From 86c49b31af735796dfde37aa29473a30d36367db Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Sat, 23 Jul 2016 19:31:36 +0000 Subject: This commit was manufactured by cvs2git to create tag 'OPENBSD_6_0_BASE'. --- src/lib/libcrypto/dh/dh.h | 271 ---------------------- src/lib/libcrypto/dh/dh_ameth.c | 493 ---------------------------------------- src/lib/libcrypto/dh/dh_asn1.c | 143 ------------ src/lib/libcrypto/dh/dh_check.c | 139 ----------- src/lib/libcrypto/dh/dh_depr.c | 83 ------- src/lib/libcrypto/dh/dh_err.c | 125 ---------- src/lib/libcrypto/dh/dh_gen.c | 179 --------------- src/lib/libcrypto/dh/dh_key.c | 251 -------------------- src/lib/libcrypto/dh/dh_lib.c | 241 -------------------- src/lib/libcrypto/dh/dh_pmeth.c | 264 --------------------- src/lib/libcrypto/dh/dh_prn.c | 79 ------- 11 files changed, 2268 deletions(-) delete mode 100644 src/lib/libcrypto/dh/dh.h delete mode 100644 src/lib/libcrypto/dh/dh_ameth.c delete mode 100644 src/lib/libcrypto/dh/dh_asn1.c delete mode 100644 src/lib/libcrypto/dh/dh_check.c delete mode 100644 src/lib/libcrypto/dh/dh_depr.c delete mode 100644 src/lib/libcrypto/dh/dh_err.c delete mode 100644 src/lib/libcrypto/dh/dh_gen.c delete mode 100644 src/lib/libcrypto/dh/dh_key.c delete mode 100644 src/lib/libcrypto/dh/dh_lib.c delete mode 100644 src/lib/libcrypto/dh/dh_pmeth.c delete mode 100644 src/lib/libcrypto/dh/dh_prn.c (limited to 'src/lib/libcrypto/dh') diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h deleted file mode 100644 index 631cd5c685..0000000000 --- a/src/lib/libcrypto/dh/dh.h +++ /dev/null @@ -1,271 +0,0 @@ -/* $OpenBSD: dh.h,v 1.17 2016/06/30 02:02:06 bcook Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_DH_H -#define HEADER_DH_H - -#include - -#ifdef OPENSSL_NO_DH -#error DH is disabled. -#endif - -#ifndef OPENSSL_NO_BIO -#include -#endif -#include -#ifndef OPENSSL_NO_DEPRECATED -#include -#endif - -#ifndef OPENSSL_DH_MAX_MODULUS_BITS -# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -#endif - -#define DH_FLAG_CACHE_MONT_P 0x01 - -/* If this flag is set the DH method is FIPS compliant and can be used - * in FIPS mode. This is set in the validated module method. If an - * application sets this flag in its own methods it is its reposibility - * to ensure the result is compliant. - */ - -#define DH_FLAG_FIPS_METHOD 0x0400 - -/* If this flag is set the operations normally disabled in FIPS mode are - * permitted it is then the applications responsibility to ensure that the - * usage is compliant. - */ - -#define DH_FLAG_NON_FIPS_ALLOW 0x0400 - -#ifdef __cplusplus -extern "C" { -#endif - -/* Already defined in ossl_typ.h */ -/* typedef struct dh_st DH; */ -/* typedef struct dh_method DH_METHOD; */ - -struct dh_method - { - const char *name; - /* Methods here */ - int (*generate_key)(DH *dh); - int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); - int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ - - int (*init)(DH *dh); - int (*finish)(DH *dh); - int flags; - char *app_data; - /* If this is non-NULL, it will be used to generate parameters */ - int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); - }; - -struct dh_st - { - /* This first argument is used to pick up errors when - * a DH is passed instead of a EVP_PKEY */ - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - long length; /* optional */ - BIGNUM *pub_key; /* g^x */ - BIGNUM *priv_key; /* x */ - - int flags; - BN_MONT_CTX *method_mont_p; - /* Place holders if we want to do X9.42 DH */ - BIGNUM *q; - BIGNUM *j; - unsigned char *seed; - int seedlen; - BIGNUM *counter; - - int references; - CRYPTO_EX_DATA ex_data; - const DH_METHOD *meth; - ENGINE *engine; - }; - -#define DH_GENERATOR_2 2 -/* #define DH_GENERATOR_3 3 */ -#define DH_GENERATOR_5 5 - -/* DH_check error codes */ -#define DH_CHECK_P_NOT_PRIME 0x01 -#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 -#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 -#define DH_NOT_SUITABLE_GENERATOR 0x08 - -/* DH_check_pub_key error codes */ -#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 -#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 - -/* primes p where (p-1)/2 is prime too are called "safe"; we define - this for backward compatibility: */ -#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME - -#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ - (unsigned char *)(x)) -#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) - -DH *DHparams_dup(DH *); - -const DH_METHOD *DH_OpenSSL(void); - -void DH_set_default_method(const DH_METHOD *meth); -const DH_METHOD *DH_get_default_method(void); -int DH_set_method(DH *dh, const DH_METHOD *meth); -DH *DH_new_method(ENGINE *engine); - -DH * DH_new(void); -void DH_free(DH *dh); -int DH_up_ref(DH *dh); -int DH_size(const DH *dh); -int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int DH_set_ex_data(DH *d, int idx, void *arg); -void *DH_get_ex_data(DH *d, int idx); - -/* Deprecated version */ -#ifndef OPENSSL_NO_DEPRECATED -DH * DH_generate_parameters(int prime_len,int generator, - void (*callback)(int,int,void *),void *cb_arg); -#endif /* !defined(OPENSSL_NO_DEPRECATED) */ - -/* New version */ -int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); - -int DH_check(const DH *dh,int *codes); -int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); -int DH_generate_key(DH *dh); -int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); -DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); -int i2d_DHparams(const DH *a,unsigned char **pp); -int DHparams_print_fp(FILE *fp, const DH *x); -#ifndef OPENSSL_NO_BIO -int DHparams_print(BIO *bp, const DH *x); -#else -int DHparams_print(char *bp, const DH *x); -#endif - -#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) - -#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) - -#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) -#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) - - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_DH_strings(void); - -/* Error codes for the DH functions. */ - -/* Function codes. */ -#define DH_F_COMPUTE_KEY 102 -#define DH_F_DHPARAMS_PRINT_FP 101 -#define DH_F_DH_BUILTIN_GENPARAMS 106 -#define DH_F_DH_COMPUTE_KEY 114 -#define DH_F_DH_GENERATE_KEY 115 -#define DH_F_DH_GENERATE_PARAMETERS_EX 116 -#define DH_F_DH_NEW_METHOD 105 -#define DH_F_DH_PARAM_DECODE 107 -#define DH_F_DH_PRIV_DECODE 110 -#define DH_F_DH_PRIV_ENCODE 111 -#define DH_F_DH_PUB_DECODE 108 -#define DH_F_DH_PUB_ENCODE 109 -#define DH_F_DO_DH_PRINT 100 -#define DH_F_GENERATE_KEY 103 -#define DH_F_GENERATE_PARAMETERS 104 -#define DH_F_PKEY_DH_DERIVE 112 -#define DH_F_PKEY_DH_KEYGEN 113 - -/* Reason codes. */ -#define DH_R_BAD_GENERATOR 101 -#define DH_R_BN_DECODE_ERROR 109 -#define DH_R_BN_ERROR 106 -#define DH_R_DECODE_ERROR 104 -#define DH_R_INVALID_PUBKEY 102 -#define DH_R_KEYS_NOT_SET 108 -#define DH_R_KEY_SIZE_TOO_SMALL 110 -#define DH_R_MODULUS_TOO_LARGE 103 -#define DH_R_NON_FIPS_METHOD 111 -#define DH_R_NO_PARAMETERS_SET 107 -#define DH_R_NO_PRIVATE_VALUE 100 -#define DH_R_PARAMETER_ENCODING_ERROR 105 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c deleted file mode 100644 index 24c8bb25ec..0000000000 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ /dev/null @@ -1,493 +0,0 @@ -/* $OpenBSD: dh_ameth.c,v 1.13 2015/01/08 01:44:29 doug Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include -#include -#include -#include -#include - -#include "asn1_locl.h" - -static void -int_dh_free(EVP_PKEY *pkey) -{ - DH_free(pkey->pkey.dh); -} - -static int -dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) -{ - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - void *pval; - ASN1_STRING *pstr; - X509_ALGOR *palg; - ASN1_INTEGER *public_key = NULL; - DH *dh = NULL; - - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) - return 0; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype != V_ASN1_SEQUENCE) { - DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); - goto err; - } - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - - if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) { - DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); - goto err; - } - - if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) { - DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); - goto err; - } - - /* We have parameters now set public key */ - if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { - DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); - goto err; - } - - ASN1_INTEGER_free(public_key); - EVP_PKEY_assign_DH(pkey, dh); - return 1; - -err: - if (public_key) - ASN1_INTEGER_free(public_key); - DH_free(dh); - return 0; -} - -static int -dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) -{ - DH *dh; - int ptype; - unsigned char *penc = NULL; - int penclen; - ASN1_STRING *str; - ASN1_INTEGER *pub_key = NULL; - - dh=pkey->pkey.dh; - - str = ASN1_STRING_new(); - if (str == NULL) { - DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - - str->length = i2d_DHparams(dh, &str->data); - if (str->length <= 0) { - DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - ptype = V_ASN1_SEQUENCE; - - pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); - if (!pub_key) - goto err; - - penclen = i2d_ASN1_INTEGER(pub_key, &penc); - - ASN1_INTEGER_free(pub_key); - - if (penclen <= 0) { - DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype, - (void *)str, penc, penclen)) - return 1; - -err: - free(penc); - ASN1_STRING_free(str); - - return 0; -} - -/* - * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in - * that the AlgorithmIdentifier contains the paramaters, the private key - * is explcitly included and the pubkey must be recalculated. - */ - -static int -dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) -{ - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - void *pval; - ASN1_STRING *pstr; - X509_ALGOR *palg; - ASN1_INTEGER *privkey = NULL; - DH *dh = NULL; - - if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) - return 0; - - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype != V_ASN1_SEQUENCE) - goto decerr; - - if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) - goto decerr; - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) - goto decerr; - /* We have parameters now set private key */ - if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { - DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR); - goto dherr; - } - /* Calculate public key */ - if (!DH_generate_key(dh)) - goto dherr; - - EVP_PKEY_assign_DH(pkey, dh); - - ASN1_INTEGER_free(privkey); - - return 1; - -decerr: - DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); -dherr: - DH_free(dh); - return 0; -} - -static int -dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) -{ - ASN1_STRING *params = NULL; - ASN1_INTEGER *prkey = NULL; - unsigned char *dp = NULL; - int dplen; - - params = ASN1_STRING_new(); - - if (!params) { - DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - - params->length = i2d_DHparams(pkey->pkey.dh, ¶ms->data); - if (params->length <= 0) { - DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); - goto err; - } - params->type = V_ASN1_SEQUENCE; - - /* Get private key into integer */ - prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); - - if (!prkey) { - DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR); - goto err; - } - - dplen = i2d_ASN1_INTEGER(prkey, &dp); - - ASN1_INTEGER_free(prkey); - prkey = NULL; - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) - goto err; - - return 1; - -err: - free(dp); - ASN1_STRING_free(params); - ASN1_INTEGER_free(prkey); - return 0; -} - -static void -update_buflen(const BIGNUM *b, size_t *pbuflen) -{ - size_t i; - - if (!b) - return; - if (*pbuflen < (i = (size_t)BN_num_bytes(b))) - *pbuflen = i; -} - -static int -dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) -{ - DH *dh; - - if (!(dh = d2i_DHparams(NULL, pder, derlen))) { - DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); - return 0; - } - EVP_PKEY_assign_DH(pkey, dh); - return 1; -} - -static int -dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_DHparams(pkey->pkey.dh, pder); -} - -static int -do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype) -{ - unsigned char *m = NULL; - int reason = ERR_R_BUF_LIB, ret = 0; - size_t buf_len = 0; - const char *ktype = NULL; - BIGNUM *priv_key, *pub_key; - - if (ptype == 2) - priv_key = x->priv_key; - else - priv_key = NULL; - - if (ptype > 0) - pub_key = x->pub_key; - else - pub_key = NULL; - - update_buflen(x->p, &buf_len); - - if (buf_len == 0) { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - update_buflen(x->g, &buf_len); - update_buflen(pub_key, &buf_len); - update_buflen(priv_key, &buf_len); - - if (ptype == 2) - ktype = "PKCS#3 DH Private-Key"; - else if (ptype == 1) - ktype = "PKCS#3 DH Public-Key"; - else - ktype = "PKCS#3 DH Parameters"; - - m= malloc(buf_len + 10); - if (m == NULL) { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - BIO_indent(bp, indent, 128); - if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) - goto err; - indent += 4; - - if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent)) - goto err; - if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent)) - goto err; - - if (!ASN1_bn_print(bp, "prime:", x->p, m, indent)) - goto err; - if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) - goto err; - if (x->length != 0) { - BIO_indent(bp, indent, 128); - if (BIO_printf(bp, "recommended-private-length: %d bits\n", - (int)x->length) <= 0) - goto err; - } - - ret = 1; - if (0) { -err: - DHerr(DH_F_DO_DH_PRINT,reason); - } - free(m); - return(ret); -} - -static int -int_dh_size(const EVP_PKEY *pkey) -{ - return DH_size(pkey->pkey.dh); -} - -static int -dh_bits(const EVP_PKEY *pkey) -{ - return BN_num_bits(pkey->pkey.dh->p); -} - -static int -dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) || - BN_cmp(a->pkey.dh->g, b->pkey.dh->g)) - return 0; - else - return 1; -} - -static int -dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) -{ - BIGNUM *a; - - if ((a = BN_dup(from->pkey.dh->p)) == NULL) - return 0; - BN_free(to->pkey.dh->p); - to->pkey.dh->p = a; - - if ((a = BN_dup(from->pkey.dh->g)) == NULL) - return 0; - BN_free(to->pkey.dh->g); - to->pkey.dh->g = a; - - return 1; -} - -static int -dh_missing_parameters(const EVP_PKEY *a) -{ - if (!a->pkey.dh->p || !a->pkey.dh->g) - return 1; - return 0; -} - -static int -dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (dh_cmp_parameters(a, b) == 0) - return 0; - if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0) - return 0; - else - return 1; -} - -static int -dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) -{ - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); -} - -static int -dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) -{ - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); -} - -static int -dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) -{ - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); -} - -int -DHparams_print(BIO *bp, const DH *x) -{ - return do_dh_print(bp, x, 4, NULL, 0); -} - -const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { - .pkey_id = EVP_PKEY_DH, - .pkey_base_id = EVP_PKEY_DH, - - .pem_str = "DH", - .info = "OpenSSL PKCS#3 DH method", - - .pub_decode = dh_pub_decode, - .pub_encode = dh_pub_encode, - .pub_cmp = dh_pub_cmp, - .pub_print = dh_public_print, - - .priv_decode = dh_priv_decode, - .priv_encode = dh_priv_encode, - .priv_print = dh_private_print, - - .pkey_size = int_dh_size, - .pkey_bits = dh_bits, - - .param_decode = dh_param_decode, - .param_encode = dh_param_encode, - .param_missing = dh_missing_parameters, - .param_copy = dh_copy_parameters, - .param_cmp = dh_cmp_parameters, - .param_print = dh_param_print, - - .pkey_free = int_dh_free, -}; diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c deleted file mode 100644 index 7060130ed8..0000000000 --- a/src/lib/libcrypto/dh/dh_asn1.c +++ /dev/null @@ -1,143 +0,0 @@ -/* $OpenBSD: dh_asn1.c,v 1.8 2015/02/14 15:06:55 jsing Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include -#include -#include -#include - -/* Override the default free and new methods */ -static int -dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) -{ - if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)DH_new(); - if (*pval) - return 2; - return 0; - } else if (operation == ASN1_OP_FREE_PRE) { - DH_free((DH *)*pval); - *pval = NULL; - return 2; - } - return 1; -} - -static const ASN1_AUX DHparams_aux = { - .app_data = NULL, - .flags = 0, - .ref_offset = 0, - .ref_lock = 0, - .asn1_cb = dh_cb, - .enc_offset = 0, -}; -static const ASN1_TEMPLATE DHparams_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(DH, p), - .field_name = "p", - .item = &BIGNUM_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(DH, g), - .field_name = "g", - .item = &BIGNUM_it, - }, - { - .flags = ASN1_TFLG_OPTIONAL, - .tag = 0, - .offset = offsetof(DH, length), - .field_name = "length", - .item = &ZLONG_it, - }, -}; - -const ASN1_ITEM DHparams_it = { - .itype = ASN1_ITYPE_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = DHparams_seq_tt, - .tcount = sizeof(DHparams_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = &DHparams_aux, - .size = sizeof(DH), - .sname = "DH", -}; - - -DH * -d2i_DHparams(DH **a, const unsigned char **in, long len) -{ - return (DH *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &DHparams_it); -} - -int -i2d_DHparams(const DH *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &DHparams_it); -} - -DH * -DHparams_dup(DH *dh) -{ - return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh); -} diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c deleted file mode 100644 index a6010f0a6d..0000000000 --- a/src/lib/libcrypto/dh/dh_check.c +++ /dev/null @@ -1,139 +0,0 @@ -/* $OpenBSD: dh_check.c,v 1.16 2016/07/05 02:54:35 bcook Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include - -/* - * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. - */ - -int -DH_check(const DH *dh, int *ret) -{ - int ok = 0; - BN_CTX *ctx = NULL; - BN_ULONG l; - BIGNUM *q = NULL; - - *ret = 0; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - q = BN_new(); - if (q == NULL) - goto err; - - if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); - if (l == (BN_ULONG)-1) - goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); - if (l == (BN_ULONG)-1) - goto err; - if (l != 3 && l != 7) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - - if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) - *ret |= DH_CHECK_P_NOT_PRIME; - else { - if (!BN_rshift1(q, dh->p)) - goto err; - if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL)) - *ret |= DH_CHECK_P_NOT_SAFE_PRIME; - } - ok = 1; -err: - BN_CTX_free(ctx); - BN_free(q); - return ok; -} - -int -DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) -{ - BIGNUM *q = NULL; - - *ret = 0; - q = BN_new(); - if (q == NULL) - return 0; - BN_set_word(q, 1); - if (BN_cmp(pub_key, q) <= 0) - *ret |= DH_CHECK_PUBKEY_TOO_SMALL; - BN_copy(q, dh->p); - BN_sub_word(q, 1); - if (BN_cmp(pub_key, q) >= 0) - *ret |= DH_CHECK_PUBKEY_TOO_LARGE; - - BN_free(q); - return 1; -} diff --git a/src/lib/libcrypto/dh/dh_depr.c b/src/lib/libcrypto/dh/dh_depr.c deleted file mode 100644 index 0b75b0be5e..0000000000 --- a/src/lib/libcrypto/dh/dh_depr.c +++ /dev/null @@ -1,83 +0,0 @@ -/* $OpenBSD: dh_depr.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* This file contains deprecated functions as wrappers to the new ones */ - -#include - -#include - -#include -#include - -#ifndef OPENSSL_NO_DEPRECATED -DH * -DH_generate_parameters(int prime_len, int generator, - void (*callback)(int, int, void *), void *cb_arg) -{ - BN_GENCB cb; - DH *ret = NULL; - - if ((ret = DH_new()) == NULL) - return NULL; - - BN_GENCB_set_old(&cb, callback, cb_arg); - - if (DH_generate_parameters_ex(ret, prime_len, generator, &cb)) - return ret; - DH_free(ret); - return NULL; -} -#endif diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c deleted file mode 100644 index 3774ba3c45..0000000000 --- a/src/lib/libcrypto/dh/dh_err.c +++ /dev/null @@ -1,125 +0,0 @@ -/* $OpenBSD: dh_err.c,v 1.15 2014/07/10 22:45:56 jsing Exp $ */ -/* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include - -#include - -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) - -static ERR_STRING_DATA DH_str_functs[]= - { -{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, -{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, -{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, -{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"}, -{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, -{ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, -{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, -{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, -{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, -{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, -{ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, -{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, -{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, -{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, -{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, -{0,NULL} - }; - -static ERR_STRING_DATA DH_str_reasons[]= - { -{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, -{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"}, -{ERR_REASON(DH_R_BN_ERROR) ,"bn error"}, -{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"}, -{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, -{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, -{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, -{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, -{ERR_REASON(DH_R_NON_FIPS_METHOD) ,"non fips method"}, -{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, -{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, -{0,NULL} - }; - -#endif - -void ERR_load_DH_strings(void) - { -#ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(DH_str_functs[0].error) == NULL) - { - ERR_load_strings(0,DH_str_functs); - ERR_load_strings(0,DH_str_reasons); - } -#endif - } diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c deleted file mode 100644 index de566802d3..0000000000 --- a/src/lib/libcrypto/dh/dh_gen.c +++ /dev/null @@ -1,179 +0,0 @@ -/* $OpenBSD: dh_gen.c,v 1.15 2015/02/09 15:49:22 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* NB: These functions have been upgraded - the previous prototypes are in - * dh_depr.c as wrappers to these ones. - * - Geoff - */ - -#include - -#include -#include -#include - -static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - BN_GENCB *cb); - -int -DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) -{ - if (ret->meth->generate_params) - return ret->meth->generate_params(ret, prime_len, generator, cb); - return dh_builtin_genparams(ret, prime_len, generator, cb); -} - -/* - * We generate DH parameters as follows: - * find a prime q which is prime_len/2 bits long. - * p=(2*q)+1 or (p-1)/2 = q - * For this case, g is a generator if - * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1. - * Since the factors of p-1 are q and 2, we just need to check - * g^2 mod p != 1 and g^q mod p != 1. - * - * Having said all that, - * there is another special case method for the generators 2, 3 and 5. - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 <<<<< does not work for safe primes. - * for 5, p mod 10 == 3 or 7 - * - * Thanks to Phil Karn for the pointers about the - * special generators and for answering some of my questions. - * - * I've implemented the second simple method :-). - * Since DH should be using a safe prime (both p and q are prime), - * this generator function can take a very very long time to run. - */ -/* Actually there is no reason to insist that 'generator' be a generator. - * It's just as OK (and in some sense better) to use a generator of the - * order-q subgroup. - */ -static int -dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) -{ - BIGNUM *t1, *t2; - int g, ok = -1; - BN_CTX *ctx = NULL; - - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - if ((t1 = BN_CTX_get(ctx)) == NULL) - goto err; - if ((t2 = BN_CTX_get(ctx)) == NULL) - goto err; - - /* Make sure 'ret' has the necessary elements */ - if (!ret->p && ((ret->p = BN_new()) == NULL)) - goto err; - if (!ret->g && ((ret->g = BN_new()) == NULL)) - goto err; - - if (generator <= 1) { - DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); - goto err; - } - if (generator == DH_GENERATOR_2) { - if (!BN_set_word(t1, 24)) - goto err; - if (!BN_set_word(t2, 11)) - goto err; - g = 2; - } else if (generator == DH_GENERATOR_5) { - if (!BN_set_word(t1, 10)) - goto err; - if (!BN_set_word(t2, 3)) - goto err; - /* BN_set_word(t3,7); just have to miss - * out on these ones :-( */ - g = 5; - } else { - /* - * in the general case, don't worry if 'generator' is a - * generator or not: since we are using safe primes, - * it will generate either an order-q or an order-2q group, - * which both is OK - */ - if (!BN_set_word(t1, 2)) - goto err; - if (!BN_set_word(t2, 1)) - goto err; - g = generator; - } - - if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb)) - goto err; - if (!BN_GENCB_call(cb, 3, 0)) - goto err; - if (!BN_set_word(ret->g, g)) - goto err; - ok = 1; -err: - if (ok == -1) { - DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB); - ok = 0; - } - - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; -} diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c deleted file mode 100644 index 6eb1365bf6..0000000000 --- a/src/lib/libcrypto/dh/dh_key.c +++ /dev/null @@ -1,251 +0,0 @@ -/* $OpenBSD: dh_key.c,v 1.25 2016/07/07 11:53:12 bcook Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include - -static int generate_key(DH *dh); -static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int dh_init(DH *dh); -static int dh_finish(DH *dh); - -int -DH_generate_key(DH *dh) -{ - return dh->meth->generate_key(dh); -} - -int -DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - return dh->meth->compute_key(key, pub_key, dh); -} - -static DH_METHOD dh_ossl = { - .name = "OpenSSL DH Method", - .generate_key = generate_key, - .compute_key = compute_key, - .bn_mod_exp = dh_bn_mod_exp, - .init = dh_init, - .finish = dh_finish, -}; - -const DH_METHOD * -DH_OpenSSL(void) -{ - return &dh_ossl; -} - -static int -generate_key(DH *dh) -{ - int ok = 0; - int generate_new_key = 0; - unsigned l; - BN_CTX *ctx; - BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - - if (dh->priv_key == NULL) { - priv_key = BN_new(); - if (priv_key == NULL) - goto err; - generate_new_key = 1; - } else - priv_key = dh->priv_key; - - if (dh->pub_key == NULL) { - pub_key = BN_new(); - if (pub_key == NULL) - goto err; - } else - pub_key = dh->pub_key; - - if (dh->flags & DH_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - CRYPTO_LOCK_DH, dh->p, ctx); - if (!mont) - goto err; - } - - if (generate_new_key) { - if (dh->q) { - do { - if (!BN_rand_range(priv_key, dh->q)) - goto err; - } while (BN_is_zero(priv_key) || BN_is_one(priv_key)); - } else { - /* secret exponent length */ - l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; - if (!BN_rand(priv_key, l, 0, 0)) - goto err; - } - } - - { - BIGNUM prk; - - BN_init(&prk); - BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME); - - if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx, - mont)) { - goto err; - } - } - - dh->pub_key = pub_key; - dh->priv_key = priv_key; - ok = 1; -err: - if (ok != 1) - DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB); - - if (pub_key != NULL && dh->pub_key == NULL) - BN_free(pub_key); - if (priv_key != NULL && dh->priv_key == NULL) - BN_free(priv_key); - BN_CTX_free(ctx); - return ok; -} - -static int -compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - BN_CTX *ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *tmp; - int ret = -1; - int check_result; - - if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { - DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); - goto err; - } - - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - if ((tmp = BN_CTX_get(ctx)) == NULL) - goto err; - - if (dh->priv_key == NULL) { - DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE); - goto err; - } - - if (dh->flags & DH_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - CRYPTO_LOCK_DH, dh->p, ctx); - - BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); - - if (!mont) - goto err; - } - - if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) { - DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY); - goto err; - } - - if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, - mont)) { - DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); - goto err; - } - - ret = BN_bn2bin(tmp, key); -err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ret; -} - -static int -dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); -} - -static int -dh_init(DH *dh) -{ - dh->flags |= DH_FLAG_CACHE_MONT_P; - return 1; -} - -static int -dh_finish(DH *dh) -{ - BN_MONT_CTX_free(dh->method_mont_p); - return 1; -} diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c deleted file mode 100644 index defe1c74b4..0000000000 --- a/src/lib/libcrypto/dh/dh_lib.c +++ /dev/null @@ -1,241 +0,0 @@ -/* $OpenBSD: dh_lib.c,v 1.21 2015/02/11 03:19:37 doug Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include - -#include -#include -#include - -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -static const DH_METHOD *default_DH_method = NULL; - -void -DH_set_default_method(const DH_METHOD *meth) -{ - default_DH_method = meth; -} - -const DH_METHOD * -DH_get_default_method(void) -{ - if (!default_DH_method) - default_DH_method = DH_OpenSSL(); - return default_DH_method; -} - -int -DH_set_method(DH *dh, const DH_METHOD *meth) -{ - /* - * NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. - */ - const DH_METHOD *mtmp; - - mtmp = dh->meth; - if (mtmp->finish) - mtmp->finish(dh); -#ifndef OPENSSL_NO_ENGINE - if (dh->engine) { - ENGINE_finish(dh->engine); - dh->engine = NULL; - } -#endif - dh->meth = meth; - if (meth->init) - meth->init(dh); - return 1; -} - -DH * -DH_new(void) -{ - return DH_new_method(NULL); -} - -DH * -DH_new_method(ENGINE *engine) -{ - DH *ret; - - ret = malloc(sizeof(DH)); - if (ret == NULL) { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->meth = DH_get_default_method(); -#ifndef OPENSSL_NO_ENGINE - if (engine) { - if (!ENGINE_init(engine)) { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); - free(ret); - return NULL; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_DH(); - if(ret->engine) { - ret->meth = ENGINE_get_DH(ret->engine); - if (!ret->meth) { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - free(ret); - return NULL; - } - } -#endif - - ret->pad = 0; - ret->version = 0; - ret->p = NULL; - ret->g = NULL; - ret->length = 0; - ret->pub_key = NULL; - ret->priv_key = NULL; - ret->q = NULL; - ret->j = NULL; - ret->seed = NULL; - ret->seedlen = 0; - ret->counter = NULL; - ret->method_mont_p=NULL; - ret->references = 1; - ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - if (ret->meth->init != NULL && !ret->meth->init(ret)) { -#ifndef OPENSSL_NO_ENGINE - if (ret->engine) - ENGINE_finish(ret->engine); -#endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - free(ret); - ret = NULL; - } - return ret; -} - -void -DH_free(DH *r) -{ - int i; - - if (r == NULL) - return; - i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); - if (i > 0) - return; - - if (r->meth->finish) - r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); -#endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); - - BN_clear_free(r->p); - BN_clear_free(r->g); - BN_clear_free(r->q); - BN_clear_free(r->j); - free(r->seed); - BN_clear_free(r->counter); - BN_clear_free(r->pub_key); - BN_clear_free(r->priv_key); - free(r); -} - -int -DH_up_ref(DH *r) -{ - int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); - - return i > 1 ? 1 : 0; -} - -int -DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, new_func, - dup_func, free_func); -} - -int -DH_set_ex_data(DH *d, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&d->ex_data, idx, arg); -} - -void * -DH_get_ex_data(DH *d, int idx) -{ - return CRYPTO_get_ex_data(&d->ex_data, idx); -} - -int -DH_size(const DH *dh) -{ - return BN_num_bytes(dh->p); -} diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c deleted file mode 100644 index 6d750eb30d..0000000000 --- a/src/lib/libcrypto/dh/dh_pmeth.c +++ /dev/null @@ -1,264 +0,0 @@ -/* $OpenBSD: dh_pmeth.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include "evp_locl.h" - -/* DH pkey context structure */ - -typedef struct { - /* Parameter gen parameters */ - int prime_len; - int generator; - int use_dsa; - /* Keygen callback info */ - int gentmp[2]; - /* message digest */ -} DH_PKEY_CTX; - -static int -pkey_dh_init(EVP_PKEY_CTX *ctx) -{ - DH_PKEY_CTX *dctx; - - dctx = malloc(sizeof(DH_PKEY_CTX)); - if (!dctx) - return 0; - dctx->prime_len = 1024; - dctx->generator = 2; - dctx->use_dsa = 0; - - ctx->data = dctx; - ctx->keygen_info = dctx->gentmp; - ctx->keygen_info_count = 2; - - return 1; -} - -static int -pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - DH_PKEY_CTX *dctx, *sctx; - - if (!pkey_dh_init(dst)) - return 0; - sctx = src->data; - dctx = dst->data; - dctx->prime_len = sctx->prime_len; - dctx->generator = sctx->generator; - dctx->use_dsa = sctx->use_dsa; - return 1; -} - -static void -pkey_dh_cleanup(EVP_PKEY_CTX *ctx) -{ - DH_PKEY_CTX *dctx = ctx->data; - - free(dctx); -} - -static int -pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - DH_PKEY_CTX *dctx = ctx->data; - - switch (type) { - case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: - if (p1 < 256) - return -2; - dctx->prime_len = p1; - return 1; - - case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: - dctx->generator = p1; - return 1; - - case EVP_PKEY_CTRL_PEER_KEY: - /* Default behaviour is OK */ - return 1; - - default: - return -2; - } -} - -static int -pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) -{ - long lval; - char *ep; - int len; - - if (!strcmp(type, "dh_paramgen_prime_len")) { - errno = 0; - lval = strtol(value, &ep, 10); - if (value[0] == '\0' || *ep != '\0') - goto not_a_number; - if ((errno == ERANGE && - (lval == LONG_MAX || lval == LONG_MIN)) || - (lval > INT_MAX || lval < INT_MIN)) - goto out_of_range; - len = lval; - return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); - } else if (!strcmp(type, "dh_paramgen_generator")) { - errno = 0; - lval = strtol(value, &ep, 10); - if (value[0] == '\0' || *ep != '\0') - goto not_a_number; - if ((errno == ERANGE && - (lval == LONG_MAX || lval == LONG_MIN)) || - (lval > INT_MAX || lval < INT_MIN)) - goto out_of_range; - len = lval; - return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); - } - -not_a_number: -out_of_range: - return -2; -} - -static int -pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - DH *dh = NULL; - DH_PKEY_CTX *dctx = ctx->data; - BN_GENCB *pcb, cb; - int ret; - - if (ctx->pkey_gencb) { - pcb = &cb; - evp_pkey_set_cb_translate(pcb, ctx); - } else - pcb = NULL; - dh = DH_new(); - if (!dh) - return 0; - ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, - pcb); - if (ret) - EVP_PKEY_assign_DH(pkey, dh); - else - DH_free(dh); - return ret; -} - -static int -pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - DH *dh = NULL; - - if (ctx->pkey == NULL) { - DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); - return 0; - } - dh = DH_new(); - if (!dh) - return 0; - EVP_PKEY_assign_DH(pkey, dh); - /* Note: if error return, pkey is freed by parent routine */ - if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - return DH_generate_key(pkey->pkey.dh); -} - -static int -pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) -{ - int ret; - - if (!ctx->pkey || !ctx->peerkey) { - DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); - return 0; - } - ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key, - ctx->pkey->pkey.dh); - if (ret < 0) - return ret; - *keylen = ret; - return 1; -} - -const EVP_PKEY_METHOD dh_pkey_meth = { - .pkey_id = EVP_PKEY_DH, - .flags = EVP_PKEY_FLAG_AUTOARGLEN, - - .init = pkey_dh_init, - .copy = pkey_dh_copy, - .cleanup = pkey_dh_cleanup, - - .paramgen = pkey_dh_paramgen, - - .keygen = pkey_dh_keygen, - - .derive = pkey_dh_derive, - - .ctrl = pkey_dh_ctrl, - .ctrl_str = pkey_dh_ctrl_str -}; diff --git a/src/lib/libcrypto/dh/dh_prn.c b/src/lib/libcrypto/dh/dh_prn.c deleted file mode 100644 index 73d0476e21..0000000000 --- a/src/lib/libcrypto/dh/dh_prn.c +++ /dev/null @@ -1,79 +0,0 @@ -/* $OpenBSD: dh_prn.c,v 1.5 2014/07/11 08:44:48 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include - -int -DHparams_print_fp(FILE *fp, const DH *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret = DHparams_print(b, x); - BIO_free(b); - return ret; -} -- cgit v1.2.3-55-g6feb