diff options
Diffstat (limited to 'src/lib/libcrypto/dh/dh_gen.c')
| -rw-r--r-- | src/lib/libcrypto/dh/dh_gen.c | 63 |
1 files changed, 41 insertions, 22 deletions
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index 04c7046a7b..06f78b35ab 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c | |||
| @@ -58,8 +58,8 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "dh.h" | 62 | #include <openssl/dh.h> |
| 63 | 63 | ||
| 64 | /* We generate DH parameters as follows | 64 | /* We generate DH parameters as follows |
| 65 | * find a prime q which is prime_len/2 bits long. | 65 | * find a prime q which is prime_len/2 bits long. |
| @@ -72,22 +72,22 @@ | |||
| 72 | * Having said all that, | 72 | * Having said all that, |
| 73 | * there is another special case method for the generators 2, 3 and 5. | 73 | * there is another special case method for the generators 2, 3 and 5. |
| 74 | * for 2, p mod 24 == 11 | 74 | * for 2, p mod 24 == 11 |
| 75 | * for 3, p mod 12 == 5 <<<<< does not work for strong primes. | 75 | * for 3, p mod 12 == 5 <<<<< does not work for safe primes. |
| 76 | * for 5, p mod 10 == 3 or 7 | 76 | * for 5, p mod 10 == 3 or 7 |
| 77 | * | 77 | * |
| 78 | * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the | 78 | * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the |
| 79 | * special generators and for answering some of my questions. | 79 | * special generators and for answering some of my questions. |
| 80 | * | 80 | * |
| 81 | * I've implemented the second simple method :-). | 81 | * I've implemented the second simple method :-). |
| 82 | * Since DH should be using a strong prime (both p and q are prime), | 82 | * Since DH should be using a safe prime (both p and q are prime), |
| 83 | * this generator function can take a very very long time to run. | 83 | * this generator function can take a very very long time to run. |
| 84 | */ | 84 | */ |
| 85 | 85 | /* Actually there is no reason to insist that 'generator' be a generator. | |
| 86 | DH *DH_generate_parameters(prime_len,generator,callback,cb_arg) | 86 | * It's just as OK (and in some sense better) to use a generator of the |
| 87 | int prime_len; | 87 | * order-q subgroup. |
| 88 | int generator; | 88 | */ |
| 89 | void (*callback)(P_I_I_P); | 89 | DH *DH_generate_parameters(int prime_len, int generator, |
| 90 | char *cb_arg; | 90 | void (*callback)(int,int,void *), void *cb_arg) |
| 91 | { | 91 | { |
| 92 | BIGNUM *p=NULL,*t1,*t2; | 92 | BIGNUM *p=NULL,*t1,*t2; |
| 93 | DH *ret=NULL; | 93 | DH *ret=NULL; |
| @@ -95,38 +95,53 @@ char *cb_arg; | |||
| 95 | BN_CTX *ctx=NULL; | 95 | BN_CTX *ctx=NULL; |
| 96 | 96 | ||
| 97 | ret=DH_new(); | 97 | ret=DH_new(); |
| 98 | if (ret == NULL) goto err; | ||
| 98 | ctx=BN_CTX_new(); | 99 | ctx=BN_CTX_new(); |
| 99 | if (ctx == NULL) goto err; | 100 | if (ctx == NULL) goto err; |
| 100 | t1=ctx->bn[0]; | 101 | BN_CTX_start(ctx); |
| 101 | t2=ctx->bn[1]; | 102 | t1 = BN_CTX_get(ctx); |
| 102 | ctx->tos=2; | 103 | t2 = BN_CTX_get(ctx); |
| 104 | if (t1 == NULL || t2 == NULL) goto err; | ||
| 103 | 105 | ||
| 106 | if (generator <= 1) | ||
| 107 | { | ||
| 108 | DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR); | ||
| 109 | goto err; | ||
| 110 | } | ||
| 104 | if (generator == DH_GENERATOR_2) | 111 | if (generator == DH_GENERATOR_2) |
| 105 | { | 112 | { |
| 106 | BN_set_word(t1,24); | 113 | if (!BN_set_word(t1,24)) goto err; |
| 107 | BN_set_word(t2,11); | 114 | if (!BN_set_word(t2,11)) goto err; |
| 108 | g=2; | 115 | g=2; |
| 109 | } | 116 | } |
| 110 | #ifdef undef /* does not work for strong primes */ | 117 | #if 0 /* does not work for safe primes */ |
| 111 | else if (generator == DH_GENERATOR_3) | 118 | else if (generator == DH_GENERATOR_3) |
| 112 | { | 119 | { |
| 113 | BN_set_word(t1,12); | 120 | if (!BN_set_word(t1,12)) goto err; |
| 114 | BN_set_word(t2,5); | 121 | if (!BN_set_word(t2,5)) goto err; |
| 115 | g=3; | 122 | g=3; |
| 116 | } | 123 | } |
| 117 | #endif | 124 | #endif |
| 118 | else if (generator == DH_GENERATOR_5) | 125 | else if (generator == DH_GENERATOR_5) |
| 119 | { | 126 | { |
| 120 | BN_set_word(t1,10); | 127 | if (!BN_set_word(t1,10)) goto err; |
| 121 | BN_set_word(t2,3); | 128 | if (!BN_set_word(t2,3)) goto err; |
| 122 | /* BN_set_word(t3,7); just have to miss | 129 | /* BN_set_word(t3,7); just have to miss |
| 123 | * out on these ones :-( */ | 130 | * out on these ones :-( */ |
| 124 | g=5; | 131 | g=5; |
| 125 | } | 132 | } |
| 126 | else | 133 | else |
| 134 | { | ||
| 135 | /* in the general case, don't worry if 'generator' is a | ||
| 136 | * generator or not: since we are using safe primes, | ||
| 137 | * it will generate either an order-q or an order-2q group, | ||
| 138 | * which both is OK */ | ||
| 139 | if (!BN_set_word(t1,2)) goto err; | ||
| 140 | if (!BN_set_word(t2,1)) goto err; | ||
| 127 | g=generator; | 141 | g=generator; |
| 142 | } | ||
| 128 | 143 | ||
| 129 | p=BN_generate_prime(prime_len,1,t1,t2,callback,cb_arg); | 144 | p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); |
| 130 | if (p == NULL) goto err; | 145 | if (p == NULL) goto err; |
| 131 | if (callback != NULL) callback(3,0,cb_arg); | 146 | if (callback != NULL) callback(3,0,cb_arg); |
| 132 | ret->p=p; | 147 | ret->p=p; |
| @@ -140,7 +155,11 @@ err: | |||
| 140 | ok=0; | 155 | ok=0; |
| 141 | } | 156 | } |
| 142 | 157 | ||
| 143 | if (ctx != NULL) BN_CTX_free(ctx); | 158 | if (ctx != NULL) |
| 159 | { | ||
| 160 | BN_CTX_end(ctx); | ||
| 161 | BN_CTX_free(ctx); | ||
| 162 | } | ||
| 144 | if (!ok && (ret != NULL)) | 163 | if (!ok && (ret != NULL)) |
| 145 | { | 164 | { |
| 146 | DH_free(ret); | 165 | DH_free(ret); |