summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dh')
-rw-r--r--src/lib/libcrypto/dh/dh.h260
-rw-r--r--src/lib/libcrypto/dh/dh_ameth.c500
-rw-r--r--src/lib/libcrypto/dh/dh_asn1.c93
-rw-r--r--src/lib/libcrypto/dh/dh_check.c142
-rw-r--r--src/lib/libcrypto/dh/dh_depr.c83
-rw-r--r--src/lib/libcrypto/dh/dh_err.c117
-rw-r--r--src/lib/libcrypto/dh/dh_gen.c175
-rw-r--r--src/lib/libcrypto/dh/dh_key.c263
-rw-r--r--src/lib/libcrypto/dh/dh_lib.c247
-rw-r--r--src/lib/libcrypto/dh/dh_pmeth.c254
-rw-r--r--src/lib/libcrypto/dh/dh_prn.c80
11 files changed, 2214 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
new file mode 100644
index 0000000000..849309a489
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh.h
@@ -0,0 +1,260 @@
1/* crypto/dh/dh.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_DH_H
60#define HEADER_DH_H
61
62#include <openssl/e_os2.h>
63
64#ifdef OPENSSL_NO_DH
65#error DH is disabled.
66#endif
67
68#ifndef OPENSSL_NO_BIO
69#include <openssl/bio.h>
70#endif
71#include <openssl/ossl_typ.h>
72#ifndef OPENSSL_NO_DEPRECATED
73#include <openssl/bn.h>
74#endif
75
76#ifndef OPENSSL_DH_MAX_MODULUS_BITS
77# define OPENSSL_DH_MAX_MODULUS_BITS 10000
78#endif
79
80#define DH_FLAG_CACHE_MONT_P 0x01
81#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
82 * implementation now uses constant time
83 * modular exponentiation for secret exponents
84 * by default. This flag causes the
85 * faster variable sliding window method to
86 * be used for all exponents.
87 */
88
89#ifdef __cplusplus
90extern "C" {
91#endif
92
93/* Already defined in ossl_typ.h */
94/* typedef struct dh_st DH; */
95/* typedef struct dh_method DH_METHOD; */
96
97struct dh_method
98 {
99 const char *name;
100 /* Methods here */
101 int (*generate_key)(DH *dh);
102 int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
103 int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
104 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
105 BN_MONT_CTX *m_ctx); /* Can be null */
106
107 int (*init)(DH *dh);
108 int (*finish)(DH *dh);
109 int flags;
110 char *app_data;
111 /* If this is non-NULL, it will be used to generate parameters */
112 int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
113 };
114
115struct dh_st
116 {
117 /* This first argument is used to pick up errors when
118 * a DH is passed instead of a EVP_PKEY */
119 int pad;
120 int version;
121 BIGNUM *p;
122 BIGNUM *g;
123 long length; /* optional */
124 BIGNUM *pub_key; /* g^x */
125 BIGNUM *priv_key; /* x */
126
127 int flags;
128 BN_MONT_CTX *method_mont_p;
129 /* Place holders if we want to do X9.42 DH */
130 BIGNUM *q;
131 BIGNUM *j;
132 unsigned char *seed;
133 int seedlen;
134 BIGNUM *counter;
135
136 int references;
137 CRYPTO_EX_DATA ex_data;
138 const DH_METHOD *meth;
139 ENGINE *engine;
140 };
141
142#define DH_GENERATOR_2 2
143/* #define DH_GENERATOR_3 3 */
144#define DH_GENERATOR_5 5
145
146/* DH_check error codes */
147#define DH_CHECK_P_NOT_PRIME 0x01
148#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
149#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
150#define DH_NOT_SUITABLE_GENERATOR 0x08
151
152/* DH_check_pub_key error codes */
153#define DH_CHECK_PUBKEY_TOO_SMALL 0x01
154#define DH_CHECK_PUBKEY_TOO_LARGE 0x02
155
156/* primes p where (p-1)/2 is prime too are called "safe"; we define
157 this for backward compatibility: */
158#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
159
160#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
161 (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
162#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
163 (unsigned char *)(x))
164#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
165#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
166
167DH *DHparams_dup(DH *);
168
169const DH_METHOD *DH_OpenSSL(void);
170
171void DH_set_default_method(const DH_METHOD *meth);
172const DH_METHOD *DH_get_default_method(void);
173int DH_set_method(DH *dh, const DH_METHOD *meth);
174DH *DH_new_method(ENGINE *engine);
175
176DH * DH_new(void);
177void DH_free(DH *dh);
178int DH_up_ref(DH *dh);
179int DH_size(const DH *dh);
180int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
181 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
182int DH_set_ex_data(DH *d, int idx, void *arg);
183void *DH_get_ex_data(DH *d, int idx);
184
185/* Deprecated version */
186#ifndef OPENSSL_NO_DEPRECATED
187DH * DH_generate_parameters(int prime_len,int generator,
188 void (*callback)(int,int,void *),void *cb_arg);
189#endif /* !defined(OPENSSL_NO_DEPRECATED) */
190
191/* New version */
192int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
193
194int DH_check(const DH *dh,int *codes);
195int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
196int DH_generate_key(DH *dh);
197int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
198DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
199int i2d_DHparams(const DH *a,unsigned char **pp);
200#ifndef OPENSSL_NO_FP_API
201int DHparams_print_fp(FILE *fp, const DH *x);
202#endif
203#ifndef OPENSSL_NO_BIO
204int DHparams_print(BIO *bp, const DH *x);
205#else
206int DHparams_print(char *bp, const DH *x);
207#endif
208
209#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
210 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
211 EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
212
213#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
214 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
215 EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
216
217#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
218#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
219
220
221/* BEGIN ERROR CODES */
222/* The following lines are auto generated by the script mkerr.pl. Any changes
223 * made after this point may be overwritten when the script is next run.
224 */
225void ERR_load_DH_strings(void);
226
227/* Error codes for the DH functions. */
228
229/* Function codes. */
230#define DH_F_COMPUTE_KEY 102
231#define DH_F_DHPARAMS_PRINT_FP 101
232#define DH_F_DH_BUILTIN_GENPARAMS 106
233#define DH_F_DH_NEW_METHOD 105
234#define DH_F_DH_PARAM_DECODE 107
235#define DH_F_DH_PRIV_DECODE 110
236#define DH_F_DH_PRIV_ENCODE 111
237#define DH_F_DH_PUB_DECODE 108
238#define DH_F_DH_PUB_ENCODE 109
239#define DH_F_DO_DH_PRINT 100
240#define DH_F_GENERATE_KEY 103
241#define DH_F_GENERATE_PARAMETERS 104
242#define DH_F_PKEY_DH_DERIVE 112
243#define DH_F_PKEY_DH_KEYGEN 113
244
245/* Reason codes. */
246#define DH_R_BAD_GENERATOR 101
247#define DH_R_BN_DECODE_ERROR 109
248#define DH_R_BN_ERROR 106
249#define DH_R_DECODE_ERROR 104
250#define DH_R_INVALID_PUBKEY 102
251#define DH_R_KEYS_NOT_SET 108
252#define DH_R_MODULUS_TOO_LARGE 103
253#define DH_R_NO_PARAMETERS_SET 107
254#define DH_R_NO_PRIVATE_VALUE 100
255#define DH_R_PARAMETER_ENCODING_ERROR 105
256
257#ifdef __cplusplus
258}
259#endif
260#endif
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
new file mode 100644
index 0000000000..377caf96c9
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -0,0 +1,500 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2006.
3 */
4/* ====================================================================
5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include "cryptlib.h"
60#include <openssl/x509.h>
61#include <openssl/asn1.h>
62#include <openssl/dh.h>
63#include <openssl/bn.h>
64#include "asn1_locl.h"
65
66static void int_dh_free(EVP_PKEY *pkey)
67 {
68 DH_free(pkey->pkey.dh);
69 }
70
71static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
72 {
73 const unsigned char *p, *pm;
74 int pklen, pmlen;
75 int ptype;
76 void *pval;
77 ASN1_STRING *pstr;
78 X509_ALGOR *palg;
79 ASN1_INTEGER *public_key = NULL;
80
81 DH *dh = NULL;
82
83 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
84 return 0;
85 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
86
87 if (ptype != V_ASN1_SEQUENCE)
88 {
89 DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
90 goto err;
91 }
92
93 pstr = pval;
94 pm = pstr->data;
95 pmlen = pstr->length;
96
97 if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
98 {
99 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
100 goto err;
101 }
102
103 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
104 {
105 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
106 goto err;
107 }
108
109 /* We have parameters now set public key */
110 if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
111 {
112 DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
113 goto err;
114 }
115
116 ASN1_INTEGER_free(public_key);
117 EVP_PKEY_assign_DH(pkey, dh);
118 return 1;
119
120 err:
121 if (public_key)
122 ASN1_INTEGER_free(public_key);
123 if (dh)
124 DH_free(dh);
125 return 0;
126
127 }
128
129static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
130 {
131 DH *dh;
132 void *pval = NULL;
133 int ptype;
134 unsigned char *penc = NULL;
135 int penclen;
136 ASN1_STRING *str;
137 ASN1_INTEGER *pub_key = NULL;
138
139 dh=pkey->pkey.dh;
140
141 str = ASN1_STRING_new();
142 str->length = i2d_DHparams(dh, &str->data);
143 if (str->length <= 0)
144 {
145 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
146 goto err;
147 }
148 pval = str;
149 ptype = V_ASN1_SEQUENCE;
150
151 pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
152 if (!pub_key)
153 goto err;
154
155 penclen = i2d_ASN1_INTEGER(pub_key, &penc);
156
157 ASN1_INTEGER_free(pub_key);
158
159 if (penclen <= 0)
160 {
161 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
162 goto err;
163 }
164
165 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
166 ptype, pval, penc, penclen))
167 return 1;
168
169 err:
170 if (penc)
171 OPENSSL_free(penc);
172 if (pval)
173 ASN1_STRING_free(pval);
174
175 return 0;
176 }
177
178
179/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
180 * that the AlgorithmIdentifier contains the paramaters, the private key
181 * is explcitly included and the pubkey must be recalculated.
182 */
183
184static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
185 {
186 const unsigned char *p, *pm;
187 int pklen, pmlen;
188 int ptype;
189 void *pval;
190 ASN1_STRING *pstr;
191 X509_ALGOR *palg;
192 ASN1_INTEGER *privkey = NULL;
193
194 DH *dh = NULL;
195
196 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
197 return 0;
198
199 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
200
201 if (ptype != V_ASN1_SEQUENCE)
202 goto decerr;
203
204 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
205 goto decerr;
206
207
208 pstr = pval;
209 pm = pstr->data;
210 pmlen = pstr->length;
211 if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
212 goto decerr;
213 /* We have parameters now set private key */
214 if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
215 {
216 DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
217 goto dherr;
218 }
219 /* Calculate public key */
220 if (!DH_generate_key(dh))
221 goto dherr;
222
223 EVP_PKEY_assign_DH(pkey, dh);
224
225 ASN1_INTEGER_free(privkey);
226
227 return 1;
228
229 decerr:
230 DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
231 dherr:
232 DH_free(dh);
233 return 0;
234 }
235
236static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
237{
238 ASN1_STRING *params = NULL;
239 ASN1_INTEGER *prkey = NULL;
240 unsigned char *dp = NULL;
241 int dplen;
242
243 params = ASN1_STRING_new();
244
245 if (!params)
246 {
247 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
248 goto err;
249 }
250
251 params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
252 if (params->length <= 0)
253 {
254 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
255 goto err;
256 }
257 params->type = V_ASN1_SEQUENCE;
258
259 /* Get private key into integer */
260 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
261
262 if (!prkey)
263 {
264 DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);
265 goto err;
266 }
267
268 dplen = i2d_ASN1_INTEGER(prkey, &dp);
269
270 ASN1_INTEGER_free(prkey);
271
272 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
273 V_ASN1_SEQUENCE, params, dp, dplen))
274 goto err;
275
276 return 1;
277
278err:
279 if (dp != NULL)
280 OPENSSL_free(dp);
281 if (params != NULL)
282 ASN1_STRING_free(params);
283 if (prkey != NULL)
284 ASN1_INTEGER_free(prkey);
285 return 0;
286}
287
288
289static void update_buflen(const BIGNUM *b, size_t *pbuflen)
290 {
291 size_t i;
292 if (!b)
293 return;
294 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
295 *pbuflen = i;
296 }
297
298static int dh_param_decode(EVP_PKEY *pkey,
299 const unsigned char **pder, int derlen)
300 {
301 DH *dh;
302 if (!(dh = d2i_DHparams(NULL, pder, derlen)))
303 {
304 DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
305 return 0;
306 }
307 EVP_PKEY_assign_DH(pkey, dh);
308 return 1;
309 }
310
311static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
312 {
313 return i2d_DHparams(pkey->pkey.dh, pder);
314 }
315
316static int do_dh_print(BIO *bp, const DH *x, int indent,
317 ASN1_PCTX *ctx, int ptype)
318 {
319 unsigned char *m=NULL;
320 int reason=ERR_R_BUF_LIB,ret=0;
321 size_t buf_len=0;
322
323 const char *ktype = NULL;
324
325 BIGNUM *priv_key, *pub_key;
326
327 if (ptype == 2)
328 priv_key = x->priv_key;
329 else
330 priv_key = NULL;
331
332 if (ptype > 0)
333 pub_key = x->pub_key;
334 else
335 pub_key = NULL;
336
337 update_buflen(x->p, &buf_len);
338
339 if (buf_len == 0)
340 {
341 reason = ERR_R_PASSED_NULL_PARAMETER;
342 goto err;
343 }
344
345 update_buflen(x->g, &buf_len);
346 update_buflen(pub_key, &buf_len);
347 update_buflen(priv_key, &buf_len);
348
349 if (ptype == 2)
350 ktype = "PKCS#3 DH Private-Key";
351 else if (ptype == 1)
352 ktype = "PKCS#3 DH Public-Key";
353 else
354 ktype = "PKCS#3 DH Parameters";
355
356 m= OPENSSL_malloc(buf_len+10);
357 if (m == NULL)
358 {
359 reason=ERR_R_MALLOC_FAILURE;
360 goto err;
361 }
362
363 BIO_indent(bp, indent, 128);
364 if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
365 goto err;
366 indent += 4;
367
368 if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err;
369 if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err;
370
371 if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err;
372 if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err;
373 if (x->length != 0)
374 {
375 BIO_indent(bp, indent, 128);
376 if (BIO_printf(bp,"recommended-private-length: %d bits\n",
377 (int)x->length) <= 0) goto err;
378 }
379
380
381 ret=1;
382 if (0)
383 {
384err:
385 DHerr(DH_F_DO_DH_PRINT,reason);
386 }
387 if (m != NULL) OPENSSL_free(m);
388 return(ret);
389 }
390
391static int int_dh_size(const EVP_PKEY *pkey)
392 {
393 return(DH_size(pkey->pkey.dh));
394 }
395
396static int dh_bits(const EVP_PKEY *pkey)
397 {
398 return BN_num_bits(pkey->pkey.dh->p);
399 }
400
401static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
402 {
403 if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
404 BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
405 return 0;
406 else
407 return 1;
408 }
409
410static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
411 {
412 BIGNUM *a;
413
414 if ((a=BN_dup(from->pkey.dh->p)) == NULL)
415 return 0;
416 if (to->pkey.dh->p != NULL)
417 BN_free(to->pkey.dh->p);
418 to->pkey.dh->p=a;
419
420 if ((a=BN_dup(from->pkey.dh->g)) == NULL)
421 return 0;
422 if (to->pkey.dh->g != NULL)
423 BN_free(to->pkey.dh->g);
424 to->pkey.dh->g=a;
425
426 return 1;
427 }
428
429static int dh_missing_parameters(const EVP_PKEY *a)
430 {
431 if (!a->pkey.dh->p || !a->pkey.dh->g)
432 return 1;
433 return 0;
434 }
435
436static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
437 {
438 if (dh_cmp_parameters(a, b) == 0)
439 return 0;
440 if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0)
441 return 0;
442 else
443 return 1;
444 }
445
446static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
447 ASN1_PCTX *ctx)
448 {
449 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
450 }
451
452static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
453 ASN1_PCTX *ctx)
454 {
455 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
456 }
457
458static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
459 ASN1_PCTX *ctx)
460 {
461 return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
462 }
463
464int DHparams_print(BIO *bp, const DH *x)
465 {
466 return do_dh_print(bp, x, 4, NULL, 0);
467 }
468
469const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
470 {
471 EVP_PKEY_DH,
472 EVP_PKEY_DH,
473 0,
474
475 "DH",
476 "OpenSSL PKCS#3 DH method",
477
478 dh_pub_decode,
479 dh_pub_encode,
480 dh_pub_cmp,
481 dh_public_print,
482
483 dh_priv_decode,
484 dh_priv_encode,
485 dh_private_print,
486
487 int_dh_size,
488 dh_bits,
489
490 dh_param_decode,
491 dh_param_encode,
492 dh_missing_parameters,
493 dh_copy_parameters,
494 dh_cmp_parameters,
495 dh_param_print,
496
497 int_dh_free,
498 0
499 };
500
diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c
new file mode 100644
index 0000000000..0b4357d605
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_asn1.c
@@ -0,0 +1,93 @@
1/* dh_asn1.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63#include <openssl/objects.h>
64#include <openssl/asn1t.h>
65
66/* Override the default free and new methods */
67static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
68 void *exarg)
69{
70 if(operation == ASN1_OP_NEW_PRE) {
71 *pval = (ASN1_VALUE *)DH_new();
72 if(*pval) return 2;
73 return 0;
74 } else if(operation == ASN1_OP_FREE_PRE) {
75 DH_free((DH *)*pval);
76 *pval = NULL;
77 return 2;
78 }
79 return 1;
80}
81
82ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
83 ASN1_SIMPLE(DH, p, BIGNUM),
84 ASN1_SIMPLE(DH, g, BIGNUM),
85 ASN1_OPT(DH, length, ZLONG),
86} ASN1_SEQUENCE_END_cb(DH, DHparams)
87
88IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
89
90DH *DHparams_dup(DH *dh)
91 {
92 return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
93 }
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
new file mode 100644
index 0000000000..066898174e
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -0,0 +1,142 @@
1/* crypto/dh/dh_check.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63
64/* Check that p is a safe prime and
65 * if g is 2, 3 or 5, check that it is a suitable generator
66 * where
67 * for 2, p mod 24 == 11
68 * for 3, p mod 12 == 5
69 * for 5, p mod 10 == 3 or 7
70 * should hold.
71 */
72
73int DH_check(const DH *dh, int *ret)
74 {
75 int ok=0;
76 BN_CTX *ctx=NULL;
77 BN_ULONG l;
78 BIGNUM *q=NULL;
79
80 *ret=0;
81 ctx=BN_CTX_new();
82 if (ctx == NULL) goto err;
83 q=BN_new();
84 if (q == NULL) goto err;
85
86 if (BN_is_word(dh->g,DH_GENERATOR_2))
87 {
88 l=BN_mod_word(dh->p,24);
89 if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
90 }
91#if 0
92 else if (BN_is_word(dh->g,DH_GENERATOR_3))
93 {
94 l=BN_mod_word(dh->p,12);
95 if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
96 }
97#endif
98 else if (BN_is_word(dh->g,DH_GENERATOR_5))
99 {
100 l=BN_mod_word(dh->p,10);
101 if ((l != 3) && (l != 7))
102 *ret|=DH_NOT_SUITABLE_GENERATOR;
103 }
104 else
105 *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
106
107 if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
108 *ret|=DH_CHECK_P_NOT_PRIME;
109 else
110 {
111 if (!BN_rshift1(q,dh->p)) goto err;
112 if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
113 *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
114 }
115 ok=1;
116err:
117 if (ctx != NULL) BN_CTX_free(ctx);
118 if (q != NULL) BN_free(q);
119 return(ok);
120 }
121
122int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
123 {
124 int ok=0;
125 BIGNUM *q=NULL;
126
127 *ret=0;
128 q=BN_new();
129 if (q == NULL) goto err;
130 BN_set_word(q,1);
131 if (BN_cmp(pub_key,q)<=0)
132 *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
133 BN_copy(q,dh->p);
134 BN_sub_word(q,1);
135 if (BN_cmp(pub_key,q)>=0)
136 *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
137
138 ok = 1;
139err:
140 if (q != NULL) BN_free(q);
141 return(ok);
142 }
diff --git a/src/lib/libcrypto/dh/dh_depr.c b/src/lib/libcrypto/dh/dh_depr.c
new file mode 100644
index 0000000000..acc05f252c
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_depr.c
@@ -0,0 +1,83 @@
1/* crypto/dh/dh_depr.c */
2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56
57/* This file contains deprecated functions as wrappers to the new ones */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63
64static void *dummy=&dummy;
65
66#ifndef OPENSSL_NO_DEPRECATED
67DH *DH_generate_parameters(int prime_len, int generator,
68 void (*callback)(int,int,void *), void *cb_arg)
69 {
70 BN_GENCB cb;
71 DH *ret=NULL;
72
73 if((ret=DH_new()) == NULL)
74 return NULL;
75
76 BN_GENCB_set_old(&cb, callback, cb_arg);
77
78 if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))
79 return ret;
80 DH_free(ret);
81 return NULL;
82 }
83#endif
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
new file mode 100644
index 0000000000..d5cf0c22a3
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -0,0 +1,117 @@
1/* crypto/dh/dh_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/dh.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
70
71static ERR_STRING_DATA DH_str_functs[]=
72 {
73{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
74{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
75{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
76{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
77{ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"},
78{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
79{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
80{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"},
81{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"},
82{ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"},
83{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
84{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
85{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
86{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
87{0,NULL}
88 };
89
90static ERR_STRING_DATA DH_str_reasons[]=
91 {
92{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
93{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"},
94{ERR_REASON(DH_R_BN_ERROR) ,"bn error"},
95{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"},
96{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
97{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"},
98{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
99{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"},
100{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
101{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
102{0,NULL}
103 };
104
105#endif
106
107void ERR_load_DH_strings(void)
108 {
109#ifndef OPENSSL_NO_ERR
110
111 if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
112 {
113 ERR_load_strings(0,DH_str_functs);
114 ERR_load_strings(0,DH_str_reasons);
115 }
116#endif
117 }
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
new file mode 100644
index 0000000000..cfd5b11868
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -0,0 +1,175 @@
1/* crypto/dh/dh_gen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* NB: These functions have been upgraded - the previous prototypes are in
60 * dh_depr.c as wrappers to these ones.
61 * - Geoff
62 */
63
64#include <stdio.h>
65#include "cryptlib.h"
66#include <openssl/bn.h>
67#include <openssl/dh.h>
68
69static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
70
71int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
72 {
73 if(ret->meth->generate_params)
74 return ret->meth->generate_params(ret, prime_len, generator, cb);
75 return dh_builtin_genparams(ret, prime_len, generator, cb);
76 }
77
78/* We generate DH parameters as follows
79 * find a prime q which is prime_len/2 bits long.
80 * p=(2*q)+1 or (p-1)/2 = q
81 * For this case, g is a generator if
82 * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
83 * Since the factors of p-1 are q and 2, we just need to check
84 * g^2 mod p != 1 and g^q mod p != 1.
85 *
86 * Having said all that,
87 * there is another special case method for the generators 2, 3 and 5.
88 * for 2, p mod 24 == 11
89 * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
90 * for 5, p mod 10 == 3 or 7
91 *
92 * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
93 * special generators and for answering some of my questions.
94 *
95 * I've implemented the second simple method :-).
96 * Since DH should be using a safe prime (both p and q are prime),
97 * this generator function can take a very very long time to run.
98 */
99/* Actually there is no reason to insist that 'generator' be a generator.
100 * It's just as OK (and in some sense better) to use a generator of the
101 * order-q subgroup.
102 */
103static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
104 {
105 BIGNUM *t1,*t2;
106 int g,ok= -1;
107 BN_CTX *ctx=NULL;
108
109 ctx=BN_CTX_new();
110 if (ctx == NULL) goto err;
111 BN_CTX_start(ctx);
112 t1 = BN_CTX_get(ctx);
113 t2 = BN_CTX_get(ctx);
114 if (t1 == NULL || t2 == NULL) goto err;
115
116 /* Make sure 'ret' has the necessary elements */
117 if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
118 if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
119
120 if (generator <= 1)
121 {
122 DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
123 goto err;
124 }
125 if (generator == DH_GENERATOR_2)
126 {
127 if (!BN_set_word(t1,24)) goto err;
128 if (!BN_set_word(t2,11)) goto err;
129 g=2;
130 }
131#if 0 /* does not work for safe primes */
132 else if (generator == DH_GENERATOR_3)
133 {
134 if (!BN_set_word(t1,12)) goto err;
135 if (!BN_set_word(t2,5)) goto err;
136 g=3;
137 }
138#endif
139 else if (generator == DH_GENERATOR_5)
140 {
141 if (!BN_set_word(t1,10)) goto err;
142 if (!BN_set_word(t2,3)) goto err;
143 /* BN_set_word(t3,7); just have to miss
144 * out on these ones :-( */
145 g=5;
146 }
147 else
148 {
149 /* in the general case, don't worry if 'generator' is a
150 * generator or not: since we are using safe primes,
151 * it will generate either an order-q or an order-2q group,
152 * which both is OK */
153 if (!BN_set_word(t1,2)) goto err;
154 if (!BN_set_word(t2,1)) goto err;
155 g=generator;
156 }
157
158 if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
159 if(!BN_GENCB_call(cb, 3, 0)) goto err;
160 if (!BN_set_word(ret->g,g)) goto err;
161 ok=1;
162err:
163 if (ok == -1)
164 {
165 DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
166 ok=0;
167 }
168
169 if (ctx != NULL)
170 {
171 BN_CTX_end(ctx);
172 BN_CTX_free(ctx);
173 }
174 return ok;
175 }
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
new file mode 100644
index 0000000000..e7db440342
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -0,0 +1,263 @@
1/* crypto/dh/dh_key.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/rand.h>
63#include <openssl/dh.h>
64
65static int generate_key(DH *dh);
66static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
67static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
68 const BIGNUM *a, const BIGNUM *p,
69 const BIGNUM *m, BN_CTX *ctx,
70 BN_MONT_CTX *m_ctx);
71static int dh_init(DH *dh);
72static int dh_finish(DH *dh);
73
74int DH_generate_key(DH *dh)
75 {
76 return dh->meth->generate_key(dh);
77 }
78
79int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
80 {
81 return dh->meth->compute_key(key, pub_key, dh);
82 }
83
84static DH_METHOD dh_ossl = {
85"OpenSSL DH Method",
86generate_key,
87compute_key,
88dh_bn_mod_exp,
89dh_init,
90dh_finish,
910,
92NULL,
93NULL
94};
95
96const DH_METHOD *DH_OpenSSL(void)
97{
98 return &dh_ossl;
99}
100
101static int generate_key(DH *dh)
102 {
103 int ok=0;
104 int generate_new_key=0;
105 unsigned l;
106 BN_CTX *ctx;
107 BN_MONT_CTX *mont=NULL;
108 BIGNUM *pub_key=NULL,*priv_key=NULL;
109
110 ctx = BN_CTX_new();
111 if (ctx == NULL) goto err;
112
113 if (dh->priv_key == NULL)
114 {
115 priv_key=BN_new();
116 if (priv_key == NULL) goto err;
117 generate_new_key=1;
118 }
119 else
120 priv_key=dh->priv_key;
121
122 if (dh->pub_key == NULL)
123 {
124 pub_key=BN_new();
125 if (pub_key == NULL) goto err;
126 }
127 else
128 pub_key=dh->pub_key;
129
130
131 if (dh->flags & DH_FLAG_CACHE_MONT_P)
132 {
133 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
134 CRYPTO_LOCK_DH, dh->p, ctx);
135 if (!mont)
136 goto err;
137 }
138
139 if (generate_new_key)
140 {
141 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
142 if (!BN_rand(priv_key, l, 0, 0)) goto err;
143 }
144
145 {
146 BIGNUM local_prk;
147 BIGNUM *prk;
148
149 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
150 {
151 BN_init(&local_prk);
152 prk = &local_prk;
153 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
154 }
155 else
156 prk = priv_key;
157
158 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
159 }
160
161 dh->pub_key=pub_key;
162 dh->priv_key=priv_key;
163 ok=1;
164err:
165 if (ok != 1)
166 DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
167
168 if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
169 if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
170 BN_CTX_free(ctx);
171 return(ok);
172 }
173
174static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
175 {
176 BN_CTX *ctx=NULL;
177 BN_MONT_CTX *mont=NULL;
178 BIGNUM *tmp;
179 int ret= -1;
180 int check_result;
181
182 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
183 {
184 DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
185 goto err;
186 }
187
188 ctx = BN_CTX_new();
189 if (ctx == NULL) goto err;
190 BN_CTX_start(ctx);
191 tmp = BN_CTX_get(ctx);
192
193 if (dh->priv_key == NULL)
194 {
195 DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
196 goto err;
197 }
198
199 if (dh->flags & DH_FLAG_CACHE_MONT_P)
200 {
201 mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
202 CRYPTO_LOCK_DH, dh->p, ctx);
203 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
204 {
205 /* XXX */
206 BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
207 }
208 if (!mont)
209 goto err;
210 }
211
212 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
213 {
214 DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
215 goto err;
216 }
217
218 if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
219 {
220 DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
221 goto err;
222 }
223
224 ret=BN_bn2bin(tmp,key);
225err:
226 if (ctx != NULL)
227 {
228 BN_CTX_end(ctx);
229 BN_CTX_free(ctx);
230 }
231 return(ret);
232 }
233
234static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
235 const BIGNUM *a, const BIGNUM *p,
236 const BIGNUM *m, BN_CTX *ctx,
237 BN_MONT_CTX *m_ctx)
238 {
239 /* If a is only one word long and constant time is false, use the faster
240 * exponenentiation function.
241 */
242 if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
243 {
244 BN_ULONG A = a->d[0];
245 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
246 }
247 else
248 return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
249 }
250
251
252static int dh_init(DH *dh)
253 {
254 dh->flags |= DH_FLAG_CACHE_MONT_P;
255 return(1);
256 }
257
258static int dh_finish(DH *dh)
259 {
260 if(dh->method_mont_p)
261 BN_MONT_CTX_free(dh->method_mont_p);
262 return(1);
263 }
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
new file mode 100644
index 0000000000..7aef080e7a
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -0,0 +1,247 @@
1/* crypto/dh/dh_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/dh.h>
63#ifndef OPENSSL_NO_ENGINE
64#include <openssl/engine.h>
65#endif
66
67const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
68
69static const DH_METHOD *default_DH_method = NULL;
70
71void DH_set_default_method(const DH_METHOD *meth)
72 {
73 default_DH_method = meth;
74 }
75
76const DH_METHOD *DH_get_default_method(void)
77 {
78 if(!default_DH_method)
79 default_DH_method = DH_OpenSSL();
80 return default_DH_method;
81 }
82
83int DH_set_method(DH *dh, const DH_METHOD *meth)
84 {
85 /* NB: The caller is specifically setting a method, so it's not up to us
86 * to deal with which ENGINE it comes from. */
87 const DH_METHOD *mtmp;
88 mtmp = dh->meth;
89 if (mtmp->finish) mtmp->finish(dh);
90#ifndef OPENSSL_NO_ENGINE
91 if (dh->engine)
92 {
93 ENGINE_finish(dh->engine);
94 dh->engine = NULL;
95 }
96#endif
97 dh->meth = meth;
98 if (meth->init) meth->init(dh);
99 return 1;
100 }
101
102DH *DH_new(void)
103 {
104 return DH_new_method(NULL);
105 }
106
107DH *DH_new_method(ENGINE *engine)
108 {
109 DH *ret;
110
111 ret=(DH *)OPENSSL_malloc(sizeof(DH));
112 if (ret == NULL)
113 {
114 DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
115 return(NULL);
116 }
117
118 ret->meth = DH_get_default_method();
119#ifndef OPENSSL_NO_ENGINE
120 if (engine)
121 {
122 if (!ENGINE_init(engine))
123 {
124 DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
125 OPENSSL_free(ret);
126 return NULL;
127 }
128 ret->engine = engine;
129 }
130 else
131 ret->engine = ENGINE_get_default_DH();
132 if(ret->engine)
133 {
134 ret->meth = ENGINE_get_DH(ret->engine);
135 if(!ret->meth)
136 {
137 DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
138 ENGINE_finish(ret->engine);
139 OPENSSL_free(ret);
140 return NULL;
141 }
142 }
143#endif
144
145 ret->pad=0;
146 ret->version=0;
147 ret->p=NULL;
148 ret->g=NULL;
149 ret->length=0;
150 ret->pub_key=NULL;
151 ret->priv_key=NULL;
152 ret->q=NULL;
153 ret->j=NULL;
154 ret->seed = NULL;
155 ret->seedlen = 0;
156 ret->counter = NULL;
157 ret->method_mont_p=NULL;
158 ret->references = 1;
159 ret->flags=ret->meth->flags;
160 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
161 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
162 {
163#ifndef OPENSSL_NO_ENGINE
164 if (ret->engine)
165 ENGINE_finish(ret->engine);
166#endif
167 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
168 OPENSSL_free(ret);
169 ret=NULL;
170 }
171 return(ret);
172 }
173
174void DH_free(DH *r)
175 {
176 int i;
177 if(r == NULL) return;
178 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
179#ifdef REF_PRINT
180 REF_PRINT("DH",r);
181#endif
182 if (i > 0) return;
183#ifdef REF_CHECK
184 if (i < 0)
185 {
186 fprintf(stderr,"DH_free, bad reference count\n");
187 abort();
188 }
189#endif
190
191 if (r->meth->finish)
192 r->meth->finish(r);
193#ifndef OPENSSL_NO_ENGINE
194 if (r->engine)
195 ENGINE_finish(r->engine);
196#endif
197
198 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
199
200 if (r->p != NULL) BN_clear_free(r->p);
201 if (r->g != NULL) BN_clear_free(r->g);
202 if (r->q != NULL) BN_clear_free(r->q);
203 if (r->j != NULL) BN_clear_free(r->j);
204 if (r->seed) OPENSSL_free(r->seed);
205 if (r->counter != NULL) BN_clear_free(r->counter);
206 if (r->pub_key != NULL) BN_clear_free(r->pub_key);
207 if (r->priv_key != NULL) BN_clear_free(r->priv_key);
208 OPENSSL_free(r);
209 }
210
211int DH_up_ref(DH *r)
212 {
213 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
214#ifdef REF_PRINT
215 REF_PRINT("DH",r);
216#endif
217#ifdef REF_CHECK
218 if (i < 2)
219 {
220 fprintf(stderr, "DH_up, bad reference count\n");
221 abort();
222 }
223#endif
224 return ((i > 1) ? 1 : 0);
225 }
226
227int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
228 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
229 {
230 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
231 new_func, dup_func, free_func);
232 }
233
234int DH_set_ex_data(DH *d, int idx, void *arg)
235 {
236 return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
237 }
238
239void *DH_get_ex_data(DH *d, int idx)
240 {
241 return(CRYPTO_get_ex_data(&d->ex_data,idx));
242 }
243
244int DH_size(const DH *dh)
245 {
246 return(BN_num_bytes(dh->p));
247 }
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
new file mode 100644
index 0000000000..5ae72b7d4c
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -0,0 +1,254 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2006.
3 */
4/* ====================================================================
5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include "cryptlib.h"
60#include <openssl/asn1t.h>
61#include <openssl/x509.h>
62#include <openssl/evp.h>
63#include <openssl/dh.h>
64#include <openssl/bn.h>
65#include "evp_locl.h"
66
67/* DH pkey context structure */
68
69typedef struct
70 {
71 /* Parameter gen parameters */
72 int prime_len;
73 int generator;
74 int use_dsa;
75 /* Keygen callback info */
76 int gentmp[2];
77 /* message digest */
78 } DH_PKEY_CTX;
79
80static int pkey_dh_init(EVP_PKEY_CTX *ctx)
81 {
82 DH_PKEY_CTX *dctx;
83 dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
84 if (!dctx)
85 return 0;
86 dctx->prime_len = 1024;
87 dctx->generator = 2;
88 dctx->use_dsa = 0;
89
90 ctx->data = dctx;
91 ctx->keygen_info = dctx->gentmp;
92 ctx->keygen_info_count = 2;
93
94 return 1;
95 }
96
97static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
98 {
99 DH_PKEY_CTX *dctx, *sctx;
100 if (!pkey_dh_init(dst))
101 return 0;
102 sctx = src->data;
103 dctx = dst->data;
104 dctx->prime_len = sctx->prime_len;
105 dctx->generator = sctx->generator;
106 dctx->use_dsa = sctx->use_dsa;
107 return 1;
108 }
109
110static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
111 {
112 DH_PKEY_CTX *dctx = ctx->data;
113 if (dctx)
114 OPENSSL_free(dctx);
115 }
116
117static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
118 {
119 DH_PKEY_CTX *dctx = ctx->data;
120 switch (type)
121 {
122 case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
123 if (p1 < 256)
124 return -2;
125 dctx->prime_len = p1;
126 return 1;
127
128 case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
129 dctx->generator = p1;
130 return 1;
131
132 case EVP_PKEY_CTRL_PEER_KEY:
133 /* Default behaviour is OK */
134 return 1;
135
136 default:
137 return -2;
138
139 }
140 }
141
142
143static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
144 const char *type, const char *value)
145 {
146 if (!strcmp(type, "dh_paramgen_prime_len"))
147 {
148 int len;
149 len = atoi(value);
150 return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
151 }
152 if (!strcmp(type, "dh_paramgen_generator"))
153 {
154 int len;
155 len = atoi(value);
156 return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
157 }
158 return -2;
159 }
160
161static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
162 {
163 DH *dh = NULL;
164 DH_PKEY_CTX *dctx = ctx->data;
165 BN_GENCB *pcb, cb;
166 int ret;
167 if (ctx->pkey_gencb)
168 {
169 pcb = &cb;
170 evp_pkey_set_cb_translate(pcb, ctx);
171 }
172 else
173 pcb = NULL;
174 dh = DH_new();
175 if (!dh)
176 return 0;
177 ret = DH_generate_parameters_ex(dh,
178 dctx->prime_len, dctx->generator, pcb);
179 if (ret)
180 EVP_PKEY_assign_DH(pkey, dh);
181 else
182 DH_free(dh);
183 return ret;
184 }
185
186static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
187 {
188 DH *dh = NULL;
189 if (ctx->pkey == NULL)
190 {
191 DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
192 return 0;
193 }
194 dh = DH_new();
195 if (!dh)
196 return 0;
197 EVP_PKEY_assign_DH(pkey, dh);
198 /* Note: if error return, pkey is freed by parent routine */
199 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
200 return 0;
201 return DH_generate_key(pkey->pkey.dh);
202 }
203
204static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
205 {
206 int ret;
207 if (!ctx->pkey || !ctx->peerkey)
208 {
209 DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
210 return 0;
211 }
212 ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
213 ctx->pkey->pkey.dh);
214 if (ret < 0)
215 return ret;
216 *keylen = ret;
217 return 1;
218 }
219
220const EVP_PKEY_METHOD dh_pkey_meth =
221 {
222 EVP_PKEY_DH,
223 EVP_PKEY_FLAG_AUTOARGLEN,
224 pkey_dh_init,
225 pkey_dh_copy,
226 pkey_dh_cleanup,
227
228 0,
229 pkey_dh_paramgen,
230
231 0,
232 pkey_dh_keygen,
233
234 0,
235 0,
236
237 0,
238 0,
239
240 0,0,
241
242 0,0,0,0,
243
244 0,0,
245
246 0,0,
247
248 0,
249 pkey_dh_derive,
250
251 pkey_dh_ctrl,
252 pkey_dh_ctrl_str
253
254 };
diff --git a/src/lib/libcrypto/dh/dh_prn.c b/src/lib/libcrypto/dh/dh_prn.c
new file mode 100644
index 0000000000..ae58c2ac87
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_prn.c
@@ -0,0 +1,80 @@
1/* crypto/asn1/t_pkey.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/evp.h>
62#include <openssl/dh.h>
63
64#ifndef OPENSSL_NO_FP_API
65int DHparams_print_fp(FILE *fp, const DH *x)
66 {
67 BIO *b;
68 int ret;
69
70 if ((b=BIO_new(BIO_s_file())) == NULL)
71 {
72 DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
73 return(0);
74 }
75 BIO_set_fp(b,fp,BIO_NOCLOSE);
76 ret=DHparams_print(b, x);
77 BIO_free(b);
78 return(ret);
79 }
80#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 11:52:53 +0000