1 files changed, 65 insertions, 60 deletions
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index 71ea9c1683..1df8f4cdc7 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_check.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: dh_check.c,v 1.11 2014/07/09 13:26:47 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -61,7 +61,8 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-/* Check that p is a safe prime and
+/*
+ * Check that p is a safe prime and
 * if g is 2, 3 or 5, check that it is a suitable generator
 * where
 * for 2, p mod 24 == 11
@@ -70,73 +71,77 @@
 * should hold.
 */
-int DH_check(const DH *dh, int *ret)
+int
-        {
+DH_check(const DH *dh, int *ret)
-        int ok=0;
+{
-        BN_CTX *ctx=NULL;
+        int ok = 0;
+        BN_CTX *ctx = NULL;
        BN_ULONG l;
-        BIGNUM *q=NULL;
+        BIGNUM *q = NULL;
-        *ret=0;
+        *ret = 0;
-        ctx=BN_CTX_new();
+        ctx = BN_CTX_new();
-        if (ctx == NULL) goto err;
+        if (ctx == NULL)
-        q=BN_new();
+                goto err;
-        if (q == NULL) goto err;
+        q = BN_new();
+        if (q == NULL)
+                goto err;
-        if (BN_is_word(dh->g,DH_GENERATOR_2))
+        if (BN_is_word(dh->g, DH_GENERATOR_2)) {
-                {
+                l = BN_mod_word(dh->p, 24);
-                l=BN_mod_word(dh->p,24);
+                if (l != 11)
-                if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
+                        *ret |= DH_NOT_SUITABLE_GENERATOR;
-                }
 #if 0
-        else if (BN_is_word(dh->g,DH_GENERATOR_3))
+        } else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
-                {
+                l = BN_mod_word(dh->p, 12);
-                l=BN_mod_word(dh->p,12);
+                if (l != 5)
-                if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
+                        *ret |= DH_NOT_SUITABLE_GENERATOR;
-                }
 #endif
-        else if (BN_is_word(dh->g,DH_GENERATOR_5))
+        } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
-                {
+                l = BN_mod_word(dh->p, 10);
-                l=BN_mod_word(dh->p,10);
+                if (l != 3 && l != 7)
-                if ((l != 3) && (l != 7))
+                        *ret |= DH_NOT_SUITABLE_GENERATOR;
-                        *ret|=DH_NOT_SUITABLE_GENERATOR;
+        } else
-                }
+                *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
-        else
-                *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
-        if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
+        if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
-                *ret|=DH_CHECK_P_NOT_PRIME;
+                *ret |= DH_CHECK_P_NOT_PRIME;
-        else
+        else {
-                {
+                if (!BN_rshift1(q, dh->p))
-                if (!BN_rshift1(q,dh->p)) goto err;
+                        goto err;
-                if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
+                if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
-                        *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
+                        *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
-                }
-        ok=1;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        if (q != NULL) BN_free(q);
-        return(ok);
        }
+        ok = 1;
+err:
+        if (ctx != NULL)
+                BN_CTX_free(ctx);
+        if (q != NULL)
+                BN_free(q);
+        return ok;
+}
-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+int
-        {
+DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
-        int ok=0;
+{
-        BIGNUM *q=NULL;
+        int ok = 0;
+        BIGNUM *q = NULL;
-        *ret=0;
+        *ret = 0;
-        q=BN_new();
+        q = BN_new();
-        if (q == NULL) goto err;
+        if (q == NULL)
-        BN_set_word(q,1);
+                goto err;
-        if (BN_cmp(pub_key,q)<=0)
+        BN_set_word(q, 1);
-                *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+        if (BN_cmp(pub_key, q) <= 0)
-        BN_copy(q,dh->p);
+                *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
-        BN_sub_word(q,1);
+        BN_copy(q, dh->p);
-        if (BN_cmp(pub_key,q)>=0)
+        BN_sub_word(q, 1);
-                *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+        if (BN_cmp(pub_key, q) >= 0)
+                *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
        ok = 1;
 err:
-        if (q != NULL) BN_free(q);
+        if (q != NULL)
-        return(ok);
+                BN_free(q);
-        }
+        return ok;
+}

diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c index 71ea9c1683..1df8f4cdc7 100644 --- a/src/lib/libcrypto/dh/dh_check.c +++ b/src/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_check.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */	1	/* $OpenBSD: dh_check.c,v 1.11 2014/07/09 13:26:47 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -61,7 +61,8 @@
61	#include <openssl/bn.h>	61	#include <openssl/bn.h>
62	#include <openssl/dh.h>	62	#include <openssl/dh.h>
63		63
64	/* Check that p is a safe prime and	64	/*
		65	* Check that p is a safe prime and
65	* if g is 2, 3 or 5, check that it is a suitable generator	66	* if g is 2, 3 or 5, check that it is a suitable generator
66	* where	67	* where
67	* for 2, p mod 24 == 11	68	* for 2, p mod 24 == 11
@@ -70,73 +71,77 @@
70	* should hold.	71	* should hold.
71	*/	72	*/
72		73
73	int DH_check(const DH dh, int ret)	74	int
74	{	75	DH_check(const DH dh, int ret)
75	int ok=0;	76	{
76	BN_CTX *ctx=NULL;	77	int ok = 0;
		78	BN_CTX *ctx = NULL;
77	BN_ULONG l;	79	BN_ULONG l;
78	BIGNUM *q=NULL;	80	BIGNUM *q = NULL;
79		81
80	*ret=0;	82	*ret = 0;
81	ctx=BN_CTX_new();	83	ctx = BN_CTX_new();
82	if (ctx == NULL) goto err;	84	if (ctx == NULL)
83	q=BN_new();	85	goto err;
84	if (q == NULL) goto err;	86	q = BN_new();
		87	if (q == NULL)
		88	goto err;
85		89
86	if (BN_is_word(dh->g,DH_GENERATOR_2))	90	if (BN_is_word(dh->g, DH_GENERATOR_2)) {
87	{	91	l = BN_mod_word(dh->p, 24);
88	l=BN_mod_word(dh->p,24);	92	if (l != 11)
89	if (l != 11) *ret\|=DH_NOT_SUITABLE_GENERATOR;	93	*ret \|= DH_NOT_SUITABLE_GENERATOR;
90	}
91	#if 0	94	#if 0
92	else if (BN_is_word(dh->g,DH_GENERATOR_3))	95	} else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
93	{	96	l = BN_mod_word(dh->p, 12);
94	l=BN_mod_word(dh->p,12);	97	if (l != 5)
95	if (l != 5) *ret\|=DH_NOT_SUITABLE_GENERATOR;	98	*ret \|= DH_NOT_SUITABLE_GENERATOR;
96	}
97	#endif	99	#endif
98	else if (BN_is_word(dh->g,DH_GENERATOR_5))	100	} else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
99	{	101	l = BN_mod_word(dh->p, 10);
100	l=BN_mod_word(dh->p,10);	102	if (l != 3 && l != 7)
101	if ((l != 3) && (l != 7))	103	*ret \|= DH_NOT_SUITABLE_GENERATOR;
102	*ret\|=DH_NOT_SUITABLE_GENERATOR;	104	} else
103	}	105	*ret \|= DH_UNABLE_TO_CHECK_GENERATOR;
104	else
105	*ret\|=DH_UNABLE_TO_CHECK_GENERATOR;
106		106
107	if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))	107	if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
108	*ret\|=DH_CHECK_P_NOT_PRIME;	108	*ret \|= DH_CHECK_P_NOT_PRIME;
109	else	109	else {
110	{	110	if (!BN_rshift1(q, dh->p))
111	if (!BN_rshift1(q,dh->p)) goto err;	111	goto err;
112	if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))	112	if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
113	*ret\|=DH_CHECK_P_NOT_SAFE_PRIME;	113	*ret \|= DH_CHECK_P_NOT_SAFE_PRIME;
114	}
115	ok=1;
116	err:
117	if (ctx != NULL) BN_CTX_free(ctx);
118	if (q != NULL) BN_free(q);
119	return(ok);
120	}	114	}
		115	ok = 1;
		116	err:
		117	if (ctx != NULL)
		118	BN_CTX_free(ctx);
		119	if (q != NULL)
		120	BN_free(q);
		121	return ok;
		122	}
121		123
122	int DH_check_pub_key(const DH dh, const BIGNUM pub_key, int *ret)	124	int
123	{	125	DH_check_pub_key(const DH dh, const BIGNUM pub_key, int *ret)
124	int ok=0;	126	{
125	BIGNUM *q=NULL;	127	int ok = 0;
		128	BIGNUM *q = NULL;
126		129
127	*ret=0;	130	*ret = 0;
128	q=BN_new();	131	q = BN_new();
129	if (q == NULL) goto err;	132	if (q == NULL)
130	BN_set_word(q,1);	133	goto err;
131	if (BN_cmp(pub_key,q)<=0)	134	BN_set_word(q, 1);
132	*ret\|=DH_CHECK_PUBKEY_TOO_SMALL;	135	if (BN_cmp(pub_key, q) <= 0)
133	BN_copy(q,dh->p);	136	*ret \|= DH_CHECK_PUBKEY_TOO_SMALL;
134	BN_sub_word(q,1);	137	BN_copy(q, dh->p);
135	if (BN_cmp(pub_key,q)>=0)	138	BN_sub_word(q, 1);
136	*ret\|=DH_CHECK_PUBKEY_TOO_LARGE;	139	if (BN_cmp(pub_key, q) >= 0)
		140	*ret \|= DH_CHECK_PUBKEY_TOO_LARGE;
137		141
138	ok = 1;	142	ok = 1;
139	err:	143	err:
140	if (q != NULL) BN_free(q);	144	if (q != NULL)
141	return(ok);	145	BN_free(q);
142	}	146	return ok;
		147	}