diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-22 04:40:55 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-01-22 10:20:09 +0100 |
| commit | 0f113f3ee4d629ef9a4a30911b22b224772085e5 (patch) | |
| tree | e014603da5aed1d0751f587a66d6e270b6bda3de /crypto/dh | |
| parent | More tweaks for comments due indent issues (diff) | |
| download | openssl-0f113f3ee4d629ef9a4a30911b22b224772085e5.tar.xz openssl-0f113f3ee4d629ef9a4a30911b22b224772085e5.zip | |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/dh.h | 518 | ||||
| -rw-r--r-- | crypto/dh/dh_ameth.c | 1673 | ||||
| -rw-r--r-- | crypto/dh/dh_asn1.c | 210 | ||||
| -rw-r--r-- | crypto/dh/dh_check.c | 193 | ||||
| -rw-r--r-- | crypto/dh/dh_depr.c | 47 | ||||
| -rw-r--r-- | crypto/dh/dh_err.c | 98 | ||||
| -rw-r--r-- | crypto/dh/dh_gen.c | 187 | ||||
| -rw-r--r-- | crypto/dh/dh_kdf.c | 246 | ||||
| -rw-r--r-- | crypto/dh/dh_key.c | 372 | ||||
| -rw-r--r-- | crypto/dh/dh_lib.c | 308 | ||||
| -rw-r--r-- | crypto/dh/dh_pmeth.c | 939 | ||||
| -rw-r--r-- | crypto/dh/dh_prn.c | 37 | ||||
| -rw-r--r-- | crypto/dh/dh_rfc5114.c | 48 | ||||
| -rw-r--r-- | crypto/dh/dhtest.c | 837 |
14 files changed, 2831 insertions, 2882 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 14f4e47bb4..ececd4d176 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,29 +57,29 @@ */ #ifndef HEADER_DH_H -#define HEADER_DH_H +# define HEADER_DH_H -#include <openssl/e_os2.h> +# include <openssl/e_os2.h> -#ifdef OPENSSL_NO_DH -#error DH is disabled. -#endif +# ifdef OPENSSL_NO_DH +# error DH is disabled. +# endif -#ifndef OPENSSL_NO_BIO -#include <openssl/bio.h> -#endif -#include <openssl/ossl_typ.h> -#ifdef OPENSSL_USE_DEPRECATED -#include <openssl/bn.h> -#endif - -#ifndef OPENSSL_DH_MAX_MODULUS_BITS -# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -#endif +# ifndef OPENSSL_NO_BIO +# include <openssl/bio.h> +# endif +# include <openssl/ossl_typ.h> +# ifdef OPENSSL_USE_DEPRECATED +# include <openssl/bn.h> +# endif -#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 +# ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +# endif -#define DH_FLAG_CACHE_MONT_P 0x01 +# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +# define DH_FLAG_CACHE_MONT_P 0x01 /* * new with 0.9.7h; the built-in DH @@ -89,22 +89,24 @@ * faster variable sliding window method to * be used for all exponents. */ -#define DH_FLAG_NO_EXP_CONSTTIME 0x02 +# define DH_FLAG_NO_EXP_CONSTTIME 0x02 -/* If this flag is set the DH method is FIPS compliant and can be used - * in FIPS mode. This is set in the validated module method. If an - * application sets this flag in its own methods it is its reposibility - * to ensure the result is compliant. +/* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its reposibility to ensure the + * result is compliant. */ -#define DH_FLAG_FIPS_METHOD 0x0400 +# define DH_FLAG_FIPS_METHOD 0x0400 -/* If this flag is set the operations normally disabled in FIPS mode are +/* + * If this flag is set the operations normally disabled in FIPS mode are * permitted it is then the applications responsibility to ensure that the * usage is compliant. */ -#define DH_FLAG_NON_FIPS_ALLOW 0x0400 +# define DH_FLAG_NON_FIPS_ALLOW 0x0400 #ifdef __cplusplus extern "C" { @@ -114,80 +116,79 @@ extern "C" { /* typedef struct dh_st DH; */ /* typedef struct dh_method DH_METHOD; */ -struct dh_method - { - const char *name; - /* Methods here */ - int (*generate_key)(DH *dh); - int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); - - /* Can be null */ - int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); - - int (*init)(DH *dh); - int (*finish)(DH *dh); - int flags; - char *app_data; - /* If this is non-NULL, it will be used to generate parameters */ - int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); - }; - -struct dh_st - { - /* This first argument is used to pick up errors when - * a DH is passed instead of a EVP_PKEY */ - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - long length; /* optional */ - BIGNUM *pub_key; /* g^x */ - BIGNUM *priv_key; /* x */ - - int flags; - BN_MONT_CTX *method_mont_p; - /* Place holders if we want to do X9.42 DH */ - BIGNUM *q; - BIGNUM *j; - unsigned char *seed; - int seedlen; - BIGNUM *counter; - - int references; - CRYPTO_EX_DATA ex_data; - const DH_METHOD *meth; - ENGINE *engine; - }; - -#define DH_GENERATOR_2 2 -/* #define DH_GENERATOR_3 3 */ -#define DH_GENERATOR_5 5 +struct dh_method { + const char *name; + /* Methods here */ + int (*generate_key) (DH *dh); + int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); + /* Can be null */ + int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + int (*init) (DH *dh); + int (*finish) (DH *dh); + int flags; + char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params) (DH *dh, int prime_len, int generator, + BN_GENCB *cb); +}; + +struct dh_st { + /* + * This first argument is used to pick up errors when a DH is passed + * instead of a EVP_PKEY + */ + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; /* optional */ + BIGNUM *pub_key; /* g^x */ + BIGNUM *priv_key; /* x */ + int flags; + BN_MONT_CTX *method_mont_p; + /* Place holders if we want to do X9.42 DH */ + BIGNUM *q; + BIGNUM *j; + unsigned char *seed; + int seedlen; + BIGNUM *counter; + int references; + CRYPTO_EX_DATA ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +# define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +# define DH_GENERATOR_5 5 /* DH_check error codes */ -#define DH_CHECK_P_NOT_PRIME 0x01 -#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 -#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 -#define DH_NOT_SUITABLE_GENERATOR 0x08 -#define DH_CHECK_Q_NOT_PRIME 0x10 -#define DH_CHECK_INVALID_Q_VALUE 0x20 -#define DH_CHECK_INVALID_J_VALUE 0x40 +# define DH_CHECK_P_NOT_PRIME 0x01 +# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +# define DH_NOT_SUITABLE_GENERATOR 0x08 +# define DH_CHECK_Q_NOT_PRIME 0x10 +# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_J_VALUE 0x40 /* DH_check_pub_key error codes */ -#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 -#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 -/* primes p where (p-1)/2 is prime too are called "safe"; we define - this for backward compatibility: */ -#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME +/* + * primes p where (p-1)/2 is prime too are called "safe"; we define this for + * backward compatibility: + */ +# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ - (unsigned char *)(x)) -#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) +# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ + (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) +# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) DH *DHparams_dup(DH *); @@ -198,42 +199,45 @@ const DH_METHOD *DH_get_default_method(void); int DH_set_method(DH *dh, const DH_METHOD *meth); DH *DH_new_method(ENGINE *engine); -DH * DH_new(void); -void DH_free(DH *dh); -int DH_up_ref(DH *dh); -int DH_size(const DH *dh); -int DH_security_bits(const DH *dh); +DH *DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_size(const DH *dh); +int DH_security_bits(const DH *dh); int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); /* Deprecated version */ -#ifdef OPENSSL_USE_DEPRECATED -DECLARE_DEPRECATED(DH * DH_generate_parameters(int prime_len,int generator, - void (*callback)(int,int,void *),void *cb_arg)); -#endif /* defined(OPENSSL_USE_DEPRECATED) */ +# ifdef OPENSSL_USE_DEPRECATED +DECLARE_DEPRECATED(DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, + void *), + void *cb_arg)); +# endif /* defined(OPENSSL_USE_DEPRECATED) */ /* New version */ -int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); - -int DH_check(const DH *dh,int *codes); -int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); -int DH_generate_key(DH *dh); -int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); -int DH_compute_key_padded(unsigned char *key,const BIGNUM *pub_key,DH *dh); -DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); -int i2d_DHparams(const DH *a,unsigned char **pp); -DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length); -int i2d_DHxparams(const DH *a,unsigned char **pp); -#ifndef OPENSSL_NO_STDIO -int DHparams_print_fp(FILE *fp, const DH *x); -#endif -#ifndef OPENSSL_NO_BIO -int DHparams_print(BIO *bp, const DH *x); -#else -int DHparams_print(char *bp, const DH *x); -#endif +int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +int DH_check(const DH *dh, int *codes); +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); +DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); +int i2d_DHparams(const DH *a, unsigned char **pp); +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); +int i2d_DHxparams(const DH *a, unsigned char **pp); +# ifndef OPENSSL_NO_STDIO +int DHparams_print_fp(FILE *fp, const DH *x); +# endif +# ifndef OPENSSL_NO_BIO +int DHparams_print(BIO *bp, const DH *x); +# else +int DHparams_print(char *bp, const DH *x); +# endif /* RFC 5114 parameters */ DH *DH_get_1024_160(void); @@ -241,107 +245,107 @@ DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); /* RFC2631 KDF */ -int DH_KDF_X9_42(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - ASN1_OBJECT *key_oid, - const unsigned char *ukm, size_t ukmlen, - const EVP_MD *md); - -#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) - -#define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) - -#define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) - -#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) - -#define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) - -#define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) - -#define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) - -#define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) - -#define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid) - -#define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid) - -#define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md) - -#define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd) - -#define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) - -#define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen) - -#define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p) - -#define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p) - -#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) -#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) -#define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) -#define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) -#define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) -#define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) -#define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) -#define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) -#define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) -#define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) -#define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) -#define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) -#define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) -#define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); + +# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL) + +# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_RFC5114, gen, NULL) + +# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL) + +# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid) + +# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid) + +# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd) + +# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL) + +# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen) + +# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p) + +# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p) + +# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7) +# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8) +# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9) +# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10) +# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11) +# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12) +# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13) +# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14) /* KDF types */ -#define EVP_PKEY_DH_KDF_NONE 1 -#define EVP_PKEY_DH_KDF_X9_42 2 +# define EVP_PKEY_DH_KDF_NONE 1 +# define EVP_PKEY_DH_KDF_X9_42 2 /* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_DH_strings(void); @@ -349,39 +353,39 @@ void ERR_load_DH_strings(void); /* Error codes for the DH functions. */ /* Function codes. */ -#define DH_F_COMPUTE_KEY 102 -#define DH_F_DHPARAMS_PRINT_FP 101 -#define DH_F_DH_BUILTIN_GENPARAMS 106 -#define DH_F_DH_CMS_DECRYPT 114 -#define DH_F_DH_CMS_SET_PEERKEY 115 -#define DH_F_DH_CMS_SET_SHARED_INFO 116 -#define DH_F_DH_NEW_METHOD 105 -#define DH_F_DH_PARAM_DECODE 107 -#define DH_F_DH_PRIV_DECODE 110 -#define DH_F_DH_PRIV_ENCODE 111 -#define DH_F_DH_PUB_DECODE 108 -#define DH_F_DH_PUB_ENCODE 109 -#define DH_F_DO_DH_PRINT 100 -#define DH_F_GENERATE_KEY 103 -#define DH_F_GENERATE_PARAMETERS 104 -#define DH_F_PKEY_DH_DERIVE 112 -#define DH_F_PKEY_DH_KEYGEN 113 +# define DH_F_COMPUTE_KEY 102 +# define DH_F_DHPARAMS_PRINT_FP 101 +# define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CMS_DECRYPT 114 +# define DH_F_DH_CMS_SET_PEERKEY 115 +# define DH_F_DH_CMS_SET_SHARED_INFO 116 +# define DH_F_DH_NEW_METHOD 105 +# define DH_F_DH_PARAM_DECODE 107 +# define DH_F_DH_PRIV_DECODE 110 +# define DH_F_DH_PRIV_ENCODE 111 +# define DH_F_DH_PUB_DECODE 108 +# define DH_F_DH_PUB_ENCODE 109 +# define DH_F_DO_DH_PRINT 100 +# define DH_F_GENERATE_KEY 103 +# define DH_F_GENERATE_PARAMETERS 104 +# define DH_F_PKEY_DH_DERIVE 112 +# define DH_F_PKEY_DH_KEYGEN 113 /* Reason codes. */ -#define DH_R_BAD_GENERATOR 101 -#define DH_R_BN_DECODE_ERROR 109 -#define DH_R_BN_ERROR 106 -#define DH_R_DECODE_ERROR 104 -#define DH_R_INVALID_PUBKEY 102 -#define DH_R_KDF_PARAMETER_ERROR 112 -#define DH_R_KEYS_NOT_SET 108 -#define DH_R_KEY_SIZE_TOO_SMALL 110 -#define DH_R_MODULUS_TOO_LARGE 103 -#define DH_R_NO_PARAMETERS_SET 107 -#define DH_R_NO_PRIVATE_VALUE 100 -#define DH_R_PARAMETER_ENCODING_ERROR 105 -#define DH_R_PEER_KEY_ERROR 111 -#define DH_R_SHARED_INFO_ERROR 113 +# define DH_R_BAD_GENERATOR 101 +# define DH_R_BN_DECODE_ERROR 109 +# define DH_R_BN_ERROR 106 +# define DH_R_DECODE_ERROR 104 +# define DH_R_INVALID_PUBKEY 102 +# define DH_R_KDF_PARAMETER_ERROR 112 +# define DH_R_KEYS_NOT_SET 108 +# define DH_R_KEY_SIZE_TOO_SMALL 110 +# define DH_R_MODULUS_TOO_LARGE 103 +# define DH_R_NO_PARAMETERS_SET 107 +# define DH_R_NO_PRIVATE_VALUE 100 +# define DH_R_PARAMETER_ENCODING_ERROR 105 +# define DH_R_PEER_KEY_ERROR 111 +# define DH_R_SHARED_INFO_ERROR 113 #ifdef __cplusplus } diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index ce1edcb0d9..2ead91ff44 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -1,5 +1,6 @@ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. @@ -9,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -63,519 +64,499 @@ #include <openssl/bn.h> #include "asn1_locl.h" #ifndef OPENSSL_NO_CMS -#include <openssl/cms.h> +# include <openssl/cms.h> #endif extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; -/* i2d/d2i like DH parameter functions which use the appropriate routine - * for PKCS#3 DH or X9.42 DH. +/* + * i2d/d2i like DH parameter functions which use the appropriate routine for + * PKCS#3 DH or X9.42 DH. */ -static DH * d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, long length) - { - if (pkey->ameth == &dhx_asn1_meth) - return d2i_DHxparams(NULL, pp, length); - return d2i_DHparams(NULL, pp, length); - } +static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, + long length) +{ + if (pkey->ameth == &dhx_asn1_meth) + return d2i_DHxparams(NULL, pp, length); + return d2i_DHparams(NULL, pp, length); +} static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp) - { - if (pkey->ameth == &dhx_asn1_meth) - return i2d_DHxparams(a, pp); - return i2d_DHparams(a, pp); - } +{ + if (pkey->ameth == &dhx_asn1_meth) + return i2d_DHxparams(a, pp); + return i2d_DHparams(a, pp); +} static void int_dh_free(EVP_PKEY *pkey) - { - DH_free(pkey->pkey.dh); - } +{ + DH_free(pkey->pkey.dh); +} static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) - { - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - void *pval; - ASN1_STRING *pstr; - X509_ALGOR *palg; - ASN1_INTEGER *public_key = NULL; - - DH *dh = NULL; - - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) - return 0; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype != V_ASN1_SEQUENCE) - { - DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); - goto err; - } - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - - if (!(dh = d2i_dhp(pkey, &pm, pmlen))) - { - DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); - goto err; - } - - if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) - { - DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); - goto err; - } - - /* We have parameters now set public key */ - if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) - { - DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); - goto err; - } - - ASN1_INTEGER_free(public_key); - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); - return 1; - - err: - if (public_key) - ASN1_INTEGER_free(public_key); - if (dh) - DH_free(dh); - return 0; - - } - -static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) - { - DH *dh; - void *pval = NULL; - int ptype; - unsigned char *penc = NULL; - int penclen; - ASN1_STRING *str; - ASN1_INTEGER *pub_key = NULL; - - dh=pkey->pkey.dh; - - str = ASN1_STRING_new(); - str->length = i2d_dhp(pkey, dh, &str->data); - if (str->length <= 0) - { - DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - pval = str; - ptype = V_ASN1_SEQUENCE; - - pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); - if (!pub_key) - goto err; - - penclen = i2d_ASN1_INTEGER(pub_key, &penc); - - ASN1_INTEGER_free(pub_key); - - if (penclen <= 0) - { - DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - ptype, pval, penc, penclen)) - return 1; - - err: - if (penc) - OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); - - return 0; - } - - -/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in - * that the AlgorithmIdentifier contains the parameters, the private key - * is explcitly included and the pubkey must be recalculated. - */ - -static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) - { - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - void *pval; - ASN1_STRING *pstr; - X509_ALGOR *palg; - ASN1_INTEGER *privkey = NULL; - - DH *dh = NULL; - - if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) - return 0; - - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype != V_ASN1_SEQUENCE) - goto decerr; - - if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) - goto decerr; - - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - if (!(dh = d2i_dhp(pkey, &pm, pmlen))) - goto decerr; - /* We have parameters now set private key */ - if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) - { - DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR); - goto dherr; - } - /* Calculate public key */ - if (!DH_generate_key(dh)) - goto dherr; +{ + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DH *dh = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) { + DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dh = d2i_dhp(pkey, &pm, pmlen))) { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ + if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); + return 1; + + err: + if (public_key) + ASN1_INTEGER_free(public_key); + if (dh) + DH_free(dh); + return 0; - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); +} - ASN1_INTEGER_free(privkey); +static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) +{ + DH *dh; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL; + int penclen; + ASN1_STRING *str; + ASN1_INTEGER *pub_key = NULL; + + dh = pkey->pkey.dh; + + str = ASN1_STRING_new(); + str->length = i2d_dhp(pkey, dh, &str->data); + if (str->length <= 0) { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + pval = str; + ptype = V_ASN1_SEQUENCE; + + pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); + if (!pub_key) + goto err; + + penclen = i2d_ASN1_INTEGER(pub_key, &penc); + + ASN1_INTEGER_free(pub_key); + + if (penclen <= 0) { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), + ptype, pval, penc, penclen)) + return 1; + + err: + if (penc) + OPENSSL_free(penc); + if (pval) + ASN1_STRING_free(pval); + + return 0; +} - return 1; +/* + * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that + * the AlgorithmIdentifier contains the parameters, the private key is + * explcitly included and the pubkey must be recalculated. + */ - decerr: - DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); - dherr: - DH_free(dh); - return 0; - } +static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) +{ + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + + DH *dh = NULL; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + goto decerr; + + if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen))) + goto decerr; + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if (!(dh = d2i_dhp(pkey, &pm, pmlen))) + goto decerr; + /* We have parameters now set private key */ + if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { + DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR); + goto dherr; + } + /* Calculate public key */ + if (!DH_generate_key(dh)) + goto dherr; + + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); + + ASN1_INTEGER_free(privkey); + + return 1; + + decerr: + DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); + dherr: + DH_free(dh); + return 0; +} static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { - ASN1_STRING *params = NULL; - ASN1_INTEGER *prkey = NULL; - unsigned char *dp = NULL; - int dplen; - - params = ASN1_STRING_new(); - - if (!params) - { - DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); - goto err; - } - - params->length = i2d_dhp(pkey, pkey->pkey.dh, ¶ms->data); - if (params->length <= 0) - { - DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); - goto err; - } - params->type = V_ASN1_SEQUENCE; - - /* Get private key into integer */ - prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); - - if (!prkey) - { - DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR); - goto err; - } - - dplen = i2d_ASN1_INTEGER(prkey, &dp); - - ASN1_INTEGER_free(prkey); - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) - goto err; - - return 1; - -err: - if (dp != NULL) - OPENSSL_free(dp); - if (params != NULL) - ASN1_STRING_free(params); - if (prkey != NULL) - ASN1_INTEGER_free(prkey); - return 0; + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + params = ASN1_STRING_new(); + + if (!params) { + DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_dhp(pkey, pkey->pkey.dh, ¶ms->data); + if (params->length <= 0) { + DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); + + if (!prkey) { + DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) + goto err; + + return 1; + + err: + if (dp != NULL) + OPENSSL_free(dp); + if (params != NULL) + ASN1_STRING_free(params); + if (prkey != NULL) + ASN1_INTEGER_free(prkey); + return 0; } - static void update_buflen(const BIGNUM *b, size_t *pbuflen) - { - size_t i; - if (!b) - return; - if (*pbuflen < (i = (size_t)BN_num_bytes(b))) - *pbuflen = i; - } +{ + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; +} static int dh_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) - { - DH *dh; - if (!(dh = d2i_dhp(pkey, pder, derlen))) - { - DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); - return 0; - } - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); - return 1; - } + const unsigned char **pder, int derlen) +{ + DH *dh; + if (!(dh = d2i_dhp(pkey, pder, derlen))) { + DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); + return 0; + } + EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); + return 1; +} static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) - { - return i2d_dhp(pkey, pkey->pkey.dh, pder); - } +{ + return i2d_dhp(pkey, pkey->pkey.dh, pder); +} static int do_dh_print(BIO *bp, const DH *x, int indent, - ASN1_PCTX *ctx, int ptype) - { - unsigned char *m=NULL; - int reason=ERR_R_BUF_LIB,ret=0; - size_t buf_len=0; - - const char *ktype = NULL; - - BIGNUM *priv_key, *pub_key; - - if (ptype == 2) - priv_key = x->priv_key; - else - priv_key = NULL; - - if (ptype > 0) - pub_key = x->pub_key; - else - pub_key = NULL; - - update_buflen(x->p, &buf_len); - - if (buf_len == 0) - { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - update_buflen(x->g, &buf_len); - update_buflen(x->q, &buf_len); - update_buflen(x->j, &buf_len); - update_buflen(x->counter, &buf_len); - update_buflen(pub_key, &buf_len); - update_buflen(priv_key, &buf_len); - - if (ptype == 2) - ktype = "DH Private-Key"; - else if (ptype == 1) - ktype = "DH Public-Key"; - else - ktype = "DH Parameters"; - - m= OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - reason=ERR_R_MALLOC_FAILURE; - goto err; - } - - BIO_indent(bp, indent, 128); - if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) - goto err; - indent += 4; - - if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err; - if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err; - - if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err; - if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err; - if (x->q && !ASN1_bn_print(bp,"subgroup order:",x->q,m,indent)) goto err; - if (x->j && !ASN1_bn_print(bp,"subgroup factor:",x->j,m,indent)) - goto err; - if (x->seed) - { - int i; - BIO_indent(bp, indent, 128); - BIO_puts(bp, "seed:"); - for (i=0; i < x->seedlen; i++) - { - if ((i%15) == 0) - { - if(BIO_puts(bp,"\n") <= 0 - || !BIO_indent(bp,indent+4,128)) - goto err; - } - if (BIO_printf(bp,"%02x%s", x->seed[i], - ((i+1) == x->seedlen)?"":":") <= 0) - goto err; - } - if (BIO_write(bp,"\n",1) <= 0) return(0); - } - if (x->counter && !ASN1_bn_print(bp,"counter:",x->counter,m,indent)) - goto err; - if (x->length != 0) - { - BIO_indent(bp, indent, 128); - if (BIO_printf(bp,"recommended-private-length: %d bits\n", - (int)x->length) <= 0) goto err; - } - - - ret=1; - if (0) - { -err: - DHerr(DH_F_DO_DH_PRINT,reason); - } - if (m != NULL) OPENSSL_free(m); - return(ret); - } + ASN1_PCTX *ctx, int ptype) +{ + unsigned char *m = NULL; + int reason = ERR_R_BUF_LIB, ret = 0; + size_t buf_len = 0; + + const char *ktype = NULL; + + BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + update_buflen(x->p, &buf_len); + + if (buf_len == 0) { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + update_buflen(x->g, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->j, &buf_len); + update_buflen(x->counter, &buf_len); + update_buflen(pub_key, &buf_len); + update_buflen(priv_key, &buf_len); + + if (ptype == 2) + ktype = "DH Private-Key"; + else if (ptype == 1) + ktype = "DH Public-Key"; + else + ktype = "DH Parameters"; + + m = OPENSSL_malloc(buf_len + 10); + if (m == NULL) { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + BIO_indent(bp, indent, 128); + if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) + goto err; + indent += 4; + + if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent)) + goto err; + if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent)) + goto err; + + if (!ASN1_bn_print(bp, "prime:", x->p, m, indent)) + goto err; + if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) + goto err; + if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent)) + goto err; + if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent)) + goto err; + if (x->seed) { + int i; + BIO_indent(bp, indent, 128); + BIO_puts(bp, "seed:"); + for (i = 0; i < x->seedlen; i++) { + if ((i % 15) == 0) { + if (BIO_puts(bp, "\n") <= 0 + || !BIO_indent(bp, indent + 4, 128)) + goto err; + } + if (BIO_printf(bp, "%02x%s", x->seed[i], + ((i + 1) == x->seedlen) ? "" : ":") <= 0) + goto err; + } + if (BIO_write(bp, "\n", 1) <= 0) + return (0); + } + if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent)) + goto err; + if (x->length != 0) { + BIO_indent(bp, indent, 128); + if (BIO_printf(bp, "recommended-private-length: %d bits\n", + (int)x->length) <= 0) + goto err; + } + + ret = 1; + if (0) { + err: + DHerr(DH_F_DO_DH_PRINT, reason); + } + if (m != NULL) + OPENSSL_free(m); + return (ret); +} static int int_dh_size(const EVP_PKEY *pkey) - { - return(DH_size(pkey->pkey.dh)); - } +{ + return (DH_size(pkey->pkey.dh)); +} static int dh_bits(const EVP_PKEY *pkey) - { - return BN_num_bits(pkey->pkey.dh->p); - } +{ + return BN_num_bits(pkey->pkey.dh->p); +} static int dh_security_bits(const EVP_PKEY *pkey) - { - return DH_security_bits(pkey->pkey.dh); - } +{ + return DH_security_bits(pkey->pkey.dh); +} static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) - { - if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) || - BN_cmp(a->pkey.dh->g,b->pkey.dh->g)) - return 0; - else if (a->ameth == &dhx_asn1_meth) - { - if (BN_cmp(a->pkey.dh->q,b->pkey.dh->q)) - return 0; - } - return 1; - } +{ + if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) || + BN_cmp(a->pkey.dh->g, b->pkey.dh->g)) + return 0; + else if (a->ameth == &dhx_asn1_meth) { + if (BN_cmp(a->pkey.dh->q, b->pkey.dh->q)) + return 0; + } + return 1; +} static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) - { - BIGNUM *a; - if (src) - { - a = BN_dup(src); - if (!a) - return 0; - } - else - a = NULL; - if (*dst) - BN_free(*dst); - *dst = a; - return 1; - } +{ + BIGNUM *a; + if (src) { + a = BN_dup(src); + if (!a) + return 0; + } else + a = NULL; + if (*dst) + BN_free(*dst); + *dst = a; + return 1; +} static int int_dh_param_copy(DH *to, const DH *from, int is_x942) - { - if (is_x942 == -1) - is_x942 = !!from->q; - if (!int_dh_bn_cpy(&to->p, from->p)) - return 0; - if (!int_dh_bn_cpy(&to->g, from->g)) - return 0; - if (is_x942) - { - if (!int_dh_bn_cpy(&to->q, from->q)) - return 0; - if (!int_dh_bn_cpy(&to->j, from->j)) - return 0; - if(to->seed) - { - OPENSSL_free(to->seed); - to->seed = NULL; - to->seedlen = 0; - } - if (from->seed) - { - to->seed = BUF_memdup(from->seed, from->seedlen); - if (!to->seed) - return 0; - to->seedlen = from->seedlen; - } - } - else - to->length = from->length; - return 1; - } - +{ + if (is_x942 == -1) + is_x942 = ! !from->q; + if (!int_dh_bn_cpy(&to->p, from->p)) + return 0; + if (!int_dh_bn_cpy(&to->g, from->g)) + return 0; + if (is_x942) { + if (!int_dh_bn_cpy(&to->q, from->q)) + return 0; + if (!int_dh_bn_cpy(&to->j, from->j)) + return 0; + if (to->seed) { + OPENSSL_free(to->seed); + to->seed = NULL; + to->seedlen = 0; + } + if (from->seed) { + to->seed = BUF_memdup(from->seed, from->seedlen); + if (!to->seed) + return 0; + to->seedlen = from->seedlen; + } + } else + to->length = from->length; + return 1; +} DH *DHparams_dup(DH *dh) - { - DH *ret; - ret = DH_new(); - if (!ret) - return NULL; - if (!int_dh_param_copy(ret, dh, -1)) - { - DH_free(ret); - return NULL; - } - return ret; - } +{ + DH *ret; + ret = DH_new(); + if (!ret) + return NULL; + if (!int_dh_param_copy(ret, dh, -1)) { + DH_free(ret); + return NULL; + } + return ret; +} static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) - { - return int_dh_param_copy(to->pkey.dh, from->pkey.dh, - from->ameth == &dhx_asn1_meth); - } +{ + return int_dh_param_copy(to->pkey.dh, from->pkey.dh, + from->ameth == &dhx_asn1_meth); +} static int dh_missing_parameters(const EVP_PKEY *a) - { - if (!a->pkey.dh->p || !a->pkey.dh->g) - return 1; - return 0; - } +{ + if (!a->pkey.dh->p || !a->pkey.dh->g) + return 1; + return 0; +} static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) - { - if (dh_cmp_parameters(a, b) == 0) - return 0; - if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0) - return 0; - else - return 1; - } +{ + if (dh_cmp_parameters(a, b) == 0) + return 0; + if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0) + return 0; + else + return 1; +} static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); - } + ASN1_PCTX *ctx) +{ + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); +} static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); - } + ASN1_PCTX *ctx) +{ + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); +} static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) - { - return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); - } + ASN1_PCTX *ctx) +{ + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); +} int DHparams_print(BIO *bp, const DH *x) - { - return do_dh_print(bp, x, 4, NULL, 0); - } +{ + return do_dh_print(bp, x, 4, NULL, 0); +} #ifndef OPENSSL_NO_CMS static int dh_cms_decrypt(CMS_RecipientInfo *ri); @@ -583,411 +564,397 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri); #endif static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - { - switch (op) - { +{ + switch (op) { #ifndef OPENSSL_NO_CMS - case ASN1_PKEY_CTRL_CMS_ENVELOPE: - if (arg1 == 1) - return dh_cms_decrypt(arg2); - else if (arg1 == 0) - return dh_cms_encrypt(arg2); - return -2; + case ASN1_PKEY_CTRL_CMS_ENVELOPE: + if (arg1 == 1) + return dh_cms_decrypt(arg2); + else if (arg1 == 0) + return dh_cms_encrypt(arg2); + return -2; - case ASN1_PKEY_CTRL_CMS_RI_TYPE: - *(int *)arg2 = CMS_RECIPINFO_AGREE; - return 1; + case ASN1_PKEY_CTRL_CMS_RI_TYPE: + *(int *)arg2 = CMS_RECIPINFO_AGREE; + return 1; #endif - default: - return -2; - } - - } - -const EVP_PKEY_ASN1_METHOD dh_asn1_meth = - { - EVP_PKEY_DH, - EVP_PKEY_DH, - 0, - - "DH", - "OpenSSL PKCS#3 DH method", - - dh_pub_decode, - dh_pub_encode, - dh_pub_cmp, - dh_public_print, - - dh_priv_decode, - dh_priv_encode, - dh_private_print, - - int_dh_size, - dh_bits, - dh_security_bits, - - dh_param_decode, - dh_param_encode, - dh_missing_parameters, - dh_copy_parameters, - dh_cmp_parameters, - dh_param_print, - 0, - - int_dh_free, - 0 - }; - -const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = - { - EVP_PKEY_DHX, - EVP_PKEY_DHX, - 0, - - "X9.42 DH", - "OpenSSL X9.42 DH method", - - dh_pub_decode, - dh_pub_encode, - dh_pub_cmp, - dh_public_print, - - dh_priv_decode, - dh_priv_encode, - dh_private_print, - - int_dh_size, - dh_bits, - dh_security_bits, - - dh_param_decode, - dh_param_encode, - dh_missing_parameters, - dh_copy_parameters, - dh_cmp_parameters, - dh_param_print, - 0, - - int_dh_free, - dh_pkey_ctrl - }; + default: + return -2; + } + +} + +const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { + EVP_PKEY_DH, + EVP_PKEY_DH, + 0, + + "DH", + "OpenSSL PKCS#3 DH method", + + dh_pub_decode, + dh_pub_encode, + dh_pub_cmp, + dh_public_print, + + dh_priv_decode, + dh_priv_encode, + dh_private_print, + + int_dh_size, + dh_bits, + dh_security_bits, + + dh_param_decode, + dh_param_encode, + dh_missing_parameters, + dh_copy_parameters, + dh_cmp_parameters, + dh_param_print, + 0, + + int_dh_free, + 0 +}; + +const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { + EVP_PKEY_DHX, + EVP_PKEY_DHX, + 0, + + "X9.42 DH", + "OpenSSL X9.42 DH method", + + dh_pub_decode, + dh_pub_encode, + dh_pub_cmp, + dh_public_print, + + dh_priv_decode, + dh_priv_encode, + dh_private_print, + + int_dh_size, + dh_bits, + dh_security_bits, + + dh_param_decode, + dh_param_encode, + dh_missing_parameters, + dh_copy_parameters, + dh_cmp_parameters, + dh_param_print, + 0, + + int_dh_free, + dh_pkey_ctrl +}; + #ifndef OPENSSL_NO_CMS static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, - X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) - { - ASN1_OBJECT *aoid; - int atype; - void *aval; - ASN1_INTEGER *public_key = NULL; - int rv = 0; - EVP_PKEY *pkpeer = NULL, *pk = NULL; - DH *dhpeer = NULL; - const unsigned char *p; - int plen; - - X509_ALGOR_get0(&aoid, &atype, &aval, alg); - if (OBJ_obj2nid(aoid) != NID_dhpublicnumber) - goto err; - /* Only absent parameters allowed in RFC XXXX */ - if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL) - goto err; - - pk = EVP_PKEY_CTX_get0_pkey(pctx); - if (!pk) - goto err; - if (pk->type != EVP_PKEY_DHX) - goto err; - /* Get parameters from parent key */ - dhpeer = DHparams_dup(pk->pkey.dh); - /* We have parameters now set public key */ - plen = ASN1_STRING_length(pubkey); - p = ASN1_STRING_data(pubkey); - if (!p || !plen) - goto err; - - if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, plen))) - { - DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR); - goto err; - } - - /* We have parameters now set public key */ - if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) - { - DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR); - goto err; - } - - pkpeer = EVP_PKEY_new(); - if (!pkpeer) - goto err; - EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); - dhpeer = NULL; - if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) - rv = 1; - err: - if (public_key) - ASN1_INTEGER_free(public_key); - if (pkpeer) - EVP_PKEY_free(pkpeer); - if (dhpeer) - DH_free(dhpeer); - return rv; - } + X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) +{ + ASN1_OBJECT *aoid; + int atype; + void *aval; + ASN1_INTEGER *public_key = NULL; + int rv = 0; + EVP_PKEY *pkpeer = NULL, *pk = NULL; + DH *dhpeer = NULL; + const unsigned char *p; + int plen; + + X509_ALGOR_get0(&aoid, &atype, &aval, alg); + if (OBJ_obj2nid(aoid) != NID_dhpublicnumber) + goto err; + /* Only absent parameters allowed in RFC XXXX */ + if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL) + goto err; + + pk = EVP_PKEY_CTX_get0_pkey(pctx); + if (!pk) + goto err; + if (pk->type != EVP_PKEY_DHX) + goto err; + /* Get parameters from parent key */ + dhpeer = DHparams_dup(pk->pkey.dh); + /* We have parameters now set public key */ + plen = ASN1_STRING_length(pubkey); + p = ASN1_STRING_data(pubkey); + if (!p || !plen) + goto err; + + if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) { + DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ + if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR); + goto err; + } + + pkpeer = EVP_PKEY_new(); + if (!pkpeer) + goto err; + EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); + dhpeer = NULL; + if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) + rv = 1; + err: + if (public_key) + ASN1_INTEGER_free(public_key); + if (pkpeer) + EVP_PKEY_free(pkpeer); + if (dhpeer) + DH_free(dhpeer); + return rv; +} static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) - { - int rv = 0; - - X509_ALGOR *alg, *kekalg = NULL; - ASN1_OCTET_STRING *ukm; - const unsigned char *p; - unsigned char *dukm = NULL; - size_t dukmlen = 0; - int keylen, plen; - const EVP_CIPHER *kekcipher; - EVP_CIPHER_CTX *kekctx; - - if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) - goto err; - - /* For DH we only have one OID permissible. If ever any more get - * defined we will need something cleverer. - */ - if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) - { - DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR); - goto err; - } - - if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0) - goto err; - - if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0) - goto err; - - if (alg->parameter->type != V_ASN1_SEQUENCE) - goto err; - - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; - kekalg = d2i_X509_ALGOR(NULL, &p, plen); - if (!kekalg) - goto err; - kekctx = CMS_RecipientInfo_kari_get0_ctx(ri); - if (!kekctx) - goto err; - kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); - if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) - goto err; - if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) - goto err; - if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) - goto err; - - keylen = EVP_CIPHER_CTX_key_length(kekctx); - if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) - goto err; - /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */ - if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, - OBJ_nid2obj(EVP_CIPHER_type(kekcipher))) <= 0) - goto err; - - if (ukm) - { - dukmlen = ASN1_STRING_length(ukm); - dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); - if (!dukm) - goto err; - } - - if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0) - goto err; - dukm = NULL; - - rv = 1; - err: - if (kekalg) - X509_ALGOR_free(kekalg); - if (dukm) - OPENSSL_free(dukm); - return rv; - } +{ + int rv = 0; + + X509_ALGOR *alg, *kekalg = NULL; + ASN1_OCTET_STRING *ukm; + const unsigned char *p; + unsigned char *dukm = NULL; + size_t dukmlen = 0; + int keylen, plen; + const EVP_CIPHER *kekcipher; + EVP_CIPHER_CTX *kekctx; + + if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) + goto err; + + /* + * For DH we only have one OID permissible. If ever any more get defined + * we will need something cleverer. + */ + if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) { + DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR); + goto err; + } + + if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0) + goto err; + + if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0) + goto err; + + if (alg->parameter->type != V_ASN1_SEQUENCE) + goto err; + + p = alg->parameter->value.sequence->data; + plen = alg->parameter->value.sequence->length; + kekalg = d2i_X509_ALGOR(NULL, &p, plen); + if (!kekalg) + goto err; + kekctx = CMS_RecipientInfo_kari_get0_ctx(ri); + if (!kekctx) + goto err; + kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); + if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) + goto err; + if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) + goto err; + if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) + goto err; + + keylen = EVP_CIPHER_CTX_key_length(kekctx); + if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) + goto err; + /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */ + if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, + OBJ_nid2obj(EVP_CIPHER_type(kekcipher))) + <= 0) + goto err; + + if (ukm) { + dukmlen = ASN1_STRING_length(ukm); + dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); + if (!dukm) + goto err; + } + + if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0) + goto err; + dukm = NULL; + + rv = 1; + err: + if (kekalg) + X509_ALGOR_free(kekalg); + if (dukm) + OPENSSL_free(dukm); + return rv; +} static int dh_cms_decrypt(CMS_RecipientInfo *ri) - { - EVP_PKEY_CTX *pctx; - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (!pctx) - return 0; - /* See if we need to set peer key */ - if (!EVP_PKEY_CTX_get0_peerkey(pctx)) - { - X509_ALGOR *alg; - ASN1_BIT_STRING *pubkey; - if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, - NULL, NULL, NULL)) - return 0; - if (!alg || !pubkey) - return 0; - if (!dh_cms_set_peerkey(pctx, alg, pubkey)) - { - DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR); - return 0; - } - } - /* Set DH derivation parameters and initialise unwrap context */ - if (!dh_cms_set_shared_info(pctx, ri)) - { - DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR); - return 0; - } - return 1; - } +{ + EVP_PKEY_CTX *pctx; + pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); + if (!pctx) + return 0; + /* See if we need to set peer key */ + if (!EVP_PKEY_CTX_get0_peerkey(pctx)) { + X509_ALGOR *alg; + ASN1_BIT_STRING *pubkey; + if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, + NULL, NULL, NULL)) + return 0; + if (!alg || !pubkey) + return 0; + if (!dh_cms_set_peerkey(pctx, alg, pubkey)) { + DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR); + return 0; + } + } + /* Set DH derivation parameters and initialise unwrap context */ + if (!dh_cms_set_shared_info(pctx, ri)) { + DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR); + return 0; + } + return 1; +} static int dh_cms_encrypt(CMS_RecipientInfo *ri) - { - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; - EVP_CIPHER_CTX *ctx; - int keylen; - X509_ALGOR *talg, *wrap_alg = NULL; - ASN1_OBJECT *aoid; - ASN1_BIT_STRING *pubkey; - ASN1_STRING *wrap_str; - ASN1_OCTET_STRING *ukm; - unsigned char *penc = NULL, *dukm = NULL; - int penclen; - size_t dukmlen = 0; - int rv = 0; - int kdf_type, wrap_nid; - const EVP_MD *kdf_md; - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (!pctx) - return 0; - /* Get ephemeral key */ - pkey = EVP_PKEY_CTX_get0_pkey(pctx); - if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, - NULL, NULL, NULL)) - goto err; - X509_ALGOR_get0(&aoid, NULL, NULL, talg); - /* Is everything uninitialised? */ - if (aoid == OBJ_nid2obj(NID_undef)) - { - ASN1_INTEGER *pubk; - pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); - if (!pubk) - goto err; - /* Set the key */ - - penclen = i2d_ASN1_INTEGER(pubk, &penc); - ASN1_INTEGER_free(pubk); - if (penclen <= 0) - goto err; - ASN1_STRING_set0(pubkey, penc, penclen); - pubkey->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - pubkey->flags|=ASN1_STRING_FLAG_BITS_LEFT; - - penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber), - V_ASN1_UNDEF, NULL); - } - - /* See if custom paraneters set */ - kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx); - if (kdf_type <= 0) - goto err; - if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md)) - goto err; - - if (kdf_type == EVP_PKEY_DH_KDF_NONE) - { - kdf_type = EVP_PKEY_DH_KDF_X9_42; - if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0) - goto err; - } - else if (kdf_type != EVP_PKEY_DH_KDF_X9_42) - /* Unknown KDF */ - goto err; - if (kdf_md == NULL) - { - /* Only SHA1 supported */ - kdf_md = EVP_sha1(); - if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0) - goto err; - } - else if (EVP_MD_type(kdf_md) != NID_sha1) - /* Unsupported digest */ - goto err; - - if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm)) - goto err; - - /* Get wrap NID */ - ctx = CMS_RecipientInfo_kari_get0_ctx(ri); - wrap_nid = EVP_CIPHER_CTX_type(ctx); - if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0) - goto err; - keylen = EVP_CIPHER_CTX_key_length(ctx); - - /* Package wrap algorithm in an AlgorithmIdentifier */ - - wrap_alg = X509_ALGOR_new(); - if (!wrap_alg) - goto err; - wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); - wrap_alg->parameter = ASN1_TYPE_new(); - if (!wrap_alg->parameter) - goto err; - if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) - goto err; - if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) - { - ASN1_TYPE_free(wrap_alg->parameter); - wrap_alg->parameter = NULL; - } - - if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) - goto err; - - if (ukm) - { - dukmlen = ASN1_STRING_length(ukm); - dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); - if (!dukm) - goto err; - } - - if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0) - goto err; - dukm = NULL; - - /* Now need to wrap encoding of wrap AlgorithmIdentifier into - * parameter of another AlgorithmIdentifier. - */ - penc = NULL; - penclen = i2d_X509_ALGOR(wrap_alg, &penc); - if (!penc || !penclen) - goto err; - wrap_str = ASN1_STRING_new(); - if (!wrap_str) - goto err; - ASN1_STRING_set0(wrap_str, penc, penclen); - penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), - V_ASN1_SEQUENCE, wrap_str); - - rv = 1; - - err: - if (penc) - OPENSSL_free(penc); - if (wrap_alg) - X509_ALGOR_free(wrap_alg); - return rv; - } +{ + EVP_PKEY_CTX *pctx; + EVP_PKEY *pkey; + EVP_CIPHER_CTX *ctx; + int keylen; + X509_ALGOR *talg, *wrap_alg = NULL; + ASN1_OBJECT *aoid; + ASN1_BIT_STRING *pubkey; + ASN1_STRING *wrap_str; + ASN1_OCTET_STRING *ukm; + unsigned char *penc = NULL, *dukm = NULL; + int penclen; + size_t dukmlen = 0; + int rv = 0; + int kdf_type, wrap_nid; + const EVP_MD *kdf_md; + pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); + if (!pctx) + return 0; + /* Get ephemeral key */ + pkey = EVP_PKEY_CTX_get0_pkey(pctx); + if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, + NULL, NULL, NULL)) + goto err; + X509_ALGOR_get0(&aoid, NULL, NULL, talg); + /* Is everything uninitialised? */ + if (aoid == OBJ_nid2obj(NID_undef)) { + ASN1_INTEGER *pubk; + pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); + if (!pubk) + goto err; + /* Set the key */ + + penclen = i2d_ASN1_INTEGER(pubk, &penc); + ASN1_INTEGER_free(pubk); + if (penclen <= 0) + goto err; + ASN1_STRING_set0(pubkey, penc, penclen); + pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; + + penc = NULL; + X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber), + V_ASN1_UNDEF, NULL); + } + + /* See if custom paraneters set */ + kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx); + if (kdf_type <= 0) + goto err; + if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md)) + goto err; + + if (kdf_type == EVP_PKEY_DH_KDF_NONE) { + kdf_type = EVP_PKEY_DH_KDF_X9_42; + if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0) + goto err; + } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42) + /* Unknown KDF */ + goto err; + if (kdf_md == NULL) { + /* Only SHA1 supported */ + kdf_md = EVP_sha1(); + if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0) + goto err; + } else if (EVP_MD_type(kdf_md) != NID_sha1) + /* Unsupported digest */ + goto err; + + if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm)) + goto err; + + /* Get wrap NID */ + ctx = CMS_RecipientInfo_kari_get0_ctx(ri); + wrap_nid = EVP_CIPHER_CTX_type(ctx); + if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0) + goto err; + keylen = EVP_CIPHER_CTX_key_length(ctx); + + /* Package wrap algorithm in an AlgorithmIdentifier */ + + wrap_alg = X509_ALGOR_new(); + if (!wrap_alg) + goto err; + wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); + wrap_alg->parameter = ASN1_TYPE_new(); + if (!wrap_alg->parameter) + goto err; + if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) + goto err; + if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) { + ASN1_TYPE_free(wrap_alg->parameter); + wrap_alg->parameter = NULL; + } + + if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) + goto err; + + if (ukm) { + dukmlen = ASN1_STRING_length(ukm); + dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); + if (!dukm) + goto err; + } + + if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0) + goto err; + dukm = NULL; + + /* + * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter + * of another AlgorithmIdentifier. + */ + penc = NULL; + penclen = i2d_X509_ALGOR(wrap_alg, &penc); + if (!penc || !penclen) + goto err; + wrap_str = ASN1_STRING_new(); + if (!wrap_str) + goto err; + ASN1_STRING_set0(wrap_str, penc, penclen); + penc = NULL; + X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), + V_ASN1_SEQUENCE, wrap_str); + + rv = 1; + + err: + if (penc) + OPENSSL_free(penc); + if (wrap_alg) + X509_ALGOR_free(wrap_alg); + return rv; +} #endif - diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 96ea475c63..f470214399 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -1,6 +1,7 @@ /* dh_asn1.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2000. */ /* ==================================================================== * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -65,129 +66,124 @@ /* Override the default free and new methods */ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)DH_new(); - if(*pval) return 2; - return 0; - } else if(operation == ASN1_OP_FREE_PRE) { - DH_free((DH *)*pval); - *pval = NULL; - return 2; - } - return 1; + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)DH_new(); + if (*pval) + return 2; + return 0; + } else if (operation == ASN1_OP_FREE_PRE) { + DH_free((DH *)*pval); + *pval = NULL; + return 2; + } + return 1; } ASN1_SEQUENCE_cb(DHparams, dh_cb) = { - ASN1_SIMPLE(DH, p, BIGNUM), - ASN1_SIMPLE(DH, g, BIGNUM), - ASN1_OPT(DH, length, ZLONG), + ASN1_SIMPLE(DH, p, BIGNUM), + ASN1_SIMPLE(DH, g, BIGNUM), + ASN1_OPT(DH, length, ZLONG), } ASN1_SEQUENCE_END_cb(DH, DHparams) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) -/* Internal only structures for handling X9.42 DH: this gets translated - * to or from a DH structure straight away. +/* + * Internal only structures for handling X9.42 DH: this gets translated to or + * from a DH structure straight away. */ -typedef struct - { - ASN1_BIT_STRING *seed; - BIGNUM *counter; - } int_dhvparams; - -typedef struct - { - BIGNUM *p; - BIGNUM *q; - BIGNUM *g; - BIGNUM *j; - int_dhvparams *vparams; - } int_dhx942_dh; +typedef struct { + ASN1_BIT_STRING *seed; + BIGNUM *counter; +} int_dhvparams; + +typedef struct { + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + BIGNUM *j; + int_dhvparams *vparams; +} int_dhx942_dh; ASN1_SEQUENCE(DHvparams) = { - ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), - ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) + ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), + ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) } ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) ASN1_SEQUENCE(DHxparams) = { - ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), - ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM), - ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), - ASN1_OPT(int_dhx942_dh, j, BIGNUM), - ASN1_OPT(int_dhx942_dh, vparams, DHvparams), + ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), + ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM), + ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), + ASN1_OPT(int_dhx942_dh, j, BIGNUM), + ASN1_OPT(int_dhx942_dh, vparams, DHvparams), } ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) -int_dhx942_dh * d2i_int_dhx(int_dhx942_dh **a, - const unsigned char **pp, long length); -int i2d_int_dhx(const int_dhx942_dh *a,unsigned char **pp); +int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, + const unsigned char **pp, long length); +int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp); IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx) /* Application leve function: read in X9.42 DH parameters into DH structure */ -DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length) - { - int_dhx942_dh *dhx = NULL; - DH *dh = NULL; - dh = DH_new(); - if (!dh) - return NULL; - dhx = d2i_int_dhx(NULL, pp, length); - if (!dhx) - { - DH_free(dh); - return NULL; - } - - if (a) - { - if (*a) - DH_free(*a); - *a = dh; - } - - dh->p = dhx->p; - dh->q = dhx->q; - dh->g = dhx->g; - dh->j = dhx->j; - - if (dhx->vparams) - { - dh->seed = dhx->vparams->seed->data; - dh->seedlen = dhx->vparams->seed->length; - dh->counter = dhx->vparams->counter; - dhx->vparams->seed->data = NULL; - ASN1_BIT_STRING_free(dhx->vparams->seed); - OPENSSL_free(dhx->vparams); - dhx->vparams = NULL; - } - - OPENSSL_free(dhx); - return dh; - } - -int i2d_DHxparams(const DH *dh,unsigned char **pp) - { - int_dhx942_dh dhx; - int_dhvparams dhv; - ASN1_BIT_STRING bs; - dhx.p = dh->p; - dhx.g = dh->g; - dhx.q = dh->q; - dhx.j = dh->j; - if (dh->counter && dh->seed && dh->seedlen > 0) - { - bs.flags = ASN1_STRING_FLAG_BITS_LEFT; - bs.data = dh->seed; - bs.length = dh->seedlen; - dhv.seed = &bs; - dhv.counter = dh->counter; - dhx.vparams = &dhv; - } - else - dhx.vparams = NULL; - - return i2d_int_dhx(&dhx, pp); - } +DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length) +{ + int_dhx942_dh *dhx = NULL; + DH *dh = NULL; + dh = DH_new(); + if (!dh) + return NULL; + dhx = d2i_int_dhx(NULL, pp, length); + if (!dhx) { + DH_free(dh); + return NULL; + } + + if (a) { + if (*a) + DH_free(*a); + *a = dh; + } + + dh->p = dhx->p; + dh->q = dhx->q; + dh->g = dhx->g; + dh->j = dhx->j; + + if (dhx->vparams) { + dh->seed = dhx->vparams->seed->data; + dh->seedlen = dhx->vparams->seed->length; + dh->counter = dhx->vparams->counter; + dhx->vparams->seed->data = NULL; + ASN1_BIT_STRING_free(dhx->vparams->seed); + OPENSSL_free(dhx->vparams); + dhx->vparams = NULL; + } + + OPENSSL_free(dhx); + return dh; +} + +int i2d_DHxparams(const DH *dh, unsigned char **pp) +{ + int_dhx942_dh dhx; + int_dhvparams dhv; + ASN1_BIT_STRING bs; + dhx.p = dh->p; + dhx.g = dh->g; + dhx.q = dh->q; + dhx.j = dh->j; + if (dh->counter && dh->seed && dh->seedlen > 0) { + bs.flags = ASN1_STRING_FLAG_BITS_LEFT; + bs.data = dh->seed; + bs.length = dh->seedlen; + dhv.seed = &bs; + dhv.counter = dh->counter; + dhx.vparams = &dhv; + } else + dhx.vparams = NULL; + + return i2d_int_dhx(&dhx, pp); +} diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 0acd7753e9..347467c6a4 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -72,103 +72,102 @@ */ int DH_check(const DH *dh, int *ret) - { - int ok=0; - BN_CTX *ctx=NULL; - BN_ULONG l; - BIGNUM *t1=NULL, *t2 = NULL; +{ + int ok = 0; + BN_CTX *ctx = NULL; + BN_ULONG l; + BIGNUM *t1 = NULL, *t2 = NULL; + + *ret = 0; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + if (t1 == NULL) + goto err; + t2 = BN_CTX_get(ctx); + if (t2 == NULL) + goto err; - *ret=0; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - BN_CTX_start(ctx); - t1=BN_CTX_get(ctx); - if (t1 == NULL) goto err; - t2=BN_CTX_get(ctx); - if (t2 == NULL) goto err; + if (dh->q) { + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else if (BN_cmp(dh->g, dh->p) >= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else { + /* Check g^q == 1 mod p */ + if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) + goto err; + if (!BN_is_one(t1)) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } + if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_Q_NOT_PRIME; + /* Check p == 1 mod q i.e. q divides p - 1 */ + if (!BN_div(t1, t2, dh->p, dh->q, ctx)) + goto err; + if (!BN_is_one(t2)) + *ret |= DH_CHECK_INVALID_Q_VALUE; + if (dh->j && BN_cmp(dh->j, t1)) + *ret |= DH_CHECK_INVALID_J_VALUE; - if (dh->q) - { - if (BN_cmp(dh->g, BN_value_one()) <= 0) - *ret|=DH_NOT_SUITABLE_GENERATOR; - else if (BN_cmp(dh->g, dh->p) >= 0) - *ret|=DH_NOT_SUITABLE_GENERATOR; - else - { - /* Check g^q == 1 mod p */ - if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) - goto err; - if (!BN_is_one(t1)) - *ret|=DH_NOT_SUITABLE_GENERATOR; - } - if (!BN_is_prime_ex(dh->q,BN_prime_checks,ctx,NULL)) - *ret|=DH_CHECK_Q_NOT_PRIME; - /* Check p == 1 mod q i.e. q divides p - 1 */ - if (!BN_div(t1, t2, dh->p, dh->q, ctx)) - goto err; - if (!BN_is_one(t2)) - *ret|=DH_CHECK_INVALID_Q_VALUE; - if (dh->j && BN_cmp(dh->j, t1)) - *ret|=DH_CHECK_INVALID_J_VALUE; - - } - else if (BN_is_word(dh->g,DH_GENERATOR_2)) - { - l=BN_mod_word(dh->p,24); - if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; - } + } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { + l = BN_mod_word(dh->p, 24); + if (l != 11) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } #if 0 - else if (BN_is_word(dh->g,DH_GENERATOR_3)) - { - l=BN_mod_word(dh->p,12); - if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; - } + else if (BN_is_word(dh->g, DH_GENERATOR_3)) { + l = BN_mod_word(dh->p, 12); + if (l != 5) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } #endif - else if (BN_is_word(dh->g,DH_GENERATOR_5)) - { - l=BN_mod_word(dh->p,10); - if ((l != 3) && (l != 7)) - *ret|=DH_NOT_SUITABLE_GENERATOR; - } - else - *ret|=DH_UNABLE_TO_CHECK_GENERATOR; + else if (BN_is_word(dh->g, DH_GENERATOR_5)) { + l = BN_mod_word(dh->p, 10); + if ((l != 3) && (l != 7)) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } else + *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_PRIME; - else if (!dh->q) - { - if (!BN_rshift1(t1,dh->p)) goto err; - if (!BN_is_prime_ex(t1,BN_prime_checks,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_SAFE_PRIME; - } - ok=1; -err: - if (ctx != NULL) - { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return(ok); - } + if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_P_NOT_PRIME; + else if (!dh->q) { + if (!BN_rshift1(t1, dh->p)) + goto err; + if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_P_NOT_SAFE_PRIME; + } + ok = 1; + err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return (ok); +} int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) - { - int ok=0; - BIGNUM *q=NULL; +{ + int ok = 0; + BIGNUM *q = NULL; - *ret=0; - q=BN_new(); - if (q == NULL) goto err; - BN_set_word(q,1); - if (BN_cmp(pub_key,q)<=0) - *ret|=DH_CHECK_PUBKEY_TOO_SMALL; - BN_copy(q,dh->p); - BN_sub_word(q,1); - if (BN_cmp(pub_key,q)>=0) - *ret|=DH_CHECK_PUBKEY_TOO_LARGE; + *ret = 0; + q = BN_new(); + if (q == NULL) + goto err; + BN_set_word(q, 1); + if (BN_cmp(pub_key, q) <= 0) + *ret |= DH_CHECK_PUBKEY_TOO_SMALL; + BN_copy(q, dh->p); + BN_sub_word(q, 1); + if (BN_cmp(pub_key, q) >= 0) + *ret |= DH_CHECK_PUBKEY_TOO_LARGE; - ok = 1; -err: - if (q != NULL) BN_free(q); - return(ok); - } + ok = 1; + err: + if (q != NULL) + BN_free(q); + return (ok); +} diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index bff3b59f88..7220d074d8 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,6 @@ * */ - /* This file contains deprecated functions as wrappers to the new ones */ #include <stdio.h> @@ -61,33 +60,31 @@ #include <openssl/bn.h> #include <openssl/dh.h> -static void *dummy=&dummy; +static void *dummy = &dummy; #ifndef OPENSSL_NO_DEPRECATED DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) - { - BN_GENCB *cb; - DH *ret=NULL; + void (*callback) (int, int, void *), void *cb_arg) +{ + BN_GENCB *cb; + DH *ret = NULL; - if((ret=DH_new()) == NULL) - return NULL; - cb = BN_GENCB_new(); - if(!cb) - { - DH_free(ret); - return NULL; - } + if ((ret = DH_new()) == NULL) + return NULL; + cb = BN_GENCB_new(); + if (!cb) { + DH_free(ret); + return NULL; + } - BN_GENCB_set_old(cb, callback, cb_arg); + BN_GENCB_set_old(cb, callback, cb_arg); - if(DH_generate_parameters_ex(ret, prime_len, generator, cb)) - { - BN_GENCB_free(cb); - return ret; - } - BN_GENCB_free(cb); - DH_free(ret); - return NULL; - } + if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) { + BN_GENCB_free(cb); + return ret; + } + BN_GENCB_free(cb); + DH_free(ret); + return NULL; +} #endif diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index 848c3cbf11..d232498713 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,8 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -65,60 +66,57 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) -static ERR_STRING_DATA DH_str_functs[]= - { -{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, -{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, -{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, -{ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"}, -{ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"}, -{ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"}, -{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, -{ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, -{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, -{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, -{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, -{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, -{ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, -{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, -{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, -{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, -{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, -{0,NULL} - }; +static ERR_STRING_DATA DH_str_functs[] = { + {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, + {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, + {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, + {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"}, + {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"}, + {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"}, + {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, + {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, + {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, + {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, + {ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, + {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, + {ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, + {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, + {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, + {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, + {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, + {0, NULL} +}; -static ERR_STRING_DATA DH_str_reasons[]= - { -{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, -{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"}, -{ERR_REASON(DH_R_BN_ERROR) ,"bn error"}, -{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"}, -{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, -{ERR_REASON(DH_R_KDF_PARAMETER_ERROR) ,"kdf parameter error"}, -{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, -{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, -{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, -{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, -{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, -{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, -{ERR_REASON(DH_R_PEER_KEY_ERROR) ,"peer key error"}, -{ERR_REASON(DH_R_SHARED_INFO_ERROR) ,"shared info error"}, -{0,NULL} - }; +static ERR_STRING_DATA DH_str_reasons[] = { + {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"}, + {ERR_REASON(DH_R_BN_DECODE_ERROR), "bn decode error"}, + {ERR_REASON(DH_R_BN_ERROR), "bn error"}, + {ERR_REASON(DH_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, + {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, + {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"}, + {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, + {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, + {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, + {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, + {0, NULL} +}; #endif void ERR_load_DH_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(DH_str_functs[0].error) == NULL) - { - ERR_load_strings(0,DH_str_functs); - ERR_load_strings(0,DH_str_reasons); - } + if (ERR_func_error_string(DH_str_functs[0].error) == NULL) { + ERR_load_strings(0, DH_str_functs); + ERR_load_strings(0, DH_str_reasons); + } #endif - } +} diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 1d3cbe8a89..9b9db6458b 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,33 +49,33 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -/* NB: These functions have been upgraded - the previous prototypes are in - * dh_depr.c as wrappers to these ones. - * - Geoff +/* + * NB: These functions have been upgraded - the previous prototypes are in + * dh_depr.c as wrappers to these ones. - Geoff */ - - #include <stdio.h> #include "cryptlib.h" #include <openssl/bn.h> #include <openssl/dh.h> -static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb); -int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) - { - if(ret->meth->generate_params) - return ret->meth->generate_params(ret, prime_len, generator, cb); - return dh_builtin_genparams(ret, prime_len, generator, cb); - } +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, + BN_GENCB *cb) +{ + if (ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); +} /*- * We generate DH parameters as follows @@ -99,80 +99,91 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c * Since DH should be using a safe prime (both p and q are prime), * this generator function can take a very very long time to run. */ -/* Actually there is no reason to insist that 'generator' be a generator. +/* + * Actually there is no reason to insist that 'generator' be a generator. * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) - { - BIGNUM *t1,*t2; - int g,ok= -1; - BN_CTX *ctx=NULL; +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb) +{ + BIGNUM *t1, *t2; + int g, ok = -1; + BN_CTX *ctx = NULL; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t1 == NULL || t2 == NULL) goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t1 == NULL || t2 == NULL) + goto err; - /* Make sure 'ret' has the necessary elements */ - if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; - if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; - - if (generator <= 1) - { - DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); - goto err; - } - if (generator == DH_GENERATOR_2) - { - if (!BN_set_word(t1,24)) goto err; - if (!BN_set_word(t2,11)) goto err; - g=2; - } -#if 0 /* does not work for safe primes */ - else if (generator == DH_GENERATOR_3) - { - if (!BN_set_word(t1,12)) goto err; - if (!BN_set_word(t2,5)) goto err; - g=3; - } + /* Make sure 'ret' has the necessary elements */ + if (!ret->p && ((ret->p = BN_new()) == NULL)) + goto err; + if (!ret->g && ((ret->g = BN_new()) == NULL)) + goto err; + + if (generator <= 1) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); + goto err; + } + if (generator == DH_GENERATOR_2) { + if (!BN_set_word(t1, 24)) + goto err; + if (!BN_set_word(t2, 11)) + goto err; + g = 2; + } +#if 0 /* does not work for safe primes */ + else if (generator == DH_GENERATOR_3) { + if (!BN_set_word(t1, 12)) + goto err; + if (!BN_set_word(t2, 5)) + goto err; + g = 3; + } #endif - else if (generator == DH_GENERATOR_5) - { - if (!BN_set_word(t1,10)) goto err; - if (!BN_set_word(t2,3)) goto err; - /* BN_set_word(t3,7); just have to miss - * out on these ones :-( */ - g=5; - } - else - { - /* in the general case, don't worry if 'generator' is a - * generator or not: since we are using safe primes, - * it will generate either an order-q or an order-2q group, - * which both is OK */ - if (!BN_set_word(t1,2)) goto err; - if (!BN_set_word(t2,1)) goto err; - g=generator; - } - - if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; - if(!BN_GENCB_call(cb, 3, 0)) goto err; - if (!BN_set_word(ret->g,g)) goto err; - ok=1; -err: - if (ok == -1) - { - DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); - ok=0; - } + else if (generator == DH_GENERATOR_5) { + if (!BN_set_word(t1, 10)) + goto err; + if (!BN_set_word(t2, 3)) + goto err; + /* + * BN_set_word(t3,7); just have to miss out on these ones :-( + */ + g = 5; + } else { + /* + * in the general case, don't worry if 'generator' is a generator or + * not: since we are using safe primes, it will generate either an + * order-q or an order-2q group, which both is OK + */ + if (!BN_set_word(t1, 2)) + goto err; + if (!BN_set_word(t2, 1)) + goto err; + g = generator; + } + + if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb)) + goto err; + if (!BN_GENCB_call(cb, 3, 0)) + goto err; + if (!BN_set_word(ret->g, g)) + goto err; + ok = 1; + err: + if (ok == -1) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB); + ok = 0; + } - if (ctx != NULL) - { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; - } + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; +} diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index cabc7a1260..a882cb286e 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,141 +57,131 @@ #include <openssl/asn1.h> #include <openssl/cms.h> - /* Key derivation from X9.42/RFC2631 */ -#define DH_KDF_MAX (1L << 30) +#define DH_KDF_MAX (1L << 30) /* Skip past an ASN1 structure: for OBJECT skip content octets too */ static int skip_asn1(unsigned char **pp, long *plen, int exptag) - { - const unsigned char *q = *pp; - int i, tag, xclass; - long tmplen; - i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen); - if (i & 0x80) - return 0; - if (tag != exptag || xclass != V_ASN1_UNIVERSAL) - return 0; - if (tag == V_ASN1_OBJECT) - q += tmplen; - *plen -= q - *pp; - *pp = (unsigned char *)q; - return 1; - } +{ + const unsigned char *q = *pp; + int i, tag, xclass; + long tmplen; + i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen); + if (i & 0x80) + return 0; + if (tag != exptag || xclass != V_ASN1_UNIVERSAL) + return 0; + if (tag == V_ASN1_OBJECT) + q += tmplen; + *plen -= q - *pp; + *pp = (unsigned char *)q; + return 1; +} -/* Encode the DH shared info structure, return an offset to the counter - * value so we can update the structure without reencoding it. +/* + * Encode the DH shared info structure, return an offset to the counter value + * so we can update the structure without reencoding it. */ - static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr, - ASN1_OBJECT *key_oid, size_t outlen, - const unsigned char *ukm, size_t ukmlen) - { - unsigned char *p; - int derlen; - long tlen; - /* "magic" value to check offset is sane */ - static unsigned char ctr[4] = {0xF3, 0x17, 0x22, 0x53}; - X509_ALGOR atmp; - ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct; - ASN1_TYPE ctr_atype; - if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX) - return 0; - ctr_oct.data = ctr; - ctr_oct.length = 4; - ctr_oct.flags = 0; - ctr_oct.type = V_ASN1_OCTET_STRING; - ctr_atype.type = V_ASN1_OCTET_STRING; - ctr_atype.value.octet_string = &ctr_oct; - atmp.algorithm = key_oid; - atmp.parameter = &ctr_atype; - if (ukm) - { - ukm_oct.type = V_ASN1_OCTET_STRING; - ukm_oct.flags = 0; - ukm_oct.data = (unsigned char *)ukm; - ukm_oct.length = ukmlen; - pukm_oct = &ukm_oct; - } - else - pukm_oct = NULL; - derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen); - if (derlen <= 0) - return 0; - p = *pder; - tlen = derlen; - if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) - return 0; - if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) - return 0; - if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT)) - return 0; - if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING)) - return 0; - if (CRYPTO_memcmp(p, ctr, 4)) - return 0; - *pctr = p; - return derlen; - } - -int DH_KDF_X9_42(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - ASN1_OBJECT *key_oid, - const unsigned char *ukm, size_t ukmlen, - const EVP_MD *md) - { - EVP_MD_CTX mctx; - int rv = 0; - unsigned int i; - size_t mdlen; - unsigned char *der = NULL, *ctr; - int derlen; - if (Zlen > DH_KDF_MAX) - return 0; - mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); - derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, - ukm, ukmlen); - if (derlen == 0) - goto err; - for (i = 1;;i++) - { - unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) - goto err; - ctr[3] = i & 0xFF; - ctr[2] = (i >> 8) & 0xFF; - ctr[1] = (i >> 16) & 0xFF; - ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, der, derlen)) - goto err; - if (outlen >= mdlen) - { - if (!EVP_DigestFinal(&mctx, out, NULL)) - goto err; - outlen -= mdlen; - if (outlen == 0) - break; - out += mdlen; - } - else - { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) - goto err; - memcpy(out, mtmp, outlen); - OPENSSL_cleanse(mtmp, mdlen); - break; - } - } - rv = 1; - err: - if (der) - OPENSSL_free(der); - EVP_MD_CTX_cleanup(&mctx); - return rv; - } + ASN1_OBJECT *key_oid, size_t outlen, + const unsigned char *ukm, size_t ukmlen) +{ + unsigned char *p; + int derlen; + long tlen; + /* "magic" value to check offset is sane */ + static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 }; + X509_ALGOR atmp; + ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct; + ASN1_TYPE ctr_atype; + if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX) + return 0; + ctr_oct.data = ctr; + ctr_oct.length = 4; + ctr_oct.flags = 0; + ctr_oct.type = V_ASN1_OCTET_STRING; + ctr_atype.type = V_ASN1_OCTET_STRING; + ctr_atype.value.octet_string = &ctr_oct; + atmp.algorithm = key_oid; + atmp.parameter = &ctr_atype; + if (ukm) { + ukm_oct.type = V_ASN1_OCTET_STRING; + ukm_oct.flags = 0; + ukm_oct.data = (unsigned char *)ukm; + ukm_oct.length = ukmlen; + pukm_oct = &ukm_oct; + } else + pukm_oct = NULL; + derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen); + if (derlen <= 0) + return 0; + p = *pder; + tlen = derlen; + if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) + return 0; + if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) + return 0; + if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT)) + return 0; + if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING)) + return 0; + if (CRYPTO_memcmp(p, ctr, 4)) + return 0; + *pctr = p; + return derlen; +} +int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + ASN1_OBJECT *key_oid, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) +{ + EVP_MD_CTX mctx; + int rv = 0; + unsigned int i; + size_t mdlen; + unsigned char *der = NULL, *ctr; + int derlen; + if (Zlen > DH_KDF_MAX) + return 0; + mdlen = EVP_MD_size(md); + EVP_MD_CTX_init(&mctx); + derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); + if (derlen == 0) + goto err; + for (i = 1;; i++) { + unsigned char mtmp[EVP_MAX_MD_SIZE]; + EVP_DigestInit_ex(&mctx, md, NULL); + if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + goto err; + ctr[3] = i & 0xFF; + ctr[2] = (i >> 8) & 0xFF; + ctr[1] = (i >> 16) & 0xFF; + ctr[0] = (i >> 24) & 0xFF; + if (!EVP_DigestUpdate(&mctx, der, derlen)) + goto err; + if (outlen >= mdlen) { + if (!EVP_DigestFinal(&mctx, out, NULL)) + goto err; + outlen -= mdlen; + if (outlen == 0) + break; + out += mdlen; + } else { + if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + goto err; + memcpy(out, mtmp, outlen); + OPENSSL_cleanse(mtmp, mdlen); + break; + } + } + rv = 1; + err: + if (der) + OPENSSL_free(der); + EVP_MD_CTX_cleanup(&mctx); + return rv; +} diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index d8eecde9b4..9e2c8b26e6 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,15 +49,13 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ - - #include <stdio.h> #include "cryptlib.h" #include <openssl/rand.h> @@ -67,231 +65,215 @@ static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int dh_init(DH *dh); static int dh_finish(DH *dh); int DH_generate_key(DH *dh) - { - return dh->meth->generate_key(dh); - } +{ + return dh->meth->generate_key(dh); +} int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - return dh->meth->compute_key(key, pub_key, dh); - } +{ + return dh->meth->compute_key(key, pub_key, dh); +} int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - int rv, pad; - rv = dh->meth->compute_key(key, pub_key, dh); - if (rv <= 0) - return rv; - pad = BN_num_bytes(dh->p) - rv; - if (pad > 0) - { - memmove(key + pad, key, rv); - memset(key, 0, pad); - } - return rv + pad; - } +{ + int rv, pad; + rv = dh->meth->compute_key(key, pub_key, dh); + if (rv <= 0) + return rv; + pad = BN_num_bytes(dh->p) - rv; + if (pad > 0) { + memmove(key + pad, key, rv); + memset(key, 0, pad); + } + return rv + pad; +} static DH_METHOD dh_ossl = { -"OpenSSL DH Method", -generate_key, -compute_key, -dh_bn_mod_exp, -dh_init, -dh_finish, -DH_FLAG_FIPS_METHOD, -NULL, -NULL + "OpenSSL DH Method", + generate_key, + compute_key, + dh_bn_mod_exp, + dh_init, + dh_finish, + DH_FLAG_FIPS_METHOD, + NULL, + NULL }; const DH_METHOD *DH_OpenSSL(void) { - return &dh_ossl; + return &dh_ossl; } static int generate_key(DH *dh) - { - int ok=0; - int generate_new_key=0; - unsigned l; - BN_CTX *ctx; - BN_MONT_CTX *mont=NULL; - BIGNUM *pub_key=NULL,*priv_key=NULL; +{ + int ok = 0; + int generate_new_key = 0; + unsigned l; + BN_CTX *ctx; + BN_MONT_CTX *mont = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; - ctx = BN_CTX_new(); - if (ctx == NULL) goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; - if (dh->priv_key == NULL) - { - priv_key=BN_new(); - if (priv_key == NULL) goto err; - generate_new_key=1; - } - else - priv_key=dh->priv_key; + if (dh->priv_key == NULL) { + priv_key = BN_new(); + if (priv_key == NULL) + goto err; + generate_new_key = 1; + } else + priv_key = dh->priv_key; - if (dh->pub_key == NULL) - { - pub_key=BN_new(); - if (pub_key == NULL) goto err; - } - else - pub_key=dh->pub_key; + if (dh->pub_key == NULL) { + pub_key = BN_new(); + if (pub_key == NULL) + goto err; + } else + pub_key = dh->pub_key; + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if (!mont) + goto err; + } - if (dh->flags & DH_FLAG_CACHE_MONT_P) - { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - CRYPTO_LOCK_DH, dh->p, ctx); - if (!mont) - goto err; - } + if (generate_new_key) { + if (dh->q) { + do { + if (!BN_rand_range(priv_key, dh->q)) + goto err; + } + while (BN_is_zero(priv_key) || BN_is_one(priv_key)); + } else { + /* secret exponent length */ + l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; + if (!BN_rand(priv_key, l, 0, 0)) + goto err; + } + } - if (generate_new_key) - { - if (dh->q) - { - do - { - if (!BN_rand_range(priv_key, dh->q)) - goto err; - } - while (BN_is_zero(priv_key) || BN_is_one(priv_key)); - } - else - { - /* secret exponent length */ - l = dh->length ? dh->length : BN_num_bits(dh->p)-1; - if (!BN_rand(priv_key, l, 0, 0)) goto err; - } - } + { + BIGNUM *local_prk = NULL; + BIGNUM *prk; - { - BIGNUM *local_prk = NULL; - BIGNUM *prk; + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { + local_prk = prk = BN_new(); + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); + } else + prk = priv_key; - if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) - { - local_prk = prk = BN_new(); - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - } - else - prk = priv_key; + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) { + if (local_prk) + BN_free(local_prk); + goto err; + } + if (local_prk) + BN_free(local_prk); + } - if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) - { - if(local_prk) BN_free(local_prk); - goto err; - } - if(local_prk) BN_free(local_prk); - } - - dh->pub_key=pub_key; - dh->priv_key=priv_key; - ok=1; -err: - if (ok != 1) - DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); + dh->pub_key = pub_key; + dh->priv_key = priv_key; + ok = 1; + err: + if (ok != 1) + DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB); - if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); - if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); - BN_CTX_free(ctx); - return(ok); - } + if ((pub_key != NULL) && (dh->pub_key == NULL)) + BN_free(pub_key); + if ((priv_key != NULL) && (dh->priv_key == NULL)) + BN_free(priv_key); + BN_CTX_free(ctx); + return (ok); +} static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - BN_CTX *ctx=NULL; - BN_MONT_CTX *mont=NULL; - BIGNUM *tmp; - int ret= -1; - int check_result; +{ + BN_CTX *ctx = NULL; + BN_MONT_CTX *mont = NULL; + BIGNUM *tmp; + int ret = -1; + int check_result; - if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) - { - DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); - goto err; - } + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); + goto err; + } - ctx = BN_CTX_new(); - if (ctx == NULL) goto err; - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - - if (dh->priv_key == NULL) - { - DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); - goto err; - } + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); - if (dh->flags & DH_FLAG_CACHE_MONT_P) - { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - CRYPTO_LOCK_DH, dh->p, ctx); - if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) - { - /* XXX */ - BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); - } - if (!mont) - goto err; - } + if (dh->priv_key == NULL) { + DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE); + goto err; + } - if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) - { - DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); - goto err; - } + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { + /* XXX */ + BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); + } + if (!mont) + goto err; + } - if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) - { - DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); - goto err; - } + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) { + DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY); + goto err; + } - ret=BN_bn2bin(tmp,key); -err: - if (ctx != NULL) - { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return(ret); - } + if (!dh-> + meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) { + DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); + goto err; + } -static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - /* If a is only one word long and constant time is false, use the faster - * exponenentiation function. - */ - if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) - { - BN_ULONG A = bn_get_words(a)[0]; - return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); - } - else - return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); - } + ret = BN_bn2bin(tmp, key); + err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return (ret); +} +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + /* + * If a is only one word long and constant time is false, use the faster + * exponenentiation function. + */ + if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) { + BN_ULONG A = bn_get_words(a)[0]; + return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx); + } else + return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); +} static int dh_init(DH *dh) - { - dh->flags |= DH_FLAG_CACHE_MONT_P; - return(1); - } +{ + dh->flags |= DH_FLAG_CACHE_MONT_P; + return (1); +} static int dh_finish(DH *dh) - { - if(dh->method_mont_p) - BN_MONT_CTX_free(dh->method_mont_p); - return(1); - } +{ + if (dh->method_mont_p) + BN_MONT_CTX_free(dh->method_mont_p); + return (1); +} diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 83b3dc50c1..46d1a2b7b9 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,199 +61,203 @@ #include <openssl/bn.h> #include <openssl/dh.h> #ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> +# include <openssl/engine.h> #endif -const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT; +const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT; static const DH_METHOD *default_DH_method = NULL; void DH_set_default_method(const DH_METHOD *meth) - { - default_DH_method = meth; - } +{ + default_DH_method = meth; +} const DH_METHOD *DH_get_default_method(void) - { - if(!default_DH_method) - default_DH_method = DH_OpenSSL(); - return default_DH_method; - } +{ + if (!default_DH_method) + default_DH_method = DH_OpenSSL(); + return default_DH_method; +} int DH_set_method(DH *dh, const DH_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ - const DH_METHOD *mtmp; - mtmp = dh->meth; - if (mtmp->finish) mtmp->finish(dh); +{ + /* + * NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. + */ + const DH_METHOD *mtmp; + mtmp = dh->meth; + if (mtmp->finish) + mtmp->finish(dh); #ifndef OPENSSL_NO_ENGINE - if (dh->engine) - { - ENGINE_finish(dh->engine); - dh->engine = NULL; - } + if (dh->engine) { + ENGINE_finish(dh->engine); + dh->engine = NULL; + } #endif - dh->meth = meth; - if (meth->init) meth->init(dh); - return 1; - } + dh->meth = meth; + if (meth->init) + meth->init(dh); + return 1; +} DH *DH_new(void) - { - return DH_new_method(NULL); - } +{ + return DH_new_method(NULL); +} DH *DH_new_method(ENGINE *engine) - { - DH *ret; +{ + DH *ret; - ret=(DH *)OPENSSL_malloc(sizeof(DH)); - if (ret == NULL) - { - DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); - } + ret = (DH *)OPENSSL_malloc(sizeof(DH)); + if (ret == NULL) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return (NULL); + } - ret->meth = DH_get_default_method(); + ret->meth = DH_get_default_method(); #ifndef OPENSSL_NO_ENGINE - if (engine) - { - if (!ENGINE_init(engine)) - { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); - return NULL; - } - ret->engine = engine; - } - else - ret->engine = ENGINE_get_default_DH(); - if(ret->engine) - { - ret->meth = ENGINE_get_DH(ret->engine); - if(!ret->meth) - { - DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; - } - } + if (engine) { + if (!ENGINE_init(engine)) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } else + ret->engine = ENGINE_get_default_DH(); + if (ret->engine) { + ret->meth = ENGINE_get_DH(ret->engine); + if (!ret->meth) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } #endif - ret->pad=0; - ret->version=0; - ret->p=NULL; - ret->g=NULL; - ret->length=0; - ret->pub_key=NULL; - ret->priv_key=NULL; - ret->q=NULL; - ret->j=NULL; - ret->seed = NULL; - ret->seedlen = 0; - ret->counter = NULL; - ret->method_mont_p=NULL; - ret->references = 1; - ret->flags=ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { + ret->pad = 0; + ret->version = 0; + ret->p = NULL; + ret->g = NULL; + ret->length = 0; + ret->pub_key = NULL; + ret->priv_key = NULL; + ret->q = NULL; + ret->j = NULL; + ret->seed = NULL; + ret->seedlen = 0; + ret->counter = NULL; + ret->method_mont_p = NULL; + ret->references = 1; + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { #ifndef OPENSSL_NO_ENGINE - if (ret->engine) - ENGINE_finish(ret->engine); + if (ret->engine) + ENGINE_finish(ret->engine); #endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } - return(ret); - } + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); + OPENSSL_free(ret); + ret = NULL; + } + return (ret); +} void DH_free(DH *r) - { - int i; - if(r == NULL) return; - i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); +{ + int i; + if (r == NULL) + return; + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); #ifdef REF_PRINT - REF_PRINT("DH",r); + REF_PRINT("DH", r); #endif - if (i > 0) return; + if (i > 0) + return; #ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"DH_free, bad reference count\n"); - abort(); - } + if (i < 0) { + fprintf(stderr, "DH_free, bad reference count\n"); + abort(); + } #endif - if (r->meth->finish) - r->meth->finish(r); + if (r->meth->finish) + r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); + if (r->engine) + ENGINE_finish(r->engine); #endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); - if (r->p != NULL) BN_clear_free(r->p); - if (r->g != NULL) BN_clear_free(r->g); - if (r->q != NULL) BN_clear_free(r->q); - if (r->j != NULL) BN_clear_free(r->j); - if (r->seed) OPENSSL_free(r->seed); - if (r->counter != NULL) BN_clear_free(r->counter); - if (r->pub_key != NULL) BN_clear_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - OPENSSL_free(r); - } + if (r->p != NULL) + BN_clear_free(r->p); + if (r->g != NULL) + BN_clear_free(r->g); + if (r->q != NULL) + BN_clear_free(r->q); + if (r->j != NULL) + BN_clear_free(r->j); + if (r->seed) + OPENSSL_free(r->seed); + if (r->counter != NULL) + BN_clear_free(r->counter); + if (r->pub_key != NULL) + BN_clear_free(r->pub_key); + if (r->priv_key != NULL) + BN_clear_free(r->priv_key); + OPENSSL_free(r); +} int DH_up_ref(DH *r) - { - int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); +{ + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); #ifdef REF_PRINT - REF_PRINT("DH",r); + REF_PRINT("DH", r); #endif #ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "DH_up, bad reference count\n"); - abort(); - } + if (i < 2) { + fprintf(stderr, "DH_up, bad reference count\n"); + abort(); + } #endif - return ((i > 1) ? 1 : 0); - } + return ((i > 1) ? 1 : 0); +} int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, - new_func, dup_func, free_func); - } + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, + new_func, dup_func, free_func); +} int DH_set_ex_data(DH *d, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); - } +{ + return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); +} void *DH_get_ex_data(DH *d, int idx) - { - return(CRYPTO_get_ex_data(&d->ex_data,idx)); - } +{ + return (CRYPTO_get_ex_data(&d->ex_data, idx)); +} int DH_size(const DH *dh) - { - return(BN_num_bytes(dh->p)); - } +{ + return (BN_num_bytes(dh->p)); +} int DH_security_bits(const DH *dh) - { - int N; - if (dh->q) - N = BN_num_bits(dh->q); - else if (dh->length) - N = dh->length; - else - N = -1; - return BN_security_bits(BN_num_bits(dh->p), N); - } +{ + int N; + if (dh->q) + N = BN_num_bits(dh->q); + else if (dh->length) + N = dh->length; + else + N = -1; + return BN_security_bits(BN_num_bits(dh->p), N); +} diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 85e743bfe1..c41de925c7 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -1,5 +1,6 @@ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. @@ -9,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -63,517 +64,491 @@ #include <openssl/dh.h> #include <openssl/bn.h> #ifndef OPENSSL_NO_DSA -#include <openssl/dsa.h> +# include <openssl/dsa.h> #endif #include <openssl/objects.h> #include "evp_locl.h" /* DH pkey context structure */ -typedef struct - { - /* Parameter gen parameters */ - int prime_len; - int generator; - int use_dsa; - int subprime_len; - /* message digest used for parameter generation */ - const EVP_MD *md; - int rfc5114_param; - /* Keygen callback info */ - int gentmp[2]; - /* KDF (if any) to use for DH */ - char kdf_type; - /* OID to use for KDF */ - ASN1_OBJECT *kdf_oid; - /* Message digest to use for key derivation */ - const EVP_MD *kdf_md; - /* User key material */ - unsigned char *kdf_ukm; - size_t kdf_ukmlen; - /* KDF output length */ - size_t kdf_outlen; - } DH_PKEY_CTX; +typedef struct { + /* Parameter gen parameters */ + int prime_len; + int generator; + int use_dsa; + int subprime_len; + /* message digest used for parameter generation */ + const EVP_MD *md; + int rfc5114_param; + /* Keygen callback info */ + int gentmp[2]; + /* KDF (if any) to use for DH */ + char kdf_type; + /* OID to use for KDF */ + ASN1_OBJECT *kdf_oid; + /* Message digest to use for key derivation */ + const EVP_MD *kdf_md; + /* User key material */ + unsigned char *kdf_ukm; + size_t kdf_ukmlen; + /* KDF output length */ + size_t kdf_outlen; +} DH_PKEY_CTX; static int pkey_dh_init(EVP_PKEY_CTX *ctx) - { - DH_PKEY_CTX *dctx; - dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); - if (!dctx) - return 0; - dctx->prime_len = 1024; - dctx->subprime_len = -1; - dctx->generator = 2; - dctx->use_dsa = 0; - dctx->md = NULL; - dctx->rfc5114_param = 0; - - dctx->kdf_type = EVP_PKEY_DH_KDF_NONE; - dctx->kdf_oid = NULL; - dctx->kdf_md = NULL; - dctx->kdf_ukm = NULL; - dctx->kdf_ukmlen = 0; - dctx->kdf_outlen = 0; - - ctx->data = dctx; - ctx->keygen_info = dctx->gentmp; - ctx->keygen_info_count = 2; - - return 1; - } +{ + DH_PKEY_CTX *dctx; + dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); + if (!dctx) + return 0; + dctx->prime_len = 1024; + dctx->subprime_len = -1; + dctx->generator = 2; + dctx->use_dsa = 0; + dctx->md = NULL; + dctx->rfc5114_param = 0; + + dctx->kdf_type = EVP_PKEY_DH_KDF_NONE; + dctx->kdf_oid = NULL; + dctx->kdf_md = NULL; + dctx->kdf_ukm = NULL; + dctx->kdf_ukmlen = 0; + dctx->kdf_outlen = 0; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; +} static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) - { - DH_PKEY_CTX *dctx, *sctx; - if (!pkey_dh_init(dst)) - return 0; - sctx = src->data; - dctx = dst->data; - dctx->prime_len = sctx->prime_len; - dctx->subprime_len = sctx->subprime_len; - dctx->generator = sctx->generator; - dctx->use_dsa = sctx->use_dsa; - dctx->md = sctx->md; - dctx->rfc5114_param = sctx->rfc5114_param; - - dctx->kdf_type = sctx->kdf_type; - dctx->kdf_oid = OBJ_dup(sctx->kdf_oid); - if (!dctx->kdf_oid) - return 0; - dctx->kdf_md = sctx->kdf_md; - if (dctx->kdf_ukm) - { - dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); - dctx->kdf_ukmlen = sctx->kdf_ukmlen; - } - dctx->kdf_outlen = sctx->kdf_outlen; - return 1; - } +{ + DH_PKEY_CTX *dctx, *sctx; + if (!pkey_dh_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->prime_len = sctx->prime_len; + dctx->subprime_len = sctx->subprime_len; + dctx->generator = sctx->generator; + dctx->use_dsa = sctx->use_dsa; + dctx->md = sctx->md; + dctx->rfc5114_param = sctx->rfc5114_param; + + dctx->kdf_type = sctx->kdf_type; + dctx->kdf_oid = OBJ_dup(sctx->kdf_oid); + if (!dctx->kdf_oid) + return 0; + dctx->kdf_md = sctx->kdf_md; + if (dctx->kdf_ukm) { + dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); + dctx->kdf_ukmlen = sctx->kdf_ukmlen; + } + dctx->kdf_outlen = sctx->kdf_outlen; + return 1; +} static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) - { - DH_PKEY_CTX *dctx = ctx->data; - if (dctx) - { - if (dctx->kdf_ukm) - OPENSSL_free(dctx->kdf_ukm); - if (dctx->kdf_oid) - ASN1_OBJECT_free(dctx->kdf_oid); - OPENSSL_free(dctx); - } - } +{ + DH_PKEY_CTX *dctx = ctx->data; + if (dctx) { + if (dctx->kdf_ukm) + OPENSSL_free(dctx->kdf_ukm); + if (dctx->kdf_oid) + ASN1_OBJECT_free(dctx->kdf_oid); + OPENSSL_free(dctx); + } +} static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - { - DH_PKEY_CTX *dctx = ctx->data; - switch (type) - { - case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: - if (p1 < 256) - return -2; - dctx->prime_len = p1; - return 1; - - case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN: - if (dctx->use_dsa == 0) - return -2; - dctx->subprime_len = p1; - return 1; - - case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: - if (dctx->use_dsa) - return -2; - dctx->generator = p1; - return 1; - - case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE: +{ + DH_PKEY_CTX *dctx = ctx->data; + switch (type) { + case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: + if (p1 < 256) + return -2; + dctx->prime_len = p1; + return 1; + + case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN: + if (dctx->use_dsa == 0) + return -2; + dctx->subprime_len = p1; + return 1; + + case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: + if (dctx->use_dsa) + return -2; + dctx->generator = p1; + return 1; + + case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE: #ifdef OPENSSL_NO_DSA - if (p1 != 0) - return -2; + if (p1 != 0) + return -2; #else - if (p1 < 0 || p1 > 2) - return -2; + if (p1 < 0 || p1 > 2) + return -2; #endif - dctx->use_dsa = p1; - return 1; - - case EVP_PKEY_CTRL_DH_RFC5114: - if (p1 < 1 || p1 > 3) - return -2; - dctx->rfc5114_param = p1; - return 1; - - case EVP_PKEY_CTRL_PEER_KEY: - /* Default behaviour is OK */ - return 1; - - case EVP_PKEY_CTRL_DH_KDF_TYPE: - if (p1 == -2) - return dctx->kdf_type; - if (p1 != EVP_PKEY_DH_KDF_NONE && - p1 != EVP_PKEY_DH_KDF_X9_42) - return -2; - dctx->kdf_type = p1; - return 1; - - case EVP_PKEY_CTRL_DH_KDF_MD: - dctx->kdf_md = p2; - return 1; - - case EVP_PKEY_CTRL_GET_DH_KDF_MD: - *(const EVP_MD **)p2 = dctx->kdf_md; - return 1; - - case EVP_PKEY_CTRL_DH_KDF_OUTLEN: - if (p1 <= 0) - return -2; - dctx->kdf_outlen = (size_t)p1; - return 1; - - case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN: - *(int *)p2 = dctx->kdf_outlen; - return 1; - - case EVP_PKEY_CTRL_DH_KDF_UKM: - if (dctx->kdf_ukm) - OPENSSL_free(dctx->kdf_ukm); - dctx->kdf_ukm = p2; - if (p2) - dctx->kdf_ukmlen = p1; - else - dctx->kdf_ukmlen = 0; - return 1; - - case EVP_PKEY_CTRL_GET_DH_KDF_UKM: - *(unsigned char **)p2 = dctx->kdf_ukm; - return dctx->kdf_ukmlen; - - case EVP_PKEY_CTRL_DH_KDF_OID: - if (dctx->kdf_oid) - ASN1_OBJECT_free(dctx->kdf_oid); - dctx->kdf_oid = p2; - return 1; - - case EVP_PKEY_CTRL_GET_DH_KDF_OID: - *(ASN1_OBJECT **)p2 = dctx->kdf_oid; - return 1; - - default: - return -2; - - } - } - + dctx->use_dsa = p1; + return 1; + + case EVP_PKEY_CTRL_DH_RFC5114: + if (p1 < 1 || p1 > 3) + return -2; + dctx->rfc5114_param = p1; + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + return 1; + + case EVP_PKEY_CTRL_DH_KDF_TYPE: + if (p1 == -2) + return dctx->kdf_type; + if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) + return -2; + dctx->kdf_type = p1; + return 1; + + case EVP_PKEY_CTRL_DH_KDF_MD: + dctx->kdf_md = p2; + return 1; + + case EVP_PKEY_CTRL_GET_DH_KDF_MD: + *(const EVP_MD **)p2 = dctx->kdf_md; + return 1; + + case EVP_PKEY_CTRL_DH_KDF_OUTLEN: + if (p1 <= 0) + return -2; + dctx->kdf_outlen = (size_t)p1; + return 1; + + case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN: + *(int *)p2 = dctx->kdf_outlen; + return 1; + + case EVP_PKEY_CTRL_DH_KDF_UKM: + if (dctx->kdf_ukm) + OPENSSL_free(dctx->kdf_ukm); + dctx->kdf_ukm = p2; + if (p2) + dctx->kdf_ukmlen = p1; + else + dctx->kdf_ukmlen = 0; + return 1; + + case EVP_PKEY_CTRL_GET_DH_KDF_UKM: + *(unsigned char **)p2 = dctx->kdf_ukm; + return dctx->kdf_ukmlen; + + case EVP_PKEY_CTRL_DH_KDF_OID: + if (dctx->kdf_oid) + ASN1_OBJECT_free(dctx->kdf_oid); + dctx->kdf_oid = p2; + return 1; + + case EVP_PKEY_CTRL_GET_DH_KDF_OID: + *(ASN1_OBJECT **)p2 = dctx->kdf_oid; + return 1; + + default: + return -2; + + } +} static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) - { - if (!strcmp(type, "dh_paramgen_prime_len")) - { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); - } - if (!strcmp(type, "dh_rfc5114")) - { - DH_PKEY_CTX *dctx = ctx->data; - int len; - len = atoi(value); - if (len < 0 || len > 3) - return -2; - dctx->rfc5114_param = len; - return 1; - } - if (!strcmp(type, "dh_paramgen_generator")) - { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); - } - if (!strcmp(type, "dh_paramgen_subprime_len")) - { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len); - } - if (!strcmp(type, "dh_paramgen_type")) - { - int typ; - typ = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ); - } - return -2; - } + const char *type, const char *value) +{ + if (!strcmp(type, "dh_paramgen_prime_len")) { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); + } + if (!strcmp(type, "dh_rfc5114")) { + DH_PKEY_CTX *dctx = ctx->data; + int len; + len = atoi(value); + if (len < 0 || len > 3) + return -2; + dctx->rfc5114_param = len; + return 1; + } + if (!strcmp(type, "dh_paramgen_generator")) { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); + } + if (!strcmp(type, "dh_paramgen_subprime_len")) { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len); + } + if (!strcmp(type, "dh_paramgen_type")) { + int typ; + typ = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ); + } + return -2; +} #ifndef OPENSSL_NO_DSA extern int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, - const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + const EVP_MD *evpmd, + const unsigned char *seed_in, size_t seed_len, + unsigned char *seed_out, int *counter_ret, + unsigned long *h_ret, BN_GENCB *cb); extern int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, - const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - int idx, unsigned char *seed_out, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + const EVP_MD *evpmd, + const unsigned char *seed_in, + size_t seed_len, int idx, + unsigned char *seed_out, int *counter_ret, + unsigned long *h_ret, BN_GENCB *cb); static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb) - { - DSA *ret; - int rv = 0; - int prime_len = dctx->prime_len; - int subprime_len = dctx->subprime_len; - const EVP_MD *md = dctx->md; - if (dctx->use_dsa > 2) - return NULL; - ret = DSA_new(); - if (!ret) - return NULL; - if (subprime_len == -1) - { - if (prime_len >= 2048) - subprime_len = 256; - else - subprime_len = 160; - } - if (md == NULL) - { - if (prime_len >= 2048) - md = EVP_sha256(); - else - md = EVP_sha1(); - } - if (dctx->use_dsa == 1) - rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md, - NULL, 0, NULL, NULL, NULL, pcb); - else if(dctx->use_dsa == 2) - rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md, - NULL, 0, -1, NULL, NULL, NULL, pcb); - if (rv <= 0) - { - DSA_free(ret); - return NULL; - } - return ret; - } +{ + DSA *ret; + int rv = 0; + int prime_len = dctx->prime_len; + int subprime_len = dctx->subprime_len; + const EVP_MD *md = dctx->md; + if (dctx->use_dsa > 2) + return NULL; + ret = DSA_new(); + if (!ret) + return NULL; + if (subprime_len == -1) { + if (prime_len >= 2048) + subprime_len = 256; + else + subprime_len = 160; + } + if (md == NULL) { + if (prime_len >= 2048) + md = EVP_sha256(); + else + md = EVP_sha1(); + } + if (dctx->use_dsa == 1) + rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md, + NULL, 0, NULL, NULL, NULL, pcb); + else if (dctx->use_dsa == 2) + rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md, + NULL, 0, -1, NULL, NULL, NULL, pcb); + if (rv <= 0) { + DSA_free(ret); + return NULL; + } + return ret; +} #endif static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { - DH *dh = NULL; - DH_PKEY_CTX *dctx = ctx->data; - BN_GENCB *pcb; - int ret; - if (dctx->rfc5114_param) - { - switch (dctx->rfc5114_param) - { - case 1: - dh = DH_get_1024_160(); - break; - - case 2: - dh = DH_get_2048_224(); - break; - - case 3: - dh = DH_get_2048_256(); - break; - - default: - return -2; - } - EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); - return 1; - } - - if (ctx->pkey_gencb) - { - pcb = BN_GENCB_new(); - evp_pkey_set_cb_translate(pcb, ctx); - } - else - pcb = NULL; +{ + DH *dh = NULL; + DH_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb; + int ret; + if (dctx->rfc5114_param) { + switch (dctx->rfc5114_param) { + case 1: + dh = DH_get_1024_160(); + break; + + case 2: + dh = DH_get_2048_224(); + break; + + case 3: + dh = DH_get_2048_256(); + break; + + default: + return -2; + } + EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); + return 1; + } + + if (ctx->pkey_gencb) { + pcb = BN_GENCB_new(); + evp_pkey_set_cb_translate(pcb, ctx); + } else + pcb = NULL; #ifndef OPENSSL_NO_DSA - if (dctx->use_dsa) - { - DSA *dsa_dh; - dsa_dh = dsa_dh_generate(dctx, pcb); - if(pcb) BN_GENCB_free(pcb); - if (!dsa_dh) - return 0; - dh = DSA_dup_DH(dsa_dh); - DSA_free(dsa_dh); - if (!dh) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); - return 1; - } + if (dctx->use_dsa) { + DSA *dsa_dh; + dsa_dh = dsa_dh_generate(dctx, pcb); + if (pcb) + BN_GENCB_free(pcb); + if (!dsa_dh) + return 0; + dh = DSA_dup_DH(dsa_dh); + DSA_free(dsa_dh); + if (!dh) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); + return 1; + } #endif - dh = DH_new(); - if (!dh) - { - if(pcb) BN_GENCB_free(pcb); - return 0; - } - ret = DH_generate_parameters_ex(dh, - dctx->prime_len, dctx->generator, pcb); - if(pcb) BN_GENCB_free(pcb); - if (ret) - EVP_PKEY_assign_DH(pkey, dh); - else - DH_free(dh); - return ret; - } + dh = DH_new(); + if (!dh) { + if (pcb) + BN_GENCB_free(pcb); + return 0; + } + ret = DH_generate_parameters_ex(dh, + dctx->prime_len, dctx->generator, pcb); + if (pcb) + BN_GENCB_free(pcb); + if (ret) + EVP_PKEY_assign_DH(pkey, dh); + else + DH_free(dh); + return ret; +} static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { - DH *dh = NULL; - if (ctx->pkey == NULL) - { - DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); - return 0; - } - dh = DH_new(); - if (!dh) - return 0; - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); - /* Note: if error return, pkey is freed by parent routine */ - if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - return DH_generate_key(pkey->pkey.dh); - } - -static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) - { - int ret; - DH *dh; - DH_PKEY_CTX *dctx = ctx->data; - BIGNUM *dhpub; - if (!ctx->pkey || !ctx->peerkey) - { - DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); - return 0; - } - dh = ctx->pkey->pkey.dh; - dhpub = ctx->peerkey->pkey.dh->pub_key; - if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) - { - if (key == NULL) - { - *keylen = DH_size(dh); - return 1; - } - ret = DH_compute_key(key, dhpub, dh); - if (ret < 0) - return ret; - *keylen = ret; - return 1; - } - else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) - { - unsigned char *Z = NULL; - size_t Zlen = 0; - if (!dctx->kdf_outlen || !dctx->kdf_oid) - return 0; - if (key == NULL) - { - *keylen = dctx->kdf_outlen; - return 1; - } - if (*keylen != dctx->kdf_outlen) - return 0; - ret = 0; - Zlen = DH_size(dh); - Z = OPENSSL_malloc(Zlen); - if (DH_compute_key_padded(Z, dhpub, dh) <= 0) - goto err; - if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid, - dctx->kdf_ukm, dctx->kdf_ukmlen, - dctx->kdf_md)) - goto err; - *keylen = dctx->kdf_outlen; - ret = 1; - err: - if (Z) - { - OPENSSL_cleanse(Z, Zlen); - OPENSSL_free(Z); - } - return ret; - } - return 1; - } - -const EVP_PKEY_METHOD dh_pkey_meth = - { - EVP_PKEY_DH, - 0, - pkey_dh_init, - pkey_dh_copy, - pkey_dh_cleanup, - - 0, - pkey_dh_paramgen, - - 0, - pkey_dh_keygen, - - 0, - 0, - - 0, - 0, - - 0,0, - - 0,0,0,0, - - 0,0, - - 0,0, - - 0, - pkey_dh_derive, - - pkey_dh_ctrl, - pkey_dh_ctrl_str - - }; - -const EVP_PKEY_METHOD dhx_pkey_meth = - { - EVP_PKEY_DHX, - 0, - pkey_dh_init, - pkey_dh_copy, - pkey_dh_cleanup, - - 0, - pkey_dh_paramgen, - - 0, - pkey_dh_keygen, - - 0, - 0, - - 0, - 0, - - 0,0, - - 0,0,0,0, - - 0,0, - - 0,0, - - 0, - pkey_dh_derive, - - pkey_dh_ctrl, - pkey_dh_ctrl_str - - }; +{ + DH *dh = NULL; + if (ctx->pkey == NULL) { + DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET); + return 0; + } + dh = DH_new(); + if (!dh) + return 0; + EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DH_generate_key(pkey->pkey.dh); +} + +static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + size_t *keylen) +{ + int ret; + DH *dh; + DH_PKEY_CTX *dctx = ctx->data; + BIGNUM *dhpub; + if (!ctx->pkey || !ctx->peerkey) { + DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); + return 0; + } + dh = ctx->pkey->pkey.dh; + dhpub = ctx->peerkey->pkey.dh->pub_key; + if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) { + if (key == NULL) { + *keylen = DH_size(dh); + return 1; + } + ret = DH_compute_key(key, dhpub, dh); + if (ret < 0) + return ret; + *keylen = ret; + return 1; + } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + unsigned char *Z = NULL; + size_t Zlen = 0; + if (!dctx->kdf_outlen || !dctx->kdf_oid) + return 0; + if (key == NULL) { + *keylen = dctx->kdf_outlen; + return 1; + } + if (*keylen != dctx->kdf_outlen) + return 0; + ret = 0; + Zlen = DH_size(dh); + Z = OPENSSL_malloc(Zlen); + if (DH_compute_key_padded(Z, dhpub, dh) <= 0) + goto err; + if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid, + dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) + goto err; + *keylen = dctx->kdf_outlen; + ret = 1; + err: + if (Z) { + OPENSSL_cleanse(Z, Zlen); + OPENSSL_free(Z); + } + return ret; + } + return 1; +} + +const EVP_PKEY_METHOD dh_pkey_meth = { + EVP_PKEY_DH, + 0, + pkey_dh_init, + pkey_dh_copy, + pkey_dh_cleanup, + + 0, + pkey_dh_paramgen, + + 0, + pkey_dh_keygen, + + 0, + 0, + + 0, + 0, + + 0, 0, + + 0, 0, 0, 0, + + 0, 0, + + 0, 0, + + 0, + pkey_dh_derive, + + pkey_dh_ctrl, + pkey_dh_ctrl_str +}; + +const EVP_PKEY_METHOD dhx_pkey_meth = { + EVP_PKEY_DHX, + 0, + pkey_dh_init, + pkey_dh_copy, + pkey_dh_cleanup, + + 0, + pkey_dh_paramgen, + + 0, + pkey_dh_keygen, + + 0, + 0, + + 0, + 0, + + 0, 0, + + 0, 0, 0, 0, + + 0, 0, + + 0, 0, + + 0, + pkey_dh_derive, + + pkey_dh_ctrl, + pkey_dh_ctrl_str +}; diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c index 78d1f98aac..fef19e3470 100644 --- a/crypto/dh/dh_prn.c +++ b/crypto/dh/dh_prn.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,18 +63,17 @@ #ifndef OPENSSL_NO_STDIO int DHparams_print_fp(FILE *fp, const DH *x) - { - BIO *b; - int ret; +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DHparams_print(b, x); - BIO_free(b); - return(ret); - } + if ((b = BIO_new(BIO_s_file())) == NULL) { + DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DHparams_print(b, x); + BIO_free(b); + return (ret); +} #endif diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c index 0d04a6a00f..4a84ced6ec 100644 --- a/crypto/dh/dh_rfc5114.c +++ b/crypto/dh/dh_rfc5114.c @@ -1,5 +1,6 @@ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2011. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2011. */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,32 +62,33 @@ #include <openssl/bn.h> #define make_dh_bn(x) \ - const extern BIGNUM _bignum_dh##x##_p;\ - const extern BIGNUM _bignum_dh##x##_g;\ - const extern BIGNUM _bignum_dh##x##_q; + const extern BIGNUM _bignum_dh##x##_p;\ + const extern BIGNUM _bignum_dh##x##_g;\ + const extern BIGNUM _bignum_dh##x##_q; -/* Macro to make a DH structure from BIGNUM data. NB: although just copying +/* + * Macro to make a DH structure from BIGNUM data. NB: although just copying * the BIGNUM static pointers would be more efficient we can't as they get * wiped using BN_clear_free() when DH_free() is called. */ #define make_dh(x) \ DH * DH_get_##x(void) \ - { \ - DH *dh; \ - dh = DH_new(); \ - if (!dh) \ - return NULL; \ - dh->p = BN_dup(&_bignum_dh##x##_p); \ - dh->g = BN_dup(&_bignum_dh##x##_g); \ - dh->q = BN_dup(&_bignum_dh##x##_q); \ - if (!dh->p || !dh->q || !dh->g) \ - { \ - DH_free(dh); \ - return NULL; \ - } \ - return dh; \ - } + { \ + DH *dh; \ + dh = DH_new(); \ + if (!dh) \ + return NULL; \ + dh->p = BN_dup(&_bignum_dh##x##_p); \ + dh->g = BN_dup(&_bignum_dh##x##_g); \ + dh->q = BN_dup(&_bignum_dh##x##_q); \ + if (!dh->p || !dh->q || !dh->g) \ + { \ + DH_free(dh); \ + return NULL; \ + } \ + return dh; \ + } make_dh_bn(1024_160) make_dh_bn(2048_224) @@ -95,5 +97,3 @@ make_dh_bn(2048_256) make_dh(1024_160) make_dh(2048_224) make_dh(2048_256) - - diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 7452afbb5e..988322a703 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -72,454 +72,481 @@ int main(int argc, char *argv[]) { printf("No DH support\n"); - return(0); + return (0); } #else -#include <openssl/dh.h> +# include <openssl/dh.h> static int cb(int p, int n, BN_GENCB *arg); -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; static int run_rfc5114_tests(void); int main(int argc, char *argv[]) - { - BN_GENCB *_cb; - DH *a=NULL; - DH *b=NULL; - char buf[12]; - unsigned char *abuf=NULL,*bbuf=NULL; - int i,alen,blen,aout,bout,ret=1; - BIO *out; - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - -#ifdef OPENSSL_SYS_WIN32 - CRYPTO_malloc_init(); -#endif - - RAND_seed(rnd_seed, sizeof rnd_seed); - - out=BIO_new(BIO_s_file()); - if (out == NULL) EXIT(1); - BIO_set_fp(out,stdout,BIO_NOCLOSE); - - _cb = BN_GENCB_new(); - if(!_cb) - goto err; - BN_GENCB_set(_cb, &cb, out); - if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, - DH_GENERATOR_5, _cb)) - goto err; - - if (!DH_check(a, &i)) goto err; - if (i & DH_CHECK_P_NOT_PRIME) - BIO_puts(out, "p value is not prime\n"); - if (i & DH_CHECK_P_NOT_SAFE_PRIME) - BIO_puts(out, "p value is not a safe prime\n"); - if (i & DH_UNABLE_TO_CHECK_GENERATOR) - BIO_puts(out, "unable to check the generator value\n"); - if (i & DH_NOT_SUITABLE_GENERATOR) - BIO_puts(out, "the g value is not a generator\n"); - - BIO_puts(out,"\np ="); - BN_print(out,a->p); - BIO_puts(out,"\ng ="); - BN_print(out,a->g); - BIO_puts(out,"\n"); - - b=DH_new(); - if (b == NULL) goto err; - - b->p=BN_dup(a->p); - b->g=BN_dup(a->g); - if ((b->p == NULL) || (b->g == NULL)) goto err; - - /* Set a to run with normal modexp and b to use constant time */ - a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; - b->flags |= DH_FLAG_NO_EXP_CONSTTIME; - - if (!DH_generate_key(a)) goto err; - BIO_puts(out,"pri 1="); - BN_print(out,a->priv_key); - BIO_puts(out,"\npub 1="); - BN_print(out,a->pub_key); - BIO_puts(out,"\n"); - - if (!DH_generate_key(b)) goto err; - BIO_puts(out,"pri 2="); - BN_print(out,b->priv_key); - BIO_puts(out,"\npub 2="); - BN_print(out,b->pub_key); - BIO_puts(out,"\n"); - - alen=DH_size(a); - abuf=(unsigned char *)OPENSSL_malloc(alen); - aout=DH_compute_key(abuf,b->pub_key,a); - - BIO_puts(out,"key1 ="); - for (i=0; i<aout; i++) - { - sprintf(buf,"%02X",abuf[i]); - BIO_puts(out,buf); - } - BIO_puts(out,"\n"); - - blen=DH_size(b); - bbuf=(unsigned char *)OPENSSL_malloc(blen); - bout=DH_compute_key(bbuf,a->pub_key,b); - - BIO_puts(out,"key2 ="); - for (i=0; i<bout; i++) - { - sprintf(buf,"%02X",bbuf[i]); - BIO_puts(out,buf); - } - BIO_puts(out,"\n"); - if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) - { - fprintf(stderr,"Error in DH routines\n"); - ret=1; - } - else - ret=0; - if (!run_rfc5114_tests()) - ret = 1; -err: - ERR_print_errors_fp(stderr); - - if (abuf != NULL) OPENSSL_free(abuf); - if (bbuf != NULL) OPENSSL_free(bbuf); - if(b != NULL) DH_free(b); - if(a != NULL) DH_free(a); - if(_cb) BN_GENCB_free(_cb); - BIO_free(out); -#ifdef OPENSSL_SYS_NETWARE - if (ret) printf("ERROR: %d\n", ret); -#endif - EXIT(ret); - return(ret); - } +{ + BN_GENCB *_cb; + DH *a = NULL; + DH *b = NULL; + char buf[12]; + unsigned char *abuf = NULL, *bbuf = NULL; + int i, alen, blen, aout, bout, ret = 1; + BIO *out; + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +# ifdef OPENSSL_SYS_WIN32 + CRYPTO_malloc_init(); +# endif + + RAND_seed(rnd_seed, sizeof rnd_seed); + + out = BIO_new(BIO_s_file()); + if (out == NULL) + EXIT(1); + BIO_set_fp(out, stdout, BIO_NOCLOSE); + + _cb = BN_GENCB_new(); + if (!_cb) + goto err; + BN_GENCB_set(_cb, &cb, out); + if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, + _cb)) + goto err; + + if (!DH_check(a, &i)) + goto err; + if (i & DH_CHECK_P_NOT_PRIME) + BIO_puts(out, "p value is not prime\n"); + if (i & DH_CHECK_P_NOT_SAFE_PRIME) + BIO_puts(out, "p value is not a safe prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + BIO_puts(out, "unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + BIO_puts(out, "the g value is not a generator\n"); + + BIO_puts(out, "\np ="); + BN_print(out, a->p); + BIO_puts(out, "\ng ="); + BN_print(out, a->g); + BIO_puts(out, "\n"); + + b = DH_new(); + if (b == NULL) + goto err; + + b->p = BN_dup(a->p); + b->g = BN_dup(a->g); + if ((b->p == NULL) || (b->g == NULL)) + goto err; + + /* Set a to run with normal modexp and b to use constant time */ + a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; + b->flags |= DH_FLAG_NO_EXP_CONSTTIME; + + if (!DH_generate_key(a)) + goto err; + BIO_puts(out, "pri 1="); + BN_print(out, a->priv_key); + BIO_puts(out, "\npub 1="); + BN_print(out, a->pub_key); + BIO_puts(out, "\n"); + + if (!DH_generate_key(b)) + goto err; + BIO_puts(out, "pri 2="); + BN_print(out, b->priv_key); + BIO_puts(out, "\npub 2="); + BN_print(out, b->pub_key); + BIO_puts(out, "\n"); + + alen = DH_size(a); + abuf = (unsigned char *)OPENSSL_malloc(alen); + aout = DH_compute_key(abuf, b->pub_key, a); + + BIO_puts(out, "key1 ="); + for (i = 0; i < aout; i++) { + sprintf(buf, "%02X", abuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + + blen = DH_size(b); + bbuf = (unsigned char *)OPENSSL_malloc(blen); + bout = DH_compute_key(bbuf, a->pub_key, b); + + BIO_puts(out, "key2 ="); + for (i = 0; i < bout; i++) { + sprintf(buf, "%02X", bbuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { + fprintf(stderr, "Error in DH routines\n"); + ret = 1; + } else + ret = 0; + if (!run_rfc5114_tests()) + ret = 1; + err: + ERR_print_errors_fp(stderr); + + if (abuf != NULL) + OPENSSL_free(abuf); + if (bbuf != NULL) + OPENSSL_free(bbuf); + if (b != NULL) + DH_free(b); + if (a != NULL) + DH_free(a); + if (_cb) + BN_GENCB_free(_cb); + BIO_free(out); +# ifdef OPENSSL_SYS_NETWARE + if (ret) + printf("ERROR: %d\n", ret); +# endif + EXIT(ret); + return (ret); +} static int cb(int p, int n, BN_GENCB *arg) - { - char c='*'; - - if (p == 0) c='.'; - if (p == 1) c='+'; - if (p == 2) c='*'; - if (p == 3) c='\n'; - BIO_write(BN_GENCB_get_arg(arg),&c,1); - (void)BIO_flush(BN_GENCB_get_arg(arg)); - return 1; - } +{ + char c = '*'; + + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + BIO_write(BN_GENCB_get_arg(arg), &c, 1); + (void)BIO_flush(BN_GENCB_get_arg(arg)); + return 1; +} /* Test data from RFC 5114 */ static const unsigned char dhtest_1024_160_xA[] = { - 0xB9,0xA3,0xB3,0xAE,0x8F,0xEF,0xC1,0xA2,0x93,0x04,0x96,0x50, - 0x70,0x86,0xF8,0x45,0x5D,0x48,0x94,0x3E + 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50, + 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E }; + static const unsigned char dhtest_1024_160_yA[] = { - 0x2A,0x85,0x3B,0x3D,0x92,0x19,0x75,0x01,0xB9,0x01,0x5B,0x2D, - 0xEB,0x3E,0xD8,0x4F,0x5E,0x02,0x1D,0xCC,0x3E,0x52,0xF1,0x09, - 0xD3,0x27,0x3D,0x2B,0x75,0x21,0x28,0x1C,0xBA,0xBE,0x0E,0x76, - 0xFF,0x57,0x27,0xFA,0x8A,0xCC,0xE2,0x69,0x56,0xBA,0x9A,0x1F, - 0xCA,0x26,0xF2,0x02,0x28,0xD8,0x69,0x3F,0xEB,0x10,0x84,0x1D, - 0x84,0xA7,0x36,0x00,0x54,0xEC,0xE5,0xA7,0xF5,0xB7,0xA6,0x1A, - 0xD3,0xDF,0xB3,0xC6,0x0D,0x2E,0x43,0x10,0x6D,0x87,0x27,0xDA, - 0x37,0xDF,0x9C,0xCE,0x95,0xB4,0x78,0x75,0x5D,0x06,0xBC,0xEA, - 0x8F,0x9D,0x45,0x96,0x5F,0x75,0xA5,0xF3,0xD1,0xDF,0x37,0x01, - 0x16,0x5F,0xC9,0xE5,0x0C,0x42,0x79,0xCE,0xB0,0x7F,0x98,0x95, - 0x40,0xAE,0x96,0xD5,0xD8,0x8E,0xD7,0x76 + 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D, + 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09, + 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76, + 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F, + 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D, + 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A, + 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA, + 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA, + 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01, + 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95, + 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76 }; + static const unsigned char dhtest_1024_160_xB[] = { - 0x93,0x92,0xC9,0xF9,0xEB,0x6A,0x7A,0x6A,0x90,0x22,0xF7,0xD8, - 0x3E,0x72,0x23,0xC6,0x83,0x5B,0xBD,0xDA + 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8, + 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA }; + static const unsigned char dhtest_1024_160_yB[] = { - 0x71,0x7A,0x6C,0xB0,0x53,0x37,0x1F,0xF4,0xA3,0xB9,0x32,0x94, - 0x1C,0x1E,0x56,0x63,0xF8,0x61,0xA1,0xD6,0xAD,0x34,0xAE,0x66, - 0x57,0x6D,0xFB,0x98,0xF6,0xC6,0xCB,0xF9,0xDD,0xD5,0xA5,0x6C, - 0x78,0x33,0xF6,0xBC,0xFD,0xFF,0x09,0x55,0x82,0xAD,0x86,0x8E, - 0x44,0x0E,0x8D,0x09,0xFD,0x76,0x9E,0x3C,0xEC,0xCD,0xC3,0xD3, - 0xB1,0xE4,0xCF,0xA0,0x57,0x77,0x6C,0xAA,0xF9,0x73,0x9B,0x6A, - 0x9F,0xEE,0x8E,0x74,0x11,0xF8,0xD6,0xDA,0xC0,0x9D,0x6A,0x4E, - 0xDB,0x46,0xCC,0x2B,0x5D,0x52,0x03,0x09,0x0E,0xAE,0x61,0x26, - 0x31,0x1E,0x53,0xFD,0x2C,0x14,0xB5,0x74,0xE6,0xA3,0x10,0x9A, - 0x3D,0xA1,0xBE,0x41,0xBD,0xCE,0xAA,0x18,0x6F,0x5C,0xE0,0x67, - 0x16,0xA2,0xB6,0xA0,0x7B,0x3C,0x33,0xFE + 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94, + 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66, + 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C, + 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E, + 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3, + 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A, + 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E, + 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26, + 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A, + 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67, + 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE }; + static const unsigned char dhtest_1024_160_Z[] = { - 0x5C,0x80,0x4F,0x45,0x4D,0x30,0xD9,0xC4,0xDF,0x85,0x27,0x1F, - 0x93,0x52,0x8C,0x91,0xDF,0x6B,0x48,0xAB,0x5F,0x80,0xB3,0xB5, - 0x9C,0xAA,0xC1,0xB2,0x8F,0x8A,0xCB,0xA9,0xCD,0x3E,0x39,0xF3, - 0xCB,0x61,0x45,0x25,0xD9,0x52,0x1D,0x2E,0x64,0x4C,0x53,0xB8, - 0x07,0xB8,0x10,0xF3,0x40,0x06,0x2F,0x25,0x7D,0x7D,0x6F,0xBF, - 0xE8,0xD5,0xE8,0xF0,0x72,0xE9,0xB6,0xE9,0xAF,0xDA,0x94,0x13, - 0xEA,0xFB,0x2E,0x8B,0x06,0x99,0xB1,0xFB,0x5A,0x0C,0xAC,0xED, - 0xDE,0xAE,0xAD,0x7E,0x9C,0xFB,0xB3,0x6A,0xE2,0xB4,0x20,0x83, - 0x5B,0xD8,0x3A,0x19,0xFB,0x0B,0x5E,0x96,0xBF,0x8F,0xA4,0xD0, - 0x9E,0x34,0x55,0x25,0x16,0x7E,0xCD,0x91,0x55,0x41,0x6F,0x46, - 0xF4,0x08,0xED,0x31,0xB6,0x3C,0x6E,0x6D + 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F, + 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5, + 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3, + 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8, + 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF, + 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13, + 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED, + 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83, + 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0, + 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46, + 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D }; + static const unsigned char dhtest_2048_224_xA[] = { - 0x22,0xE6,0x26,0x01,0xDB,0xFF,0xD0,0x67,0x08,0xA6,0x80,0xF7, - 0x47,0xF3,0x61,0xF7,0x6D,0x8F,0x4F,0x72,0x1A,0x05,0x48,0xE4, - 0x83,0x29,0x4B,0x0C + 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7, + 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4, + 0x83, 0x29, 0x4B, 0x0C }; + static const unsigned char dhtest_2048_224_yA[] = { - 0x1B,0x3A,0x63,0x45,0x1B,0xD8,0x86,0xE6,0x99,0xE6,0x7B,0x49, - 0x4E,0x28,0x8B,0xD7,0xF8,0xE0,0xD3,0x70,0xBA,0xDD,0xA7,0xA0, - 0xEF,0xD2,0xFD,0xE7,0xD8,0xF6,0x61,0x45,0xCC,0x9F,0x28,0x04, - 0x19,0x97,0x5E,0xB8,0x08,0x87,0x7C,0x8A,0x4C,0x0C,0x8E,0x0B, - 0xD4,0x8D,0x4A,0x54,0x01,0xEB,0x1E,0x87,0x76,0xBF,0xEE,0xE1, - 0x34,0xC0,0x38,0x31,0xAC,0x27,0x3C,0xD9,0xD6,0x35,0xAB,0x0C, - 0xE0,0x06,0xA4,0x2A,0x88,0x7E,0x3F,0x52,0xFB,0x87,0x66,0xB6, - 0x50,0xF3,0x80,0x78,0xBC,0x8E,0xE8,0x58,0x0C,0xEF,0xE2,0x43, - 0x96,0x8C,0xFC,0x4F,0x8D,0xC3,0xDB,0x08,0x45,0x54,0x17,0x1D, - 0x41,0xBF,0x2E,0x86,0x1B,0x7B,0xB4,0xD6,0x9D,0xD0,0xE0,0x1E, - 0xA3,0x87,0xCB,0xAA,0x5C,0xA6,0x72,0xAF,0xCB,0xE8,0xBD,0xB9, - 0xD6,0x2D,0x4C,0xE1,0x5F,0x17,0xDD,0x36,0xF9,0x1E,0xD1,0xEE, - 0xDD,0x65,0xCA,0x4A,0x06,0x45,0x5C,0xB9,0x4C,0xD4,0x0A,0x52, - 0xEC,0x36,0x0E,0x84,0xB3,0xC9,0x26,0xE2,0x2C,0x43,0x80,0xA3, - 0xBF,0x30,0x9D,0x56,0x84,0x97,0x68,0xB7,0xF5,0x2C,0xFD,0xF6, - 0x55,0xFD,0x05,0x3A,0x7E,0xF7,0x06,0x97,0x9E,0x7E,0x58,0x06, - 0xB1,0x7D,0xFA,0xE5,0x3A,0xD2,0xA5,0xBC,0x56,0x8E,0xBB,0x52, - 0x9A,0x7A,0x61,0xD6,0x8D,0x25,0x6F,0x8F,0xC9,0x7C,0x07,0x4A, - 0x86,0x1D,0x82,0x7E,0x2E,0xBC,0x8C,0x61,0x34,0x55,0x31,0x15, - 0xB7,0x0E,0x71,0x03,0x92,0x0A,0xA1,0x6D,0x85,0xE5,0x2B,0xCB, - 0xAB,0x8D,0x78,0x6A,0x68,0x17,0x8F,0xA8,0xFF,0x7C,0x2F,0x5C, - 0x71,0x64,0x8D,0x6F + 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49, + 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0, + 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04, + 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B, + 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1, + 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C, + 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6, + 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43, + 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D, + 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E, + 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9, + 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE, + 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52, + 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3, + 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6, + 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06, + 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52, + 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A, + 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15, + 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB, + 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C, + 0x71, 0x64, 0x8D, 0x6F }; + static const unsigned char dhtest_2048_224_xB[] = { - 0x4F,0xF3,0xBC,0x96,0xC7,0xFC,0x6A,0x6D,0x71,0xD3,0xB3,0x63, - 0x80,0x0A,0x7C,0xDF,0xEF,0x6F,0xC4,0x1B,0x44,0x17,0xEA,0x15, - 0x35,0x3B,0x75,0x90 + 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63, + 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15, + 0x35, 0x3B, 0x75, 0x90 }; + static const unsigned char dhtest_2048_224_yB[] = { - 0x4D,0xCE,0xE9,0x92,0xA9,0x76,0x2A,0x13,0xF2,0xF8,0x38,0x44, - 0xAD,0x3D,0x77,0xEE,0x0E,0x31,0xC9,0x71,0x8B,0x3D,0xB6,0xC2, - 0x03,0x5D,0x39,0x61,0x18,0x2C,0x3E,0x0B,0xA2,0x47,0xEC,0x41, - 0x82,0xD7,0x60,0xCD,0x48,0xD9,0x95,0x99,0x97,0x06,0x22,0xA1, - 0x88,0x1B,0xBA,0x2D,0xC8,0x22,0x93,0x9C,0x78,0xC3,0x91,0x2C, - 0x66,0x61,0xFA,0x54,0x38,0xB2,0x07,0x66,0x22,0x2B,0x75,0xE2, - 0x4C,0x2E,0x3A,0xD0,0xC7,0x28,0x72,0x36,0x12,0x95,0x25,0xEE, - 0x15,0xB5,0xDD,0x79,0x98,0xAA,0x04,0xC4,0xA9,0x69,0x6C,0xAC, - 0xD7,0x17,0x20,0x83,0xA9,0x7A,0x81,0x66,0x4E,0xAD,0x2C,0x47, - 0x9E,0x44,0x4E,0x4C,0x06,0x54,0xCC,0x19,0xE2,0x8D,0x77,0x03, - 0xCE,0xE8,0xDA,0xCD,0x61,0x26,0xF5,0xD6,0x65,0xEC,0x52,0xC6, - 0x72,0x55,0xDB,0x92,0x01,0x4B,0x03,0x7E,0xB6,0x21,0xA2,0xAC, - 0x8E,0x36,0x5D,0xE0,0x71,0xFF,0xC1,0x40,0x0A,0xCF,0x07,0x7A, - 0x12,0x91,0x3D,0xD8,0xDE,0x89,0x47,0x34,0x37,0xAB,0x7B,0xA3, - 0x46,0x74,0x3C,0x1B,0x21,0x5D,0xD9,0xC1,0x21,0x64,0xA7,0xE4, - 0x05,0x31,0x18,0xD1,0x99,0xBE,0xC8,0xEF,0x6F,0xC5,0x61,0x17, - 0x0C,0x84,0xC8,0x7D,0x10,0xEE,0x9A,0x67,0x4A,0x1F,0xA8,0xFF, - 0xE1,0x3B,0xDF,0xBA,0x1D,0x44,0xDE,0x48,0x94,0x6D,0x68,0xDC, - 0x0C,0xDD,0x77,0x76,0x35,0xA7,0xAB,0x5B,0xFB,0x1E,0x4B,0xB7, - 0xB8,0x56,0xF9,0x68,0x27,0x73,0x4C,0x18,0x41,0x38,0xE9,0x15, - 0xD9,0xC3,0x00,0x2E,0xBC,0xE5,0x31,0x20,0x54,0x6A,0x7E,0x20, - 0x02,0x14,0x2B,0x6C + 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44, + 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2, + 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41, + 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1, + 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C, + 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2, + 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE, + 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC, + 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47, + 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03, + 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6, + 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC, + 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A, + 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3, + 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4, + 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17, + 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF, + 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC, + 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7, + 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15, + 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20, + 0x02, 0x14, 0x2B, 0x6C }; + static const unsigned char dhtest_2048_224_Z[] = { - 0x34,0xD9,0xBD,0xDC,0x1B,0x42,0x17,0x6C,0x31,0x3F,0xEA,0x03, - 0x4C,0x21,0x03,0x4D,0x07,0x4A,0x63,0x13,0xBB,0x4E,0xCD,0xB3, - 0x70,0x3F,0xFF,0x42,0x45,0x67,0xA4,0x6B,0xDF,0x75,0x53,0x0E, - 0xDE,0x0A,0x9D,0xA5,0x22,0x9D,0xE7,0xD7,0x67,0x32,0x28,0x6C, - 0xBC,0x0F,0x91,0xDA,0x4C,0x3C,0x85,0x2F,0xC0,0x99,0xC6,0x79, - 0x53,0x1D,0x94,0xC7,0x8A,0xB0,0x3D,0x9D,0xEC,0xB0,0xA4,0xE4, - 0xCA,0x8B,0x2B,0xB4,0x59,0x1C,0x40,0x21,0xCF,0x8C,0xE3,0xA2, - 0x0A,0x54,0x1D,0x33,0x99,0x40,0x17,0xD0,0x20,0x0A,0xE2,0xC9, - 0x51,0x6E,0x2F,0xF5,0x14,0x57,0x79,0x26,0x9E,0x86,0x2B,0x0F, - 0xB4,0x74,0xA2,0xD5,0x6D,0xC3,0x1E,0xD5,0x69,0xA7,0x70,0x0B, - 0x4C,0x4A,0xB1,0x6B,0x22,0xA4,0x55,0x13,0x53,0x1E,0xF5,0x23, - 0xD7,0x12,0x12,0x07,0x7B,0x5A,0x16,0x9B,0xDE,0xFF,0xAD,0x7A, - 0xD9,0x60,0x82,0x84,0xC7,0x79,0x5B,0x6D,0x5A,0x51,0x83,0xB8, - 0x70,0x66,0xDE,0x17,0xD8,0xD6,0x71,0xC9,0xEB,0xD8,0xEC,0x89, - 0x54,0x4D,0x45,0xEC,0x06,0x15,0x93,0xD4,0x42,0xC6,0x2A,0xB9, - 0xCE,0x3B,0x1C,0xB9,0x94,0x3A,0x1D,0x23,0xA5,0xEA,0x3B,0xCF, - 0x21,0xA0,0x14,0x71,0xE6,0x7E,0x00,0x3E,0x7F,0x8A,0x69,0xC7, - 0x28,0xBE,0x49,0x0B,0x2F,0xC8,0x8C,0xFE,0xB9,0x2D,0xB6,0xA2, - 0x15,0xE5,0xD0,0x3C,0x17,0xC4,0x64,0xC9,0xAC,0x1A,0x46,0xE2, - 0x03,0xE1,0x3F,0x95,0x29,0x95,0xFB,0x03,0xC6,0x9D,0x3C,0xC4, - 0x7F,0xCB,0x51,0x0B,0x69,0x98,0xFF,0xD3,0xAA,0x6D,0xE7,0x3C, - 0xF9,0xF6,0x38,0x69 + 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03, + 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3, + 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E, + 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C, + 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79, + 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4, + 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2, + 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9, + 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F, + 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B, + 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23, + 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A, + 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8, + 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89, + 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9, + 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF, + 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7, + 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2, + 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2, + 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4, + 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C, + 0xF9, 0xF6, 0x38, 0x69 }; + static const unsigned char dhtest_2048_256_xA[] = { - 0x08,0x81,0x38,0x2C,0xDB,0x87,0x66,0x0C,0x6D,0xC1,0x3E,0x61, - 0x49,0x38,0xD5,0xB9,0xC8,0xB2,0xF2,0x48,0x58,0x1C,0xC5,0xE3, - 0x1B,0x35,0x45,0x43,0x97,0xFC,0xE5,0x0E + 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61, + 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3, + 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E }; + static const unsigned char dhtest_2048_256_yA[] = { - 0x2E,0x93,0x80,0xC8,0x32,0x3A,0xF9,0x75,0x45,0xBC,0x49,0x41, - 0xDE,0xB0,0xEC,0x37,0x42,0xC6,0x2F,0xE0,0xEC,0xE8,0x24,0xA6, - 0xAB,0xDB,0xE6,0x6C,0x59,0xBE,0xE0,0x24,0x29,0x11,0xBF,0xB9, - 0x67,0x23,0x5C,0xEB,0xA3,0x5A,0xE1,0x3E,0x4E,0xC7,0x52,0xBE, - 0x63,0x0B,0x92,0xDC,0x4B,0xDE,0x28,0x47,0xA9,0xC6,0x2C,0xB8, - 0x15,0x27,0x45,0x42,0x1F,0xB7,0xEB,0x60,0xA6,0x3C,0x0F,0xE9, - 0x15,0x9F,0xCC,0xE7,0x26,0xCE,0x7C,0xD8,0x52,0x3D,0x74,0x50, - 0x66,0x7E,0xF8,0x40,0xE4,0x91,0x91,0x21,0xEB,0x5F,0x01,0xC8, - 0xC9,0xB0,0xD3,0xD6,0x48,0xA9,0x3B,0xFB,0x75,0x68,0x9E,0x82, - 0x44,0xAC,0x13,0x4A,0xF5,0x44,0x71,0x1C,0xE7,0x9A,0x02,0xDC, - 0xC3,0x42,0x26,0x68,0x47,0x80,0xDD,0xDC,0xB4,0x98,0x59,0x41, - 0x06,0xC3,0x7F,0x5B,0xC7,0x98,0x56,0x48,0x7A,0xF5,0xAB,0x02, - 0x2A,0x2E,0x5E,0x42,0xF0,0x98,0x97,0xC1,0xA8,0x5A,0x11,0xEA, - 0x02,0x12,0xAF,0x04,0xD9,0xB4,0xCE,0xBC,0x93,0x7C,0x3C,0x1A, - 0x3E,0x15,0xA8,0xA0,0x34,0x2E,0x33,0x76,0x15,0xC8,0x4E,0x7F, - 0xE3,0xB8,0xB9,0xB8,0x7F,0xB1,0xE7,0x3A,0x15,0xAF,0x12,0xA3, - 0x0D,0x74,0x6E,0x06,0xDF,0xC3,0x4F,0x29,0x0D,0x79,0x7C,0xE5, - 0x1A,0xA1,0x3A,0xA7,0x85,0xBF,0x66,0x58,0xAF,0xF5,0xE4,0xB0, - 0x93,0x00,0x3C,0xBE,0xAF,0x66,0x5B,0x3C,0x2E,0x11,0x3A,0x3A, - 0x4E,0x90,0x52,0x69,0x34,0x1D,0xC0,0x71,0x14,0x26,0x68,0x5F, - 0x4E,0xF3,0x7E,0x86,0x8A,0x81,0x26,0xFF,0x3F,0x22,0x79,0xB5, - 0x7C,0xA6,0x7E,0x29 + 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41, + 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6, + 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9, + 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE, + 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8, + 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9, + 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50, + 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8, + 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82, + 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC, + 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41, + 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02, + 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA, + 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A, + 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F, + 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3, + 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5, + 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0, + 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A, + 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F, + 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5, + 0x7C, 0xA6, 0x7E, 0x29 }; + static const unsigned char dhtest_2048_256_xB[] = { - 0x7D,0x62,0xA7,0xE3,0xEF,0x36,0xDE,0x61,0x7B,0x13,0xD1,0xAF, - 0xB8,0x2C,0x78,0x0D,0x83,0xA2,0x3B,0xD4,0xEE,0x67,0x05,0x64, - 0x51,0x21,0xF3,0x71,0xF5,0x46,0xA5,0x3D + 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF, + 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64, + 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D }; + static const unsigned char dhtest_2048_256_yB[] = { - 0x57,0x5F,0x03,0x51,0xBD,0x2B,0x1B,0x81,0x74,0x48,0xBD,0xF8, - 0x7A,0x6C,0x36,0x2C,0x1E,0x28,0x9D,0x39,0x03,0xA3,0x0B,0x98, - 0x32,0xC5,0x74,0x1F,0xA2,0x50,0x36,0x3E,0x7A,0xCB,0xC7,0xF7, - 0x7F,0x3D,0xAC,0xBC,0x1F,0x13,0x1A,0xDD,0x8E,0x03,0x36,0x7E, - 0xFF,0x8F,0xBB,0xB3,0xE1,0xC5,0x78,0x44,0x24,0x80,0x9B,0x25, - 0xAF,0xE4,0xD2,0x26,0x2A,0x1A,0x6F,0xD2,0xFA,0xB6,0x41,0x05, - 0xCA,0x30,0xA6,0x74,0xE0,0x7F,0x78,0x09,0x85,0x20,0x88,0x63, - 0x2F,0xC0,0x49,0x23,0x37,0x91,0xAD,0x4E,0xDD,0x08,0x3A,0x97, - 0x8B,0x88,0x3E,0xE6,0x18,0xBC,0x5E,0x0D,0xD0,0x47,0x41,0x5F, - 0x2D,0x95,0xE6,0x83,0xCF,0x14,0x82,0x6B,0x5F,0xBE,0x10,0xD3, - 0xCE,0x41,0xC6,0xC1,0x20,0xC7,0x8A,0xB2,0x00,0x08,0xC6,0x98, - 0xBF,0x7F,0x0B,0xCA,0xB9,0xD7,0xF4,0x07,0xBE,0xD0,0xF4,0x3A, - 0xFB,0x29,0x70,0xF5,0x7F,0x8D,0x12,0x04,0x39,0x63,0xE6,0x6D, - 0xDD,0x32,0x0D,0x59,0x9A,0xD9,0x93,0x6C,0x8F,0x44,0x13,0x7C, - 0x08,0xB1,0x80,0xEC,0x5E,0x98,0x5C,0xEB,0xE1,0x86,0xF3,0xD5, - 0x49,0x67,0x7E,0x80,0x60,0x73,0x31,0xEE,0x17,0xAF,0x33,0x80, - 0xA7,0x25,0xB0,0x78,0x23,0x17,0xD7,0xDD,0x43,0xF5,0x9D,0x7A, - 0xF9,0x56,0x8A,0x9B,0xB6,0x3A,0x84,0xD3,0x65,0xF9,0x22,0x44, - 0xED,0x12,0x09,0x88,0x21,0x93,0x02,0xF4,0x29,0x24,0xC7,0xCA, - 0x90,0xB8,0x9D,0x24,0xF7,0x1B,0x0A,0xB6,0x97,0x82,0x3D,0x7D, - 0xEB,0x1A,0xFF,0x5B,0x0E,0x8E,0x4A,0x45,0xD4,0x9F,0x7F,0x53, - 0x75,0x7E,0x19,0x13 + 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8, + 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98, + 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7, + 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E, + 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25, + 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05, + 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63, + 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97, + 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F, + 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3, + 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98, + 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A, + 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D, + 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C, + 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5, + 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80, + 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A, + 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44, + 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA, + 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D, + 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53, + 0x75, 0x7E, 0x19, 0x13 }; + static const unsigned char dhtest_2048_256_Z[] = { - 0x86,0xC7,0x0B,0xF8,0xD0,0xBB,0x81,0xBB,0x01,0x07,0x8A,0x17, - 0x21,0x9C,0xB7,0xD2,0x72,0x03,0xDB,0x2A,0x19,0xC8,0x77,0xF1, - 0xD1,0xF1,0x9F,0xD7,0xD7,0x7E,0xF2,0x25,0x46,0xA6,0x8F,0x00, - 0x5A,0xD5,0x2D,0xC8,0x45,0x53,0xB7,0x8F,0xC6,0x03,0x30,0xBE, - 0x51,0xEA,0x7C,0x06,0x72,0xCA,0xC1,0x51,0x5E,0x4B,0x35,0xC0, - 0x47,0xB9,0xA5,0x51,0xB8,0x8F,0x39,0xDC,0x26,0xDA,0x14,0xA0, - 0x9E,0xF7,0x47,0x74,0xD4,0x7C,0x76,0x2D,0xD1,0x77,0xF9,0xED, - 0x5B,0xC2,0xF1,0x1E,0x52,0xC8,0x79,0xBD,0x95,0x09,0x85,0x04, - 0xCD,0x9E,0xEC,0xD8,0xA8,0xF9,0xB3,0xEF,0xBD,0x1F,0x00,0x8A, - 0xC5,0x85,0x30,0x97,0xD9,0xD1,0x83,0x7F,0x2B,0x18,0xF7,0x7C, - 0xD7,0xBE,0x01,0xAF,0x80,0xA7,0xC7,0xB5,0xEA,0x3C,0xA5,0x4C, - 0xC0,0x2D,0x0C,0x11,0x6F,0xEE,0x3F,0x95,0xBB,0x87,0x39,0x93, - 0x85,0x87,0x5D,0x7E,0x86,0x74,0x7E,0x67,0x6E,0x72,0x89,0x38, - 0xAC,0xBF,0xF7,0x09,0x8E,0x05,0xBE,0x4D,0xCF,0xB2,0x40,0x52, - 0xB8,0x3A,0xEF,0xFB,0x14,0x78,0x3F,0x02,0x9A,0xDB,0xDE,0x7F, - 0x53,0xFA,0xE9,0x20,0x84,0x22,0x40,0x90,0xE0,0x07,0xCE,0xE9, - 0x4D,0x4B,0xF2,0xBA,0xCE,0x9F,0xFD,0x4B,0x57,0xD2,0xAF,0x7C, - 0x72,0x4D,0x0C,0xAA,0x19,0xBF,0x05,0x01,0xF6,0xF1,0x7B,0x4A, - 0xA1,0x0F,0x42,0x5E,0x3E,0xA7,0x60,0x80,0xB4,0xB9,0xD6,0xB3, - 0xCE,0xFE,0xA1,0x15,0xB2,0xCE,0xB8,0x78,0x9B,0xB8,0xA3,0xB0, - 0xEA,0x87,0xFE,0xBE,0x63,0xB6,0xC8,0xF8,0x46,0xEC,0x6D,0xB0, - 0xC2,0x6C,0x5D,0x7C + 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17, + 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1, + 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00, + 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE, + 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0, + 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0, + 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED, + 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04, + 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A, + 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C, + 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C, + 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93, + 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38, + 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52, + 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F, + 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9, + 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C, + 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A, + 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3, + 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0, + 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0, + 0xC2, 0x6C, 0x5D, 0x7C }; -typedef struct - { - DH * (*get_param)(void); - const unsigned char *xA; - size_t xA_len; - const unsigned char *yA; - size_t yA_len; - const unsigned char *xB; - size_t xB_len; - const unsigned char *yB; - size_t yB_len; - const unsigned char *Z; - size_t Z_len; - } rfc5114_td; - -#define make_rfc5114_td(pre) { \ - DH_get_##pre, \ - dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \ - dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \ - dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \ - dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \ - dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \ - } +typedef struct { + DH *(*get_param) (void); + const unsigned char *xA; + size_t xA_len; + const unsigned char *yA; + size_t yA_len; + const unsigned char *xB; + size_t xB_len; + const unsigned char *yB; + size_t yB_len; + const unsigned char *Z; + size_t Z_len; +} rfc5114_td; + +# define make_rfc5114_td(pre) { \ + DH_get_##pre, \ + dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \ + dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \ + dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \ + dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \ + dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \ + } static const rfc5114_td rfctd[] = { - make_rfc5114_td(1024_160), - make_rfc5114_td(2048_224), - make_rfc5114_td(2048_256) + make_rfc5114_td(1024_160), + make_rfc5114_td(2048_224), + make_rfc5114_td(2048_256) }; static int run_rfc5114_tests(void) - { - int i; - for (i = 0; i < (int)(sizeof(rfctd)/sizeof(rfc5114_td)); i++) - { - DH *dhA, *dhB; - unsigned char *Z1 = NULL, *Z2 = NULL; - const rfc5114_td *td = rfctd + i; - /* Set up DH structures setting key components */ - dhA = td->get_param(); - dhB = td->get_param(); - if (!dhA || !dhB) - goto bad_err; - - dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL); - dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL); - - dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL); - dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL); - - if (!dhA->priv_key || !dhA->pub_key - || !dhB->priv_key || !dhB->pub_key) - goto bad_err; - - if ((td->Z_len != (size_t)DH_size(dhA)) - || (td->Z_len != (size_t)DH_size(dhB))) - goto err; - - Z1 = OPENSSL_malloc(DH_size(dhA)); - Z2 = OPENSSL_malloc(DH_size(dhB)); - /* Work out shared secrets using both sides and compare - * with expected values. - */ - if (!DH_compute_key(Z1, dhB->pub_key, dhA)) - goto bad_err; - if (!DH_compute_key(Z2, dhA->pub_key, dhB)) - goto bad_err; - - if (memcmp(Z1, td->Z, td->Z_len)) - goto err; - if (memcmp(Z2, td->Z, td->Z_len)) - goto err; - - printf("RFC5114 parameter test %d OK\n", i + 1); - - DH_free(dhA); - DH_free(dhB); - OPENSSL_free(Z1); - OPENSSL_free(Z2); - - } - return 1; - bad_err: - fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1); - ERR_print_errors_fp(stderr); - return 0; - err: - fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1); - return 0; - } +{ + int i; + for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) { + DH *dhA, *dhB; + unsigned char *Z1 = NULL, *Z2 = NULL; + const rfc5114_td *td = rfctd + i; + /* Set up DH structures setting key components */ + dhA = td->get_param(); + dhB = td->get_param(); + if (!dhA || !dhB) + goto bad_err; + + dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL); + dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL); + + dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL); + dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL); + + if (!dhA->priv_key || !dhA->pub_key + || !dhB->priv_key || !dhB->pub_key) + goto bad_err; + + if ((td->Z_len != (size_t)DH_size(dhA)) + || (td->Z_len != (size_t)DH_size(dhB))) + goto err; + + Z1 = OPENSSL_malloc(DH_size(dhA)); + Z2 = OPENSSL_malloc(DH_size(dhB)); + /* + * Work out shared secrets using both sides and compare with expected + * values. + */ + if (!DH_compute_key(Z1, dhB->pub_key, dhA)) + goto bad_err; + if (!DH_compute_key(Z2, dhA->pub_key, dhB)) + goto bad_err; + + if (memcmp(Z1, td->Z, td->Z_len)) + goto err; + if (memcmp(Z2, td->Z, td->Z_len)) + goto err; + + printf("RFC5114 parameter test %d OK\n", i + 1); + + DH_free(dhA); + DH_free(dhB); + OPENSSL_free(Z1); + OPENSSL_free(Z2); + + } + return 1; + bad_err: + fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1); + ERR_print_errors_fp(stderr); + return 0; + err: + fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1); + return 0; +} #endif |