1 files changed, 70 insertions, 59 deletions
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 67bdc5f769..453ea3e8e4 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_gen.c,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: dh_gen.c,v 1.12 2014/07/09 13:26:47 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -66,16 +66,19 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+            BN_GENCB *cb);
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+int
-        {
+DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
-        if(ret->meth->generate_params)
+{
+        if (ret->meth->generate_params)
                return ret->meth->generate_params(ret, prime_len, generator, cb);
        return dh_builtin_genparams(ret, prime_len, generator, cb);
-        }
+}
-/* We generate DH parameters as follows
+/*
+ * We generate DH parameters as follows:
 * find a prime q which is prime_len/2 bits long.
 * p=(2*q)+1 or (p-1)/2 = q
 * For this case, g is a generator if
@@ -100,76 +103,84 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
 * It's just as OK (and in some sense better) to use a generator of the
 * order-q subgroup.
 */
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+static int
-        {
+dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
-        BIGNUM *t1,*t2;
+{
-        int g,ok= -1;
+        BIGNUM *t1, *t2;
-        BN_CTX *ctx=NULL;
+        int g, ok = -1;
+        BN_CTX *ctx = NULL;
-        ctx=BN_CTX_new();
+        ctx = BN_CTX_new();
-        if (ctx == NULL) goto err;
+        if (ctx == NULL)
+                goto err;
        BN_CTX_start(ctx);
        t1 = BN_CTX_get(ctx);
        t2 = BN_CTX_get(ctx);
-        if (t1 == NULL || t2 == NULL) goto err;
+        if (t1 == NULL || t2 == NULL)
+                goto err;
        /* Make sure 'ret' has the necessary elements */
-        if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
+        if (!ret->p && ((ret->p = BN_new()) == NULL))
-        if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
+                goto err;
+        if (!ret->g && ((ret->g = BN_new()) == NULL))
+                goto err;
        
-        if (generator <= 1)
+        if (generator <= 1) {
-                {
                DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
                goto err;
-                }
+        }
-        if (generator == DH_GENERATOR_2)
+        if (generator == DH_GENERATOR_2) {
-                {
+                if (!BN_set_word(t1, 24))
-                if (!BN_set_word(t1,24)) goto err;
+                        goto err;
-                if (!BN_set_word(t2,11)) goto err;
+                if (!BN_set_word(t2, 11))
-                g=2;
+                        goto err;
-                }
+                g = 2;
 #if 0 /* does not work for safe primes */
-        else if (generator == DH_GENERATOR_3)
+        } else if (generator == DH_GENERATOR_3) {
-                {
+                if (!BN_set_word(t1, 12))
-                if (!BN_set_word(t1,12)) goto err;
+                        goto err;
-                if (!BN_set_word(t2,5)) goto err;
+                if (!BN_set_word(t2, 5))
-                g=3;
+                        goto err;
-                }
+                g = 3;
 #endif
-        else if (generator == DH_GENERATOR_5)
+        } else if (generator == DH_GENERATOR_5) {
-                {
+                if (!BN_set_word(t1, 10))
-                if (!BN_set_word(t1,10)) goto err;
+                        goto err;
-                if (!BN_set_word(t2,3)) goto err;
+                if (!BN_set_word(t2, 3))
+                        goto err;
                /* BN_set_word(t3,7); just have to miss
                 * out on these ones :-( */
-                g=5;
+                g = 5;
-                }
+        } else {
-        else
+                /*
-                {
+                 * in the general case, don't worry if 'generator' is a
-                /* in the general case, don't worry if 'generator' is a
                 * generator or not: since we are using safe primes,
                 * it will generate either an order-q or an order-2q group,
-                 * which both is OK */
+                 * which both is OK
-                if (!BN_set_word(t1,2)) goto err;
+                 */
-                if (!BN_set_word(t2,1)) goto err;
+                if (!BN_set_word(t1, 2))
-                g=generator;
+                        goto err;
-                }
+                if (!BN_set_word(t2, 1))
+                        goto err;
+                g = generator;
+        }
        
-        if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
+        if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
-        if(!BN_GENCB_call(cb, 3, 0)) goto err;
+                goto err;
-        if (!BN_set_word(ret->g,g)) goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
-        ok=1;
+                goto err;
+        if (!BN_set_word(ret->g, g))
+                goto err;
+        ok = 1;
 err:
-        if (ok == -1)
+        if (ok == -1) {
-                {
+                DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
-                DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
+                ok = 0;
-                ok=0;
+        }
-                }
-        if (ctx != NULL)
+        if (ctx != NULL) {
-                {
                BN_CTX_end(ctx);
                BN_CTX_free(ctx);
-                }
-        return ok;
        }
+        return ok;
+}

diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index 67bdc5f769..453ea3e8e4 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_gen.c,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */	1	/* $OpenBSD: dh_gen.c,v 1.12 2014/07/09 13:26:47 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -66,16 +66,19 @@
66	#include <openssl/bn.h>	66	#include <openssl/bn.h>
67	#include <openssl/dh.h>	67	#include <openssl/dh.h>
68		68
69	static int dh_builtin_genparams(DH ret, int prime_len, int generator, BN_GENCB cb);	69	static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
		70	BN_GENCB *cb);
70		71
71	int DH_generate_parameters_ex(DH ret, int prime_len, int generator, BN_GENCB cb)	72	int
72	{	73	DH_generate_parameters_ex(DH ret, int prime_len, int generator, BN_GENCB cb)
73	if(ret->meth->generate_params)	74	{
		75	if (ret->meth->generate_params)
74	return ret->meth->generate_params(ret, prime_len, generator, cb);	76	return ret->meth->generate_params(ret, prime_len, generator, cb);
75	return dh_builtin_genparams(ret, prime_len, generator, cb);	77	return dh_builtin_genparams(ret, prime_len, generator, cb);
76	}	78	}
77		79
78	/* We generate DH parameters as follows	80	/*
		81	* We generate DH parameters as follows:
79	* find a prime q which is prime_len/2 bits long.	82	* find a prime q which is prime_len/2 bits long.
80	* p=(2*q)+1 or (p-1)/2 = q	83	* p=(2*q)+1 or (p-1)/2 = q
81	* For this case, g is a generator if	84	* For this case, g is a generator if
@@ -100,76 +103,84 @@ int DH_generate_parameters_ex(DH ret, int prime_len, int generator, BN_GENCB c
100	* It's just as OK (and in some sense better) to use a generator of the	103	* It's just as OK (and in some sense better) to use a generator of the
101	* order-q subgroup.	104	* order-q subgroup.
102	*/	105	*/
103	static int dh_builtin_genparams(DH ret, int prime_len, int generator, BN_GENCB cb)	106	static int
104	{	107	dh_builtin_genparams(DH ret, int prime_len, int generator, BN_GENCB cb)
105	BIGNUM t1,t2;	108	{
106	int g,ok= -1;	109	BIGNUM t1, t2;
107	BN_CTX *ctx=NULL;	110	int g, ok = -1;
		111	BN_CTX *ctx = NULL;
108		112
109	ctx=BN_CTX_new();	113	ctx = BN_CTX_new();
110	if (ctx == NULL) goto err;	114	if (ctx == NULL)
		115	goto err;
111	BN_CTX_start(ctx);	116	BN_CTX_start(ctx);
112	t1 = BN_CTX_get(ctx);	117	t1 = BN_CTX_get(ctx);
113	t2 = BN_CTX_get(ctx);	118	t2 = BN_CTX_get(ctx);
114	if (t1 == NULL \|\| t2 == NULL) goto err;	119	if (t1 == NULL \|\| t2 == NULL)
		120	goto err;
115		121
116	/* Make sure 'ret' has the necessary elements */	122	/* Make sure 'ret' has the necessary elements */
117	if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;	123	if (!ret->p && ((ret->p = BN_new()) == NULL))
118	if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;	124	goto err;
		125	if (!ret->g && ((ret->g = BN_new()) == NULL))
		126	goto err;
119		127
120	if (generator <= 1)	128	if (generator <= 1) {
121	{
122	DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);	129	DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
123	goto err;	130	goto err;
124	}	131	}
125	if (generator == DH_GENERATOR_2)	132	if (generator == DH_GENERATOR_2) {
126	{	133	if (!BN_set_word(t1, 24))
127	if (!BN_set_word(t1,24)) goto err;	134	goto err;
128	if (!BN_set_word(t2,11)) goto err;	135	if (!BN_set_word(t2, 11))
129	g=2;	136	goto err;
130	}	137	g = 2;
131	#if 0 /* does not work for safe primes */	138	#if 0 /* does not work for safe primes */
132	else if (generator == DH_GENERATOR_3)	139	} else if (generator == DH_GENERATOR_3) {
133	{	140	if (!BN_set_word(t1, 12))
134	if (!BN_set_word(t1,12)) goto err;	141	goto err;
135	if (!BN_set_word(t2,5)) goto err;	142	if (!BN_set_word(t2, 5))
136	g=3;	143	goto err;
137	}	144	g = 3;
138	#endif	145	#endif
139	else if (generator == DH_GENERATOR_5)	146	} else if (generator == DH_GENERATOR_5) {
140	{	147	if (!BN_set_word(t1, 10))
141	if (!BN_set_word(t1,10)) goto err;	148	goto err;
142	if (!BN_set_word(t2,3)) goto err;	149	if (!BN_set_word(t2, 3))
		150	goto err;
143	/* BN_set_word(t3,7); just have to miss	151	/* BN_set_word(t3,7); just have to miss
144	* out on these ones :-( */	152	* out on these ones :-( */
145	g=5;	153	g = 5;
146	}	154	} else {
147	else	155	/*
148	{	156	* in the general case, don't worry if 'generator' is a
149	/* in the general case, don't worry if 'generator' is a
150	* generator or not: since we are using safe primes,	157	* generator or not: since we are using safe primes,
151	* it will generate either an order-q or an order-2q group,	158	* it will generate either an order-q or an order-2q group,
152	* which both is OK */	159	* which both is OK
153	if (!BN_set_word(t1,2)) goto err;	160	*/
154	if (!BN_set_word(t2,1)) goto err;	161	if (!BN_set_word(t1, 2))
155	g=generator;	162	goto err;
156	}	163	if (!BN_set_word(t2, 1))
		164	goto err;
		165	g = generator;
		166	}
157		167
158	if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;	168	if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
159	if(!BN_GENCB_call(cb, 3, 0)) goto err;	169	goto err;
160	if (!BN_set_word(ret->g,g)) goto err;	170	if (!BN_GENCB_call(cb, 3, 0))
161	ok=1;	171	goto err;
		172	if (!BN_set_word(ret->g, g))
		173	goto err;
		174	ok = 1;
162	err:	175	err:
163	if (ok == -1)	176	if (ok == -1) {
164	{	177	DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
165	DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);	178	ok = 0;
166	ok=0;	179	}
167	}
168		180
169	if (ctx != NULL)	181	if (ctx != NULL) {
170	{
171	BN_CTX_end(ctx);	182	BN_CTX_end(ctx);
172	BN_CTX_free(ctx);	183	BN_CTX_free(ctx);
173	}
174	return ok;
175	}	184	}
		185	return ok;
		186	}