summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dh')
-rw-r--r--src/lib/libcrypto/dh/dh.h245
-rw-r--r--src/lib/libcrypto/dh/dh_ameth.c527
-rw-r--r--src/lib/libcrypto/dh/dh_asn1.c176
-rw-r--r--src/lib/libcrypto/dh/dh_check.c237
-rw-r--r--src/lib/libcrypto/dh/dh_err.c114
-rw-r--r--src/lib/libcrypto/dh/dh_gen.c197
-rw-r--r--src/lib/libcrypto/dh/dh_key.c240
-rw-r--r--src/lib/libcrypto/dh/dh_lib.c364
-rw-r--r--src/lib/libcrypto/dh/dh_local.h99
-rw-r--r--src/lib/libcrypto/dh/dh_pmeth.c265
10 files changed, 0 insertions, 2464 deletions
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
deleted file mode 100644
index 04bda3fac7..0000000000
--- a/src/lib/libcrypto/dh/dh.h
+++ /dev/null
@@ -1,245 +0,0 @@
1/* $OpenBSD: dh.h,v 1.38 2025/01/25 17:59:44 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_DH_H
60#define HEADER_DH_H
61
62#include <openssl/opensslconf.h>
63
64#ifndef OPENSSL_NO_BIO
65#include <openssl/bio.h>
66#endif
67#include <openssl/ossl_typ.h>
68#include <openssl/bn.h>
69
70#ifndef OPENSSL_DH_MAX_MODULUS_BITS
71# define OPENSSL_DH_MAX_MODULUS_BITS 10000
72#endif
73
74#define DH_FLAG_CACHE_MONT_P 0x01
75
76/* If this flag is set the DH method is FIPS compliant and can be used
77 * in FIPS mode. This is set in the validated module method. If an
78 * application sets this flag in its own methods it is its reposibility
79 * to ensure the result is compliant.
80 */
81
82#define DH_FLAG_FIPS_METHOD 0x0400
83
84/* If this flag is set the operations normally disabled in FIPS mode are
85 * permitted it is then the applications responsibility to ensure that the
86 * usage is compliant.
87 */
88
89#define DH_FLAG_NON_FIPS_ALLOW 0x0400
90
91#ifdef __cplusplus
92extern "C" {
93#endif
94
95#define DH_GENERATOR_2 2
96/* #define DH_GENERATOR_3 3 */
97#define DH_GENERATOR_5 5
98
99/* DH_check error codes */
100#define DH_CHECK_P_NOT_PRIME 0x01
101#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
102#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
103#define DH_NOT_SUITABLE_GENERATOR 0x08
104#define DH_CHECK_Q_NOT_PRIME 0x10
105#define DH_CHECK_INVALID_Q_VALUE 0x20
106#define DH_CHECK_INVALID_J_VALUE 0x40
107
108/* DH_check_pub_key error codes */
109#define DH_CHECK_PUBKEY_TOO_SMALL 0x01
110#define DH_CHECK_PUBKEY_TOO_LARGE 0x02
111#define DH_CHECK_PUBKEY_INVALID 0x04
112
113/* primes p where (p-1)/2 is prime too are called "safe"; we define
114 this for backward compatibility: */
115#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
116
117DH *d2i_DHparams_bio(BIO *bp, DH **a);
118int i2d_DHparams_bio(BIO *bp, DH *a);
119DH *d2i_DHparams_fp(FILE *fp, DH **a);
120int i2d_DHparams_fp(FILE *fp, DH *a);
121
122DH *DHparams_dup(DH *);
123
124const DH_METHOD *DH_OpenSSL(void);
125
126void DH_set_default_method(const DH_METHOD *meth);
127const DH_METHOD *DH_get_default_method(void);
128int DH_set_method(DH *dh, const DH_METHOD *meth);
129DH *DH_new_method(ENGINE *engine);
130
131DH * DH_new(void);
132void DH_free(DH *dh);
133int DH_up_ref(DH *dh);
134int DH_size(const DH *dh);
135int DH_bits(const DH *dh);
136int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
137 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
138int DH_set_ex_data(DH *d, int idx, void *arg);
139void *DH_get_ex_data(DH *d, int idx);
140int DH_security_bits(const DH *dh);
141
142ENGINE *DH_get0_engine(DH *d);
143void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
144 const BIGNUM **g);
145int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
146void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
147int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
148const BIGNUM *DH_get0_p(const DH *dh);
149const BIGNUM *DH_get0_q(const DH *dh);
150const BIGNUM *DH_get0_g(const DH *dh);
151const BIGNUM *DH_get0_priv_key(const DH *dh);
152const BIGNUM *DH_get0_pub_key(const DH *dh);
153void DH_clear_flags(DH *dh, int flags);
154int DH_test_flags(const DH *dh, int flags);
155void DH_set_flags(DH *dh, int flags);
156long DH_get_length(const DH *dh);
157int DH_set_length(DH *dh, long length);
158
159/*
160 * Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8, added to rust-openssl in 2020,
161 * for "advanced DH support".
162 */
163DH * DH_generate_parameters(int prime_len,int generator,
164 void (*callback)(int,int,void *),void *cb_arg);
165
166/* New version */
167int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
168
169int DH_check(const DH *dh,int *codes);
170int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
171int DH_generate_key(DH *dh);
172int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
173DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
174int i2d_DHparams(const DH *a,unsigned char **pp);
175int DHparams_print_fp(FILE *fp, const DH *x);
176#ifndef OPENSSL_NO_BIO
177int DHparams_print(BIO *bp, const DH *x);
178#else
179int DHparams_print(char *bp, const DH *x);
180#endif
181
182#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
183 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
184 EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
185
186#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
187 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
188 EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
189
190#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
191#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
192
193
194void ERR_load_DH_strings(void);
195
196/* Error codes for the DH functions. */
197
198/* Function codes. */
199#define DH_F_COMPUTE_KEY 102
200#define DH_F_DHPARAMS_PRINT_FP 101
201#define DH_F_DH_BUILTIN_GENPARAMS 106
202#define DH_F_DH_COMPUTE_KEY 114
203#define DH_F_DH_GENERATE_KEY 115
204#define DH_F_DH_GENERATE_PARAMETERS_EX 116
205#define DH_F_DH_NEW_METHOD 105
206#define DH_F_DH_PARAM_DECODE 107
207#define DH_F_DH_PRIV_DECODE 110
208#define DH_F_DH_PRIV_ENCODE 111
209#define DH_F_DH_PUB_DECODE 108
210#define DH_F_DH_PUB_ENCODE 109
211#define DH_F_DO_DH_PRINT 100
212#define DH_F_GENERATE_KEY 103
213#define DH_F_GENERATE_PARAMETERS 104
214#define DH_F_PKEY_DH_DERIVE 112
215#define DH_F_PKEY_DH_KEYGEN 113
216
217/* Reason codes. */
218#define DH_R_BAD_GENERATOR 101
219#define DH_R_BN_DECODE_ERROR 109
220#define DH_R_BN_ERROR 106
221#define DH_R_DECODE_ERROR 104
222#define DH_R_INVALID_PUBKEY 102
223#define DH_R_KEYS_NOT_SET 108
224#define DH_R_KEY_SIZE_TOO_SMALL 110
225#define DH_R_MODULUS_TOO_LARGE 103
226#define DH_R_NON_FIPS_METHOD 111
227#define DH_R_NO_PARAMETERS_SET 107
228#define DH_R_NO_PRIVATE_VALUE 100
229#define DH_R_PARAMETER_ENCODING_ERROR 105
230#define DH_R_CHECK_INVALID_J_VALUE 115
231#define DH_R_CHECK_INVALID_Q_VALUE 116
232#define DH_R_CHECK_PUBKEY_INVALID 122
233#define DH_R_CHECK_PUBKEY_TOO_LARGE 123
234#define DH_R_CHECK_PUBKEY_TOO_SMALL 124
235#define DH_R_CHECK_P_NOT_PRIME 117
236#define DH_R_CHECK_P_NOT_SAFE_PRIME 118
237#define DH_R_CHECK_Q_NOT_PRIME 119
238#define DH_R_MISSING_PUBKEY 125
239#define DH_R_NOT_SUITABLE_GENERATOR 120
240#define DH_R_UNABLE_TO_CHECK_GENERATOR 121
241
242#ifdef __cplusplus
243}
244#endif
245#endif
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
deleted file mode 100644
index 289307bfd6..0000000000
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ /dev/null
@@ -1,527 +0,0 @@
1/* $OpenBSD: dh_ameth.c,v 1.42 2025/01/17 05:04:25 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1.h>
62#include <openssl/bn.h>
63#include <openssl/dh.h>
64#include <openssl/err.h>
65#include <openssl/x509.h>
66
67#include "asn1_local.h"
68#include "bn_local.h"
69#include "dh_local.h"
70#include "evp_local.h"
71
72static void
73dh_free(EVP_PKEY *pkey)
74{
75 DH_free(pkey->pkey.dh);
76}
77
78static int
79dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
80{
81 X509_ALGOR *algor;
82 int ptype;
83 const void *pval;
84 const ASN1_STRING *astr;
85 const unsigned char *key, *params, *p;
86 int key_len, params_len;
87 ASN1_INTEGER *aint = NULL;
88 DH *dh = NULL;
89 int ret = 0;
90
91 if (!X509_PUBKEY_get0_param(NULL, &key, &key_len, &algor, pubkey))
92 goto err;
93 X509_ALGOR_get0(NULL, &ptype, &pval, algor);
94
95 if (ptype != V_ASN1_SEQUENCE) {
96 DHerror(DH_R_PARAMETER_ENCODING_ERROR);
97 goto err;
98 }
99
100 astr = pval;
101 params = astr->data;
102 params_len = astr->length;
103
104 p = params;
105 if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
106 DHerror(DH_R_DECODE_ERROR);
107 goto err;
108 }
109 p = key;
110 if ((aint = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
111 DHerror(DH_R_DECODE_ERROR);
112 goto err;
113 }
114 BN_free(dh->pub_key);
115 if ((dh->pub_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
116 DHerror(DH_R_BN_DECODE_ERROR);
117 goto err;
118 }
119
120 if (!EVP_PKEY_assign_DH(pkey, dh))
121 goto err;
122 dh = NULL;
123
124 ret = 1;
125
126 err:
127 ASN1_INTEGER_free(aint);
128 DH_free(dh);
129
130 return ret;
131}
132
133static int
134dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
135{
136 const DH *dh = pkey->pkey.dh;
137 ASN1_STRING *astr = NULL;
138 int ptype = V_ASN1_SEQUENCE;
139 ASN1_INTEGER *aint = NULL;
140 ASN1_OBJECT *aobj;
141 unsigned char *params = NULL, *key = NULL;
142 int params_len = 0, key_len = 0;
143 int ret = 0;
144
145 if ((params_len = i2d_DHparams(dh, &params)) <= 0) {
146 DHerror(ERR_R_MALLOC_FAILURE);
147 params_len = 0;
148 goto err;
149 }
150 if ((astr = ASN1_STRING_new()) == NULL) {
151 DHerror(ERR_R_MALLOC_FAILURE);
152 goto err;
153 }
154 ASN1_STRING_set0(astr, params, params_len);
155 params = NULL;
156 params_len = 0;
157
158 if ((aint = BN_to_ASN1_INTEGER(dh->pub_key, NULL)) == NULL)
159 goto err;
160 if ((key_len = i2d_ASN1_INTEGER(aint, &key)) <= 0) {
161 DHerror(ERR_R_MALLOC_FAILURE);
162 key_len = 0;
163 goto err;
164 }
165
166 if ((aobj = OBJ_nid2obj(EVP_PKEY_DH)) == NULL)
167 goto err;
168 if (!X509_PUBKEY_set0_param(pk, aobj, ptype, astr, key, key_len))
169 goto err;
170 astr = NULL;
171 key = NULL;
172 key_len = 0;
173
174 ret = 1;
175
176 err:
177 ASN1_STRING_free(astr);
178 ASN1_INTEGER_free(aint);
179 freezero(params, params_len);
180 freezero(key, key_len);
181
182 return ret;
183}
184
185/*
186 * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
187 * that the AlgorithmIdentifier contains the parameters, the private key
188 * is explicitly included and the pubkey must be recalculated.
189 */
190
191static int
192dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
193{
194 const X509_ALGOR *algor;
195 int ptype;
196 const void *pval;
197 const ASN1_STRING *astr;
198 const unsigned char *key, *params, *p;
199 int key_len, params_len;
200 ASN1_INTEGER *aint = NULL;
201 DH *dh = NULL;
202 int ret = 0;
203
204 if (!PKCS8_pkey_get0(NULL, &key, &key_len, &algor, p8))
205 goto err;
206 X509_ALGOR_get0(NULL, &ptype, &pval, algor);
207
208 if (ptype != V_ASN1_SEQUENCE) {
209 DHerror(DH_R_PARAMETER_ENCODING_ERROR);
210 goto err;
211 }
212
213 astr = pval;
214 params = astr->data;
215 params_len = astr->length;
216
217 p = params;
218 if ((dh = d2i_DHparams(NULL, &p, params_len)) == NULL) {
219 DHerror(DH_R_DECODE_ERROR);
220 goto err;
221 }
222 p = key;
223 if ((aint = d2i_ASN1_INTEGER(NULL, &p, key_len)) == NULL) {
224 DHerror(DH_R_DECODE_ERROR);
225 goto err;
226 }
227 BN_free(dh->priv_key);
228 if ((dh->priv_key = ASN1_INTEGER_to_BN(aint, NULL)) == NULL) {
229 DHerror(DH_R_BN_DECODE_ERROR);
230 goto err;
231 }
232 if (!DH_generate_key(dh))
233 goto err;
234
235 if (!EVP_PKEY_assign_DH(pkey, dh))
236 goto err;
237 dh = NULL;
238
239 ret = 1;
240
241 err:
242 ASN1_INTEGER_free(aint);
243 DH_free(dh);
244
245 return ret;
246}
247
248static int
249dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
250{
251 const DH *dh = pkey->pkey.dh;
252 ASN1_STRING *astr = NULL;
253 int ptype = V_ASN1_SEQUENCE;
254 ASN1_INTEGER *aint = NULL;
255 ASN1_OBJECT *aobj;
256 unsigned char *params = NULL, *key = NULL;
257 int params_len = 0, key_len = 0;
258 int ret = 0;
259
260 if ((params_len = i2d_DHparams(dh, &params)) <= 0) {
261 DHerror(ERR_R_MALLOC_FAILURE);
262 params_len = 0;
263 goto err;
264 }
265 if ((astr = ASN1_STRING_type_new(V_ASN1_SEQUENCE)) == NULL) {
266 DHerror(ERR_R_MALLOC_FAILURE);
267 goto err;
268 }
269 ASN1_STRING_set0(astr, params, params_len);
270 params = NULL;
271 params_len = 0;
272
273 if ((aint = BN_to_ASN1_INTEGER(dh->priv_key, NULL)) == NULL) {
274 DHerror(DH_R_BN_ERROR);
275 goto err;
276 }
277 if ((key_len = i2d_ASN1_INTEGER(aint, &key)) <= 0) {
278 DHerror(ERR_R_MALLOC_FAILURE);
279 key_len = 0;
280 goto err;
281 }
282
283 if ((aobj = OBJ_nid2obj(NID_dhKeyAgreement)) == NULL)
284 goto err;
285 if (!PKCS8_pkey_set0(p8, aobj, 0, ptype, astr, key, key_len))
286 goto err;
287 astr = NULL;
288 key = NULL;
289 key_len = 0;
290
291 ret = 1;
292
293 err:
294 ASN1_STRING_free(astr);
295 ASN1_INTEGER_free(aint);
296 freezero(params, params_len);
297 freezero(key, key_len);
298
299 return ret;
300}
301
302static int
303dh_param_decode(EVP_PKEY *pkey, const unsigned char **params, int params_len)
304{
305 DH *dh = NULL;
306 int ret = 0;
307
308 if ((dh = d2i_DHparams(NULL, params, params_len)) == NULL) {
309 DHerror(ERR_R_DH_LIB);
310 goto err;
311 }
312 if (!EVP_PKEY_assign_DH(pkey, dh))
313 goto err;
314 dh = NULL;
315
316 ret = 1;
317
318 err:
319 DH_free(dh);
320
321 return ret;
322}
323
324static int
325dh_param_encode(const EVP_PKEY *pkey, unsigned char **params)
326{
327 return i2d_DHparams(pkey->pkey.dh, params);
328}
329
330static int
331do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype)
332{
333 int reason = ERR_R_BUF_LIB, ret = 0;
334 const char *ktype = NULL;
335 BIGNUM *priv_key, *pub_key;
336
337 if (ptype == 2)
338 priv_key = x->priv_key;
339 else
340 priv_key = NULL;
341
342 if (ptype > 0)
343 pub_key = x->pub_key;
344 else
345 pub_key = NULL;
346
347 if (ptype == 2)
348 ktype = "PKCS#3 DH Private-Key";
349 else if (ptype == 1)
350 ktype = "PKCS#3 DH Public-Key";
351 else
352 ktype = "PKCS#3 DH Parameters";
353
354 if (x->p == NULL) {
355 reason = ERR_R_PASSED_NULL_PARAMETER;
356 goto err;
357 }
358
359 if (!BIO_indent(bp, indent, 128))
360 goto err;
361 if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
362 goto err;
363 indent += 4;
364
365 if (!bn_printf(bp, priv_key, indent, "private-key:"))
366 goto err;
367 if (!bn_printf(bp, pub_key, indent, "public-key:"))
368 goto err;
369
370 if (!bn_printf(bp, x->p, indent, "prime:"))
371 goto err;
372 if (!bn_printf(bp, x->g, indent, "generator:"))
373 goto err;
374 if (x->length != 0) {
375 if (!BIO_indent(bp, indent, 128))
376 goto err;
377 if (BIO_printf(bp, "recommended-private-length: %d bits\n",
378 (int)x->length) <= 0)
379 goto err;
380 }
381
382 ret = 1;
383 if (0) {
384 err:
385 DHerror(reason);
386 }
387 return(ret);
388}
389
390static int
391dh_size(const EVP_PKEY *pkey)
392{
393 return DH_size(pkey->pkey.dh);
394}
395
396static int
397dh_bits(const EVP_PKEY *pkey)
398{
399 return BN_num_bits(pkey->pkey.dh->p);
400}
401
402static int
403dh_security_bits(const EVP_PKEY *pkey)
404{
405 return DH_security_bits(pkey->pkey.dh);
406}
407
408static int
409dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
410{
411 if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
412 BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
413 return 0;
414 else
415 return 1;
416}
417
418static int
419dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
420{
421 BIGNUM *a;
422
423 if ((a = BN_dup(from->pkey.dh->p)) == NULL)
424 return 0;
425 BN_free(to->pkey.dh->p);
426 to->pkey.dh->p = a;
427
428 if ((a = BN_dup(from->pkey.dh->g)) == NULL)
429 return 0;
430 BN_free(to->pkey.dh->g);
431 to->pkey.dh->g = a;
432
433 return 1;
434}
435
436static int
437dh_missing_parameters(const EVP_PKEY *pkey)
438{
439 const DH *dh = pkey->pkey.dh;
440
441 return dh->p == NULL || dh->g == NULL;
442}
443
444static int
445dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
446{
447 if (dh_cmp_parameters(a, b) == 0)
448 return 0;
449 if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
450 return 0;
451 else
452 return 1;
453}
454
455static int
456dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
457{
458 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
459}
460
461static int
462dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
463{
464 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
465}
466
467static int
468dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
469{
470 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
471}
472
473int
474DHparams_print(BIO *bp, const DH *x)
475{
476 return do_dh_print(bp, x, 4, NULL, 0);
477}
478LCRYPTO_ALIAS(DHparams_print);
479
480int
481DHparams_print_fp(FILE *fp, const DH *x)
482{
483 BIO *b;
484 int ret;
485
486 if ((b = BIO_new(BIO_s_file())) == NULL) {
487 DHerror(ERR_R_BUF_LIB);
488 return 0;
489 }
490
491 BIO_set_fp(b, fp, BIO_NOCLOSE);
492 ret = DHparams_print(b, x);
493 BIO_free(b);
494
495 return ret;
496}
497LCRYPTO_ALIAS(DHparams_print_fp);
498
499const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
500 .base_method = &dh_asn1_meth,
501 .pkey_id = EVP_PKEY_DH,
502
503 .pem_str = "DH",
504 .info = "OpenSSL PKCS#3 DH method",
505
506 .pub_decode = dh_pub_decode,
507 .pub_encode = dh_pub_encode,
508 .pub_cmp = dh_pub_cmp,
509 .pub_print = dh_public_print,
510
511 .priv_decode = dh_priv_decode,
512 .priv_encode = dh_priv_encode,
513 .priv_print = dh_private_print,
514
515 .pkey_size = dh_size,
516 .pkey_bits = dh_bits,
517 .pkey_security_bits = dh_security_bits,
518
519 .param_decode = dh_param_decode,
520 .param_encode = dh_param_encode,
521 .param_missing = dh_missing_parameters,
522 .param_copy = dh_copy_parameters,
523 .param_cmp = dh_cmp_parameters,
524 .param_print = dh_param_print,
525
526 .pkey_free = dh_free,
527};
diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c
deleted file mode 100644
index 6731669c83..0000000000
--- a/src/lib/libcrypto/dh/dh_asn1.c
+++ /dev/null
@@ -1,176 +0,0 @@
1/* $OpenBSD: dh_asn1.c,v 1.13 2024/04/15 15:47:37 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/bn.h>
63#include <openssl/dh.h>
64#include <openssl/objects.h>
65
66#include "dh_local.h"
67
68/* Override the default free and new methods */
69static int
70dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
71{
72 if (operation == ASN1_OP_NEW_PRE) {
73 *pval = (ASN1_VALUE *)DH_new();
74 if (*pval)
75 return 2;
76 return 0;
77 } else if (operation == ASN1_OP_FREE_PRE) {
78 DH_free((DH *)*pval);
79 *pval = NULL;
80 return 2;
81 }
82 return 1;
83}
84
85static const ASN1_AUX DHparams_aux = {
86 .app_data = NULL,
87 .flags = 0,
88 .ref_offset = 0,
89 .ref_lock = 0,
90 .asn1_cb = dh_cb,
91 .enc_offset = 0,
92};
93static const ASN1_TEMPLATE DHparams_seq_tt[] = {
94 {
95 .flags = 0,
96 .tag = 0,
97 .offset = offsetof(DH, p),
98 .field_name = "p",
99 .item = &BIGNUM_it,
100 },
101 {
102 .flags = 0,
103 .tag = 0,
104 .offset = offsetof(DH, g),
105 .field_name = "g",
106 .item = &BIGNUM_it,
107 },
108 {
109 .flags = ASN1_TFLG_OPTIONAL,
110 .tag = 0,
111 .offset = offsetof(DH, length),
112 .field_name = "length",
113 .item = &ZLONG_it,
114 },
115};
116
117static const ASN1_ITEM DHparams_it = {
118 .itype = ASN1_ITYPE_SEQUENCE,
119 .utype = V_ASN1_SEQUENCE,
120 .templates = DHparams_seq_tt,
121 .tcount = sizeof(DHparams_seq_tt) / sizeof(ASN1_TEMPLATE),
122 .funcs = &DHparams_aux,
123 .size = sizeof(DH),
124 .sname = "DH",
125};
126
127
128DH *
129d2i_DHparams(DH **a, const unsigned char **in, long len)
130{
131 return (DH *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
132 &DHparams_it);
133}
134LCRYPTO_ALIAS(d2i_DHparams);
135
136int
137i2d_DHparams(const DH *a, unsigned char **out)
138{
139 return ASN1_item_i2d((ASN1_VALUE *)a, out, &DHparams_it);
140}
141LCRYPTO_ALIAS(i2d_DHparams);
142
143DH *
144d2i_DHparams_bio(BIO *bp, DH **a)
145{
146 return ASN1_item_d2i_bio(&DHparams_it, bp, a);
147}
148LCRYPTO_ALIAS(d2i_DHparams_bio);
149
150int
151i2d_DHparams_bio(BIO *bp, DH *a)
152{
153 return ASN1_item_i2d_bio(&DHparams_it, bp, a);
154}
155LCRYPTO_ALIAS(i2d_DHparams_bio);
156
157DH *
158d2i_DHparams_fp(FILE *fp, DH **a)
159{
160 return ASN1_item_d2i_fp(&DHparams_it, fp, a);
161}
162LCRYPTO_ALIAS(d2i_DHparams_fp);
163
164int
165i2d_DHparams_fp(FILE *fp, DH *a)
166{
167 return ASN1_item_i2d_fp(&DHparams_it, fp, a);
168}
169LCRYPTO_ALIAS(i2d_DHparams_fp);
170
171DH *
172DHparams_dup(DH *dh)
173{
174 return ASN1_item_dup(&DHparams_it, dh);
175}
176LCRYPTO_ALIAS(DHparams_dup);
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
deleted file mode 100644
index a880f9fca1..0000000000
--- a/src/lib/libcrypto/dh/dh_check.c
+++ /dev/null
@@ -1,237 +0,0 @@
1/* $OpenBSD: dh_check.c,v 1.30 2024/11/29 15:59:57 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63#include <openssl/err.h>
64
65#include "bn_local.h"
66#include "dh_local.h"
67
68#define DH_NUMBER_ITERATIONS_FOR_PRIME 64
69
70/*
71 * Check that p is odd and 1 < g < p - 1.
72 */
73
74static int
75DH_check_params(const DH *dh, int *flags)
76{
77 BIGNUM *max_g = NULL;
78 int ok = 0;
79
80 *flags = 0;
81
82 if (!BN_is_odd(dh->p))
83 *flags |= DH_CHECK_P_NOT_PRIME;
84
85 /*
86 * Check that 1 < dh->g < p - 1
87 */
88
89 if (BN_cmp(dh->g, BN_value_one()) <= 0)
90 *flags |= DH_NOT_SUITABLE_GENERATOR;
91 /* max_g = p - 1 */
92 if ((max_g = BN_dup(dh->p)) == NULL)
93 goto err;
94 if (!BN_sub_word(max_g, 1))
95 goto err;
96 /* check that g < max_g */
97 if (BN_cmp(dh->g, max_g) >= 0)
98 *flags |= DH_NOT_SUITABLE_GENERATOR;
99
100 ok = 1;
101
102 err:
103 BN_free(max_g);
104
105 return ok;
106}
107
108/*
109 * Check that p is a safe prime and that g is a suitable generator.
110 */
111
112int
113DH_check(const DH *dh, int *flags)
114{
115 BN_CTX *ctx = NULL;
116 int is_prime;
117 int ok = 0;
118
119 *flags = 0;
120
121 if (!DH_check_params(dh, flags))
122 goto err;
123
124 ctx = BN_CTX_new();
125 if (ctx == NULL)
126 goto err;
127 BN_CTX_start(ctx);
128
129 if (dh->q != NULL) {
130 BIGNUM *residue;
131
132 if ((residue = BN_CTX_get(ctx)) == NULL)
133 goto err;
134 if ((*flags & DH_NOT_SUITABLE_GENERATOR) == 0) {
135 /* Check g^q == 1 mod p */
136 if (!BN_mod_exp_ct(residue, dh->g, dh->q, dh->p, ctx))
137 goto err;
138 if (!BN_is_one(residue))
139 *flags |= DH_NOT_SUITABLE_GENERATOR;
140 }
141 is_prime = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME,
142 ctx, NULL);
143 if (is_prime < 0)
144 goto err;
145 if (is_prime == 0)
146 *flags |= DH_CHECK_Q_NOT_PRIME;
147 /* Check p == 1 mod q, i.e., q divides p - 1 */
148 if (!BN_div_ct(NULL, residue, dh->p, dh->q, ctx))
149 goto err;
150 if (!BN_is_one(residue))
151 *flags |= DH_CHECK_INVALID_Q_VALUE;
152 }
153
154 is_prime = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME,
155 ctx, NULL);
156 if (is_prime < 0)
157 goto err;
158 if (is_prime == 0)
159 *flags |= DH_CHECK_P_NOT_PRIME;
160 else if (dh->q == NULL) {
161 BIGNUM *q;
162
163 if ((q = BN_CTX_get(ctx)) == NULL)
164 goto err;
165 if (!BN_rshift1(q, dh->p))
166 goto err;
167 is_prime = BN_is_prime_ex(q, DH_NUMBER_ITERATIONS_FOR_PRIME,
168 ctx, NULL);
169 if (is_prime < 0)
170 goto err;
171 if (is_prime == 0)
172 *flags |= DH_CHECK_P_NOT_SAFE_PRIME;
173 }
174
175 ok = 1;
176
177 err:
178 BN_CTX_end(ctx);
179 BN_CTX_free(ctx);
180 return ok;
181}
182LCRYPTO_ALIAS(DH_check);
183
184int
185DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *flags)
186{
187 BN_CTX *ctx = NULL;
188 BIGNUM *max_pub_key;
189 int ok = 0;
190
191 *flags = 0;
192
193 if ((ctx = BN_CTX_new()) == NULL)
194 goto err;
195 BN_CTX_start(ctx);
196 if ((max_pub_key = BN_CTX_get(ctx)) == NULL)
197 goto err;
198
199 /*
200 * Check that 1 < pub_key < dh->p - 1
201 */
202
203 if (BN_cmp(pub_key, BN_value_one()) <= 0)
204 *flags |= DH_CHECK_PUBKEY_TOO_SMALL;
205
206 /* max_pub_key = dh->p - 1 */
207 if (!BN_sub(max_pub_key, dh->p, BN_value_one()))
208 goto err;
209
210 if (BN_cmp(pub_key, max_pub_key) >= 0)
211 *flags |= DH_CHECK_PUBKEY_TOO_LARGE;
212
213 /*
214 * If dh->q is set, check that pub_key^q == 1 mod p
215 */
216
217 if (dh->q != NULL) {
218 BIGNUM *residue;
219
220 if ((residue = BN_CTX_get(ctx)) == NULL)
221 goto err;
222
223 if (!BN_mod_exp_ct(residue, pub_key, dh->q, dh->p, ctx))
224 goto err;
225 if (!BN_is_one(residue))
226 *flags |= DH_CHECK_PUBKEY_INVALID;
227 }
228
229 ok = 1;
230
231 err:
232 BN_CTX_end(ctx);
233 BN_CTX_free(ctx);
234
235 return ok;
236}
237LCRYPTO_ALIAS(DH_check_pub_key);
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
deleted file mode 100644
index 568eff5752..0000000000
--- a/src/lib/libcrypto/dh/dh_err.c
+++ /dev/null
@@ -1,114 +0,0 @@
1/* $OpenBSD: dh_err.c,v 1.22 2024/06/24 06:43:22 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57
58#include <openssl/opensslconf.h>
59
60#include <openssl/dh.h>
61#include <openssl/err.h>
62
63#include "err_local.h"
64
65#ifndef OPENSSL_NO_ERR
66
67#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
68#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
69
70static const ERR_STRING_DATA DH_str_functs[] = {
71 {ERR_FUNC(0xfff), "CRYPTO_internal"},
72 {0, NULL}
73};
74
75static const ERR_STRING_DATA DH_str_reasons[] = {
76 {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
77 {ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"},
78 {ERR_REASON(DH_R_BN_ERROR) ,"bn error"},
79 {ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"},
80 {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
81 {ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"},
82 {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
83 {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
84 {ERR_REASON(DH_R_NON_FIPS_METHOD) ,"non fips method"},
85 {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"},
86 {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
87 {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
88 {ERR_REASON(DH_R_CHECK_INVALID_J_VALUE) ,"check invalid j value"},
89 {ERR_REASON(DH_R_CHECK_INVALID_Q_VALUE) ,"check invalid q value"},
90 {ERR_REASON(DH_R_CHECK_PUBKEY_INVALID) ,"check pubkey invalid"},
91 {ERR_REASON(DH_R_CHECK_PUBKEY_TOO_LARGE) ,"check pubkey too large"},
92 {ERR_REASON(DH_R_CHECK_PUBKEY_TOO_SMALL) ,"check pubkey too small"},
93 {ERR_REASON(DH_R_CHECK_P_NOT_PRIME) ,"check p not prime"},
94 {ERR_REASON(DH_R_CHECK_P_NOT_SAFE_PRIME) ,"check p not safe prime"},
95 {ERR_REASON(DH_R_CHECK_Q_NOT_PRIME) ,"check q not prime"},
96 {ERR_REASON(DH_R_MISSING_PUBKEY) ,"missing pubkey"},
97 {ERR_REASON(DH_R_NOT_SUITABLE_GENERATOR) ,"not suitable generator"},
98 {ERR_REASON(DH_R_UNABLE_TO_CHECK_GENERATOR),"unable to check generator"},
99 {0,NULL}
100};
101
102#endif
103
104void
105ERR_load_DH_strings(void)
106{
107#ifndef OPENSSL_NO_ERR
108 if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
109 ERR_load_const_strings(DH_str_functs);
110 ERR_load_const_strings(DH_str_reasons);
111 }
112#endif
113}
114LCRYPTO_ALIAS(ERR_load_DH_strings);
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
deleted file mode 100644
index 3ffa5d80f1..0000000000
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ /dev/null
@@ -1,197 +0,0 @@
1/* $OpenBSD: dh_gen.c,v 1.21 2023/07/08 15:29:03 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63#include <openssl/err.h>
64
65#include "bn_local.h"
66#include "dh_local.h"
67
68static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
69 BN_GENCB *cb);
70
71int
72DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
73{
74 if (ret->meth->generate_params)
75 return ret->meth->generate_params(ret, prime_len, generator, cb);
76 return dh_builtin_genparams(ret, prime_len, generator, cb);
77}
78LCRYPTO_ALIAS(DH_generate_parameters_ex);
79
80/*
81 * We generate DH parameters as follows:
82 * find a prime q which is prime_len/2 bits long.
83 * p=(2*q)+1 or (p-1)/2 = q
84 * For this case, g is a generator if
85 * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
86 * Since the factors of p-1 are q and 2, we just need to check
87 * g^2 mod p != 1 and g^q mod p != 1.
88 *
89 * Having said all that,
90 * there is another special case method for the generators 2, 3 and 5.
91 * for 2, p mod 24 == 11
92 * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
93 * for 5, p mod 10 == 3 or 7
94 *
95 * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
96 * special generators and for answering some of my questions.
97 *
98 * I've implemented the second simple method :-).
99 * Since DH should be using a safe prime (both p and q are prime),
100 * this generator function can take a very very long time to run.
101 */
102/* Actually there is no reason to insist that 'generator' be a generator.
103 * It's just as OK (and in some sense better) to use a generator of the
104 * order-q subgroup.
105 */
106static int
107dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
108{
109 BIGNUM *t1, *t2;
110 int g, ok = -1;
111 BN_CTX *ctx = NULL;
112
113 ctx = BN_CTX_new();
114 if (ctx == NULL)
115 goto err;
116 BN_CTX_start(ctx);
117 if ((t1 = BN_CTX_get(ctx)) == NULL)
118 goto err;
119 if ((t2 = BN_CTX_get(ctx)) == NULL)
120 goto err;
121
122 /* Make sure 'ret' has the necessary elements */
123 if (!ret->p && ((ret->p = BN_new()) == NULL))
124 goto err;
125 if (!ret->g && ((ret->g = BN_new()) == NULL))
126 goto err;
127
128 if (generator <= 1) {
129 DHerror(DH_R_BAD_GENERATOR);
130 goto err;
131 }
132 if (generator == DH_GENERATOR_2) {
133 if (!BN_set_word(t1, 24))
134 goto err;
135 if (!BN_set_word(t2, 11))
136 goto err;
137 g = 2;
138 } else if (generator == DH_GENERATOR_5) {
139 if (!BN_set_word(t1, 10))
140 goto err;
141 if (!BN_set_word(t2, 3))
142 goto err;
143 /* BN_set_word(t3,7); just have to miss
144 * out on these ones :-( */
145 g = 5;
146 } else {
147 /*
148 * in the general case, don't worry if 'generator' is a
149 * generator or not: since we are using safe primes,
150 * it will generate either an order-q or an order-2q group,
151 * which both is OK
152 */
153 if (!BN_set_word(t1, 2))
154 goto err;
155 if (!BN_set_word(t2, 1))
156 goto err;
157 g = generator;
158 }
159
160 if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
161 goto err;
162 if (!BN_GENCB_call(cb, 3, 0))
163 goto err;
164 if (!BN_set_word(ret->g, g))
165 goto err;
166 ok = 1;
167err:
168 if (ok == -1) {
169 DHerror(ERR_R_BN_LIB);
170 ok = 0;
171 }
172
173 if (ctx != NULL) {
174 BN_CTX_end(ctx);
175 BN_CTX_free(ctx);
176 }
177 return ok;
178}
179
180DH *
181DH_generate_parameters(int prime_len, int generator,
182 void (*callback)(int, int, void *), void *cb_arg)
183{
184 BN_GENCB cb;
185 DH *ret = NULL;
186
187 if ((ret = DH_new()) == NULL)
188 return NULL;
189
190 BN_GENCB_set_old(&cb, callback, cb_arg);
191
192 if (DH_generate_parameters_ex(ret, prime_len, generator, &cb))
193 return ret;
194 DH_free(ret);
195 return NULL;
196}
197LCRYPTO_ALIAS(DH_generate_parameters);
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
deleted file mode 100644
index 93b04f398f..0000000000
--- a/src/lib/libcrypto/dh/dh_key.c
+++ /dev/null
@@ -1,240 +0,0 @@
1/* $OpenBSD: dh_key.c,v 1.42 2024/05/09 20:43:36 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63#include <openssl/err.h>
64
65#include "bn_local.h"
66#include "dh_local.h"
67
68static int
69generate_key(DH *dh)
70{
71 int ok = 0;
72 unsigned l;
73 BN_CTX *ctx;
74 BN_MONT_CTX *mont = NULL;
75 BIGNUM *pub_key = NULL, *priv_key = NULL;
76
77 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
78 DHerror(DH_R_MODULUS_TOO_LARGE);
79 return 0;
80 }
81
82 ctx = BN_CTX_new();
83 if (ctx == NULL)
84 goto err;
85
86 if ((priv_key = dh->priv_key) == NULL) {
87 if ((priv_key = BN_new()) == NULL)
88 goto err;
89 }
90
91 if ((pub_key = dh->pub_key) == NULL) {
92 if ((pub_key = BN_new()) == NULL)
93 goto err;
94 }
95
96 if (dh->flags & DH_FLAG_CACHE_MONT_P) {
97 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
98 CRYPTO_LOCK_DH, dh->p, ctx);
99 if (!mont)
100 goto err;
101 }
102
103 if (dh->priv_key == NULL) {
104 if (dh->q) {
105 if (!bn_rand_interval(priv_key, 2, dh->q))
106 goto err;
107 } else {
108 /* secret exponent length */
109 l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
110 if (!BN_rand(priv_key, l, 0, 0))
111 goto err;
112 }
113 }
114
115 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key, dh->p, ctx,
116 mont))
117 goto err;
118
119 dh->pub_key = pub_key;
120 dh->priv_key = priv_key;
121 ok = 1;
122 err:
123 if (ok != 1)
124 DHerror(ERR_R_BN_LIB);
125
126 if (dh->pub_key == NULL)
127 BN_free(pub_key);
128 if (dh->priv_key == NULL)
129 BN_free(priv_key);
130 BN_CTX_free(ctx);
131
132 return ok;
133}
134
135static int
136compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
137{
138 BN_CTX *ctx = NULL;
139 BN_MONT_CTX *mont = NULL;
140 BIGNUM *tmp;
141 int ret = -1;
142 int check_result;
143
144 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
145 DHerror(DH_R_MODULUS_TOO_LARGE);
146 goto err;
147 }
148
149 ctx = BN_CTX_new();
150 if (ctx == NULL)
151 goto err;
152 BN_CTX_start(ctx);
153 if ((tmp = BN_CTX_get(ctx)) == NULL)
154 goto err;
155
156 if (dh->priv_key == NULL) {
157 DHerror(DH_R_NO_PRIVATE_VALUE);
158 goto err;
159 }
160
161 if (dh->flags & DH_FLAG_CACHE_MONT_P) {
162 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
163 CRYPTO_LOCK_DH, dh->p, ctx);
164
165 BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
166
167 if (!mont)
168 goto err;
169 }
170
171 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
172 DHerror(DH_R_INVALID_PUBKEY);
173 goto err;
174 }
175
176 if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx,
177 mont)) {
178 DHerror(ERR_R_BN_LIB);
179 goto err;
180 }
181
182 ret = BN_bn2bin(tmp, key);
183 err:
184 if (ctx != NULL) {
185 BN_CTX_end(ctx);
186 BN_CTX_free(ctx);
187 }
188 return ret;
189}
190
191static int
192dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
193 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
194{
195 return BN_mod_exp_mont_ct(r, a, p, m, ctx, m_ctx);
196}
197
198static int
199dh_init(DH *dh)
200{
201 dh->flags |= DH_FLAG_CACHE_MONT_P;
202 return 1;
203}
204
205static int
206dh_finish(DH *dh)
207{
208 BN_MONT_CTX_free(dh->method_mont_p);
209 return 1;
210}
211
212int
213DH_generate_key(DH *dh)
214{
215 return dh->meth->generate_key(dh);
216}
217LCRYPTO_ALIAS(DH_generate_key);
218
219int
220DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
221{
222 return dh->meth->compute_key(key, pub_key, dh);
223}
224LCRYPTO_ALIAS(DH_compute_key);
225
226static const DH_METHOD dh_ossl = {
227 .name = "OpenSSL DH Method",
228 .generate_key = generate_key,
229 .compute_key = compute_key,
230 .bn_mod_exp = dh_bn_mod_exp,
231 .init = dh_init,
232 .finish = dh_finish,
233};
234
235const DH_METHOD *
236DH_OpenSSL(void)
237{
238 return &dh_ossl;
239}
240LCRYPTO_ALIAS(DH_OpenSSL);
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
deleted file mode 100644
index 803aca6421..0000000000
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ /dev/null
@@ -1,364 +0,0 @@
1/* $OpenBSD: dh_lib.c,v 1.46 2024/11/29 15:59:57 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61
62#include <openssl/opensslconf.h>
63
64#include <openssl/bn.h>
65#include <openssl/dh.h>
66#include <openssl/err.h>
67
68#include "dh_local.h"
69
70static const DH_METHOD *default_DH_method = NULL;
71
72void
73DH_set_default_method(const DH_METHOD *meth)
74{
75 default_DH_method = meth;
76}
77LCRYPTO_ALIAS(DH_set_default_method);
78
79const DH_METHOD *
80DH_get_default_method(void)
81{
82 if (!default_DH_method)
83 default_DH_method = DH_OpenSSL();
84 return default_DH_method;
85}
86LCRYPTO_ALIAS(DH_get_default_method);
87
88int
89DH_set_method(DH *dh, const DH_METHOD *meth)
90{
91 /*
92 * NB: The caller is specifically setting a method, so it's not up to us
93 * to deal with which ENGINE it comes from.
94 */
95 const DH_METHOD *mtmp;
96
97 mtmp = dh->meth;
98 if (mtmp->finish)
99 mtmp->finish(dh);
100 dh->meth = meth;
101 if (meth->init)
102 meth->init(dh);
103 return 1;
104}
105LCRYPTO_ALIAS(DH_set_method);
106
107DH *
108DH_new(void)
109{
110 return DH_new_method(NULL);
111}
112LCRYPTO_ALIAS(DH_new);
113
114DH *
115DH_new_method(ENGINE *engine)
116{
117 DH *dh;
118
119 if ((dh = calloc(1, sizeof(*dh))) == NULL) {
120 DHerror(ERR_R_MALLOC_FAILURE);
121 goto err;
122 }
123
124 dh->meth = DH_get_default_method();
125 dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
126 dh->references = 1;
127
128 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data))
129 goto err;
130 if (dh->meth->init != NULL && !dh->meth->init(dh))
131 goto err;
132
133 return dh;
134
135 err:
136 DH_free(dh);
137
138 return NULL;
139}
140LCRYPTO_ALIAS(DH_new_method);
141
142void
143DH_free(DH *dh)
144{
145 if (dh == NULL)
146 return;
147
148 if (CRYPTO_add(&dh->references, -1, CRYPTO_LOCK_DH) > 0)
149 return;
150
151 if (dh->meth != NULL && dh->meth->finish != NULL)
152 dh->meth->finish(dh);
153
154 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data);
155
156 BN_free(dh->p);
157 BN_free(dh->q);
158 BN_free(dh->g);
159 BN_free(dh->pub_key);
160 BN_free(dh->priv_key);
161 free(dh);
162}
163LCRYPTO_ALIAS(DH_free);
164
165int
166DH_up_ref(DH *dh)
167{
168 return CRYPTO_add(&dh->references, 1, CRYPTO_LOCK_DH) > 1;
169}
170LCRYPTO_ALIAS(DH_up_ref);
171
172int
173DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
174 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
175{
176 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, new_func,
177 dup_func, free_func);
178}
179LCRYPTO_ALIAS(DH_get_ex_new_index);
180
181int
182DH_set_ex_data(DH *dh, int idx, void *arg)
183{
184 return CRYPTO_set_ex_data(&dh->ex_data, idx, arg);
185}
186LCRYPTO_ALIAS(DH_set_ex_data);
187
188void *
189DH_get_ex_data(DH *dh, int idx)
190{
191 return CRYPTO_get_ex_data(&dh->ex_data, idx);
192}
193LCRYPTO_ALIAS(DH_get_ex_data);
194
195int
196DH_size(const DH *dh)
197{
198 return BN_num_bytes(dh->p);
199}
200LCRYPTO_ALIAS(DH_size);
201
202int
203DH_bits(const DH *dh)
204{
205 return BN_num_bits(dh->p);
206}
207LCRYPTO_ALIAS(DH_bits);
208
209int
210DH_security_bits(const DH *dh)
211{
212 int N = -1;
213
214 if (dh->q != NULL)
215 N = BN_num_bits(dh->q);
216 else if (dh->length > 0)
217 N = dh->length;
218
219 return BN_security_bits(BN_num_bits(dh->p), N);
220}
221LCRYPTO_ALIAS(DH_security_bits);
222
223ENGINE *
224DH_get0_engine(DH *dh)
225{
226 return NULL;
227}
228LCRYPTO_ALIAS(DH_get0_engine);
229
230void
231DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
232{
233 if (p != NULL)
234 *p = dh->p;
235 if (q != NULL)
236 *q = dh->q;
237 if (g != NULL)
238 *g = dh->g;
239}
240LCRYPTO_ALIAS(DH_get0_pqg);
241
242int
243DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
244{
245 if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
246 return 0;
247
248 if (p != NULL) {
249 BN_free(dh->p);
250 dh->p = p;
251 }
252 if (q != NULL) {
253 BN_free(dh->q);
254 dh->q = q;
255 dh->length = BN_num_bits(dh->q);
256 }
257 if (g != NULL) {
258 BN_free(dh->g);
259 dh->g = g;
260 }
261
262 return 1;
263}
264LCRYPTO_ALIAS(DH_set0_pqg);
265
266void
267DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
268{
269 if (pub_key != NULL)
270 *pub_key = dh->pub_key;
271 if (priv_key != NULL)
272 *priv_key = dh->priv_key;
273}
274LCRYPTO_ALIAS(DH_get0_key);
275
276int
277DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
278{
279 if (pub_key != NULL) {
280 BN_free(dh->pub_key);
281 dh->pub_key = pub_key;
282 }
283 if (priv_key != NULL) {
284 BN_free(dh->priv_key);
285 dh->priv_key = priv_key;
286 }
287
288 return 1;
289}
290LCRYPTO_ALIAS(DH_set0_key);
291
292const BIGNUM *
293DH_get0_p(const DH *dh)
294{
295 return dh->p;
296}
297LCRYPTO_ALIAS(DH_get0_p);
298
299const BIGNUM *
300DH_get0_q(const DH *dh)
301{
302 return dh->q;
303}
304LCRYPTO_ALIAS(DH_get0_q);
305
306const BIGNUM *
307DH_get0_g(const DH *dh)
308{
309 return dh->g;
310}
311LCRYPTO_ALIAS(DH_get0_g);
312
313const BIGNUM *
314DH_get0_priv_key(const DH *dh)
315{
316 return dh->priv_key;
317}
318LCRYPTO_ALIAS(DH_get0_priv_key);
319
320const BIGNUM *
321DH_get0_pub_key(const DH *dh)
322{
323 return dh->pub_key;
324}
325LCRYPTO_ALIAS(DH_get0_pub_key);
326
327void
328DH_clear_flags(DH *dh, int flags)
329{
330 dh->flags &= ~flags;
331}
332LCRYPTO_ALIAS(DH_clear_flags);
333
334int
335DH_test_flags(const DH *dh, int flags)
336{
337 return dh->flags & flags;
338}
339LCRYPTO_ALIAS(DH_test_flags);
340
341void
342DH_set_flags(DH *dh, int flags)
343{
344 dh->flags |= flags;
345}
346LCRYPTO_ALIAS(DH_set_flags);
347
348long
349DH_get_length(const DH *dh)
350{
351 return dh->length;
352}
353LCRYPTO_ALIAS(DH_get_length);
354
355int
356DH_set_length(DH *dh, long length)
357{
358 if (length < 0 || length > INT_MAX)
359 return 0;
360
361 dh->length = length;
362 return 1;
363}
364LCRYPTO_ALIAS(DH_set_length);
diff --git a/src/lib/libcrypto/dh/dh_local.h b/src/lib/libcrypto/dh/dh_local.h
deleted file mode 100644
index 2c89f10127..0000000000
--- a/src/lib/libcrypto/dh/dh_local.h
+++ /dev/null
@@ -1,99 +0,0 @@
1/* $OpenBSD: dh_local.h,v 1.7 2024/11/29 15:59:57 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_DH_LOCAL_H
60#define HEADER_DH_LOCAL_H
61
62__BEGIN_HIDDEN_DECLS
63
64struct dh_method {
65 const char *name;
66 /* Methods here */
67 int (*generate_key)(DH *dh);
68 int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
69 int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
70 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
71 int (*init)(DH *dh);
72 int (*finish)(DH *dh);
73 int flags;
74 char *app_data;
75 /* If this is non-NULL, it will be used to generate parameters */
76 int (*generate_params)(DH *dh, int prime_len, int generator,
77 BN_GENCB *cb);
78};
79
80struct dh_st {
81 int version;
82 BIGNUM *p;
83 BIGNUM *q;
84 BIGNUM *g;
85 long length; /* optional */
86 BIGNUM *pub_key; /* g^x */
87 BIGNUM *priv_key; /* x */
88
89 int flags;
90 BN_MONT_CTX *method_mont_p;
91
92 int references;
93 CRYPTO_EX_DATA ex_data;
94 const DH_METHOD *meth;
95};
96
97__END_HIDDEN_DECLS
98
99#endif /* !HEADER_DH_LOCAL_H */
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
deleted file mode 100644
index 1e5327b11f..0000000000
--- a/src/lib/libcrypto/dh/dh_pmeth.c
+++ /dev/null
@@ -1,265 +0,0 @@
1/* $OpenBSD: dh_pmeth.c,v 1.17 2024/08/26 22:00:47 op Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <stdlib.h>
62#include <string.h>
63
64#include <openssl/asn1t.h>
65#include <openssl/bn.h>
66#include <openssl/dh.h>
67#include <openssl/err.h>
68#include <openssl/evp.h>
69#include <openssl/x509.h>
70
71#include "bn_local.h"
72#include "dh_local.h"
73#include "evp_local.h"
74
75/* DH pkey context structure */
76
77typedef struct {
78 /* Parameter gen parameters */
79 int prime_len;
80 int generator;
81 int use_dsa;
82 /* Keygen callback info */
83 int gentmp[2];
84 /* message digest */
85} DH_PKEY_CTX;
86
87static int
88pkey_dh_init(EVP_PKEY_CTX *ctx)
89{
90 DH_PKEY_CTX *dctx;
91
92 dctx = malloc(sizeof(DH_PKEY_CTX));
93 if (!dctx)
94 return 0;
95 dctx->prime_len = 1024;
96 dctx->generator = 2;
97 dctx->use_dsa = 0;
98
99 ctx->data = dctx;
100 ctx->keygen_info = dctx->gentmp;
101 ctx->keygen_info_count = 2;
102
103 return 1;
104}
105
106static int
107pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
108{
109 DH_PKEY_CTX *dctx, *sctx;
110
111 if (!pkey_dh_init(dst))
112 return 0;
113 sctx = src->data;
114 dctx = dst->data;
115 dctx->prime_len = sctx->prime_len;
116 dctx->generator = sctx->generator;
117 dctx->use_dsa = sctx->use_dsa;
118 return 1;
119}
120
121static void
122pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
123{
124 DH_PKEY_CTX *dctx = ctx->data;
125
126 free(dctx);
127}
128
129static int
130pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
131{
132 DH_PKEY_CTX *dctx = ctx->data;
133
134 switch (type) {
135 case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
136 if (p1 < 256)
137 return -2;
138 dctx->prime_len = p1;
139 return 1;
140
141 case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
142 dctx->generator = p1;
143 return 1;
144
145 case EVP_PKEY_CTRL_PEER_KEY:
146 /* Default behaviour is OK */
147 return 1;
148
149 default:
150 return -2;
151 }
152}
153
154static int
155pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
156{
157 const char *errstr;
158 int len;
159
160 if (!strcmp(type, "dh_paramgen_prime_len")) {
161 len = strtonum(value, INT_MIN, INT_MAX, &errstr);
162 if (errstr != NULL)
163 return -2;
164 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
165 } else if (!strcmp(type, "dh_paramgen_generator")) {
166 len = strtonum(value, INT_MIN, INT_MAX, &errstr);
167 if (errstr != NULL)
168 return -2;
169 return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
170 }
171
172 return -2;
173}
174
175static int
176pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
177{
178 DH *dh;
179 DH_PKEY_CTX *dctx = ctx->data;
180 BN_GENCB *pcb = NULL;
181 BN_GENCB cb = {0};
182 int ret = 0;
183
184 if ((dh = DH_new()) == NULL)
185 goto err;
186 if (ctx->pkey_gencb != NULL) {
187 pcb = &cb;
188 evp_pkey_set_cb_translate(pcb, ctx);
189 }
190 if (!DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, pcb))
191 goto err;
192 if (!EVP_PKEY_assign_DH(pkey, dh))
193 goto err;
194 dh = NULL;
195
196 ret = 1;
197 err:
198 DH_free(dh);
199
200 return ret;
201}
202
203static int
204pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
205{
206 DH *dh = NULL;
207 int ret = 0;
208
209 if (ctx->pkey == NULL) {
210 DHerror(DH_R_NO_PARAMETERS_SET);
211 goto err;
212 }
213
214 if ((dh = DH_new()) == NULL)
215 goto err;
216 if (!EVP_PKEY_set1_DH(pkey, dh))
217 goto err;
218
219 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
220 goto err;
221 if (!DH_generate_key(dh))
222 goto err;
223
224 ret = 1;
225
226 err:
227 DH_free(dh);
228
229 return ret;
230}
231
232static int
233pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
234{
235 int ret;
236
237 if (!ctx->pkey || !ctx->peerkey) {
238 DHerror(DH_R_KEYS_NOT_SET);
239 return 0;
240 }
241 ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
242 ctx->pkey->pkey.dh);
243 if (ret < 0)
244 return ret;
245 *keylen = ret;
246 return 1;
247}
248
249const EVP_PKEY_METHOD dh_pkey_meth = {
250 .pkey_id = EVP_PKEY_DH,
251 .flags = EVP_PKEY_FLAG_AUTOARGLEN,
252
253 .init = pkey_dh_init,
254 .copy = pkey_dh_copy,
255 .cleanup = pkey_dh_cleanup,
256
257 .paramgen = pkey_dh_paramgen,
258
259 .keygen = pkey_dh_keygen,
260
261 .derive = pkey_dh_derive,
262
263 .ctrl = pkey_dh_ctrl,
264 .ctrl_str = pkey_dh_ctrl_str
265};
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-06 19:50:36 +0000