summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dh')
-rw-r--r--src/lib/libcrypto/dh/dh.h271
-rw-r--r--src/lib/libcrypto/dh/dh_ameth.c493
-rw-r--r--src/lib/libcrypto/dh/dh_asn1.c143
-rw-r--r--src/lib/libcrypto/dh/dh_check.c139
-rw-r--r--src/lib/libcrypto/dh/dh_depr.c83
-rw-r--r--src/lib/libcrypto/dh/dh_err.c125
-rw-r--r--src/lib/libcrypto/dh/dh_gen.c179
-rw-r--r--src/lib/libcrypto/dh/dh_key.c251
-rw-r--r--src/lib/libcrypto/dh/dh_lib.c241
-rw-r--r--src/lib/libcrypto/dh/dh_pmeth.c264
-rw-r--r--src/lib/libcrypto/dh/dh_prn.c79
11 files changed, 0 insertions, 2268 deletions
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
deleted file mode 100644
index 631cd5c685..0000000000
--- a/src/lib/libcrypto/dh/dh.h
+++ /dev/null
@@ -1,271 +0,0 @@
1/* $OpenBSD: dh.h,v 1.17 2016/06/30 02:02:06 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_DH_H
60#define HEADER_DH_H
61
62#include <openssl/opensslconf.h>
63
64#ifdef OPENSSL_NO_DH
65#error DH is disabled.
66#endif
67
68#ifndef OPENSSL_NO_BIO
69#include <openssl/bio.h>
70#endif
71#include <openssl/ossl_typ.h>
72#ifndef OPENSSL_NO_DEPRECATED
73#include <openssl/bn.h>
74#endif
75
76#ifndef OPENSSL_DH_MAX_MODULUS_BITS
77# define OPENSSL_DH_MAX_MODULUS_BITS 10000
78#endif
79
80#define DH_FLAG_CACHE_MONT_P 0x01
81
82/* If this flag is set the DH method is FIPS compliant and can be used
83 * in FIPS mode. This is set in the validated module method. If an
84 * application sets this flag in its own methods it is its reposibility
85 * to ensure the result is compliant.
86 */
87
88#define DH_FLAG_FIPS_METHOD 0x0400
89
90/* If this flag is set the operations normally disabled in FIPS mode are
91 * permitted it is then the applications responsibility to ensure that the
92 * usage is compliant.
93 */
94
95#define DH_FLAG_NON_FIPS_ALLOW 0x0400
96
97#ifdef __cplusplus
98extern "C" {
99#endif
100
101/* Already defined in ossl_typ.h */
102/* typedef struct dh_st DH; */
103/* typedef struct dh_method DH_METHOD; */
104
105struct dh_method
106 {
107 const char *name;
108 /* Methods here */
109 int (*generate_key)(DH *dh);
110 int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
111 int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
112 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
113 BN_MONT_CTX *m_ctx); /* Can be null */
114
115 int (*init)(DH *dh);
116 int (*finish)(DH *dh);
117 int flags;
118 char *app_data;
119 /* If this is non-NULL, it will be used to generate parameters */
120 int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
121 };
122
123struct dh_st
124 {
125 /* This first argument is used to pick up errors when
126 * a DH is passed instead of a EVP_PKEY */
127 int pad;
128 int version;
129 BIGNUM *p;
130 BIGNUM *g;
131 long length; /* optional */
132 BIGNUM *pub_key; /* g^x */
133 BIGNUM *priv_key; /* x */
134
135 int flags;
136 BN_MONT_CTX *method_mont_p;
137 /* Place holders if we want to do X9.42 DH */
138 BIGNUM *q;
139 BIGNUM *j;
140 unsigned char *seed;
141 int seedlen;
142 BIGNUM *counter;
143
144 int references;
145 CRYPTO_EX_DATA ex_data;
146 const DH_METHOD *meth;
147 ENGINE *engine;
148 };
149
150#define DH_GENERATOR_2 2
151/* #define DH_GENERATOR_3 3 */
152#define DH_GENERATOR_5 5
153
154/* DH_check error codes */
155#define DH_CHECK_P_NOT_PRIME 0x01
156#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
157#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
158#define DH_NOT_SUITABLE_GENERATOR 0x08
159
160/* DH_check_pub_key error codes */
161#define DH_CHECK_PUBKEY_TOO_SMALL 0x01
162#define DH_CHECK_PUBKEY_TOO_LARGE 0x02
163
164/* primes p where (p-1)/2 is prime too are called "safe"; we define
165 this for backward compatibility: */
166#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
167
168#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
169 (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
170#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
171 (unsigned char *)(x))
172#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
173#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
174
175DH *DHparams_dup(DH *);
176
177const DH_METHOD *DH_OpenSSL(void);
178
179void DH_set_default_method(const DH_METHOD *meth);
180const DH_METHOD *DH_get_default_method(void);
181int DH_set_method(DH *dh, const DH_METHOD *meth);
182DH *DH_new_method(ENGINE *engine);
183
184DH * DH_new(void);
185void DH_free(DH *dh);
186int DH_up_ref(DH *dh);
187int DH_size(const DH *dh);
188int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
189 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
190int DH_set_ex_data(DH *d, int idx, void *arg);
191void *DH_get_ex_data(DH *d, int idx);
192
193/* Deprecated version */
194#ifndef OPENSSL_NO_DEPRECATED
195DH * DH_generate_parameters(int prime_len,int generator,
196 void (*callback)(int,int,void *),void *cb_arg);
197#endif /* !defined(OPENSSL_NO_DEPRECATED) */
198
199/* New version */
200int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
201
202int DH_check(const DH *dh,int *codes);
203int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
204int DH_generate_key(DH *dh);
205int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
206DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
207int i2d_DHparams(const DH *a,unsigned char **pp);
208int DHparams_print_fp(FILE *fp, const DH *x);
209#ifndef OPENSSL_NO_BIO
210int DHparams_print(BIO *bp, const DH *x);
211#else
212int DHparams_print(char *bp, const DH *x);
213#endif
214
215#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
216 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
217 EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
218
219#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
220 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
221 EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
222
223#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
224#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
225
226
227/* BEGIN ERROR CODES */
228/* The following lines are auto generated by the script mkerr.pl. Any changes
229 * made after this point may be overwritten when the script is next run.
230 */
231void ERR_load_DH_strings(void);
232
233/* Error codes for the DH functions. */
234
235/* Function codes. */
236#define DH_F_COMPUTE_KEY 102
237#define DH_F_DHPARAMS_PRINT_FP 101
238#define DH_F_DH_BUILTIN_GENPARAMS 106
239#define DH_F_DH_COMPUTE_KEY 114
240#define DH_F_DH_GENERATE_KEY 115
241#define DH_F_DH_GENERATE_PARAMETERS_EX 116
242#define DH_F_DH_NEW_METHOD 105
243#define DH_F_DH_PARAM_DECODE 107
244#define DH_F_DH_PRIV_DECODE 110
245#define DH_F_DH_PRIV_ENCODE 111
246#define DH_F_DH_PUB_DECODE 108
247#define DH_F_DH_PUB_ENCODE 109
248#define DH_F_DO_DH_PRINT 100
249#define DH_F_GENERATE_KEY 103
250#define DH_F_GENERATE_PARAMETERS 104
251#define DH_F_PKEY_DH_DERIVE 112
252#define DH_F_PKEY_DH_KEYGEN 113
253
254/* Reason codes. */
255#define DH_R_BAD_GENERATOR 101
256#define DH_R_BN_DECODE_ERROR 109
257#define DH_R_BN_ERROR 106
258#define DH_R_DECODE_ERROR 104
259#define DH_R_INVALID_PUBKEY 102
260#define DH_R_KEYS_NOT_SET 108
261#define DH_R_KEY_SIZE_TOO_SMALL 110
262#define DH_R_MODULUS_TOO_LARGE 103
263#define DH_R_NON_FIPS_METHOD 111
264#define DH_R_NO_PARAMETERS_SET 107
265#define DH_R_NO_PRIVATE_VALUE 100
266#define DH_R_PARAMETER_ENCODING_ERROR 105
267
268#ifdef __cplusplus
269}
270#endif
271#endif
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
deleted file mode 100644
index 24c8bb25ec..0000000000
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ /dev/null
@@ -1,493 +0,0 @@
1/* $OpenBSD: dh_ameth.c,v 1.13 2015/01/08 01:44:29 doug Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1.h>
62#include <openssl/bn.h>
63#include <openssl/dh.h>
64#include <openssl/err.h>
65#include <openssl/x509.h>
66
67#include "asn1_locl.h"
68
69static void
70int_dh_free(EVP_PKEY *pkey)
71{
72 DH_free(pkey->pkey.dh);
73}
74
75static int
76dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
77{
78 const unsigned char *p, *pm;
79 int pklen, pmlen;
80 int ptype;
81 void *pval;
82 ASN1_STRING *pstr;
83 X509_ALGOR *palg;
84 ASN1_INTEGER *public_key = NULL;
85 DH *dh = NULL;
86
87 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
88 return 0;
89 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
90
91 if (ptype != V_ASN1_SEQUENCE) {
92 DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
93 goto err;
94 }
95
96 pstr = pval;
97 pm = pstr->data;
98 pmlen = pstr->length;
99
100 if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) {
101 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
102 goto err;
103 }
104
105 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) {
106 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
107 goto err;
108 }
109
110 /* We have parameters now set public key */
111 if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
112 DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
113 goto err;
114 }
115
116 ASN1_INTEGER_free(public_key);
117 EVP_PKEY_assign_DH(pkey, dh);
118 return 1;
119
120err:
121 if (public_key)
122 ASN1_INTEGER_free(public_key);
123 DH_free(dh);
124 return 0;
125}
126
127static int
128dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
129{
130 DH *dh;
131 int ptype;
132 unsigned char *penc = NULL;
133 int penclen;
134 ASN1_STRING *str;
135 ASN1_INTEGER *pub_key = NULL;
136
137 dh=pkey->pkey.dh;
138
139 str = ASN1_STRING_new();
140 if (str == NULL) {
141 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
142 goto err;
143 }
144
145 str->length = i2d_DHparams(dh, &str->data);
146 if (str->length <= 0) {
147 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
148 goto err;
149 }
150 ptype = V_ASN1_SEQUENCE;
151
152 pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
153 if (!pub_key)
154 goto err;
155
156 penclen = i2d_ASN1_INTEGER(pub_key, &penc);
157
158 ASN1_INTEGER_free(pub_key);
159
160 if (penclen <= 0) {
161 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
162 goto err;
163 }
164
165 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype,
166 (void *)str, penc, penclen))
167 return 1;
168
169err:
170 free(penc);
171 ASN1_STRING_free(str);
172
173 return 0;
174}
175
176/*
177 * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
178 * that the AlgorithmIdentifier contains the paramaters, the private key
179 * is explcitly included and the pubkey must be recalculated.
180 */
181
182static int
183dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
184{
185 const unsigned char *p, *pm;
186 int pklen, pmlen;
187 int ptype;
188 void *pval;
189 ASN1_STRING *pstr;
190 X509_ALGOR *palg;
191 ASN1_INTEGER *privkey = NULL;
192 DH *dh = NULL;
193
194 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
195 return 0;
196
197 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
198
199 if (ptype != V_ASN1_SEQUENCE)
200 goto decerr;
201
202 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
203 goto decerr;
204
205 pstr = pval;
206 pm = pstr->data;
207 pmlen = pstr->length;
208 if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
209 goto decerr;
210 /* We have parameters now set private key */
211 if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
212 DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
213 goto dherr;
214 }
215 /* Calculate public key */
216 if (!DH_generate_key(dh))
217 goto dherr;
218
219 EVP_PKEY_assign_DH(pkey, dh);
220
221 ASN1_INTEGER_free(privkey);
222
223 return 1;
224
225decerr:
226 DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
227dherr:
228 DH_free(dh);
229 return 0;
230}
231
232static int
233dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
234{
235 ASN1_STRING *params = NULL;
236 ASN1_INTEGER *prkey = NULL;
237 unsigned char *dp = NULL;
238 int dplen;
239
240 params = ASN1_STRING_new();
241
242 if (!params) {
243 DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
244 goto err;
245 }
246
247 params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
248 if (params->length <= 0) {
249 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
250 goto err;
251 }
252 params->type = V_ASN1_SEQUENCE;
253
254 /* Get private key into integer */
255 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
256
257 if (!prkey) {
258 DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
259 goto err;
260 }
261
262 dplen = i2d_ASN1_INTEGER(prkey, &dp);
263
264 ASN1_INTEGER_free(prkey);
265 prkey = NULL;
266
267 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
268 V_ASN1_SEQUENCE, params, dp, dplen))
269 goto err;
270
271 return 1;
272
273err:
274 free(dp);
275 ASN1_STRING_free(params);
276 ASN1_INTEGER_free(prkey);
277 return 0;
278}
279
280static void
281update_buflen(const BIGNUM *b, size_t *pbuflen)
282{
283 size_t i;
284
285 if (!b)
286 return;
287 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
288 *pbuflen = i;
289}
290
291static int
292dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
293{
294 DH *dh;
295
296 if (!(dh = d2i_DHparams(NULL, pder, derlen))) {
297 DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
298 return 0;
299 }
300 EVP_PKEY_assign_DH(pkey, dh);
301 return 1;
302}
303
304static int
305dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
306{
307 return i2d_DHparams(pkey->pkey.dh, pder);
308}
309
310static int
311do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype)
312{
313 unsigned char *m = NULL;
314 int reason = ERR_R_BUF_LIB, ret = 0;
315 size_t buf_len = 0;
316 const char *ktype = NULL;
317 BIGNUM *priv_key, *pub_key;
318
319 if (ptype == 2)
320 priv_key = x->priv_key;
321 else
322 priv_key = NULL;
323
324 if (ptype > 0)
325 pub_key = x->pub_key;
326 else
327 pub_key = NULL;
328
329 update_buflen(x->p, &buf_len);
330
331 if (buf_len == 0) {
332 reason = ERR_R_PASSED_NULL_PARAMETER;
333 goto err;
334 }
335
336 update_buflen(x->g, &buf_len);
337 update_buflen(pub_key, &buf_len);
338 update_buflen(priv_key, &buf_len);
339
340 if (ptype == 2)
341 ktype = "PKCS#3 DH Private-Key";
342 else if (ptype == 1)
343 ktype = "PKCS#3 DH Public-Key";
344 else
345 ktype = "PKCS#3 DH Parameters";
346
347 m= malloc(buf_len + 10);
348 if (m == NULL) {
349 reason = ERR_R_MALLOC_FAILURE;
350 goto err;
351 }
352
353 BIO_indent(bp, indent, 128);
354 if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
355 goto err;
356 indent += 4;
357
358 if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
359 goto err;
360 if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
361 goto err;
362
363 if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
364 goto err;
365 if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
366 goto err;
367 if (x->length != 0) {
368 BIO_indent(bp, indent, 128);
369 if (BIO_printf(bp, "recommended-private-length: %d bits\n",
370 (int)x->length) <= 0)
371 goto err;
372 }
373
374 ret = 1;
375 if (0) {
376err:
377 DHerr(DH_F_DO_DH_PRINT,reason);
378 }
379 free(m);
380 return(ret);
381}
382
383static int
384int_dh_size(const EVP_PKEY *pkey)
385{
386 return DH_size(pkey->pkey.dh);
387}
388
389static int
390dh_bits(const EVP_PKEY *pkey)
391{
392 return BN_num_bits(pkey->pkey.dh->p);
393}
394
395static int
396dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
397{
398 if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
399 BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
400 return 0;
401 else
402 return 1;
403}
404
405static int
406dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
407{
408 BIGNUM *a;
409
410 if ((a = BN_dup(from->pkey.dh->p)) == NULL)
411 return 0;
412 BN_free(to->pkey.dh->p);
413 to->pkey.dh->p = a;
414
415 if ((a = BN_dup(from->pkey.dh->g)) == NULL)
416 return 0;
417 BN_free(to->pkey.dh->g);
418 to->pkey.dh->g = a;
419
420 return 1;
421}
422
423static int
424dh_missing_parameters(const EVP_PKEY *a)
425{
426 if (!a->pkey.dh->p || !a->pkey.dh->g)
427 return 1;
428 return 0;
429}
430
431static int
432dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
433{
434 if (dh_cmp_parameters(a, b) == 0)
435 return 0;
436 if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
437 return 0;
438 else
439 return 1;
440}
441
442static int
443dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
444{
445 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
446}
447
448static int
449dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
450{
451 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
452}
453
454static int
455dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
456{
457 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
458}
459
460int
461DHparams_print(BIO *bp, const DH *x)
462{
463 return do_dh_print(bp, x, 4, NULL, 0);
464}
465
466const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
467 .pkey_id = EVP_PKEY_DH,
468 .pkey_base_id = EVP_PKEY_DH,
469
470 .pem_str = "DH",
471 .info = "OpenSSL PKCS#3 DH method",
472
473 .pub_decode = dh_pub_decode,
474 .pub_encode = dh_pub_encode,
475 .pub_cmp = dh_pub_cmp,
476 .pub_print = dh_public_print,
477
478 .priv_decode = dh_priv_decode,
479 .priv_encode = dh_priv_encode,
480 .priv_print = dh_private_print,
481
482 .pkey_size = int_dh_size,
483 .pkey_bits = dh_bits,
484
485 .param_decode = dh_param_decode,
486 .param_encode = dh_param_encode,
487 .param_missing = dh_missing_parameters,
488 .param_copy = dh_copy_parameters,
489 .param_cmp = dh_cmp_parameters,
490 .param_print = dh_param_print,
491
492 .pkey_free = int_dh_free,
493};
diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c
deleted file mode 100644
index 7060130ed8..0000000000
--- a/src/lib/libcrypto/dh/dh_asn1.c
+++ /dev/null
@@ -1,143 +0,0 @@
1/* $OpenBSD: dh_asn1.c,v 1.8 2015/02/14 15:06:55 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/bn.h>
63#include <openssl/dh.h>
64#include <openssl/objects.h>
65
66/* Override the default free and new methods */
67static int
68dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
69{
70 if (operation == ASN1_OP_NEW_PRE) {
71 *pval = (ASN1_VALUE *)DH_new();
72 if (*pval)
73 return 2;
74 return 0;
75 } else if (operation == ASN1_OP_FREE_PRE) {
76 DH_free((DH *)*pval);
77 *pval = NULL;
78 return 2;
79 }
80 return 1;
81}
82
83static const ASN1_AUX DHparams_aux = {
84 .app_data = NULL,
85 .flags = 0,
86 .ref_offset = 0,
87 .ref_lock = 0,
88 .asn1_cb = dh_cb,
89 .enc_offset = 0,
90};
91static const ASN1_TEMPLATE DHparams_seq_tt[] = {
92 {
93 .flags = 0,
94 .tag = 0,
95 .offset = offsetof(DH, p),
96 .field_name = "p",
97 .item = &BIGNUM_it,
98 },
99 {
100 .flags = 0,
101 .tag = 0,
102 .offset = offsetof(DH, g),
103 .field_name = "g",
104 .item = &BIGNUM_it,
105 },
106 {
107 .flags = ASN1_TFLG_OPTIONAL,
108 .tag = 0,
109 .offset = offsetof(DH, length),
110 .field_name = "length",
111 .item = &ZLONG_it,
112 },
113};
114
115const ASN1_ITEM DHparams_it = {
116 .itype = ASN1_ITYPE_SEQUENCE,
117 .utype = V_ASN1_SEQUENCE,
118 .templates = DHparams_seq_tt,
119 .tcount = sizeof(DHparams_seq_tt) / sizeof(ASN1_TEMPLATE),
120 .funcs = &DHparams_aux,
121 .size = sizeof(DH),
122 .sname = "DH",
123};
124
125
126DH *
127d2i_DHparams(DH **a, const unsigned char **in, long len)
128{
129 return (DH *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
130 &DHparams_it);
131}
132
133int
134i2d_DHparams(const DH *a, unsigned char **out)
135{
136 return ASN1_item_i2d((ASN1_VALUE *)a, out, &DHparams_it);
137}
138
139DH *
140DHparams_dup(DH *dh)
141{
142 return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
143}
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
deleted file mode 100644
index a6010f0a6d..0000000000
--- a/src/lib/libcrypto/dh/dh_check.c
+++ /dev/null
@@ -1,139 +0,0 @@
1/* $OpenBSD: dh_check.c,v 1.16 2016/07/05 02:54:35 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63
64/*
65 * Check that p is a safe prime and
66 * if g is 2, 3 or 5, check that it is a suitable generator
67 * where
68 * for 2, p mod 24 == 11
69 * for 3, p mod 12 == 5
70 * for 5, p mod 10 == 3 or 7
71 * should hold.
72 */
73
74int
75DH_check(const DH *dh, int *ret)
76{
77 int ok = 0;
78 BN_CTX *ctx = NULL;
79 BN_ULONG l;
80 BIGNUM *q = NULL;
81
82 *ret = 0;
83 ctx = BN_CTX_new();
84 if (ctx == NULL)
85 goto err;
86 q = BN_new();
87 if (q == NULL)
88 goto err;
89
90 if (BN_is_word(dh->g, DH_GENERATOR_2)) {
91 l = BN_mod_word(dh->p, 24);
92 if (l == (BN_ULONG)-1)
93 goto err;
94 if (l != 11)
95 *ret |= DH_NOT_SUITABLE_GENERATOR;
96 } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
97 l = BN_mod_word(dh->p, 10);
98 if (l == (BN_ULONG)-1)
99 goto err;
100 if (l != 3 && l != 7)
101 *ret |= DH_NOT_SUITABLE_GENERATOR;
102 } else
103 *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
104
105 if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
106 *ret |= DH_CHECK_P_NOT_PRIME;
107 else {
108 if (!BN_rshift1(q, dh->p))
109 goto err;
110 if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
111 *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
112 }
113 ok = 1;
114err:
115 BN_CTX_free(ctx);
116 BN_free(q);
117 return ok;
118}
119
120int
121DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
122{
123 BIGNUM *q = NULL;
124
125 *ret = 0;
126 q = BN_new();
127 if (q == NULL)
128 return 0;
129 BN_set_word(q, 1);
130 if (BN_cmp(pub_key, q) <= 0)
131 *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
132 BN_copy(q, dh->p);
133 BN_sub_word(q, 1);
134 if (BN_cmp(pub_key, q) >= 0)
135 *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
136
137 BN_free(q);
138 return 1;
139}
diff --git a/src/lib/libcrypto/dh/dh_depr.c b/src/lib/libcrypto/dh/dh_depr.c
deleted file mode 100644
index 0b75b0be5e..0000000000
--- a/src/lib/libcrypto/dh/dh_depr.c
+++ /dev/null
@@ -1,83 +0,0 @@
1/* $OpenBSD: dh_depr.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */
2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* This file contains deprecated functions as wrappers to the new ones */
57
58#include <stdio.h>
59
60#include <openssl/opensslconf.h>
61
62#include <openssl/bn.h>
63#include <openssl/dh.h>
64
65#ifndef OPENSSL_NO_DEPRECATED
66DH *
67DH_generate_parameters(int prime_len, int generator,
68 void (*callback)(int, int, void *), void *cb_arg)
69{
70 BN_GENCB cb;
71 DH *ret = NULL;
72
73 if ((ret = DH_new()) == NULL)
74 return NULL;
75
76 BN_GENCB_set_old(&cb, callback, cb_arg);
77
78 if (DH_generate_parameters_ex(ret, prime_len, generator, &cb))
79 return ret;
80 DH_free(ret);
81 return NULL;
82}
83#endif
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
deleted file mode 100644
index 3774ba3c45..0000000000
--- a/src/lib/libcrypto/dh/dh_err.c
+++ /dev/null
@@ -1,125 +0,0 @@
1/* $OpenBSD: dh_err.c,v 1.15 2014/07/10 22:45:56 jsing Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62
63#include <openssl/opensslconf.h>
64
65#include <openssl/err.h>
66#include <openssl/dh.h>
67
68/* BEGIN ERROR CODES */
69#ifndef OPENSSL_NO_ERR
70
71#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
73
74static ERR_STRING_DATA DH_str_functs[]=
75 {
76{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
77{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
78{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
79{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
80{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
81{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"},
82{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
83{ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"},
84{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
85{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
86{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"},
87{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"},
88{ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"},
89{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
90{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
91{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
92{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
93{0,NULL}
94 };
95
96static ERR_STRING_DATA DH_str_reasons[]=
97 {
98{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
99{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"},
100{ERR_REASON(DH_R_BN_ERROR) ,"bn error"},
101{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"},
102{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
103{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"},
104{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
105{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
106{ERR_REASON(DH_R_NON_FIPS_METHOD) ,"non fips method"},
107{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"},
108{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
109{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
110{0,NULL}
111 };
112
113#endif
114
115void ERR_load_DH_strings(void)
116 {
117#ifndef OPENSSL_NO_ERR
118
119 if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
120 {
121 ERR_load_strings(0,DH_str_functs);
122 ERR_load_strings(0,DH_str_reasons);
123 }
124#endif
125 }
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
deleted file mode 100644
index de566802d3..0000000000
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ /dev/null
@@ -1,179 +0,0 @@
1/* $OpenBSD: dh_gen.c,v 1.15 2015/02/09 15:49:22 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* NB: These functions have been upgraded - the previous prototypes are in
60 * dh_depr.c as wrappers to these ones.
61 * - Geoff
62 */
63
64#include <stdio.h>
65
66#include <openssl/bn.h>
67#include <openssl/dh.h>
68#include <openssl/err.h>
69
70static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
71 BN_GENCB *cb);
72
73int
74DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
75{
76 if (ret->meth->generate_params)
77 return ret->meth->generate_params(ret, prime_len, generator, cb);
78 return dh_builtin_genparams(ret, prime_len, generator, cb);
79}
80
81/*
82 * We generate DH parameters as follows:
83 * find a prime q which is prime_len/2 bits long.
84 * p=(2*q)+1 or (p-1)/2 = q
85 * For this case, g is a generator if
86 * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
87 * Since the factors of p-1 are q and 2, we just need to check
88 * g^2 mod p != 1 and g^q mod p != 1.
89 *
90 * Having said all that,
91 * there is another special case method for the generators 2, 3 and 5.
92 * for 2, p mod 24 == 11
93 * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
94 * for 5, p mod 10 == 3 or 7
95 *
96 * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
97 * special generators and for answering some of my questions.
98 *
99 * I've implemented the second simple method :-).
100 * Since DH should be using a safe prime (both p and q are prime),
101 * this generator function can take a very very long time to run.
102 */
103/* Actually there is no reason to insist that 'generator' be a generator.
104 * It's just as OK (and in some sense better) to use a generator of the
105 * order-q subgroup.
106 */
107static int
108dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
109{
110 BIGNUM *t1, *t2;
111 int g, ok = -1;
112 BN_CTX *ctx = NULL;
113
114 ctx = BN_CTX_new();
115 if (ctx == NULL)
116 goto err;
117 BN_CTX_start(ctx);
118 if ((t1 = BN_CTX_get(ctx)) == NULL)
119 goto err;
120 if ((t2 = BN_CTX_get(ctx)) == NULL)
121 goto err;
122
123 /* Make sure 'ret' has the necessary elements */
124 if (!ret->p && ((ret->p = BN_new()) == NULL))
125 goto err;
126 if (!ret->g && ((ret->g = BN_new()) == NULL))
127 goto err;
128
129 if (generator <= 1) {
130 DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
131 goto err;
132 }
133 if (generator == DH_GENERATOR_2) {
134 if (!BN_set_word(t1, 24))
135 goto err;
136 if (!BN_set_word(t2, 11))
137 goto err;
138 g = 2;
139 } else if (generator == DH_GENERATOR_5) {
140 if (!BN_set_word(t1, 10))
141 goto err;
142 if (!BN_set_word(t2, 3))
143 goto err;
144 /* BN_set_word(t3,7); just have to miss
145 * out on these ones :-( */
146 g = 5;
147 } else {
148 /*
149 * in the general case, don't worry if 'generator' is a
150 * generator or not: since we are using safe primes,
151 * it will generate either an order-q or an order-2q group,
152 * which both is OK
153 */
154 if (!BN_set_word(t1, 2))
155 goto err;
156 if (!BN_set_word(t2, 1))
157 goto err;
158 g = generator;
159 }
160
161 if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
162 goto err;
163 if (!BN_GENCB_call(cb, 3, 0))
164 goto err;
165 if (!BN_set_word(ret->g, g))
166 goto err;
167 ok = 1;
168err:
169 if (ok == -1) {
170 DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
171 ok = 0;
172 }
173
174 if (ctx != NULL) {
175 BN_CTX_end(ctx);
176 BN_CTX_free(ctx);
177 }
178 return ok;
179}
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
deleted file mode 100644
index 6eb1365bf6..0000000000
--- a/src/lib/libcrypto/dh/dh_key.c
+++ /dev/null
@@ -1,251 +0,0 @@
1/* $OpenBSD: dh_key.c,v 1.25 2016/07/07 11:53:12 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63#include <openssl/err.h>
64
65static int generate_key(DH *dh);
66static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
67static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
68 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
69static int dh_init(DH *dh);
70static int dh_finish(DH *dh);
71
72int
73DH_generate_key(DH *dh)
74{
75 return dh->meth->generate_key(dh);
76}
77
78int
79DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
80{
81 return dh->meth->compute_key(key, pub_key, dh);
82}
83
84static DH_METHOD dh_ossl = {
85 .name = "OpenSSL DH Method",
86 .generate_key = generate_key,
87 .compute_key = compute_key,
88 .bn_mod_exp = dh_bn_mod_exp,
89 .init = dh_init,
90 .finish = dh_finish,
91};
92
93const DH_METHOD *
94DH_OpenSSL(void)
95{
96 return &dh_ossl;
97}
98
99static int
100generate_key(DH *dh)
101{
102 int ok = 0;
103 int generate_new_key = 0;
104 unsigned l;
105 BN_CTX *ctx;
106 BN_MONT_CTX *mont = NULL;
107 BIGNUM *pub_key = NULL, *priv_key = NULL;
108
109 ctx = BN_CTX_new();
110 if (ctx == NULL)
111 goto err;
112
113 if (dh->priv_key == NULL) {
114 priv_key = BN_new();
115 if (priv_key == NULL)
116 goto err;
117 generate_new_key = 1;
118 } else
119 priv_key = dh->priv_key;
120
121 if (dh->pub_key == NULL) {
122 pub_key = BN_new();
123 if (pub_key == NULL)
124 goto err;
125 } else
126 pub_key = dh->pub_key;
127
128 if (dh->flags & DH_FLAG_CACHE_MONT_P) {
129 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
130 CRYPTO_LOCK_DH, dh->p, ctx);
131 if (!mont)
132 goto err;
133 }
134
135 if (generate_new_key) {
136 if (dh->q) {
137 do {
138 if (!BN_rand_range(priv_key, dh->q))
139 goto err;
140 } while (BN_is_zero(priv_key) || BN_is_one(priv_key));
141 } else {
142 /* secret exponent length */
143 l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
144 if (!BN_rand(priv_key, l, 0, 0))
145 goto err;
146 }
147 }
148
149 {
150 BIGNUM prk;
151
152 BN_init(&prk);
153 BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
154
155 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx,
156 mont)) {
157 goto err;
158 }
159 }
160
161 dh->pub_key = pub_key;
162 dh->priv_key = priv_key;
163 ok = 1;
164err:
165 if (ok != 1)
166 DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
167
168 if (pub_key != NULL && dh->pub_key == NULL)
169 BN_free(pub_key);
170 if (priv_key != NULL && dh->priv_key == NULL)
171 BN_free(priv_key);
172 BN_CTX_free(ctx);
173 return ok;
174}
175
176static int
177compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
178{
179 BN_CTX *ctx = NULL;
180 BN_MONT_CTX *mont = NULL;
181 BIGNUM *tmp;
182 int ret = -1;
183 int check_result;
184
185 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
186 DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
187 goto err;
188 }
189
190 ctx = BN_CTX_new();
191 if (ctx == NULL)
192 goto err;
193 BN_CTX_start(ctx);
194 if ((tmp = BN_CTX_get(ctx)) == NULL)
195 goto err;
196
197 if (dh->priv_key == NULL) {
198 DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
199 goto err;
200 }
201
202 if (dh->flags & DH_FLAG_CACHE_MONT_P) {
203 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
204 CRYPTO_LOCK_DH, dh->p, ctx);
205
206 BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
207
208 if (!mont)
209 goto err;
210 }
211
212 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
213 DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
214 goto err;
215 }
216
217 if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx,
218 mont)) {
219 DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
220 goto err;
221 }
222
223 ret = BN_bn2bin(tmp, key);
224err:
225 if (ctx != NULL) {
226 BN_CTX_end(ctx);
227 BN_CTX_free(ctx);
228 }
229 return ret;
230}
231
232static int
233dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
234 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
235{
236 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
237}
238
239static int
240dh_init(DH *dh)
241{
242 dh->flags |= DH_FLAG_CACHE_MONT_P;
243 return 1;
244}
245
246static int
247dh_finish(DH *dh)
248{
249 BN_MONT_CTX_free(dh->method_mont_p);
250 return 1;
251}
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
deleted file mode 100644
index defe1c74b4..0000000000
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ /dev/null
@@ -1,241 +0,0 @@
1/* $OpenBSD: dh_lib.c,v 1.21 2015/02/11 03:19:37 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/bn.h>
64#include <openssl/dh.h>
65#include <openssl/err.h>
66
67#ifndef OPENSSL_NO_ENGINE
68#include <openssl/engine.h>
69#endif
70
71static const DH_METHOD *default_DH_method = NULL;
72
73void
74DH_set_default_method(const DH_METHOD *meth)
75{
76 default_DH_method = meth;
77}
78
79const DH_METHOD *
80DH_get_default_method(void)
81{
82 if (!default_DH_method)
83 default_DH_method = DH_OpenSSL();
84 return default_DH_method;
85}
86
87int
88DH_set_method(DH *dh, const DH_METHOD *meth)
89{
90 /*
91 * NB: The caller is specifically setting a method, so it's not up to us
92 * to deal with which ENGINE it comes from.
93 */
94 const DH_METHOD *mtmp;
95
96 mtmp = dh->meth;
97 if (mtmp->finish)
98 mtmp->finish(dh);
99#ifndef OPENSSL_NO_ENGINE
100 if (dh->engine) {
101 ENGINE_finish(dh->engine);
102 dh->engine = NULL;
103 }
104#endif
105 dh->meth = meth;
106 if (meth->init)
107 meth->init(dh);
108 return 1;
109}
110
111DH *
112DH_new(void)
113{
114 return DH_new_method(NULL);
115}
116
117DH *
118DH_new_method(ENGINE *engine)
119{
120 DH *ret;
121
122 ret = malloc(sizeof(DH));
123 if (ret == NULL) {
124 DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
125 return NULL;
126 }
127
128 ret->meth = DH_get_default_method();
129#ifndef OPENSSL_NO_ENGINE
130 if (engine) {
131 if (!ENGINE_init(engine)) {
132 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
133 free(ret);
134 return NULL;
135 }
136 ret->engine = engine;
137 } else
138 ret->engine = ENGINE_get_default_DH();
139 if(ret->engine) {
140 ret->meth = ENGINE_get_DH(ret->engine);
141 if (!ret->meth) {
142 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
143 ENGINE_finish(ret->engine);
144 free(ret);
145 return NULL;
146 }
147 }
148#endif
149
150 ret->pad = 0;
151 ret->version = 0;
152 ret->p = NULL;
153 ret->g = NULL;
154 ret->length = 0;
155 ret->pub_key = NULL;
156 ret->priv_key = NULL;
157 ret->q = NULL;
158 ret->j = NULL;
159 ret->seed = NULL;
160 ret->seedlen = 0;
161 ret->counter = NULL;
162 ret->method_mont_p=NULL;
163 ret->references = 1;
164 ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
165 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
166 if (ret->meth->init != NULL && !ret->meth->init(ret)) {
167#ifndef OPENSSL_NO_ENGINE
168 if (ret->engine)
169 ENGINE_finish(ret->engine);
170#endif
171 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
172 free(ret);
173 ret = NULL;
174 }
175 return ret;
176}
177
178void
179DH_free(DH *r)
180{
181 int i;
182
183 if (r == NULL)
184 return;
185 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
186 if (i > 0)
187 return;
188
189 if (r->meth->finish)
190 r->meth->finish(r);
191#ifndef OPENSSL_NO_ENGINE
192 if (r->engine)
193 ENGINE_finish(r->engine);
194#endif
195
196 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
197
198 BN_clear_free(r->p);
199 BN_clear_free(r->g);
200 BN_clear_free(r->q);
201 BN_clear_free(r->j);
202 free(r->seed);
203 BN_clear_free(r->counter);
204 BN_clear_free(r->pub_key);
205 BN_clear_free(r->priv_key);
206 free(r);
207}
208
209int
210DH_up_ref(DH *r)
211{
212 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
213
214 return i > 1 ? 1 : 0;
215}
216
217int
218DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
219 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
220{
221 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, new_func,
222 dup_func, free_func);
223}
224
225int
226DH_set_ex_data(DH *d, int idx, void *arg)
227{
228 return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
229}
230
231void *
232DH_get_ex_data(DH *d, int idx)
233{
234 return CRYPTO_get_ex_data(&d->ex_data, idx);
235}
236
237int
238DH_size(const DH *dh)
239{
240 return BN_num_bytes(dh->p);
241}
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
deleted file mode 100644
index 6d750eb30d..0000000000
--- a/src/lib/libcrypto/dh/dh_pmeth.c
+++ /dev/null
@@ -1,264 +0,0 @@
1/* $OpenBSD: dh_pmeth.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/asn1t.h>
64#include <openssl/bn.h>
65#include <openssl/dh.h>
66#include <openssl/err.h>
67#include <openssl/evp.h>
68#include <openssl/x509.h>
69
70#include "evp_locl.h"
71
72/* DH pkey context structure */
73
74typedef struct {
75 /* Parameter gen parameters */
76 int prime_len;
77 int generator;
78 int use_dsa;
79 /* Keygen callback info */
80 int gentmp[2];
81 /* message digest */
82} DH_PKEY_CTX;
83
84static int
85pkey_dh_init(EVP_PKEY_CTX *ctx)
86{
87 DH_PKEY_CTX *dctx;
88
89 dctx = malloc(sizeof(DH_PKEY_CTX));
90 if (!dctx)
91 return 0;
92 dctx->prime_len = 1024;
93 dctx->generator = 2;
94 dctx->use_dsa = 0;
95
96 ctx->data = dctx;
97 ctx->keygen_info = dctx->gentmp;
98 ctx->keygen_info_count = 2;
99
100 return 1;
101}
102
103static int
104pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
105{
106 DH_PKEY_CTX *dctx, *sctx;
107
108 if (!pkey_dh_init(dst))
109 return 0;
110 sctx = src->data;
111 dctx = dst->data;
112 dctx->prime_len = sctx->prime_len;
113 dctx->generator = sctx->generator;
114 dctx->use_dsa = sctx->use_dsa;
115 return 1;
116}
117
118static void
119pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
120{
121 DH_PKEY_CTX *dctx = ctx->data;
122
123 free(dctx);
124}
125
126static int
127pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
128{
129 DH_PKEY_CTX *dctx = ctx->data;
130
131 switch (type) {
132 case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
133 if (p1 < 256)
134 return -2;
135 dctx->prime_len = p1;
136 return 1;
137
138 case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
139 dctx->generator = p1;
140 return 1;
141
142 case EVP_PKEY_CTRL_PEER_KEY:
143 /* Default behaviour is OK */
144 return 1;
145
146 default:
147 return -2;
148 }
149}
150
151static int
152pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
153{
154 long lval;
155 char *ep;
156 int len;
157
158 if (!strcmp(type, "dh_paramgen_prime_len")) {
159 errno = 0;
160 lval = strtol(value, &ep, 10);
161 if (value[0] == '\0' || *ep != '\0')
162 goto not_a_number;
163 if ((errno == ERANGE &&
164 (lval == LONG_MAX || lval == LONG_MIN)) ||
165 (lval > INT_MAX || lval < INT_MIN))
166 goto out_of_range;
167 len = lval;
168 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
169 } else if (!strcmp(type, "dh_paramgen_generator")) {
170 errno = 0;
171 lval = strtol(value, &ep, 10);
172 if (value[0] == '\0' || *ep != '\0')
173 goto not_a_number;
174 if ((errno == ERANGE &&
175 (lval == LONG_MAX || lval == LONG_MIN)) ||
176 (lval > INT_MAX || lval < INT_MIN))
177 goto out_of_range;
178 len = lval;
179 return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
180 }
181
182not_a_number:
183out_of_range:
184 return -2;
185}
186
187static int
188pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
189{
190 DH *dh = NULL;
191 DH_PKEY_CTX *dctx = ctx->data;
192 BN_GENCB *pcb, cb;
193 int ret;
194
195 if (ctx->pkey_gencb) {
196 pcb = &cb;
197 evp_pkey_set_cb_translate(pcb, ctx);
198 } else
199 pcb = NULL;
200 dh = DH_new();
201 if (!dh)
202 return 0;
203 ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator,
204 pcb);
205 if (ret)
206 EVP_PKEY_assign_DH(pkey, dh);
207 else
208 DH_free(dh);
209 return ret;
210}
211
212static int
213pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
214{
215 DH *dh = NULL;
216
217 if (ctx->pkey == NULL) {
218 DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
219 return 0;
220 }
221 dh = DH_new();
222 if (!dh)
223 return 0;
224 EVP_PKEY_assign_DH(pkey, dh);
225 /* Note: if error return, pkey is freed by parent routine */
226 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
227 return 0;
228 return DH_generate_key(pkey->pkey.dh);
229}
230
231static int
232pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
233{
234 int ret;
235
236 if (!ctx->pkey || !ctx->peerkey) {
237 DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
238 return 0;
239 }
240 ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
241 ctx->pkey->pkey.dh);
242 if (ret < 0)
243 return ret;
244 *keylen = ret;
245 return 1;
246}
247
248const EVP_PKEY_METHOD dh_pkey_meth = {
249 .pkey_id = EVP_PKEY_DH,
250 .flags = EVP_PKEY_FLAG_AUTOARGLEN,
251
252 .init = pkey_dh_init,
253 .copy = pkey_dh_copy,
254 .cleanup = pkey_dh_cleanup,
255
256 .paramgen = pkey_dh_paramgen,
257
258 .keygen = pkey_dh_keygen,
259
260 .derive = pkey_dh_derive,
261
262 .ctrl = pkey_dh_ctrl,
263 .ctrl_str = pkey_dh_ctrl_str
264};
diff --git a/src/lib/libcrypto/dh/dh_prn.c b/src/lib/libcrypto/dh/dh_prn.c
deleted file mode 100644
index 73d0476e21..0000000000
--- a/src/lib/libcrypto/dh/dh_prn.c
+++ /dev/null
@@ -1,79 +0,0 @@
1/* $OpenBSD: dh_prn.c,v 1.5 2014/07/11 08:44:48 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/dh.h>
62#include <openssl/err.h>
63#include <openssl/evp.h>
64
65int
66DHparams_print_fp(FILE *fp, const DH *x)
67{
68 BIO *b;
69 int ret;
70
71 if ((b = BIO_new(BIO_s_file())) == NULL) {
72 DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
73 return 0;
74 }
75 BIO_set_fp(b,fp,BIO_NOCLOSE);
76 ret = DHparams_print(b, x);
77 BIO_free(b);
78 return ret;
79}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-10 13:40:18 +0000