diff options
Diffstat (limited to 'src/lib/libcrypto/dh/dh_gen.c')
| -rw-r--r-- | src/lib/libcrypto/dh/dh_gen.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index b7bcd2c7a4..7a6a38fbb4 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c | |||
| @@ -72,14 +72,14 @@ | |||
| 72 | * Having said all that, | 72 | * Having said all that, |
| 73 | * there is another special case method for the generators 2, 3 and 5. | 73 | * there is another special case method for the generators 2, 3 and 5. |
| 74 | * for 2, p mod 24 == 11 | 74 | * for 2, p mod 24 == 11 |
| 75 | * for 3, p mod 12 == 5 <<<<< does not work for strong primes. | 75 | * for 3, p mod 12 == 5 <<<<< does not work for safe primes. |
| 76 | * for 5, p mod 10 == 3 or 7 | 76 | * for 5, p mod 10 == 3 or 7 |
| 77 | * | 77 | * |
| 78 | * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the | 78 | * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the |
| 79 | * special generators and for answering some of my questions. | 79 | * special generators and for answering some of my questions. |
| 80 | * | 80 | * |
| 81 | * I've implemented the second simple method :-). | 81 | * I've implemented the second simple method :-). |
| 82 | * Since DH should be using a strong prime (both p and q are prime), | 82 | * Since DH should be using a safe prime (both p and q are prime), |
| 83 | * this generator function can take a very very long time to run. | 83 | * this generator function can take a very very long time to run. |
| 84 | */ | 84 | */ |
| 85 | 85 | ||
| @@ -95,9 +95,10 @@ DH *DH_generate_parameters(int prime_len, int generator, | |||
| 95 | if (ret == NULL) goto err; | 95 | if (ret == NULL) goto err; |
| 96 | ctx=BN_CTX_new(); | 96 | ctx=BN_CTX_new(); |
| 97 | if (ctx == NULL) goto err; | 97 | if (ctx == NULL) goto err; |
| 98 | t1= &(ctx->bn[0]); | 98 | BN_CTX_start(ctx); |
| 99 | t2= &(ctx->bn[1]); | 99 | t1 = BN_CTX_get(ctx); |
| 100 | ctx->tos=2; | 100 | t2 = BN_CTX_get(ctx); |
| 101 | if (t1 == NULL || t2 == NULL) goto err; | ||
| 101 | 102 | ||
| 102 | if (generator == DH_GENERATOR_2) | 103 | if (generator == DH_GENERATOR_2) |
| 103 | { | 104 | { |
| @@ -105,7 +106,7 @@ DH *DH_generate_parameters(int prime_len, int generator, | |||
| 105 | BN_set_word(t2,11); | 106 | BN_set_word(t2,11); |
| 106 | g=2; | 107 | g=2; |
| 107 | } | 108 | } |
| 108 | #ifdef undef /* does not work for strong primes */ | 109 | #ifdef undef /* does not work for safe primes */ |
| 109 | else if (generator == DH_GENERATOR_3) | 110 | else if (generator == DH_GENERATOR_3) |
| 110 | { | 111 | { |
| 111 | BN_set_word(t1,12); | 112 | BN_set_word(t1,12); |
| @@ -138,7 +139,11 @@ err: | |||
| 138 | ok=0; | 139 | ok=0; |
| 139 | } | 140 | } |
| 140 | 141 | ||
| 141 | if (ctx != NULL) BN_CTX_free(ctx); | 142 | if (ctx != NULL) |
| 143 | { | ||
| 144 | BN_CTX_end(ctx); | ||
| 145 | BN_CTX_free(ctx); | ||
| 146 | } | ||
| 142 | if (!ok && (ret != NULL)) | 147 | if (!ok && (ret != NULL)) |
| 143 | { | 148 | { |
| 144 | DH_free(ret); | 149 | DH_free(ret); |