSSL(void)
94{ 95{
95 return &dh_ossl; 96 return &dh_ossl;
96} 97}
97 98
98static int generate_key(DH *dh) 99static int
99 { 100generate_key(DH *dh)
100 int ok=0; 101{
101 int generate_new_key=0; 102 int ok = 0;
103 int generate_new_key = 0;
102 unsigned l; 104 unsigned l;
103 BN_CTX *ctx; 105 BN_CTX *ctx;
104 BN_MONT_CTX *mont=NULL; 106 BN_MONT_CTX *mont = NULL;
105 BIGNUM *pub_key=NULL,*priv_key=NULL; 107 BIGNUM *pub_key = NULL, *priv_key = NULL;
106 108
107 ctx = BN_CTX_new(); 109 ctx = BN_CTX_new();
108 if (ctx == NULL) goto err; 110 if (ctx == NULL)
109 111 goto err;
110 if (dh->priv_key == NULL)
111 {
112 priv_key=BN_new();
113 if (priv_key == NULL) goto err;
114 generate_new_key=1;
115 }
116 else
117 priv_key=dh->priv_key;
118 112
119 if (dh->pub_key == NULL) 113 if (dh->priv_key == NULL) {
120 { 114 priv_key = BN_new();
121 pub_key=BN_new(); 115 if (priv_key == NULL)
122 if (pub_key == NULL) goto err; 116 goto err;
123 } 117 generate_new_key = 1;
124 else 118 } else
125 pub_key=dh->pub_key; 119 priv_key = dh->priv_key;
126 120
121 if (dh->pub_key == NULL) {
122 pub_key = BN_new();
123 if (pub_key == NULL)
124 goto err;
125 } else
126 pub_key = dh->pub_key;
127 127
128 if (dh->flags & DH_FLAG_CACHE_MONT_P) 128 if (dh->flags & DH_FLAG_CACHE_MONT_P) {
129 {
130 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, 129 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
131 CRYPTO_LOCK_DH, dh->p, ctx); 130 CRYPTO_LOCK_DH, dh->p, ctx);
132 if (!mont) 131 if (!mont)
133 goto err; 132 goto err;
134 } 133 }
135 134
136 if (generate_new_key) 135 if (generate_new_key) {
137 { 136 if (dh->q) {
138 if (dh->q) 137 do {
139 {
140 do
141 {
142 if (!BN_rand_range(priv_key, dh->q)) 138 if (!BN_rand_range(priv_key, dh->q))
143 goto err; 139 goto err;
144 } 140 } while (BN_is_zero(priv_key) || BN_is_one(priv_key));
145 while (BN_is_zero(priv_key) || BN_is_one(priv_key)); 141 } else {
146 }
147 else
148 {
149 /* secret exponent length */ 142 /* secret exponent length */
150 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; 143 l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
151 if (!BN_rand(priv_key, l, 0, 0)) goto err; 144 if (!BN_rand(priv_key, l, 0, 0))
152 } 145 goto err;
153 } 146 }
147 }
154 148
155 { 149 {
156 BIGNUM local_prk; 150 BIGNUM local_prk;
157 BIGNUM *prk; 151 BIGNUM *prk;
158 152
159 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) 153 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
160 {
161 BN_init(&local_prk); 154 BN_init(&local_prk);
162 prk = &local_prk; 155 prk = &local_prk;
163 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); 156 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
164 } 157 } else
165 else
166 prk = priv_key; 158 prk = priv_key;
167 159
168 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err; 160 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx,
161 mont))
162 goto err;
169 } 163 }
170 164
171 dh->pub_key=pub_key; 165 dh->pub_key = pub_key;
172 dh->priv_key=priv_key; 166 dh->priv_key = priv_key;
173 ok=1; 167 ok = 1;
174err: 168err:
175 if (ok != 1) 169 if (ok != 1)
176 DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); 170 DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
177 171
178 if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); 172 if (pub_key != NULL && dh->pub_key == NULL)
179 if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); 173 BN_free(pub_key);
174 if (priv_key != NULL && dh->priv_key == NULL)
175 BN_free(priv_key);
180 BN_CTX_free(ctx); 176 BN_CTX_free(ctx);
181 return(ok); 177 return ok;
182 } 178}
183 179
184static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) 180static int
185 { 181compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
186 BN_CTX *ctx=NULL; 182{
187 BN_MONT_CTX *mont=NULL; 183 BN_CTX *ctx = NULL;
184 BN_MONT_CTX *mont = NULL;
188 BIGNUM *tmp; 185 BIGNUM *tmp;
189 int ret= -1; 186 int ret = -1;
190 int check_result; 187 int check_result;
191 188
192 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) 189 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
193 { 190 DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
194 DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
195 goto err; 191 goto err;
196 } 192 }
197 193
198 ctx = BN_CTX_new(); 194 ctx = BN_CTX_new();
199 if (ctx == NULL) goto err; 195 if (ctx == NULL)
196 goto err;
200 BN_CTX_start(ctx); 197 BN_CTX_start(ctx);
201 tmp = BN_CTX_get(ctx); 198 tmp = BN_CTX_get(ctx);
202 199
203 if (dh->priv_key == NULL) 200 if (dh->priv_key == NULL) {
204 { 201 DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
205 DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
206 goto err; 202 goto err;
207 } 203 }
208 204
209 if (dh->flags & DH_FLAG_CACHE_MONT_P) 205 if (dh->flags & DH_FLAG_CACHE_MONT_P) {
210 {
211 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, 206 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
212 CRYPTO_LOCK_DH, dh->p, ctx); 207 CRYPTO_LOCK_DH, dh->p, ctx);
213 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) 208 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
214 {
215 /* XXX */ 209 /* XXX */
216 BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); 210 BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
217 } 211 }
218 if (!mont) 212 if (!mont)
219 goto err; 213 goto err;
220 } 214 }
221 215
222 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) 216 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
223 { 217 DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
224 DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
225 goto err; 218 goto err;
226 } 219 }
227 220
228 if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) 221 if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx,
229 { 222 mont)) {
230 DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); 223 DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
231 goto err; 224 goto err;
232 } 225 }
233 226
234 ret=BN_bn2bin(tmp,key); 227 ret = BN_bn2bin(tmp, key);
235err: 228err:
236 if (ctx != NULL) 229 if (ctx != NULL) {
237 {
238 BN_CTX_end(ctx); 230 BN_CTX_end(ctx);
239 BN_CTX_free(ctx); 231 BN_CTX_free(ctx);
240 }
241 return(ret);
242 } 232 }
233 return ret;
234}
243 235
244static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, 236static int
245 const BIGNUM *a, const BIGNUM *p, 237dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
246 const BIGNUM *m, BN_CTX *ctx, 238 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
247 BN_MONT_CTX *m_ctx) 239{
248 { 240 /*
249 /* If a is only one word long and constant time is false, use the faster 241 * If a is only one word long and constant time is false, use the faster
250 * exponenentiation function. 242 * exponenentiation function.
251 */ 243 */
252 if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) 244 if (a->top == 1 && (dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0) {
253 {
254 BN_ULONG A = a->d[0]; 245 BN_ULONG A = a->d[0];
255 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
256 }
257 else
258 return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
259 }
260 246
247 return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
248 } else
249 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
250}
261 251
262static int dh_init(DH *dh) 252static int
263 { 253dh_init(DH *dh)
254{
264 dh->flags |= DH_FLAG_CACHE_MONT_P; 255 dh->flags |= DH_FLAG_CACHE_MONT_P;
265 return(1); 256 return 1;
266 } 257}
267 258
268static int dh_finish(DH *dh) 259static int
269 { 260dh_finish(DH *dh)
270 if(dh->method_mont_p) 261{
262 if (dh->method_mont_p)
271 BN_MONT_CTX_free(dh->method_mont_p); 263 BN_MONT_CTX_free(dh->method_mont_p);
272 return(1); 264 return 1;
273 } 265}
diff --git a/src/lib/libssl/src/crypto/dh/dh_lib.c b/src/lib/libssl/src/crypto/dh/dh_lib.c
index 793a8afdce..094a78041d 100644
--- a/src/lib/libssl/src/crypto/dh/dh_lib.c
+++ b/src/lib/libssl/src/crypto/dh/dh_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_lib.c,v 1.16 2014/07/09 11:10:50 bcook Exp $ */ 1/* $OpenBSD: dh_lib.c,v 1.17 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -66,117 +66,121 @@
66 66
67static const DH_METHOD *default_DH_method = NULL; 67static const DH_METHOD *default_DH_method = NULL;
68 68
69void DH_set_default_method(const DH_METHOD *meth) 69void
70 { 70DH_set_default_method(const DH_METHOD *meth)
71{
71 default_DH_method = meth; 72 default_DH_method = meth;
72 } 73}
73 74
74const DH_METHOD *DH_get_default_method(void) 75const DH_METHOD *
75 { 76DH_get_default_method(void)
76 if(!default_DH_method) 77{
77 { 78 if (!default_DH_method)
78 default_DH_method = DH_OpenSSL(); 79 default_DH_method = DH_OpenSSL();
79 }
80 return default_DH_method; 80 return default_DH_method;
81 } 81}
82 82
83int DH_set_method(DH *dh, const DH_METHOD *meth) 83int
84 { 84DH_set_method(DH *dh, const DH_METHOD *meth)
85 /* NB: The caller is specifically setting a method, so it's not up to us 85{
86 * to deal with which ENGINE it comes from. */ 86 /*
87 * NB: The caller is specifically setting a method, so it's not up to us
88 * to deal with which ENGINE it comes from.
89 */
87 const DH_METHOD *mtmp; 90 const DH_METHOD *mtmp;
91
88 mtmp = dh->meth; 92 mtmp = dh->meth;
89 if (mtmp->finish) mtmp->finish(dh); 93 if (mtmp->finish)
94 mtmp->finish(dh);
90#ifndef OPENSSL_NO_ENGINE 95#ifndef OPENSSL_NO_ENGINE
91 if (dh->engine) 96 if (dh->engine) {
92 {
93 ENGINE_finish(dh->engine); 97 ENGINE_finish(dh->engine);
94 dh->engine = NULL; 98 dh->engine = NULL;
95 } 99 }
96#endif 100#endif
97 dh->meth = meth; 101 dh->meth = meth;
98 if (meth->init) meth->init(dh); 102 if (meth->init)
103 meth->init(dh);
99 return 1; 104 return 1;
100 } 105}
101 106
102DH *DH_new(void) 107DH *
103 { 108DH_new(void)
109{
104 return DH_new_method(NULL); 110 return DH_new_method(NULL);
105 } 111}
106 112
107DH *DH_new_method(ENGINE *engine) 113DH *
108 { 114DH_new_method(ENGINE *engine)
115{
109 DH *ret; 116 DH *ret;
110 117
111 ret = malloc(sizeof(DH)); 118 ret = malloc(sizeof(DH));
112 if (ret == NULL) 119 if (ret == NULL) {
113 { 120 DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
114 DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); 121 return NULL;
115 return(NULL); 122 }
116 }
117 123
118 ret->meth = DH_get_default_method(); 124 ret->meth = DH_get_default_method();
119#ifndef OPENSSL_NO_ENGINE 125#ifndef OPENSSL_NO_ENGINE
120 if (engine) 126 if (engine) {
121 { 127 if (!ENGINE_init(engine)) {
122 if (!ENGINE_init(engine))
123 {
124 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); 128 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
125 free(ret); 129 free(ret);
126 return NULL; 130 return NULL;
127 }
128 ret->engine = engine;
129 } 131 }
130 else 132 ret->engine = engine;
133 } else
131 ret->engine = ENGINE_get_default_DH(); 134 ret->engine = ENGINE_get_default_DH();
132 if(ret->engine) 135 if(ret->engine) {
133 {
134 ret->meth = ENGINE_get_DH(ret->engine); 136 ret->meth = ENGINE_get_DH(ret->engine);
135 if(!ret->meth) 137 if (!ret->meth) {
136 { 138 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
137 DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
138 ENGINE_finish(ret->engine); 139 ENGINE_finish(ret->engine);
139 free(ret); 140 free(ret);
140 return NULL; 141 return NULL;
141 }
142 } 142 }
143 }
143#endif 144#endif
144 145
145 ret->pad=0; 146 ret->pad = 0;
146 ret->version=0; 147 ret->version = 0;
147 ret->p=NULL; 148 ret->p = NULL;
148 ret->g=NULL; 149 ret->g = NULL;
149 ret->length=0; 150 ret->length = 0;
150 ret->pub_key=NULL; 151 ret->pub_key = NULL;
151 ret->priv_key=NULL; 152 ret->priv_key = NULL;
152 ret->q=NULL; 153 ret->q = NULL;
153 ret->j=NULL; 154 ret->j = NULL;
154 ret->seed = NULL; 155 ret->seed = NULL;
155 ret->seedlen = 0; 156 ret->seedlen = 0;
156 ret->counter = NULL; 157 ret->counter = NULL;
157 ret->method_mont_p=NULL; 158 ret->method_mont_p=NULL;
158 ret->references = 1; 159 ret->references = 1;
159 ret->flags=ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; 160 ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
160 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); 161 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
161 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 162 if (ret->meth->init != NULL && !ret->meth->init(ret)) {
162 {
163#ifndef OPENSSL_NO_ENGINE 163#ifndef OPENSSL_NO_ENGINE
164 if (ret->engine) 164 if (ret->engine)
165 ENGINE_finish(ret->engine); 165 ENGINE_finish(ret->engine);
166#endif 166#endif
167 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); 167 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
168 free(ret); 168 free(ret);
169 ret=NULL; 169 ret = NULL;
170 }
171 return(ret);
172 } 170 }
171 return ret;
172}
173 173
174void DH_free(DH *r) 174void
175 { 175DH_free(DH *r)
176{
176 int i; 177 int i;
177 if(r == NULL) return; 178
179 if (r == NULL)
180 return;
178 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); 181 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
179 if (i > 0) return; 182 if (i > 0)
183 return;
180 184
181 if (r->meth->finish) 185 if (r->meth->finish)
182 r->meth->finish(r); 186 r->meth->finish(r);
@@ -187,41 +191,54 @@ void DH_free(DH *r)
187 191
188 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); 192 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
189 193
190 if (r->p != NULL) BN_clear_free(r->p); 194 if (r->p != NULL)
191 if (r->g != NULL) BN_clear_free(r->g); 195 BN_clear_free(r->p);
192 if (r->q != NULL) BN_clear_free(r->q); 196 if (r->g != NULL)
193 if (r->j != NULL) BN_clear_free(r->j); 197 BN_clear_free(r->g);
198 if (r->q != NULL)
199 BN_clear_free(r->q);
200 if (r->j != NULL)
201 BN_clear_free(r->j);
194 free(r->seed); 202 free(r->seed);
195 if (r->counter != NULL) BN_clear_free(r->counter); 203 if (r->counter != NULL)
196 if (r->pub_key != NULL) BN_clear_free(r->pub_key); 204 BN_clear_free(r->counter);
197 if (r->priv_key != NULL) BN_clear_free(r->priv_key); 205 if (r->pub_key != NULL)
206 BN_clear_free(r->pub_key);
207 if (r->priv_key != NULL)
208 BN_clear_free(r->priv_key);
198 free(r); 209 free(r);
199 } 210}
200 211
201int DH_up_ref(DH *r) 212int
202 { 213DH_up_ref(DH *r)
214{
203 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); 215 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
204 return ((i > 1) ? 1 : 0);
205 }
206 216
207int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 217 return i > 1 ? 1 : 0;
208 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 218}
209 { 219
210 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, 220int
211 new_func, dup_func, free_func); 221DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
212 } 222 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
213 223{
214int DH_set_ex_data(DH *d, int idx, void *arg) 224 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, new_func,
215 { 225 dup_func, free_func);
216 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); 226}
217 } 227
218 228int
219void *DH_get_ex_data(DH *d, int idx) 229DH_set_ex_data(DH *d, int idx, void *arg)
220 { 230{
221 return(CRYPTO_get_ex_data(&d->ex_data,idx)); 231 return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
222 } 232}
223 233
224int DH_size(const DH *dh) 234void *
225 { 235DH_get_ex_data(DH *d, int idx)
226 return(BN_num_bytes(dh->p)); 236{
227 } 237 return CRYPTO_get_ex_data(&d->ex_data, idx);
238}
239
240int
241DH_size(const DH *dh)
242{
243 return BN_num_bytes(dh->p);
244}
diff --git a/src/lib/libssl/src/crypto/dh/dh_pmeth.c b/src/lib/libssl/src/crypto/dh/dh_pmeth.c
index cb424ac149..fb441b563b 100644
--- a/src/lib/libssl/src/crypto/dh/dh_pmeth.c
+++ b/src/lib/libssl/src/crypto/dh/dh_pmeth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_pmeth.c,v 1.6 2014/06/12 20:40:57 deraadt Exp $ */ 1/* $OpenBSD: dh_pmeth.c,v 1.7 2014/07/09 13:26:47 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -68,8 +68,7 @@
68 68
69/* DH pkey context structure */ 69/* DH pkey context structure */
70 70
71typedef struct 71typedef struct {
72 {
73 /* Parameter gen parameters */ 72 /* Parameter gen parameters */
74 int prime_len; 73 int prime_len;
75 int generator; 74 int generator;
@@ -77,11 +76,13 @@ typedef struct
77 /* Keygen callback info */ 76 /* Keygen callback info */
78 int gentmp[2]; 77 int gentmp[2];
79 /* message digest */ 78 /* message digest */
80 } DH_PKEY_CTX; 79} DH_PKEY_CTX;
81 80
82static int pkey_dh_init(EVP_PKEY_CTX *ctx) 81static int
83 { 82pkey_dh_init(EVP_PKEY_CTX *ctx)
83{
84 DH_PKEY_CTX *dctx; 84 DH_PKEY_CTX *dctx;
85
85 dctx = malloc(sizeof(DH_PKEY_CTX)); 86 dctx = malloc(sizeof(DH_PKEY_CTX));
86 if (!dctx) 87 if (!dctx)
87 return 0; 88 return 0;
@@ -94,11 +95,13 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
94 ctx->keygen_info_count = 2; 95 ctx->keygen_info_count = 2;
95 96
96 return 1; 97 return 1;
97 } 98}
98 99
99static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 100static int
100 { 101pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
102{
101 DH_PKEY_CTX *dctx, *sctx; 103 DH_PKEY_CTX *dctx, *sctx;
104
102 if (!pkey_dh_init(dst)) 105 if (!pkey_dh_init(dst))
103 return 0; 106 return 0;
104 sctx = src->data; 107 sctx = src->data;
@@ -107,43 +110,44 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
107 dctx->generator = sctx->generator; 110 dctx->generator = sctx->generator;
108 dctx->use_dsa = sctx->use_dsa; 111 dctx->use_dsa = sctx->use_dsa;
109 return 1; 112 return 1;
110 } 113}
111 114
112static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) 115static void
113 { 116pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
117{
114 DH_PKEY_CTX *dctx = ctx->data; 118 DH_PKEY_CTX *dctx = ctx->data;
119
115 free(dctx); 120 free(dctx);
116 } 121}
117 122
118static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 123static int
119 { 124pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
125{
120 DH_PKEY_CTX *dctx = ctx->data; 126 DH_PKEY_CTX *dctx = ctx->data;
121 switch (type) 127
122 { 128 switch (type) {
123 case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: 129 case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
124 if (p1 < 256) 130 if (p1 < 256)
125 return -2; 131 return -2;
126 dctx->prime_len = p1; 132 dctx->prime_len = p1;
127 return 1; 133 return 1;
128 134
129 case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: 135 case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
130 dctx->generator = p1; 136 dctx->generator = p1;
131 return 1; 137 return 1;
132 138
133 case EVP_PKEY_CTRL_PEER_KEY: 139 case EVP_PKEY_CTRL_PEER_KEY:
134 /* Default behaviour is OK */ 140 /* Default behaviour is OK */
135 return 1; 141 return 1;
136 142
137 default: 143 default:
138 return -2; 144 return -2;
139
140 }
141 } 145 }
142 146}
143 147
144static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, 148static int
145 const char *type, const char *value) 149pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
146 { 150{
147 long lval; 151 long lval;
148 char *ep; 152 char *ep;
149 int len; 153 int len;
@@ -153,18 +157,19 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
153 lval = strtol(value, &ep, 10); 157 lval = strtol(value, &ep, 10);
154 if (value[0] == '\0' || *ep != '\0') 158 if (value[0] == '\0' || *ep != '\0')
155 goto not_a_number; 159 goto not_a_number;
156 if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || 160 if ((errno == ERANGE &&
161 (lval == LONG_MAX || lval == LONG_MIN)) ||
157 (lval > INT_MAX || lval < INT_MIN)) 162 (lval > INT_MAX || lval < INT_MIN))
158 goto out_of_range; 163 goto out_of_range;
159 len = lval; 164 len = lval;
160 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); 165 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
161 } 166 } else if (!strcmp(type, "dh_paramgen_generator")) {
162 if (!strcmp(type, "dh_paramgen_generator")) {
163 errno = 0; 167 errno = 0;
164 lval = strtol(value, &ep, 10); 168 lval = strtol(value, &ep, 10);
165 if (value[0] == '\0' || *ep != '\0') 169 if (value[0] == '\0' || *ep != '\0')
166 goto not_a_number; 170 goto not_a_number;
167 if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || 171 if ((errno == ERANGE &&
172 (lval == LONG_MAX || lval == LONG_MIN)) ||
168 (lval > INT_MAX || lval < INT_MIN)) 173 (lval > INT_MAX || lval < INT_MIN))
169 goto out_of_range; 174 goto out_of_range;
170 len = lval; 175 len = lval;
@@ -176,39 +181,40 @@ out_of_range:
176 return -2; 181 return -2;
177} 182}
178 183
179static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 184static int
180 { 185pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
186{
181 DH *dh = NULL; 187 DH *dh = NULL;
182 DH_PKEY_CTX *dctx = ctx->data; 188 DH_PKEY_CTX *dctx = ctx->data;
183 BN_GENCB *pcb, cb; 189 BN_GENCB *pcb, cb;
184 int ret; 190 int ret;
185 if (ctx->pkey_gencb) 191
186 { 192 if (ctx->pkey_gencb) {
187 pcb = &cb; 193 pcb = &cb;
188 evp_pkey_set_cb_translate(pcb, ctx); 194 evp_pkey_set_cb_translate(pcb, ctx);
189 } 195 } else
190 else
191 pcb = NULL; 196 pcb = NULL;
192 dh = DH_new(); 197 dh = DH_new();
193 if (!dh) 198 if (!dh)
194 return 0; 199 return 0;
195 ret = DH_generate_parameters_ex(dh, 200 ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator,
196 dctx->prime_len, dctx->generator, pcb); 201 pcb);
197 if (ret) 202 if (ret)
198 EVP_PKEY_assign_DH(pkey, dh); 203 EVP_PKEY_assign_DH(pkey, dh);
199 else 204 else
200 DH_free(dh); 205 DH_free(dh);
201 return ret; 206 return ret;
202 } 207}
203 208
204static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 209static int
205 { 210pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
211{
206 DH *dh = NULL; 212 DH *dh = NULL;
207 if (ctx->pkey == NULL) 213
208 { 214 if (ctx->pkey == NULL) {
209 DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); 215 DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
210 return 0; 216 return 0;
211 } 217 }
212 dh = DH_new(); 218 dh = DH_new();
213 if (!dh) 219 if (!dh)
214 return 0; 220 return 0;
@@ -217,23 +223,24 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
217 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 223 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
218 return 0; 224 return 0;
219 return DH_generate_key(pkey->pkey.dh); 225 return DH_generate_key(pkey->pkey.dh);
220 } 226}
221 227
222static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) 228static int
223 { 229pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
230{
224 int ret; 231 int ret;
225 if (!ctx->pkey || !ctx->peerkey) 232
226 { 233 if (!ctx->pkey || !ctx->peerkey) {
227 DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); 234 DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
228 return 0; 235 return 0;
229 } 236 }
230 ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key, 237 ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
231 ctx->pkey->pkey.dh); 238 ctx->pkey->pkey.dh);
232 if (ret < 0) 239 if (ret < 0)
233 return ret; 240 return ret;
234 *keylen = ret; 241 *keylen = ret;
235 return 1; 242 return 1;
236 } 243}
237 244
238const EVP_PKEY_METHOD dh_pkey_meth = { 245const EVP_PKEY_METHOD dh_pkey_meth = {
239 .pkey_id = EVP_PKEY_DH, 246 .pkey_id = EVP_PKEY_DH,
diff --git a/src/lib/libssl/src/crypto/dh/dh_prn.c b/src/lib/libssl/src/crypto/dh/dh_prn.c
index a249b650f8..846419691e 100644
--- a/src/lib/libssl/src/crypto/dh/dh_prn.c
+++ b/src/lib/libssl/src/crypto/dh/dh_prn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_prn.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ 1/* $OpenBSD: dh_prn.c,v 1.4 2014/07/09 13:26:47 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -61,18 +61,18 @@
61#include <openssl/evp.h> 61#include <openssl/evp.h>
62#include <openssl/dh.h> 62#include <openssl/dh.h>
63 63
64int DHparams_print_fp(FILE *fp, const DH *x) 64int
65 { 65DHparams_print_fp(FILE *fp, const DH *x)
66{
66 BIO *b; 67 BIO *b;
67 int ret; 68 int ret;
68 69
69 if ((b=BIO_new(BIO_s_file())) == NULL) 70 if ((b = BIO_new(BIO_s_file())) == NULL) {
70 { 71 DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
71 DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); 72 return 0;
72 return(0); 73 }
73 }
74 BIO_set_fp(b,fp,BIO_NOCLOSE); 74 BIO_set_fp(b,fp,BIO_NOCLOSE);
75 ret=DHparams_print(b, x); 75 ret = DHparams_print(b, x);
76 BIO_free(b); 76 BIO_free(b);
77 return(ret); 77 return ret;
78 } 78}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 12:43:09 +0000