From 6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda Mon Sep 17 00:00:00 2001 From: djm <> Date: Sat, 6 Sep 2008 12:17:54 +0000 Subject: resolve conflicts --- src/lib/libcrypto/dh/dh.h | 55 +++++++++++++++++++++++++---------------- src/lib/libcrypto/dh/dh_check.c | 10 +++----- src/lib/libcrypto/dh/dh_err.c | 18 +++++++------- src/lib/libcrypto/dh/dh_gen.c | 50 ++++++++++++++++++------------------- src/lib/libcrypto/dh/dh_key.c | 37 +++++++++++++-------------- src/lib/libcrypto/dh/dh_lib.c | 2 +- src/lib/libcrypto/dh/dhtest.c | 28 ++++++++++++++------- 7 files changed, 108 insertions(+), 92 deletions(-) (limited to 'src/lib/libcrypto/dh') diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h index 582b34329f..0afabc7dd3 100644 --- a/src/lib/libcrypto/dh/dh.h +++ b/src/lib/libcrypto/dh/dh.h @@ -59,6 +59,8 @@ #ifndef HEADER_DH_H #define HEADER_DH_H +#include + #ifdef OPENSSL_NO_DH #error DH is disabled. #endif @@ -66,11 +68,14 @@ #ifndef OPENSSL_NO_BIO #include #endif -#include -#include #include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif -#define OPENSSL_DH_MAX_MODULUS_BITS 10000 +#ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +#endif #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH @@ -85,9 +90,12 @@ extern "C" { #endif -typedef struct dh_st DH; +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ -typedef struct dh_method { +struct dh_method + { const char *name; /* Methods here */ int (*generate_key)(DH *dh); @@ -100,7 +108,9 @@ typedef struct dh_method { int (*finish)(DH *dh); int flags; char *app_data; -} DH_METHOD; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); + }; struct dh_st { @@ -115,7 +125,7 @@ struct dh_st BIGNUM *priv_key; /* x */ int flags; - char *method_mont_p; + BN_MONT_CTX *method_mont_p; /* Place holders if we want to do X9.42 DH */ BIGNUM *q; BIGNUM *j; @@ -147,21 +157,13 @@ struct dh_st this for backward compatibility: */ #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ - (char *(*)())d2i_DHparams,(char *)(x)) +#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ (unsigned char *)(x)) -#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x)) -#ifdef __cplusplus -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \ - (unsigned char *)(x)) -#else -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \ - (unsigned char *)(x)) -#endif +#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) +#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) const DH_METHOD *DH_OpenSSL(void); @@ -178,8 +180,16 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED DH * DH_generate_parameters(int prime_len,int generator, void (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); + int DH_check(const DH *dh,int *codes); int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); int DH_generate_key(DH *dh); @@ -204,15 +214,18 @@ void ERR_load_DH_strings(void); /* Error codes for the DH functions. */ /* Function codes. */ +#define DH_F_COMPUTE_KEY 102 #define DH_F_DHPARAMS_PRINT 100 #define DH_F_DHPARAMS_PRINT_FP 101 -#define DH_F_DH_COMPUTE_KEY 102 -#define DH_F_DH_GENERATE_KEY 103 -#define DH_F_DH_GENERATE_PARAMETERS 104 +#define DH_F_DH_BUILTIN_GENPARAMS 106 #define DH_F_DH_NEW_METHOD 105 +#define DH_F_GENERATE_KEY 103 +#define DH_F_GENERATE_PARAMETERS 104 /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 +#define DH_R_INVALID_PUBKEY 102 +#define DH_R_MODULUS_TOO_LARGE 103 #define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_INVALID_PUBKEY 102 #define DH_R_MODULUS_TOO_LARGE 103 diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c index 17debff62d..b846913004 100644 --- a/src/lib/libcrypto/dh/dh_check.c +++ b/src/lib/libcrypto/dh/dh_check.c @@ -62,7 +62,7 @@ #include /* Check that p is a safe prime and - * if g is 2, 3 or 5, check that is is a suitable generator + * if g is 2, 3 or 5, check that it is a suitable generator * where * for 2, p mod 24 == 11 * for 3, p mod 12 == 5 @@ -70,8 +70,6 @@ * should hold. */ -#ifndef OPENSSL_FIPS - int DH_check(const DH *dh, int *ret) { int ok=0; @@ -106,12 +104,12 @@ int DH_check(const DH *dh, int *ret) else *ret|=DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) + if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) *ret|=DH_CHECK_P_NOT_PRIME; else { if (!BN_rshift1(q,dh->p)) goto err; - if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) + if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) *ret|=DH_CHECK_P_NOT_SAFE_PRIME; } ok=1; @@ -142,5 +140,3 @@ err: if (q != NULL) BN_free(q); return(ok); } - -#endif diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c index 611067ef4a..b2361c7389 100644 --- a/src/lib/libcrypto/dh/dh_err.c +++ b/src/lib/libcrypto/dh/dh_err.c @@ -70,18 +70,21 @@ static ERR_STRING_DATA DH_str_functs[]= { +{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, -{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, +{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, +{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, +{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, {0,NULL} }; static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, +{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, @@ -92,15 +95,12 @@ static ERR_STRING_DATA DH_str_reasons[]= void ERR_load_DH_strings(void) { - static int init=1; +#ifndef OPENSSL_NO_ERR - if (init) + if (ERR_func_error_string(DH_str_functs[0].error) == NULL) { - init=0; -#ifndef OPENSSL_NO_ERR ERR_load_strings(0,DH_str_functs); ERR_load_strings(0,DH_str_reasons); -#endif - } +#endif } diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index 23777f5a16..cfd5b11868 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c @@ -56,11 +56,25 @@ * [including the GNU Public Licence.] */ +/* NB: These functions have been upgraded - the previous prototypes are in + * dh_depr.c as wrappers to these ones. + * - Geoff + */ + #include #include "cryptlib.h" #include #include +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); + +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) + { + if(ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + /* We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q @@ -86,29 +100,26 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ - -#ifndef OPENSSL_FIPS - -DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) { - BIGNUM *p=NULL,*t1,*t2; - DH *ret=NULL; + BIGNUM *t1,*t2; int g,ok= -1; BN_CTX *ctx=NULL; - ret=DH_new(); - if (ret == NULL) goto err; ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx); if (t1 == NULL || t2 == NULL) goto err; + + /* Make sure 'ret' has the necessary elements */ + if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; + if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; if (generator <= 1) { - DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR); + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); goto err; } if (generator == DH_GENERATOR_2) @@ -144,18 +155,14 @@ DH *DH_generate_parameters(int prime_len, int generator, g=generator; } - p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); - if (p == NULL) goto err; - if (callback != NULL) callback(3,0,cb_arg); - ret->p=p; - ret->g=BN_new(); - if (ret->g == NULL) goto err; + if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; + if(!BN_GENCB_call(cb, 3, 0)) goto err; if (!BN_set_word(ret->g,g)) goto err; ok=1; err: if (ok == -1) { - DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB); + DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); ok=0; } @@ -164,12 +171,5 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (!ok && (ret != NULL)) - { - DH_free(ret); - ret=NULL; - } - return(ret); + return ok; } - -#endif diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 74de589204..e7db440342 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c @@ -62,8 +62,6 @@ #include #include -#ifndef OPENSSL_FIPS - static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, @@ -91,6 +89,7 @@ dh_bn_mod_exp, dh_init, dh_finish, 0, +NULL, NULL }; @@ -131,8 +130,7 @@ static int generate_key(DH *dh) if (dh->flags & DH_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked( - (BN_MONT_CTX **)&dh->method_mont_p, + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, CRYPTO_LOCK_DH, dh->p, ctx); if (!mont) goto err; @@ -152,7 +150,7 @@ static int generate_key(DH *dh) { BN_init(&local_prk); prk = &local_prk; - BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); } else prk = priv_key; @@ -165,7 +163,7 @@ static int generate_key(DH *dh) ok=1; err: if (ok != 1) - DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB); + DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); @@ -175,16 +173,16 @@ err: static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - BN_CTX *ctx; + BN_CTX *ctx=NULL; BN_MONT_CTX *mont=NULL; BIGNUM *tmp; int ret= -1; - int check_result; + int check_result; if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { - DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); - return -1; + DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); + goto err; } ctx = BN_CTX_new(); @@ -194,31 +192,32 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (dh->priv_key == NULL) { - DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); + DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); goto err; } if (dh->flags & DH_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked( - (BN_MONT_CTX **)&dh->method_mont_p, + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, CRYPTO_LOCK_DH, dh->p, ctx); if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { /* XXX */ - BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME); + BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); } if (!mont) goto err; } - if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) + + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) { - DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY); + DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); goto err; } + if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) { - DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); + DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); goto err; } @@ -259,8 +258,6 @@ static int dh_init(DH *dh) static int dh_finish(DH *dh) { if(dh->method_mont_p) - BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); + BN_MONT_CTX_free(dh->method_mont_p); return(1); } - -#endif diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c index 09965ee2ea..7aef080e7a 100644 --- a/src/lib/libcrypto/dh/dh_lib.c +++ b/src/lib/libcrypto/dh/dh_lib.c @@ -64,7 +64,7 @@ #include #endif -const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; +const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT; static const DH_METHOD *default_DH_method = NULL; diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c index b76dede771..882f5c310a 100644 --- a/src/lib/libcrypto/dh/dhtest.c +++ b/src/lib/libcrypto/dh/dhtest.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include @@ -83,12 +89,13 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK cb(int p, int n, void *arg); +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int main(int argc, char *argv[]) { + BN_GENCB _cb; DH *a; DH *b=NULL; char buf[12]; @@ -110,8 +117,10 @@ int main(int argc, char *argv[]) if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); - a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); - if (a == NULL) goto err; + BN_GENCB_set(&_cb, &cb, out); + if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, &_cb)) + goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) @@ -192,14 +201,14 @@ err: if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); - CRYPTO_mem_leaks_fp(stderr); +#ifdef OPENSSL_SYS_NETWARE + if (ret) printf("ERROR: %d\n", ret); +#endif EXIT(ret); return(ret); } -static void MS_CALLBACK cb(int p, int n, void *arg) +static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) { char c='*'; @@ -207,10 +216,11 @@ static void MS_CALLBACK cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); #ifdef LINT p=n; #endif + return 1; } #endif -- cgit v1.2.3-55-g6feb