1 files changed, 263 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
new file mode 100644
index 0000000000..e7db440342
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -0,0 +1,263 @@
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dh.h>
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                        const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+int DH_generate_key(DH *dh)
+        {
+        return dh->meth->generate_key(dh);
+        }
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+        {
+        return dh->meth->compute_key(key, pub_key, dh);
+        }
+static DH_METHOD dh_ossl = {
+"OpenSSL DH Method",
+generate_key,
+compute_key,
+dh_bn_mod_exp,
+dh_init,
+dh_finish,
+0,
+NULL,
+NULL
+};
+const DH_METHOD *DH_OpenSSL(void)
+{
+        return &dh_ossl;
+}
+static int generate_key(DH *dh)
+        {
+        int ok=0;
+        int generate_new_key=0;
+        unsigned l;
+        BN_CTX *ctx;
+        BN_MONT_CTX *mont=NULL;
+        BIGNUM *pub_key=NULL,*priv_key=NULL;
+        ctx = BN_CTX_new();
+        if (ctx == NULL) goto err;
+        if (dh->priv_key == NULL)
+                {
+                priv_key=BN_new();
+                if (priv_key == NULL) goto err;
+                generate_new_key=1;
+                }
+        else
+                priv_key=dh->priv_key;
+        if (dh->pub_key == NULL)
+                {
+                pub_key=BN_new();
+                if (pub_key == NULL) goto err;
+                }
+        else
+                pub_key=dh->pub_key;
+        if (dh->flags & DH_FLAG_CACHE_MONT_P)
+                {
+                mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                CRYPTO_LOCK_DH, dh->p, ctx);
+                if (!mont)
+                        goto err;
+                }
+        if (generate_new_key)
+                {
+                l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+                if (!BN_rand(priv_key, l, 0, 0)) goto err;
+                }
+        {
+                BIGNUM local_prk;
+                BIGNUM *prk;
+                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+                        {
+                        BN_init(&local_prk);
+                        prk = &local_prk;
+                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+                        }
+                else
+                        prk = priv_key;
+                if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
+        }
+                
+        dh->pub_key=pub_key;
+        dh->priv_key=priv_key;
+        ok=1;
+err:
+        if (ok != 1)
+                DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
+        if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
+        if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
+        BN_CTX_free(ctx);
+        return(ok);
+        }
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+        {
+        BN_CTX *ctx=NULL;
+        BN_MONT_CTX *mont=NULL;
+        BIGNUM *tmp;
+        int ret= -1;
+        int check_result;
+        if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+                {
+                DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+                goto err;
+                }
+        ctx = BN_CTX_new();
+        if (ctx == NULL) goto err;
+        BN_CTX_start(ctx);
+        tmp = BN_CTX_get(ctx);
+        
+        if (dh->priv_key == NULL)
+                {
+                DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+                goto err;
+                }
+        if (dh->flags & DH_FLAG_CACHE_MONT_P)
+                {
+                mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                CRYPTO_LOCK_DH, dh->p, ctx);
+                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+                        {
+                        /* XXX */
+                        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+                        }
+                if (!mont)
+                        goto err;
+                }
+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
+                {
+                DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+                goto err;
+                }
+        if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
+                {
+                DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
+                goto err;
+                }
+        ret=BN_bn2bin(tmp,key);
+err:
+        if (ctx != NULL)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        return(ret);
+        }
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                        const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx)
+        {
+        /* If a is only one word long and constant time is false, use the faster
+         * exponenentiation function.
+         */
+        if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
+                {
+                BN_ULONG A = a->d[0];
+                return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
+                }
+        else
+                return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
+        }
+static int dh_init(DH *dh)
+        {
+        dh->flags |= DH_FLAG_CACHE_MONT_P;
+        return(1);
+        }
+static int dh_finish(DH *dh)
+        {
+        if(dh->method_mont_p)
+                BN_MONT_CTX_free(dh->method_mont_p);
+        return(1);
+        }

diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c new file mode 100644 index 0000000000..e7db440342 --- /dev/null +++ b/src/lib/libcrypto/dh/dh_key.c
@@ -0,0 +1,263 @@
	1	/* crypto/dh/dh_key.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "cryptlib.h"
	61	#include <openssl/bn.h>
	62	#include <openssl/rand.h>
	63	#include <openssl/dh.h>
	64
	65	static int generate_key(DH *dh);
	66	static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh);
	67	static int dh_bn_mod_exp(const DH dh, BIGNUM r,
	68	const BIGNUM a, const BIGNUM p,
	69	const BIGNUM m, BN_CTX ctx,
	70	BN_MONT_CTX *m_ctx);
	71	static int dh_init(DH *dh);
	72	static int dh_finish(DH *dh);
	73
	74	int DH_generate_key(DH *dh)
	75	{
	76	return dh->meth->generate_key(dh);
	77	}
	78
	79	int DH_compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
	80	{
	81	return dh->meth->compute_key(key, pub_key, dh);
	82	}
	83
	84	static DH_METHOD dh_ossl = {
	85	"OpenSSL DH Method",
	86	generate_key,
	87	compute_key,
	88	dh_bn_mod_exp,
	89	dh_init,
	90	dh_finish,
	91	0,
	92	NULL,
	93	NULL
	94	};
	95
	96	const DH_METHOD *DH_OpenSSL(void)
	97	{
	98	return &dh_ossl;
	99	}
	100
	101	static int generate_key(DH *dh)
	102	{
	103	int ok=0;
	104	int generate_new_key=0;
	105	unsigned l;
	106	BN_CTX *ctx;
	107	BN_MONT_CTX *mont=NULL;
	108	BIGNUM pub_key=NULL,priv_key=NULL;
	109
	110	ctx = BN_CTX_new();
	111	if (ctx == NULL) goto err;
	112
	113	if (dh->priv_key == NULL)
	114	{
	115	priv_key=BN_new();
	116	if (priv_key == NULL) goto err;
	117	generate_new_key=1;
	118	}
	119	else
	120	priv_key=dh->priv_key;
	121
	122	if (dh->pub_key == NULL)
	123	{
	124	pub_key=BN_new();
	125	if (pub_key == NULL) goto err;
	126	}
	127	else
	128	pub_key=dh->pub_key;
	129
	130
	131	if (dh->flags & DH_FLAG_CACHE_MONT_P)
	132	{
	133	mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
	134	CRYPTO_LOCK_DH, dh->p, ctx);
	135	if (!mont)
	136	goto err;
	137	}
	138
	139	if (generate_new_key)
	140	{
	141	l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
	142	if (!BN_rand(priv_key, l, 0, 0)) goto err;
	143	}
	144
	145	{
	146	BIGNUM local_prk;
	147	BIGNUM *prk;
	148
	149	if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
	150	{
	151	BN_init(&local_prk);
	152	prk = &local_prk;
	153	BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
	154	}
	155	else
	156	prk = priv_key;
	157
	158	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
	159	}
	160
	161	dh->pub_key=pub_key;
	162	dh->priv_key=priv_key;
	163	ok=1;
	164	err:
	165	if (ok != 1)
	166	DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
	167
	168	if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
	169	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
	170	BN_CTX_free(ctx);
	171	return(ok);
	172	}
	173
	174	static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
	175	{
	176	BN_CTX *ctx=NULL;
	177	BN_MONT_CTX *mont=NULL;
	178	BIGNUM *tmp;
	179	int ret= -1;
	180	int check_result;
	181
	182	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
	183	{
	184	DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
	185	goto err;
	186	}
	187
	188	ctx = BN_CTX_new();
	189	if (ctx == NULL) goto err;
	190	BN_CTX_start(ctx);
	191	tmp = BN_CTX_get(ctx);
	192
	193	if (dh->priv_key == NULL)
	194	{
	195	DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
	196	goto err;
	197	}
	198
	199	if (dh->flags & DH_FLAG_CACHE_MONT_P)
	200	{
	201	mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
	202	CRYPTO_LOCK_DH, dh->p, ctx);
	203	if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
	204	{
	205	/* XXX */
	206	BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
	207	}
	208	if (!mont)
	209	goto err;
	210	}
	211
	212	if (!DH_check_pub_key(dh, pub_key, &check_result) \|\| check_result)
	213	{
	214	DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
	215	goto err;
	216	}
	217
	218	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
	219	{
	220	DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
	221	goto err;
	222	}
	223
	224	ret=BN_bn2bin(tmp,key);
	225	err:
	226	if (ctx != NULL)
	227	{
	228	BN_CTX_end(ctx);
	229	BN_CTX_free(ctx);
	230	}
	231	return(ret);
	232	}
	233
	234	static int dh_bn_mod_exp(const DH dh, BIGNUM r,
	235	const BIGNUM a, const BIGNUM p,
	236	const BIGNUM m, BN_CTX ctx,
	237	BN_MONT_CTX *m_ctx)
	238	{
	239	/* If a is only one word long and constant time is false, use the faster
	240	* exponenentiation function.
	241	*/
	242	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
	243	{
	244	BN_ULONG A = a->d[0];
	245	return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
	246	}
	247	else
	248	return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
	249	}
	250
	251
	252	static int dh_init(DH *dh)
	253	{
	254	dh->flags \|= DH_FLAG_CACHE_MONT_P;
	255	return(1);
	256	}
	257
	258	static int dh_finish(DH *dh)
	259	{
	260	if(dh->method_mont_p)
	261	BN_MONT_CTX_free(dh->method_mont_p);
	262	return(1);
	263	}