1 files changed, 24 insertions, 8 deletions
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 7a6a38fbb4..06f78b35ab 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -82,7 +82,10 @@
 * Since DH should be using a safe prime (both p and q are prime),
 * this generator function can take a very very long time to run.
 */
+/* Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
 DH *DH_generate_parameters(int prime_len, int generator,
             void (*callback)(int,int,void *), void *cb_arg)
        {
@@ -100,30 +103,43 @@ DH *DH_generate_parameters(int prime_len, int generator,
        t2 = BN_CTX_get(ctx);
        if (t1 == NULL || t2 == NULL) goto err;
        
+        if (generator <= 1)
+                {
+                DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
+                goto err;
+                }
        if (generator == DH_GENERATOR_2)
                {
-                BN_set_word(t1,24);
+                if (!BN_set_word(t1,24)) goto err;
-                BN_set_word(t2,11);
+                if (!BN_set_word(t2,11)) goto err;
                g=2;
                }
-#ifdef undef  /* does not work for safe primes */
+#if 0 /* does not work for safe primes */
        else if (generator == DH_GENERATOR_3)
                {
-                BN_set_word(t1,12);
+                if (!BN_set_word(t1,12)) goto err;
-                BN_set_word(t2,5);
+                if (!BN_set_word(t2,5)) goto err;
                g=3;
                }
 #endif
        else if (generator == DH_GENERATOR_5)
                {
-                BN_set_word(t1,10);
+                if (!BN_set_word(t1,10)) goto err;
-                BN_set_word(t2,3);
+                if (!BN_set_word(t2,3)) goto err;
                /* BN_set_word(t3,7); just have to miss
                 * out on these ones :-( */
                g=5;
                }
        else
+                {
+                /* in the general case, don't worry if 'generator' is a
+                 * generator or not: since we are using safe primes,
+                 * it will generate either an order-q or an order-2q group,
+                 * which both is OK */
+                if (!BN_set_word(t1,2)) goto err;
+                if (!BN_set_word(t2,1)) goto err;
                g=generator;
+                }
        
        p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
        if (p == NULL) goto err;

diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index 7a6a38fbb4..06f78b35ab 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -82,7 +82,10 @@
82	* Since DH should be using a safe prime (both p and q are prime),	82	* Since DH should be using a safe prime (both p and q are prime),
83	* this generator function can take a very very long time to run.	83	* this generator function can take a very very long time to run.
84	*/	84	*/
85		85	/* Actually there is no reason to insist that 'generator' be a generator.
		86	* It's just as OK (and in some sense better) to use a generator of the
		87	* order-q subgroup.
		88	*/
86	DH *DH_generate_parameters(int prime_len, int generator,	89	DH *DH_generate_parameters(int prime_len, int generator,
87	void (callback)(int,int,void ), void *cb_arg)	90	void (callback)(int,int,void ), void *cb_arg)
88	{	91	{
@@ -100,30 +103,43 @@ DH *DH_generate_parameters(int prime_len, int generator,
100	t2 = BN_CTX_get(ctx);	103	t2 = BN_CTX_get(ctx);
101	if (t1 == NULL \|\| t2 == NULL) goto err;	104	if (t1 == NULL \|\| t2 == NULL) goto err;
102		105
		106	if (generator <= 1)
		107	{
		108	DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
		109	goto err;
		110	}
103	if (generator == DH_GENERATOR_2)	111	if (generator == DH_GENERATOR_2)
104	{	112	{
105	BN_set_word(t1,24);	113	if (!BN_set_word(t1,24)) goto err;
106	BN_set_word(t2,11);	114	if (!BN_set_word(t2,11)) goto err;
107	g=2;	115	g=2;
108	}	116	}
109	#ifdef undef /* does not work for safe primes */	117	#if 0 /* does not work for safe primes */
110	else if (generator == DH_GENERATOR_3)	118	else if (generator == DH_GENERATOR_3)
111	{	119	{
112	BN_set_word(t1,12);	120	if (!BN_set_word(t1,12)) goto err;
113	BN_set_word(t2,5);	121	if (!BN_set_word(t2,5)) goto err;
114	g=3;	122	g=3;
115	}	123	}
116	#endif	124	#endif
117	else if (generator == DH_GENERATOR_5)	125	else if (generator == DH_GENERATOR_5)
118	{	126	{
119	BN_set_word(t1,10);	127	if (!BN_set_word(t1,10)) goto err;
120	BN_set_word(t2,3);	128	if (!BN_set_word(t2,3)) goto err;
121	/* BN_set_word(t3,7); just have to miss	129	/* BN_set_word(t3,7); just have to miss
122	* out on these ones :-( */	130	* out on these ones :-( */
123	g=5;	131	g=5;
124	}	132	}
125	else	133	else
		134	{
		135	/* in the general case, don't worry if 'generator' is a
		136	* generator or not: since we are using safe primes,
		137	* it will generate either an order-q or an order-2q group,
		138	* which both is OK */
		139	if (!BN_set_word(t1,2)) goto err;
		140	if (!BN_set_word(t2,1)) goto err;
126	g=generator;	141	g=generator;
		142	}
127		143
128	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);	144	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
129	if (p == NULL) goto err;	145	if (p == NULL) goto err;