summaryrefslogtreecommitdiffstats
path: root/crypto/dh
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/dh')
-rw-r--r--crypto/dh/dh.h518
-rw-r--r--crypto/dh/dh_ameth.c1673
-rw-r--r--crypto/dh/dh_asn1.c210
-rw-r--r--crypto/dh/dh_check.c193
-rw-r--r--crypto/dh/dh_depr.c47
-rw-r--r--crypto/dh/dh_err.c98
-rw-r--r--crypto/dh/dh_gen.c187
-rw-r--r--crypto/dh/dh_kdf.c246
-rw-r--r--crypto/dh/dh_key.c372
-rw-r--r--crypto/dh/dh_lib.c308
-rw-r--r--crypto/dh/dh_pmeth.c939
-rw-r--r--crypto/dh/dh_prn.c37
-rw-r--r--crypto/dh/dh_rfc5114.c48
-rw-r--r--crypto/dh/dhtest.c837
14 files changed, 2831 insertions, 2882 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 14f4e47bb4..ececd4d176 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -57,29 +57,29 @@
*/
#ifndef HEADER_DH_H
-#define HEADER_DH_H
+# define HEADER_DH_H
-#include <openssl/e_os2.h>
+# include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_DH
-#error DH is disabled.
-#endif
+# ifdef OPENSSL_NO_DH
+# error DH is disabled.
+# endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/ossl_typ.h>
-#ifdef OPENSSL_USE_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifndef OPENSSL_DH_MAX_MODULUS_BITS
-# define OPENSSL_DH_MAX_MODULUS_BITS 10000
-#endif
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# include <openssl/ossl_typ.h>
+# ifdef OPENSSL_USE_DEPRECATED
+# include <openssl/bn.h>
+# endif
-#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+# endif
-#define DH_FLAG_CACHE_MONT_P 0x01
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+# define DH_FLAG_CACHE_MONT_P 0x01
/*
* new with 0.9.7h; the built-in DH
@@ -89,22 +89,24 @@
* faster variable sliding window method to
* be used for all exponents.
*/
-#define DH_FLAG_NO_EXP_CONSTTIME 0x02
+# define DH_FLAG_NO_EXP_CONSTTIME 0x02
-/* If this flag is set the DH method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
+/*
+ * If this flag is set the DH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its reposibility to ensure the
+ * result is compliant.
*/
-#define DH_FLAG_FIPS_METHOD 0x0400
+# define DH_FLAG_FIPS_METHOD 0x0400
-/* If this flag is set the operations normally disabled in FIPS mode are
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
* permitted it is then the applications responsibility to ensure that the
* usage is compliant.
*/
-#define DH_FLAG_NON_FIPS_ALLOW 0x0400
+# define DH_FLAG_NON_FIPS_ALLOW 0x0400
#ifdef __cplusplus
extern "C" {
@@ -114,80 +116,79 @@ extern "C" {
/* typedef struct dh_st DH; */
/* typedef struct dh_method DH_METHOD; */
-struct dh_method
- {
- const char *name;
- /* Methods here */
- int (*generate_key)(DH *dh);
- int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-
- /* Can be null */
- int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-
- int (*init)(DH *dh);
- int (*finish)(DH *dh);
- int flags;
- char *app_data;
- /* If this is non-NULL, it will be used to generate parameters */
- int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
- };
-
-struct dh_st
- {
- /* This first argument is used to pick up errors when
- * a DH is passed instead of a EVP_PKEY */
- int pad;
- int version;
- BIGNUM *p;
- BIGNUM *g;
- long length; /* optional */
- BIGNUM *pub_key; /* g^x */
- BIGNUM *priv_key; /* x */
-
- int flags;
- BN_MONT_CTX *method_mont_p;
- /* Place holders if we want to do X9.42 DH */
- BIGNUM *q;
- BIGNUM *j;
- unsigned char *seed;
- int seedlen;
- BIGNUM *counter;
-
- int references;
- CRYPTO_EX_DATA ex_data;
- const DH_METHOD *meth;
- ENGINE *engine;
- };
-
-#define DH_GENERATOR_2 2
-/* #define DH_GENERATOR_3 3 */
-#define DH_GENERATOR_5 5
+struct dh_method {
+ const char *name;
+ /* Methods here */
+ int (*generate_key) (DH *dh);
+ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+ /* Can be null */
+ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+ int (*init) (DH *dh);
+ int (*finish) (DH *dh);
+ int flags;
+ char *app_data;
+ /* If this is non-NULL, it will be used to generate parameters */
+ int (*generate_params) (DH *dh, int prime_len, int generator,
+ BN_GENCB *cb);
+};
+
+struct dh_st {
+ /*
+ * This first argument is used to pick up errors when a DH is passed
+ * instead of a EVP_PKEY
+ */
+ int pad;
+ int version;
+ BIGNUM *p;
+ BIGNUM *g;
+ long length; /* optional */
+ BIGNUM *pub_key; /* g^x */
+ BIGNUM *priv_key; /* x */
+ int flags;
+ BN_MONT_CTX *method_mont_p;
+ /* Place holders if we want to do X9.42 DH */
+ BIGNUM *q;
+ BIGNUM *j;
+ unsigned char *seed;
+ int seedlen;
+ BIGNUM *counter;
+ int references;
+ CRYPTO_EX_DATA ex_data;
+ const DH_METHOD *meth;
+ ENGINE *engine;
+};
+
+# define DH_GENERATOR_2 2
+/* #define DH_GENERATOR_3 3 */
+# define DH_GENERATOR_5 5
/* DH_check error codes */
-#define DH_CHECK_P_NOT_PRIME 0x01
-#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
-#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
-#define DH_NOT_SUITABLE_GENERATOR 0x08
-#define DH_CHECK_Q_NOT_PRIME 0x10
-#define DH_CHECK_INVALID_Q_VALUE 0x20
-#define DH_CHECK_INVALID_J_VALUE 0x40
+# define DH_CHECK_P_NOT_PRIME 0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
+# define DH_NOT_SUITABLE_GENERATOR 0x08
+# define DH_CHECK_Q_NOT_PRIME 0x10
+# define DH_CHECK_INVALID_Q_VALUE 0x20
+# define DH_CHECK_INVALID_J_VALUE 0x40
/* DH_check_pub_key error codes */
-#define DH_CHECK_PUBKEY_TOO_SMALL 0x01
-#define DH_CHECK_PUBKEY_TOO_LARGE 0x02
+# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
-/* primes p where (p-1)/2 is prime too are called "safe"; we define
- this for backward compatibility: */
-#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
- (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
- (unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+ (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
+# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
DH *DHparams_dup(DH *);
@@ -198,42 +199,45 @@ const DH_METHOD *DH_get_default_method(void);
int DH_set_method(DH *dh, const DH_METHOD *meth);
DH *DH_new_method(ENGINE *engine);
-DH * DH_new(void);
-void DH_free(DH *dh);
-int DH_up_ref(DH *dh);
-int DH_size(const DH *dh);
-int DH_security_bits(const DH *dh);
+DH *DH_new(void);
+void DH_free(DH *dh);
+int DH_up_ref(DH *dh);
+int DH_size(const DH *dh);
+int DH_security_bits(const DH *dh);
int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int DH_set_ex_data(DH *d, int idx, void *arg);
void *DH_get_ex_data(DH *d, int idx);
/* Deprecated version */
-#ifdef OPENSSL_USE_DEPRECATED
-DECLARE_DEPRECATED(DH * DH_generate_parameters(int prime_len,int generator,
- void (*callback)(int,int,void *),void *cb_arg));
-#endif /* defined(OPENSSL_USE_DEPRECATED) */
+# ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int,
+ void *),
+ void *cb_arg));
+# endif /* defined(OPENSSL_USE_DEPRECATED) */
/* New version */
-int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
-
-int DH_check(const DH *dh,int *codes);
-int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
-int DH_generate_key(DH *dh);
-int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-int DH_compute_key_padded(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
-int i2d_DHparams(const DH *a,unsigned char **pp);
-DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length);
-int i2d_DHxparams(const DH *a,unsigned char **pp);
-#ifndef OPENSSL_NO_STDIO
-int DHparams_print_fp(FILE *fp, const DH *x);
-#endif
-#ifndef OPENSSL_NO_BIO
-int DHparams_print(BIO *bp, const DH *x);
-#else
-int DHparams_print(char *bp, const DH *x);
-#endif
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
+ BN_GENCB *cb);
+
+int DH_check(const DH *dh, int *codes);
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHparams(const DH *a, unsigned char **pp);
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHxparams(const DH *a, unsigned char **pp);
+# ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+# ifndef OPENSSL_NO_BIO
+int DHparams_print(BIO *bp, const DH *x);
+# else
+int DHparams_print(char *bp, const DH *x);
+# endif
/* RFC 5114 parameters */
DH *DH_get_1024_160(void);
@@ -241,107 +245,107 @@ DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void);
/* RFC2631 KDF */
-int DH_KDF_X9_42(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- ASN1_OBJECT *key_oid,
- const unsigned char *ukm, size_t ukmlen,
- const EVP_MD *md);
-
-#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
-
-#define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
-
-#define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
-
-#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
-
-#define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-
-#define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
- EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
-
-#define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
-
-#define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
-
-#define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid)
-
-#define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid)
-
-#define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md)
-
-#define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd)
-
-#define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
-
-#define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen)
-
-#define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p)
-
-#define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
- EVP_PKEY_OP_DERIVE, \
- EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p)
-
-#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
-#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
-#define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
-#define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
-#define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
-#define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
-#define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
-#define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
-#define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
-#define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
-#define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
-#define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
-#define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
-#define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ ASN1_OBJECT *key_oid,
+ const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+
+# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid)
+
+# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid)
+
+# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md)
+
+# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd)
+
+# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p)
+
+# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p)
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
/* KDF types */
-#define EVP_PKEY_DH_KDF_NONE 1
-#define EVP_PKEY_DH_KDF_X9_42 2
+# define EVP_PKEY_DH_KDF_NONE 1
+# define EVP_PKEY_DH_KDF_X9_42 2
/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_DH_strings(void);
@@ -349,39 +353,39 @@ void ERR_load_DH_strings(void);
/* Error codes for the DH functions. */
/* Function codes. */
-#define DH_F_COMPUTE_KEY 102
-#define DH_F_DHPARAMS_PRINT_FP 101
-#define DH_F_DH_BUILTIN_GENPARAMS 106
-#define DH_F_DH_CMS_DECRYPT 114
-#define DH_F_DH_CMS_SET_PEERKEY 115
-#define DH_F_DH_CMS_SET_SHARED_INFO 116
-#define DH_F_DH_NEW_METHOD 105
-#define DH_F_DH_PARAM_DECODE 107
-#define DH_F_DH_PRIV_DECODE 110
-#define DH_F_DH_PRIV_ENCODE 111
-#define DH_F_DH_PUB_DECODE 108
-#define DH_F_DH_PUB_ENCODE 109
-#define DH_F_DO_DH_PRINT 100
-#define DH_F_GENERATE_KEY 103
-#define DH_F_GENERATE_PARAMETERS 104
-#define DH_F_PKEY_DH_DERIVE 112
-#define DH_F_PKEY_DH_KEYGEN 113
+# define DH_F_COMPUTE_KEY 102
+# define DH_F_DHPARAMS_PRINT_FP 101
+# define DH_F_DH_BUILTIN_GENPARAMS 106
+# define DH_F_DH_CMS_DECRYPT 114
+# define DH_F_DH_CMS_SET_PEERKEY 115
+# define DH_F_DH_CMS_SET_SHARED_INFO 116
+# define DH_F_DH_NEW_METHOD 105
+# define DH_F_DH_PARAM_DECODE 107
+# define DH_F_DH_PRIV_DECODE 110
+# define DH_F_DH_PRIV_ENCODE 111
+# define DH_F_DH_PUB_DECODE 108
+# define DH_F_DH_PUB_ENCODE 109
+# define DH_F_DO_DH_PRINT 100
+# define DH_F_GENERATE_KEY 103
+# define DH_F_GENERATE_PARAMETERS 104
+# define DH_F_PKEY_DH_DERIVE 112
+# define DH_F_PKEY_DH_KEYGEN 113
/* Reason codes. */
-#define DH_R_BAD_GENERATOR 101
-#define DH_R_BN_DECODE_ERROR 109
-#define DH_R_BN_ERROR 106
-#define DH_R_DECODE_ERROR 104
-#define DH_R_INVALID_PUBKEY 102
-#define DH_R_KDF_PARAMETER_ERROR 112
-#define DH_R_KEYS_NOT_SET 108
-#define DH_R_KEY_SIZE_TOO_SMALL 110
-#define DH_R_MODULUS_TOO_LARGE 103
-#define DH_R_NO_PARAMETERS_SET 107
-#define DH_R_NO_PRIVATE_VALUE 100
-#define DH_R_PARAMETER_ENCODING_ERROR 105
-#define DH_R_PEER_KEY_ERROR 111
-#define DH_R_SHARED_INFO_ERROR 113
+# define DH_R_BAD_GENERATOR 101
+# define DH_R_BN_DECODE_ERROR 109
+# define DH_R_BN_ERROR 106
+# define DH_R_DECODE_ERROR 104
+# define DH_R_INVALID_PUBKEY 102
+# define DH_R_KDF_PARAMETER_ERROR 112
+# define DH_R_KEYS_NOT_SET 108
+# define DH_R_KEY_SIZE_TOO_SMALL 110
+# define DH_R_MODULUS_TOO_LARGE 103
+# define DH_R_NO_PARAMETERS_SET 107
+# define DH_R_NO_PRIVATE_VALUE 100
+# define DH_R_PARAMETER_ENCODING_ERROR 105
+# define DH_R_PEER_KEY_ERROR 111
+# define DH_R_SHARED_INFO_ERROR 113
#ifdef __cplusplus
}
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index ce1edcb0d9..2ead91ff44 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -1,5 +1,6 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@@ -9,7 +10,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -63,519 +64,499 @@
#include <openssl/bn.h>
#include "asn1_locl.h"
#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
+# include <openssl/cms.h>
#endif
extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
-/* i2d/d2i like DH parameter functions which use the appropriate routine
- * for PKCS#3 DH or X9.42 DH.
+/*
+ * i2d/d2i like DH parameter functions which use the appropriate routine for
+ * PKCS#3 DH or X9.42 DH.
*/
-static DH * d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, long length)
- {
- if (pkey->ameth == &dhx_asn1_meth)
- return d2i_DHxparams(NULL, pp, length);
- return d2i_DHparams(NULL, pp, length);
- }
+static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
+ long length)
+{
+ if (pkey->ameth == &dhx_asn1_meth)
+ return d2i_DHxparams(NULL, pp, length);
+ return d2i_DHparams(NULL, pp, length);
+}
static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
- {
- if (pkey->ameth == &dhx_asn1_meth)
- return i2d_DHxparams(a, pp);
- return i2d_DHparams(a, pp);
- }
+{
+ if (pkey->ameth == &dhx_asn1_meth)
+ return i2d_DHxparams(a, pp);
+ return i2d_DHparams(a, pp);
+}
static void int_dh_free(EVP_PKEY *pkey)
- {
- DH_free(pkey->pkey.dh);
- }
+{
+ DH_free(pkey->pkey.dh);
+}
static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
- {
- const unsigned char *p, *pm;
- int pklen, pmlen;
- int ptype;
- void *pval;
- ASN1_STRING *pstr;
- X509_ALGOR *palg;
- ASN1_INTEGER *public_key = NULL;
-
- DH *dh = NULL;
-
- if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
- return 0;
- X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
- if (ptype != V_ASN1_SEQUENCE)
- {
- DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
- goto err;
- }
-
- pstr = pval;
- pm = pstr->data;
- pmlen = pstr->length;
-
- if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
- {
- DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
- goto err;
- }
-
- if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
- {
- DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
- goto err;
- }
-
- /* We have parameters now set public key */
- if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
- {
- DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
- goto err;
- }
-
- ASN1_INTEGER_free(public_key);
- EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
- return 1;
-
- err:
- if (public_key)
- ASN1_INTEGER_free(public_key);
- if (dh)
- DH_free(dh);
- return 0;
-
- }
-
-static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
- {
- DH *dh;
- void *pval = NULL;
- int ptype;
- unsigned char *penc = NULL;
- int penclen;
- ASN1_STRING *str;
- ASN1_INTEGER *pub_key = NULL;
-
- dh=pkey->pkey.dh;
-
- str = ASN1_STRING_new();
- str->length = i2d_dhp(pkey, dh, &str->data);
- if (str->length <= 0)
- {
- DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- pval = str;
- ptype = V_ASN1_SEQUENCE;
-
- pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
- if (!pub_key)
- goto err;
-
- penclen = i2d_ASN1_INTEGER(pub_key, &penc);
-
- ASN1_INTEGER_free(pub_key);
-
- if (penclen <= 0)
- {
- DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
- ptype, pval, penc, penclen))
- return 1;
-
- err:
- if (penc)
- OPENSSL_free(penc);
- if (pval)
- ASN1_STRING_free(pval);
-
- return 0;
- }
-
-
-/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
- * that the AlgorithmIdentifier contains the parameters, the private key
- * is explcitly included and the pubkey must be recalculated.
- */
-
-static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
- {
- const unsigned char *p, *pm;
- int pklen, pmlen;
- int ptype;
- void *pval;
- ASN1_STRING *pstr;
- X509_ALGOR *palg;
- ASN1_INTEGER *privkey = NULL;
-
- DH *dh = NULL;
-
- if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
- return 0;
-
- X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
- if (ptype != V_ASN1_SEQUENCE)
- goto decerr;
-
- if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
- goto decerr;
-
-
- pstr = pval;
- pm = pstr->data;
- pmlen = pstr->length;
- if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
- goto decerr;
- /* We have parameters now set private key */
- if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
- {
- DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
- goto dherr;
- }
- /* Calculate public key */
- if (!DH_generate_key(dh))
- goto dherr;
+{
+ const unsigned char *p, *pm;
+ int pklen, pmlen;
+ int ptype;
+ void *pval;
+ ASN1_STRING *pstr;
+ X509_ALGOR *palg;
+ ASN1_INTEGER *public_key = NULL;
+
+ DH *dh = NULL;
+
+ if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+ return 0;
+ X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+ if (ptype != V_ASN1_SEQUENCE) {
+ DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
+ goto err;
+ }
+
+ pstr = pval;
+ pm = pstr->data;
+ pmlen = pstr->length;
+
+ if (!(dh = d2i_dhp(pkey, &pm, pmlen))) {
+ DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+ goto err;
+ }
+
+ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
+ DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+ goto err;
+ }
+
+ /* We have parameters now set public key */
+ if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
+ DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
+ goto err;
+ }
+
+ ASN1_INTEGER_free(public_key);
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+ return 1;
+
+ err:
+ if (public_key)
+ ASN1_INTEGER_free(public_key);
+ if (dh)
+ DH_free(dh);
+ return 0;
- EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+}
- ASN1_INTEGER_free(privkey);
+static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+ DH *dh;
+ void *pval = NULL;
+ int ptype;
+ unsigned char *penc = NULL;
+ int penclen;
+ ASN1_STRING *str;
+ ASN1_INTEGER *pub_key = NULL;
+
+ dh = pkey->pkey.dh;
+
+ str = ASN1_STRING_new();
+ str->length = i2d_dhp(pkey, dh, &str->data);
+ if (str->length <= 0) {
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ pval = str;
+ ptype = V_ASN1_SEQUENCE;
+
+ pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
+ if (!pub_key)
+ goto err;
+
+ penclen = i2d_ASN1_INTEGER(pub_key, &penc);
+
+ ASN1_INTEGER_free(pub_key);
+
+ if (penclen <= 0) {
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+ ptype, pval, penc, penclen))
+ return 1;
+
+ err:
+ if (penc)
+ OPENSSL_free(penc);
+ if (pval)
+ ASN1_STRING_free(pval);
+
+ return 0;
+}
- return 1;
+/*
+ * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
+ * the AlgorithmIdentifier contains the parameters, the private key is
+ * explcitly included and the pubkey must be recalculated.
+ */
- decerr:
- DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
- dherr:
- DH_free(dh);
- return 0;
- }
+static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+{
+ const unsigned char *p, *pm;
+ int pklen, pmlen;
+ int ptype;
+ void *pval;
+ ASN1_STRING *pstr;
+ X509_ALGOR *palg;
+ ASN1_INTEGER *privkey = NULL;
+
+ DH *dh = NULL;
+
+ if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+ return 0;
+
+ X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+ if (ptype != V_ASN1_SEQUENCE)
+ goto decerr;
+
+ if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)))
+ goto decerr;
+
+ pstr = pval;
+ pm = pstr->data;
+ pmlen = pstr->length;
+ if (!(dh = d2i_dhp(pkey, &pm, pmlen)))
+ goto decerr;
+ /* We have parameters now set private key */
+ if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+ DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
+ goto dherr;
+ }
+ /* Calculate public key */
+ if (!DH_generate_key(dh))
+ goto dherr;
+
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+
+ ASN1_INTEGER_free(privkey);
+
+ return 1;
+
+ decerr:
+ DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ dherr:
+ DH_free(dh);
+ return 0;
+}
static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
- ASN1_STRING *params = NULL;
- ASN1_INTEGER *prkey = NULL;
- unsigned char *dp = NULL;
- int dplen;
-
- params = ASN1_STRING_new();
-
- if (!params)
- {
- DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
- if (params->length <= 0)
- {
- DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- params->type = V_ASN1_SEQUENCE;
-
- /* Get private key into integer */
- prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
-
- if (!prkey)
- {
- DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);
- goto err;
- }
-
- dplen = i2d_ASN1_INTEGER(prkey, &dp);
-
- ASN1_INTEGER_free(prkey);
-
- if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
- V_ASN1_SEQUENCE, params, dp, dplen))
- goto err;
-
- return 1;
-
-err:
- if (dp != NULL)
- OPENSSL_free(dp);
- if (params != NULL)
- ASN1_STRING_free(params);
- if (prkey != NULL)
- ASN1_INTEGER_free(prkey);
- return 0;
+ ASN1_STRING *params = NULL;
+ ASN1_INTEGER *prkey = NULL;
+ unsigned char *dp = NULL;
+ int dplen;
+
+ params = ASN1_STRING_new();
+
+ if (!params) {
+ DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
+ if (params->length <= 0) {
+ DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ params->type = V_ASN1_SEQUENCE;
+
+ /* Get private key into integer */
+ prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
+
+ if (!prkey) {
+ DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
+ goto err;
+ }
+
+ dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+ ASN1_INTEGER_free(prkey);
+
+ if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+ V_ASN1_SEQUENCE, params, dp, dplen))
+ goto err;
+
+ return 1;
+
+ err:
+ if (dp != NULL)
+ OPENSSL_free(dp);
+ if (params != NULL)
+ ASN1_STRING_free(params);
+ if (prkey != NULL)
+ ASN1_INTEGER_free(prkey);
+ return 0;
}
-
static void update_buflen(const BIGNUM *b, size_t *pbuflen)
- {
- size_t i;
- if (!b)
- return;
- if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
- *pbuflen = i;
- }
+{
+ size_t i;
+ if (!b)
+ return;
+ if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+ *pbuflen = i;
+}
static int dh_param_decode(EVP_PKEY *pkey,
- const unsigned char **pder, int derlen)
- {
- DH *dh;
- if (!(dh = d2i_dhp(pkey, pder, derlen)))
- {
- DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
- return 0;
- }
- EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
- return 1;
- }
+ const unsigned char **pder, int derlen)
+{
+ DH *dh;
+ if (!(dh = d2i_dhp(pkey, pder, derlen))) {
+ DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
+ return 0;
+ }
+ EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+ return 1;
+}
static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
- {
- return i2d_dhp(pkey, pkey->pkey.dh, pder);
- }
+{
+ return i2d_dhp(pkey, pkey->pkey.dh, pder);
+}
static int do_dh_print(BIO *bp, const DH *x, int indent,
- ASN1_PCTX *ctx, int ptype)
- {
- unsigned char *m=NULL;
- int reason=ERR_R_BUF_LIB,ret=0;
- size_t buf_len=0;
-
- const char *ktype = NULL;
-
- BIGNUM *priv_key, *pub_key;
-
- if (ptype == 2)
- priv_key = x->priv_key;
- else
- priv_key = NULL;
-
- if (ptype > 0)
- pub_key = x->pub_key;
- else
- pub_key = NULL;
-
- update_buflen(x->p, &buf_len);
-
- if (buf_len == 0)
- {
- reason = ERR_R_PASSED_NULL_PARAMETER;
- goto err;
- }
-
- update_buflen(x->g, &buf_len);
- update_buflen(x->q, &buf_len);
- update_buflen(x->j, &buf_len);
- update_buflen(x->counter, &buf_len);
- update_buflen(pub_key, &buf_len);
- update_buflen(priv_key, &buf_len);
-
- if (ptype == 2)
- ktype = "DH Private-Key";
- else if (ptype == 1)
- ktype = "DH Public-Key";
- else
- ktype = "DH Parameters";
-
- m= OPENSSL_malloc(buf_len+10);
- if (m == NULL)
- {
- reason=ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
- BIO_indent(bp, indent, 128);
- if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
- goto err;
- indent += 4;
-
- if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err;
- if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err;
-
- if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err;
- if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err;
- if (x->q && !ASN1_bn_print(bp,"subgroup order:",x->q,m,indent)) goto err;
- if (x->j && !ASN1_bn_print(bp,"subgroup factor:",x->j,m,indent))
- goto err;
- if (x->seed)
- {
- int i;
- BIO_indent(bp, indent, 128);
- BIO_puts(bp, "seed:");
- for (i=0; i < x->seedlen; i++)
- {
- if ((i%15) == 0)
- {
- if(BIO_puts(bp,"\n") <= 0
- || !BIO_indent(bp,indent+4,128))
- goto err;
- }
- if (BIO_printf(bp,"%02x%s", x->seed[i],
- ((i+1) == x->seedlen)?"":":") <= 0)
- goto err;
- }
- if (BIO_write(bp,"\n",1) <= 0) return(0);
- }
- if (x->counter && !ASN1_bn_print(bp,"counter:",x->counter,m,indent))
- goto err;
- if (x->length != 0)
- {
- BIO_indent(bp, indent, 128);
- if (BIO_printf(bp,"recommended-private-length: %d bits\n",
- (int)x->length) <= 0) goto err;
- }
-
-
- ret=1;
- if (0)
- {
-err:
- DHerr(DH_F_DO_DH_PRINT,reason);
- }
- if (m != NULL) OPENSSL_free(m);
- return(ret);
- }
+ ASN1_PCTX *ctx, int ptype)
+{
+ unsigned char *m = NULL;
+ int reason = ERR_R_BUF_LIB, ret = 0;
+ size_t buf_len = 0;
+
+ const char *ktype = NULL;
+
+ BIGNUM *priv_key, *pub_key;
+
+ if (ptype == 2)
+ priv_key = x->priv_key;
+ else
+ priv_key = NULL;
+
+ if (ptype > 0)
+ pub_key = x->pub_key;
+ else
+ pub_key = NULL;
+
+ update_buflen(x->p, &buf_len);
+
+ if (buf_len == 0) {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+
+ update_buflen(x->g, &buf_len);
+ update_buflen(x->q, &buf_len);
+ update_buflen(x->j, &buf_len);
+ update_buflen(x->counter, &buf_len);
+ update_buflen(pub_key, &buf_len);
+ update_buflen(priv_key, &buf_len);
+
+ if (ptype == 2)
+ ktype = "DH Private-Key";
+ else if (ptype == 1)
+ ktype = "DH Public-Key";
+ else
+ ktype = "DH Parameters";
+
+ m = OPENSSL_malloc(buf_len + 10);
+ if (m == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ BIO_indent(bp, indent, 128);
+ if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
+ goto err;
+ indent += 4;
+
+ if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent))
+ goto err;
+ if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent))
+ goto err;
+
+ if (!ASN1_bn_print(bp, "prime:", x->p, m, indent))
+ goto err;
+ if (!ASN1_bn_print(bp, "generator:", x->g, m, indent))
+ goto err;
+ if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent))
+ goto err;
+ if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent))
+ goto err;
+ if (x->seed) {
+ int i;
+ BIO_indent(bp, indent, 128);
+ BIO_puts(bp, "seed:");
+ for (i = 0; i < x->seedlen; i++) {
+ if ((i % 15) == 0) {
+ if (BIO_puts(bp, "\n") <= 0
+ || !BIO_indent(bp, indent + 4, 128))
+ goto err;
+ }
+ if (BIO_printf(bp, "%02x%s", x->seed[i],
+ ((i + 1) == x->seedlen) ? "" : ":") <= 0)
+ goto err;
+ }
+ if (BIO_write(bp, "\n", 1) <= 0)
+ return (0);
+ }
+ if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent))
+ goto err;
+ if (x->length != 0) {
+ BIO_indent(bp, indent, 128);
+ if (BIO_printf(bp, "recommended-private-length: %d bits\n",
+ (int)x->length) <= 0)
+ goto err;
+ }
+
+ ret = 1;
+ if (0) {
+ err:
+ DHerr(DH_F_DO_DH_PRINT, reason);
+ }
+ if (m != NULL)
+ OPENSSL_free(m);
+ return (ret);
+}
static int int_dh_size(const EVP_PKEY *pkey)
- {
- return(DH_size(pkey->pkey.dh));
- }
+{
+ return (DH_size(pkey->pkey.dh));
+}
static int dh_bits(const EVP_PKEY *pkey)
- {
- return BN_num_bits(pkey->pkey.dh->p);
- }
+{
+ return BN_num_bits(pkey->pkey.dh->p);
+}
static int dh_security_bits(const EVP_PKEY *pkey)
- {
- return DH_security_bits(pkey->pkey.dh);
- }
+{
+ return DH_security_bits(pkey->pkey.dh);
+}
static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
- {
- if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
- BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
- return 0;
- else if (a->ameth == &dhx_asn1_meth)
- {
- if (BN_cmp(a->pkey.dh->q,b->pkey.dh->q))
- return 0;
- }
- return 1;
- }
+{
+ if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
+ BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
+ return 0;
+ else if (a->ameth == &dhx_asn1_meth) {
+ if (BN_cmp(a->pkey.dh->q, b->pkey.dh->q))
+ return 0;
+ }
+ return 1;
+}
static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src)
- {
- BIGNUM *a;
- if (src)
- {
- a = BN_dup(src);
- if (!a)
- return 0;
- }
- else
- a = NULL;
- if (*dst)
- BN_free(*dst);
- *dst = a;
- return 1;
- }
+{
+ BIGNUM *a;
+ if (src) {
+ a = BN_dup(src);
+ if (!a)
+ return 0;
+ } else
+ a = NULL;
+ if (*dst)
+ BN_free(*dst);
+ *dst = a;
+ return 1;
+}
static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
- {
- if (is_x942 == -1)
- is_x942 = !!from->q;
- if (!int_dh_bn_cpy(&to->p, from->p))
- return 0;
- if (!int_dh_bn_cpy(&to->g, from->g))
- return 0;
- if (is_x942)
- {
- if (!int_dh_bn_cpy(&to->q, from->q))
- return 0;
- if (!int_dh_bn_cpy(&to->j, from->j))
- return 0;
- if(to->seed)
- {
- OPENSSL_free(to->seed);
- to->seed = NULL;
- to->seedlen = 0;
- }
- if (from->seed)
- {
- to->seed = BUF_memdup(from->seed, from->seedlen);
- if (!to->seed)
- return 0;
- to->seedlen = from->seedlen;
- }
- }
- else
- to->length = from->length;
- return 1;
- }
-
+{
+ if (is_x942 == -1)
+ is_x942 = ! !from->q;
+ if (!int_dh_bn_cpy(&to->p, from->p))
+ return 0;
+ if (!int_dh_bn_cpy(&to->g, from->g))
+ return 0;
+ if (is_x942) {
+ if (!int_dh_bn_cpy(&to->q, from->q))
+ return 0;
+ if (!int_dh_bn_cpy(&to->j, from->j))
+ return 0;
+ if (to->seed) {
+ OPENSSL_free(to->seed);
+ to->seed = NULL;
+ to->seedlen = 0;
+ }
+ if (from->seed) {
+ to->seed = BUF_memdup(from->seed, from->seedlen);
+ if (!to->seed)
+ return 0;
+ to->seedlen = from->seedlen;
+ }
+ } else
+ to->length = from->length;
+ return 1;
+}
DH *DHparams_dup(DH *dh)
- {
- DH *ret;
- ret = DH_new();
- if (!ret)
- return NULL;
- if (!int_dh_param_copy(ret, dh, -1))
- {
- DH_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ DH *ret;
+ ret = DH_new();
+ if (!ret)
+ return NULL;
+ if (!int_dh_param_copy(ret, dh, -1)) {
+ DH_free(ret);
+ return NULL;
+ }
+ return ret;
+}
static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
- {
- return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
- from->ameth == &dhx_asn1_meth);
- }
+{
+ return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
+ from->ameth == &dhx_asn1_meth);
+}
static int dh_missing_parameters(const EVP_PKEY *a)
- {
- if (!a->pkey.dh->p || !a->pkey.dh->g)
- return 1;
- return 0;
- }
+{
+ if (!a->pkey.dh->p || !a->pkey.dh->g)
+ return 1;
+ return 0;
+}
static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
- {
- if (dh_cmp_parameters(a, b) == 0)
- return 0;
- if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0)
- return 0;
- else
- return 1;
- }
+{
+ if (dh_cmp_parameters(a, b) == 0)
+ return 0;
+ if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
+ return 0;
+ else
+ return 1;
+}
static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *ctx)
- {
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
- }
+ ASN1_PCTX *ctx)
+{
+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
+}
static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *ctx)
- {
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
- }
+ ASN1_PCTX *ctx)
+{
+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
+}
static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
- ASN1_PCTX *ctx)
- {
- return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
- }
+ ASN1_PCTX *ctx)
+{
+ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
+}
int DHparams_print(BIO *bp, const DH *x)
- {
- return do_dh_print(bp, x, 4, NULL, 0);
- }
+{
+ return do_dh_print(bp, x, 4, NULL, 0);
+}
#ifndef OPENSSL_NO_CMS
static int dh_cms_decrypt(CMS_RecipientInfo *ri);
@@ -583,411 +564,397 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri);
#endif
static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
- {
- switch (op)
- {
+{
+ switch (op) {
#ifndef OPENSSL_NO_CMS
- case ASN1_PKEY_CTRL_CMS_ENVELOPE:
- if (arg1 == 1)
- return dh_cms_decrypt(arg2);
- else if (arg1 == 0)
- return dh_cms_encrypt(arg2);
- return -2;
+ case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+ if (arg1 == 1)
+ return dh_cms_decrypt(arg2);
+ else if (arg1 == 0)
+ return dh_cms_encrypt(arg2);
+ return -2;
- case ASN1_PKEY_CTRL_CMS_RI_TYPE:
- *(int *)arg2 = CMS_RECIPINFO_AGREE;
- return 1;
+ case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+ *(int *)arg2 = CMS_RECIPINFO_AGREE;
+ return 1;
#endif
- default:
- return -2;
- }
-
- }
-
-const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
- {
- EVP_PKEY_DH,
- EVP_PKEY_DH,
- 0,
-
- "DH",
- "OpenSSL PKCS#3 DH method",
-
- dh_pub_decode,
- dh_pub_encode,
- dh_pub_cmp,
- dh_public_print,
-
- dh_priv_decode,
- dh_priv_encode,
- dh_private_print,
-
- int_dh_size,
- dh_bits,
- dh_security_bits,
-
- dh_param_decode,
- dh_param_encode,
- dh_missing_parameters,
- dh_copy_parameters,
- dh_cmp_parameters,
- dh_param_print,
- 0,
-
- int_dh_free,
- 0
- };
-
-const EVP_PKEY_ASN1_METHOD dhx_asn1_meth =
- {
- EVP_PKEY_DHX,
- EVP_PKEY_DHX,
- 0,
-
- "X9.42 DH",
- "OpenSSL X9.42 DH method",
-
- dh_pub_decode,
- dh_pub_encode,
- dh_pub_cmp,
- dh_public_print,
-
- dh_priv_decode,
- dh_priv_encode,
- dh_private_print,
-
- int_dh_size,
- dh_bits,
- dh_security_bits,
-
- dh_param_decode,
- dh_param_encode,
- dh_missing_parameters,
- dh_copy_parameters,
- dh_cmp_parameters,
- dh_param_print,
- 0,
-
- int_dh_free,
- dh_pkey_ctrl
- };
+ default:
+ return -2;
+ }
+
+}
+
+const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
+ EVP_PKEY_DH,
+ EVP_PKEY_DH,
+ 0,
+
+ "DH",
+ "OpenSSL PKCS#3 DH method",
+
+ dh_pub_decode,
+ dh_pub_encode,
+ dh_pub_cmp,
+ dh_public_print,
+
+ dh_priv_decode,
+ dh_priv_encode,
+ dh_private_print,
+
+ int_dh_size,
+ dh_bits,
+ dh_security_bits,
+
+ dh_param_decode,
+ dh_param_encode,
+ dh_missing_parameters,
+ dh_copy_parameters,
+ dh_cmp_parameters,
+ dh_param_print,
+ 0,
+
+ int_dh_free,
+ 0
+};
+
+const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
+ EVP_PKEY_DHX,
+ EVP_PKEY_DHX,
+ 0,
+
+ "X9.42 DH",
+ "OpenSSL X9.42 DH method",
+
+ dh_pub_decode,
+ dh_pub_encode,
+ dh_pub_cmp,
+ dh_public_print,
+
+ dh_priv_decode,
+ dh_priv_encode,
+ dh_private_print,
+
+ int_dh_size,
+ dh_bits,
+ dh_security_bits,
+
+ dh_param_decode,
+ dh_param_encode,
+ dh_missing_parameters,
+ dh_copy_parameters,
+ dh_cmp_parameters,
+ dh_param_print,
+ 0,
+
+ int_dh_free,
+ dh_pkey_ctrl
+};
+
#ifndef OPENSSL_NO_CMS
static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
- X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
- {
- ASN1_OBJECT *aoid;
- int atype;
- void *aval;
- ASN1_INTEGER *public_key = NULL;
- int rv = 0;
- EVP_PKEY *pkpeer = NULL, *pk = NULL;
- DH *dhpeer = NULL;
- const unsigned char *p;
- int plen;
-
- X509_ALGOR_get0(&aoid, &atype, &aval, alg);
- if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
- goto err;
- /* Only absent parameters allowed in RFC XXXX */
- if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
- goto err;
-
- pk = EVP_PKEY_CTX_get0_pkey(pctx);
- if (!pk)
- goto err;
- if (pk->type != EVP_PKEY_DHX)
- goto err;
- /* Get parameters from parent key */
- dhpeer = DHparams_dup(pk->pkey.dh);
- /* We have parameters now set public key */
- plen = ASN1_STRING_length(pubkey);
- p = ASN1_STRING_data(pubkey);
- if (!p || !plen)
- goto err;
-
- if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, plen)))
- {
- DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
- goto err;
- }
-
- /* We have parameters now set public key */
- if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
- {
- DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
- goto err;
- }
-
- pkpeer = EVP_PKEY_new();
- if (!pkpeer)
- goto err;
- EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
- dhpeer = NULL;
- if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
- rv = 1;
- err:
- if (public_key)
- ASN1_INTEGER_free(public_key);
- if (pkpeer)
- EVP_PKEY_free(pkpeer);
- if (dhpeer)
- DH_free(dhpeer);
- return rv;
- }
+ X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
+{
+ ASN1_OBJECT *aoid;
+ int atype;
+ void *aval;
+ ASN1_INTEGER *public_key = NULL;
+ int rv = 0;
+ EVP_PKEY *pkpeer = NULL, *pk = NULL;
+ DH *dhpeer = NULL;
+ const unsigned char *p;
+ int plen;
+
+ X509_ALGOR_get0(&aoid, &atype, &aval, alg);
+ if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
+ goto err;
+ /* Only absent parameters allowed in RFC XXXX */
+ if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
+ goto err;
+
+ pk = EVP_PKEY_CTX_get0_pkey(pctx);
+ if (!pk)
+ goto err;
+ if (pk->type != EVP_PKEY_DHX)
+ goto err;
+ /* Get parameters from parent key */
+ dhpeer = DHparams_dup(pk->pkey.dh);
+ /* We have parameters now set public key */
+ plen = ASN1_STRING_length(pubkey);
+ p = ASN1_STRING_data(pubkey);
+ if (!p || !plen)
+ goto err;
+
+ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) {
+ DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
+ goto err;
+ }
+
+ /* We have parameters now set public key */
+ if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
+ DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
+ goto err;
+ }
+
+ pkpeer = EVP_PKEY_new();
+ if (!pkpeer)
+ goto err;
+ EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
+ dhpeer = NULL;
+ if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
+ rv = 1;
+ err:
+ if (public_key)
+ ASN1_INTEGER_free(public_key);
+ if (pkpeer)
+ EVP_PKEY_free(pkpeer);
+ if (dhpeer)
+ DH_free(dhpeer);
+ return rv;
+}
static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
- {
- int rv = 0;
-
- X509_ALGOR *alg, *kekalg = NULL;
- ASN1_OCTET_STRING *ukm;
- const unsigned char *p;
- unsigned char *dukm = NULL;
- size_t dukmlen = 0;
- int keylen, plen;
- const EVP_CIPHER *kekcipher;
- EVP_CIPHER_CTX *kekctx;
-
- if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
- goto err;
-
- /* For DH we only have one OID permissible. If ever any more get
- * defined we will need something cleverer.
- */
- if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH)
- {
- DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR);
- goto err;
- }
-
- if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0)
- goto err;
-
- if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
- goto err;
-
- if (alg->parameter->type != V_ASN1_SEQUENCE)
- goto err;
-
- p = alg->parameter->value.sequence->data;
- plen = alg->parameter->value.sequence->length;
- kekalg = d2i_X509_ALGOR(NULL, &p, plen);
- if (!kekalg)
- goto err;
- kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
- if (!kekctx)
- goto err;
- kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
- if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
- goto err;
- if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
- goto err;
- if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
- goto err;
-
- keylen = EVP_CIPHER_CTX_key_length(kekctx);
- if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
- goto err;
- /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
- if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
- OBJ_nid2obj(EVP_CIPHER_type(kekcipher))) <= 0)
- goto err;
-
- if (ukm)
- {
- dukmlen = ASN1_STRING_length(ukm);
- dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
- if (!dukm)
- goto err;
- }
-
- if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
- goto err;
- dukm = NULL;
-
- rv = 1;
- err:
- if (kekalg)
- X509_ALGOR_free(kekalg);
- if (dukm)
- OPENSSL_free(dukm);
- return rv;
- }
+{
+ int rv = 0;
+
+ X509_ALGOR *alg, *kekalg = NULL;
+ ASN1_OCTET_STRING *ukm;
+ const unsigned char *p;
+ unsigned char *dukm = NULL;
+ size_t dukmlen = 0;
+ int keylen, plen;
+ const EVP_CIPHER *kekcipher;
+ EVP_CIPHER_CTX *kekctx;
+
+ if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+ goto err;
+
+ /*
+ * For DH we only have one OID permissible. If ever any more get defined
+ * we will need something cleverer.
+ */
+ if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+ DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR);
+ goto err;
+ }
+
+ if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0)
+ goto err;
+
+ if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
+ goto err;
+
+ if (alg->parameter->type != V_ASN1_SEQUENCE)
+ goto err;
+
+ p = alg->parameter->value.sequence->data;
+ plen = alg->parameter->value.sequence->length;
+ kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+ if (!kekalg)
+ goto err;
+ kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+ if (!kekctx)
+ goto err;
+ kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+ if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+ goto err;
+ if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
+ goto err;
+ if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+ goto err;
+
+ keylen = EVP_CIPHER_CTX_key_length(kekctx);
+ if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+ goto err;
+ /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
+ if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
+ OBJ_nid2obj(EVP_CIPHER_type(kekcipher)))
+ <= 0)
+ goto err;
+
+ if (ukm) {
+ dukmlen = ASN1_STRING_length(ukm);
+ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
+ if (!dukm)
+ goto err;
+ }
+
+ if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+ goto err;
+ dukm = NULL;
+
+ rv = 1;
+ err:
+ if (kekalg)
+ X509_ALGOR_free(kekalg);
+ if (dukm)
+ OPENSSL_free(dukm);
+ return rv;
+}
static int dh_cms_decrypt(CMS_RecipientInfo *ri)
- {
- EVP_PKEY_CTX *pctx;
- pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
- if (!pctx)
- return 0;
- /* See if we need to set peer key */
- if (!EVP_PKEY_CTX_get0_peerkey(pctx))
- {
- X509_ALGOR *alg;
- ASN1_BIT_STRING *pubkey;
- if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
- NULL, NULL, NULL))
- return 0;
- if (!alg || !pubkey)
- return 0;
- if (!dh_cms_set_peerkey(pctx, alg, pubkey))
- {
- DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR);
- return 0;
- }
- }
- /* Set DH derivation parameters and initialise unwrap context */
- if (!dh_cms_set_shared_info(pctx, ri))
- {
- DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR);
- return 0;
- }
- return 1;
- }
+{
+ EVP_PKEY_CTX *pctx;
+ pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+ if (!pctx)
+ return 0;
+ /* See if we need to set peer key */
+ if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
+ X509_ALGOR *alg;
+ ASN1_BIT_STRING *pubkey;
+ if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
+ NULL, NULL, NULL))
+ return 0;
+ if (!alg || !pubkey)
+ return 0;
+ if (!dh_cms_set_peerkey(pctx, alg, pubkey)) {
+ DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR);
+ return 0;
+ }
+ }
+ /* Set DH derivation parameters and initialise unwrap context */
+ if (!dh_cms_set_shared_info(pctx, ri)) {
+ DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR);
+ return 0;
+ }
+ return 1;
+}
static int dh_cms_encrypt(CMS_RecipientInfo *ri)
- {
- EVP_PKEY_CTX *pctx;
- EVP_PKEY *pkey;
- EVP_CIPHER_CTX *ctx;
- int keylen;
- X509_ALGOR *talg, *wrap_alg = NULL;
- ASN1_OBJECT *aoid;
- ASN1_BIT_STRING *pubkey;
- ASN1_STRING *wrap_str;
- ASN1_OCTET_STRING *ukm;
- unsigned char *penc = NULL, *dukm = NULL;
- int penclen;
- size_t dukmlen = 0;
- int rv = 0;
- int kdf_type, wrap_nid;
- const EVP_MD *kdf_md;
- pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
- if (!pctx)
- return 0;
- /* Get ephemeral key */
- pkey = EVP_PKEY_CTX_get0_pkey(pctx);
- if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
- NULL, NULL, NULL))
- goto err;
- X509_ALGOR_get0(&aoid, NULL, NULL, talg);
- /* Is everything uninitialised? */
- if (aoid == OBJ_nid2obj(NID_undef))
- {
- ASN1_INTEGER *pubk;
- pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
- if (!pubk)
- goto err;
- /* Set the key */
-
- penclen = i2d_ASN1_INTEGER(pubk, &penc);
- ASN1_INTEGER_free(pubk);
- if (penclen <= 0)
- goto err;
- ASN1_STRING_set0(pubkey, penc, penclen);
- pubkey->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
- pubkey->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-
- penc = NULL;
- X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
- V_ASN1_UNDEF, NULL);
- }
-
- /* See if custom paraneters set */
- kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
- if (kdf_type <= 0)
- goto err;
- if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
- goto err;
-
- if (kdf_type == EVP_PKEY_DH_KDF_NONE)
- {
- kdf_type = EVP_PKEY_DH_KDF_X9_42;
- if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
- goto err;
- }
- else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
- /* Unknown KDF */
- goto err;
- if (kdf_md == NULL)
- {
- /* Only SHA1 supported */
- kdf_md = EVP_sha1();
- if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
- goto err;
- }
- else if (EVP_MD_type(kdf_md) != NID_sha1)
- /* Unsupported digest */
- goto err;
-
- if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
- goto err;
-
- /* Get wrap NID */
- ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
- wrap_nid = EVP_CIPHER_CTX_type(ctx);
- if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
- goto err;
- keylen = EVP_CIPHER_CTX_key_length(ctx);
-
- /* Package wrap algorithm in an AlgorithmIdentifier */
-
- wrap_alg = X509_ALGOR_new();
- if (!wrap_alg)
- goto err;
- wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
- wrap_alg->parameter = ASN1_TYPE_new();
- if (!wrap_alg->parameter)
- goto err;
- if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
- goto err;
- if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef)
- {
- ASN1_TYPE_free(wrap_alg->parameter);
- wrap_alg->parameter = NULL;
- }
-
- if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
- goto err;
-
- if (ukm)
- {
- dukmlen = ASN1_STRING_length(ukm);
- dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
- if (!dukm)
- goto err;
- }
-
- if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
- goto err;
- dukm = NULL;
-
- /* Now need to wrap encoding of wrap AlgorithmIdentifier into
- * parameter of another AlgorithmIdentifier.
- */
- penc = NULL;
- penclen = i2d_X509_ALGOR(wrap_alg, &penc);
- if (!penc || !penclen)
- goto err;
- wrap_str = ASN1_STRING_new();
- if (!wrap_str)
- goto err;
- ASN1_STRING_set0(wrap_str, penc, penclen);
- penc = NULL;
- X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
- V_ASN1_SEQUENCE, wrap_str);
-
- rv = 1;
-
- err:
- if (penc)
- OPENSSL_free(penc);
- if (wrap_alg)
- X509_ALGOR_free(wrap_alg);
- return rv;
- }
+{
+ EVP_PKEY_CTX *pctx;
+ EVP_PKEY *pkey;
+ EVP_CIPHER_CTX *ctx;
+ int keylen;
+ X509_ALGOR *talg, *wrap_alg = NULL;
+ ASN1_OBJECT *aoid;
+ ASN1_BIT_STRING *pubkey;
+ ASN1_STRING *wrap_str;
+ ASN1_OCTET_STRING *ukm;
+ unsigned char *penc = NULL, *dukm = NULL;
+ int penclen;
+ size_t dukmlen = 0;
+ int rv = 0;
+ int kdf_type, wrap_nid;
+ const EVP_MD *kdf_md;
+ pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+ if (!pctx)
+ return 0;
+ /* Get ephemeral key */
+ pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+ if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
+ NULL, NULL, NULL))
+ goto err;
+ X509_ALGOR_get0(&aoid, NULL, NULL, talg);
+ /* Is everything uninitialised? */
+ if (aoid == OBJ_nid2obj(NID_undef)) {
+ ASN1_INTEGER *pubk;
+ pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+ if (!pubk)
+ goto err;
+ /* Set the key */
+
+ penclen = i2d_ASN1_INTEGER(pubk, &penc);
+ ASN1_INTEGER_free(pubk);
+ if (penclen <= 0)
+ goto err;
+ ASN1_STRING_set0(pubkey, penc, penclen);
+ pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+ penc = NULL;
+ X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
+ V_ASN1_UNDEF, NULL);
+ }
+
+ /* See if custom paraneters set */
+ kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
+ if (kdf_type <= 0)
+ goto err;
+ if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
+ goto err;
+
+ if (kdf_type == EVP_PKEY_DH_KDF_NONE) {
+ kdf_type = EVP_PKEY_DH_KDF_X9_42;
+ if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
+ goto err;
+ } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
+ /* Unknown KDF */
+ goto err;
+ if (kdf_md == NULL) {
+ /* Only SHA1 supported */
+ kdf_md = EVP_sha1();
+ if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
+ goto err;
+ } else if (EVP_MD_type(kdf_md) != NID_sha1)
+ /* Unsupported digest */
+ goto err;
+
+ if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
+ goto err;
+
+ /* Get wrap NID */
+ ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+ wrap_nid = EVP_CIPHER_CTX_type(ctx);
+ if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
+ goto err;
+ keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+ /* Package wrap algorithm in an AlgorithmIdentifier */
+
+ wrap_alg = X509_ALGOR_new();
+ if (!wrap_alg)
+ goto err;
+ wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+ wrap_alg->parameter = ASN1_TYPE_new();
+ if (!wrap_alg->parameter)
+ goto err;
+ if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+ goto err;
+ if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+ ASN1_TYPE_free(wrap_alg->parameter);
+ wrap_alg->parameter = NULL;
+ }
+
+ if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+ goto err;
+
+ if (ukm) {
+ dukmlen = ASN1_STRING_length(ukm);
+ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
+ if (!dukm)
+ goto err;
+ }
+
+ if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+ goto err;
+ dukm = NULL;
+
+ /*
+ * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
+ * of another AlgorithmIdentifier.
+ */
+ penc = NULL;
+ penclen = i2d_X509_ALGOR(wrap_alg, &penc);
+ if (!penc || !penclen)
+ goto err;
+ wrap_str = ASN1_STRING_new();
+ if (!wrap_str)
+ goto err;
+ ASN1_STRING_set0(wrap_str, penc, penclen);
+ penc = NULL;
+ X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
+ V_ASN1_SEQUENCE, wrap_str);
+
+ rv = 1;
+
+ err:
+ if (penc)
+ OPENSSL_free(penc);
+ if (wrap_alg)
+ X509_ALGOR_free(wrap_alg);
+ return rv;
+}
#endif
-
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index 96ea475c63..f470214399 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -1,6 +1,7 @@
/* dh_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
*/
/* ====================================================================
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
@@ -10,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -65,129 +66,124 @@
/* Override the default free and new methods */
static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
- void *exarg)
+ void *exarg)
{
- if(operation == ASN1_OP_NEW_PRE) {
- *pval = (ASN1_VALUE *)DH_new();
- if(*pval) return 2;
- return 0;
- } else if(operation == ASN1_OP_FREE_PRE) {
- DH_free((DH *)*pval);
- *pval = NULL;
- return 2;
- }
- return 1;
+ if (operation == ASN1_OP_NEW_PRE) {
+ *pval = (ASN1_VALUE *)DH_new();
+ if (*pval)
+ return 2;
+ return 0;
+ } else if (operation == ASN1_OP_FREE_PRE) {
+ DH_free((DH *)*pval);
+ *pval = NULL;
+ return 2;
+ }
+ return 1;
}
ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
- ASN1_SIMPLE(DH, p, BIGNUM),
- ASN1_SIMPLE(DH, g, BIGNUM),
- ASN1_OPT(DH, length, ZLONG),
+ ASN1_SIMPLE(DH, p, BIGNUM),
+ ASN1_SIMPLE(DH, g, BIGNUM),
+ ASN1_OPT(DH, length, ZLONG),
} ASN1_SEQUENCE_END_cb(DH, DHparams)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
-/* Internal only structures for handling X9.42 DH: this gets translated
- * to or from a DH structure straight away.
+/*
+ * Internal only structures for handling X9.42 DH: this gets translated to or
+ * from a DH structure straight away.
*/
-typedef struct
- {
- ASN1_BIT_STRING *seed;
- BIGNUM *counter;
- } int_dhvparams;
-
-typedef struct
- {
- BIGNUM *p;
- BIGNUM *q;
- BIGNUM *g;
- BIGNUM *j;
- int_dhvparams *vparams;
- } int_dhx942_dh;
+typedef struct {
+ ASN1_BIT_STRING *seed;
+ BIGNUM *counter;
+} int_dhvparams;
+
+typedef struct {
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *g;
+ BIGNUM *j;
+ int_dhvparams *vparams;
+} int_dhx942_dh;
ASN1_SEQUENCE(DHvparams) = {
- ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
- ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
+ ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
+ ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
ASN1_SEQUENCE(DHxparams) = {
- ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
- ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
- ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
- ASN1_OPT(int_dhx942_dh, j, BIGNUM),
- ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
+ ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
+ ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
+ ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
+ ASN1_OPT(int_dhx942_dh, j, BIGNUM),
+ ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
-int_dhx942_dh * d2i_int_dhx(int_dhx942_dh **a,
- const unsigned char **pp, long length);
-int i2d_int_dhx(const int_dhx942_dh *a,unsigned char **pp);
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a,
+ const unsigned char **pp, long length);
+int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
/* Application leve function: read in X9.42 DH parameters into DH structure */
-DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length)
- {
- int_dhx942_dh *dhx = NULL;
- DH *dh = NULL;
- dh = DH_new();
- if (!dh)
- return NULL;
- dhx = d2i_int_dhx(NULL, pp, length);
- if (!dhx)
- {
- DH_free(dh);
- return NULL;
- }
-
- if (a)
- {
- if (*a)
- DH_free(*a);
- *a = dh;
- }
-
- dh->p = dhx->p;
- dh->q = dhx->q;
- dh->g = dhx->g;
- dh->j = dhx->j;
-
- if (dhx->vparams)
- {
- dh->seed = dhx->vparams->seed->data;
- dh->seedlen = dhx->vparams->seed->length;
- dh->counter = dhx->vparams->counter;
- dhx->vparams->seed->data = NULL;
- ASN1_BIT_STRING_free(dhx->vparams->seed);
- OPENSSL_free(dhx->vparams);
- dhx->vparams = NULL;
- }
-
- OPENSSL_free(dhx);
- return dh;
- }
-
-int i2d_DHxparams(const DH *dh,unsigned char **pp)
- {
- int_dhx942_dh dhx;
- int_dhvparams dhv;
- ASN1_BIT_STRING bs;
- dhx.p = dh->p;
- dhx.g = dh->g;
- dhx.q = dh->q;
- dhx.j = dh->j;
- if (dh->counter && dh->seed && dh->seedlen > 0)
- {
- bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
- bs.data = dh->seed;
- bs.length = dh->seedlen;
- dhv.seed = &bs;
- dhv.counter = dh->counter;
- dhx.vparams = &dhv;
- }
- else
- dhx.vparams = NULL;
-
- return i2d_int_dhx(&dhx, pp);
- }
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
+{
+ int_dhx942_dh *dhx = NULL;
+ DH *dh = NULL;
+ dh = DH_new();
+ if (!dh)
+ return NULL;
+ dhx = d2i_int_dhx(NULL, pp, length);
+ if (!dhx) {
+ DH_free(dh);
+ return NULL;
+ }
+
+ if (a) {
+ if (*a)
+ DH_free(*a);
+ *a = dh;
+ }
+
+ dh->p = dhx->p;
+ dh->q = dhx->q;
+ dh->g = dhx->g;
+ dh->j = dhx->j;
+
+ if (dhx->vparams) {
+ dh->seed = dhx->vparams->seed->data;
+ dh->seedlen = dhx->vparams->seed->length;
+ dh->counter = dhx->vparams->counter;
+ dhx->vparams->seed->data = NULL;
+ ASN1_BIT_STRING_free(dhx->vparams->seed);
+ OPENSSL_free(dhx->vparams);
+ dhx->vparams = NULL;
+ }
+
+ OPENSSL_free(dhx);
+ return dh;
+}
+
+int i2d_DHxparams(const DH *dh, unsigned char **pp)
+{
+ int_dhx942_dh dhx;
+ int_dhvparams dhv;
+ ASN1_BIT_STRING bs;
+ dhx.p = dh->p;
+ dhx.g = dh->g;
+ dhx.q = dh->q;
+ dhx.j = dh->j;
+ if (dh->counter && dh->seed && dh->seedlen > 0) {
+ bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
+ bs.data = dh->seed;
+ bs.length = dh->seedlen;
+ dhv.seed = &bs;
+ dhv.counter = dh->counter;
+ dhx.vparams = &dhv;
+ } else
+ dhx.vparams = NULL;
+
+ return i2d_int_dhx(&dhx, pp);
+}
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 0acd7753e9..347467c6a4 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -72,103 +72,102 @@
*/
int DH_check(const DH *dh, int *ret)
- {
- int ok=0;
- BN_CTX *ctx=NULL;
- BN_ULONG l;
- BIGNUM *t1=NULL, *t2 = NULL;
+{
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+ BN_ULONG l;
+ BIGNUM *t1 = NULL, *t2 = NULL;
+
+ *ret = 0;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ if (t1 == NULL)
+ goto err;
+ t2 = BN_CTX_get(ctx);
+ if (t2 == NULL)
+ goto err;
- *ret=0;
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- t1=BN_CTX_get(ctx);
- if (t1 == NULL) goto err;
- t2=BN_CTX_get(ctx);
- if (t2 == NULL) goto err;
+ if (dh->q) {
+ if (BN_cmp(dh->g, BN_value_one()) <= 0)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ else if (BN_cmp(dh->g, dh->p) >= 0)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ else {
+ /* Check g^q == 1 mod p */
+ if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx))
+ goto err;
+ if (!BN_is_one(t1))
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
+ if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_Q_NOT_PRIME;
+ /* Check p == 1 mod q i.e. q divides p - 1 */
+ if (!BN_div(t1, t2, dh->p, dh->q, ctx))
+ goto err;
+ if (!BN_is_one(t2))
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
+ if (dh->j && BN_cmp(dh->j, t1))
+ *ret |= DH_CHECK_INVALID_J_VALUE;
- if (dh->q)
- {
- if (BN_cmp(dh->g, BN_value_one()) <= 0)
- *ret|=DH_NOT_SUITABLE_GENERATOR;
- else if (BN_cmp(dh->g, dh->p) >= 0)
- *ret|=DH_NOT_SUITABLE_GENERATOR;
- else
- {
- /* Check g^q == 1 mod p */
- if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx))
- goto err;
- if (!BN_is_one(t1))
- *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
- if (!BN_is_prime_ex(dh->q,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_Q_NOT_PRIME;
- /* Check p == 1 mod q i.e. q divides p - 1 */
- if (!BN_div(t1, t2, dh->p, dh->q, ctx))
- goto err;
- if (!BN_is_one(t2))
- *ret|=DH_CHECK_INVALID_Q_VALUE;
- if (dh->j && BN_cmp(dh->j, t1))
- *ret|=DH_CHECK_INVALID_J_VALUE;
-
- }
- else if (BN_is_word(dh->g,DH_GENERATOR_2))
- {
- l=BN_mod_word(dh->p,24);
- if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
+ } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
+ l = BN_mod_word(dh->p, 24);
+ if (l != 11)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
#if 0
- else if (BN_is_word(dh->g,DH_GENERATOR_3))
- {
- l=BN_mod_word(dh->p,12);
- if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
+ else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
+ l = BN_mod_word(dh->p, 12);
+ if (l != 5)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
#endif
- else if (BN_is_word(dh->g,DH_GENERATOR_5))
- {
- l=BN_mod_word(dh->p,10);
- if ((l != 3) && (l != 7))
- *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
- else
- *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+ else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+ l = BN_mod_word(dh->p, 10);
+ if ((l != 3) && (l != 7))
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ } else
+ *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
- if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_PRIME;
- else if (!dh->q)
- {
- if (!BN_rshift1(t1,dh->p)) goto err;
- if (!BN_is_prime_ex(t1,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
- }
- ok=1;
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return(ok);
- }
+ if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_P_NOT_PRIME;
+ else if (!dh->q) {
+ if (!BN_rshift1(t1, dh->p))
+ goto err;
+ if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+ }
+ ok = 1;
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return (ok);
+}
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
- {
- int ok=0;
- BIGNUM *q=NULL;
+{
+ int ok = 0;
+ BIGNUM *q = NULL;
- *ret=0;
- q=BN_new();
- if (q == NULL) goto err;
- BN_set_word(q,1);
- if (BN_cmp(pub_key,q)<=0)
- *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
- BN_copy(q,dh->p);
- BN_sub_word(q,1);
- if (BN_cmp(pub_key,q)>=0)
- *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+ *ret = 0;
+ q = BN_new();
+ if (q == NULL)
+ goto err;
+ BN_set_word(q, 1);
+ if (BN_cmp(pub_key, q) <= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+ BN_copy(q, dh->p);
+ BN_sub_word(q, 1);
+ if (BN_cmp(pub_key, q) >= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
- ok = 1;
-err:
- if (q != NULL) BN_free(q);
- return(ok);
- }
+ ok = 1;
+ err:
+ if (q != NULL)
+ BN_free(q);
+ return (ok);
+}
diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c
index bff3b59f88..7220d074d8 100644
--- a/crypto/dh/dh_depr.c
+++ b/crypto/dh/dh_depr.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,6 @@
*
*/
-
/* This file contains deprecated functions as wrappers to the new ones */
#include <stdio.h>
@@ -61,33 +60,31 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
-static void *dummy=&dummy;
+static void *dummy = &dummy;
#ifndef OPENSSL_NO_DEPRECATED
DH *DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int,int,void *), void *cb_arg)
- {
- BN_GENCB *cb;
- DH *ret=NULL;
+ void (*callback) (int, int, void *), void *cb_arg)
+{
+ BN_GENCB *cb;
+ DH *ret = NULL;
- if((ret=DH_new()) == NULL)
- return NULL;
- cb = BN_GENCB_new();
- if(!cb)
- {
- DH_free(ret);
- return NULL;
- }
+ if ((ret = DH_new()) == NULL)
+ return NULL;
+ cb = BN_GENCB_new();
+ if (!cb) {
+ DH_free(ret);
+ return NULL;
+ }
- BN_GENCB_set_old(cb, callback, cb_arg);
+ BN_GENCB_set_old(cb, callback, cb_arg);
- if(DH_generate_parameters_ex(ret, prime_len, generator, cb))
- {
- BN_GENCB_free(cb);
- return ret;
- }
- BN_GENCB_free(cb);
- DH_free(ret);
- return NULL;
- }
+ if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) {
+ BN_GENCB_free(cb);
+ return ret;
+ }
+ BN_GENCB_free(cb);
+ DH_free(ret);
+ return NULL;
+}
#endif
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index 848c3cbf11..d232498713 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
*
*/
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
@@ -65,60 +66,57 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
-static ERR_STRING_DATA DH_str_functs[]=
- {
-{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"},
-{ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"},
-{ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"},
-{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
-{ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"},
-{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
-{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
-{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"},
-{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"},
-{ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"},
-{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
-{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
-{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
-{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
-{0,NULL}
- };
+static ERR_STRING_DATA DH_str_functs[] = {
+ {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
+ {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+ {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+ {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"},
+ {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"},
+ {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"},
+ {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
+ {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"},
+ {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
+ {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
+ {ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"},
+ {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"},
+ {ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"},
+ {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
+ {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
+ {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
+ {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
+ {0, NULL}
+};
-static ERR_STRING_DATA DH_str_reasons[]=
- {
-{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
-{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"},
-{ERR_REASON(DH_R_BN_ERROR) ,"bn error"},
-{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"},
-{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
-{ERR_REASON(DH_R_KDF_PARAMETER_ERROR) ,"kdf parameter error"},
-{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
-{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
-{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
-{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
-{ERR_REASON(DH_R_PEER_KEY_ERROR) ,"peer key error"},
-{ERR_REASON(DH_R_SHARED_INFO_ERROR) ,"shared info error"},
-{0,NULL}
- };
+static ERR_STRING_DATA DH_str_reasons[] = {
+ {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"},
+ {ERR_REASON(DH_R_BN_DECODE_ERROR), "bn decode error"},
+ {ERR_REASON(DH_R_BN_ERROR), "bn error"},
+ {ERR_REASON(DH_R_DECODE_ERROR), "decode error"},
+ {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
+ {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+ {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"},
+ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+ {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
+ {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
+ {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
+ {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
+ {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
+ {0, NULL}
+};
#endif
void ERR_load_DH_strings(void)
- {
+{
#ifndef OPENSSL_NO_ERR
- if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,DH_str_functs);
- ERR_load_strings(0,DH_str_reasons);
- }
+ if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, DH_str_functs);
+ ERR_load_strings(0, DH_str_reasons);
+ }
#endif
- }
+}
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 1d3cbe8a89..9b9db6458b 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,33 +49,33 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- * - Geoff
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones. - Geoff
*/
-
-
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb);
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- if(ret->meth->generate_params)
- return ret->meth->generate_params(ret, prime_len, generator, cb);
- return dh_builtin_genparams(ret, prime_len, generator, cb);
- }
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ if (ret->meth->generate_params)
+ return ret->meth->generate_params(ret, prime_len, generator, cb);
+ return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
/*-
* We generate DH parameters as follows
@@ -99,80 +99,91 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
* Since DH should be using a safe prime (both p and q are prime),
* this generator function can take a very very long time to run.
*/
-/* Actually there is no reason to insist that 'generator' be a generator.
+/*
+ * Actually there is no reason to insist that 'generator' be a generator.
* It's just as OK (and in some sense better) to use a generator of the
* order-q subgroup.
*/
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- BIGNUM *t1,*t2;
- int g,ok= -1;
- BN_CTX *ctx=NULL;
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ BIGNUM *t1, *t2;
+ int g, ok = -1;
+ BN_CTX *ctx = NULL;
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL) goto err;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL)
+ goto err;
- /* Make sure 'ret' has the necessary elements */
- if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
- if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
-
- if (generator <= 1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
- goto err;
- }
- if (generator == DH_GENERATOR_2)
- {
- if (!BN_set_word(t1,24)) goto err;
- if (!BN_set_word(t2,11)) goto err;
- g=2;
- }
-#if 0 /* does not work for safe primes */
- else if (generator == DH_GENERATOR_3)
- {
- if (!BN_set_word(t1,12)) goto err;
- if (!BN_set_word(t2,5)) goto err;
- g=3;
- }
+ /* Make sure 'ret' has the necessary elements */
+ if (!ret->p && ((ret->p = BN_new()) == NULL))
+ goto err;
+ if (!ret->g && ((ret->g = BN_new()) == NULL))
+ goto err;
+
+ if (generator <= 1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+ goto err;
+ }
+ if (generator == DH_GENERATOR_2) {
+ if (!BN_set_word(t1, 24))
+ goto err;
+ if (!BN_set_word(t2, 11))
+ goto err;
+ g = 2;
+ }
+#if 0 /* does not work for safe primes */
+ else if (generator == DH_GENERATOR_3) {
+ if (!BN_set_word(t1, 12))
+ goto err;
+ if (!BN_set_word(t2, 5))
+ goto err;
+ g = 3;
+ }
#endif
- else if (generator == DH_GENERATOR_5)
- {
- if (!BN_set_word(t1,10)) goto err;
- if (!BN_set_word(t2,3)) goto err;
- /* BN_set_word(t3,7); just have to miss
- * out on these ones :-( */
- g=5;
- }
- else
- {
- /* in the general case, don't worry if 'generator' is a
- * generator or not: since we are using safe primes,
- * it will generate either an order-q or an order-2q group,
- * which both is OK */
- if (!BN_set_word(t1,2)) goto err;
- if (!BN_set_word(t2,1)) goto err;
- g=generator;
- }
-
- if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
- if(!BN_GENCB_call(cb, 3, 0)) goto err;
- if (!BN_set_word(ret->g,g)) goto err;
- ok=1;
-err:
- if (ok == -1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
- ok=0;
- }
+ else if (generator == DH_GENERATOR_5) {
+ if (!BN_set_word(t1, 10))
+ goto err;
+ if (!BN_set_word(t2, 3))
+ goto err;
+ /*
+ * BN_set_word(t3,7); just have to miss out on these ones :-(
+ */
+ g = 5;
+ } else {
+ /*
+ * in the general case, don't worry if 'generator' is a generator or
+ * not: since we are using safe primes, it will generate either an
+ * order-q or an order-2q group, which both is OK
+ */
+ if (!BN_set_word(t1, 2))
+ goto err;
+ if (!BN_set_word(t2, 1))
+ goto err;
+ g = generator;
+ }
+
+ if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+ goto err;
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+ if (!BN_set_word(ret->g, g))
+ goto err;
+ ok = 1;
+ err:
+ if (ok == -1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+ ok = 0;
+ }
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return ok;
- }
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return ok;
+}
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index cabc7a1260..a882cb286e 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -10,7 +10,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -57,141 +57,131 @@
#include <openssl/asn1.h>
#include <openssl/cms.h>
-
/* Key derivation from X9.42/RFC2631 */
-#define DH_KDF_MAX (1L << 30)
+#define DH_KDF_MAX (1L << 30)
/* Skip past an ASN1 structure: for OBJECT skip content octets too */
static int skip_asn1(unsigned char **pp, long *plen, int exptag)
- {
- const unsigned char *q = *pp;
- int i, tag, xclass;
- long tmplen;
- i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen);
- if (i & 0x80)
- return 0;
- if (tag != exptag || xclass != V_ASN1_UNIVERSAL)
- return 0;
- if (tag == V_ASN1_OBJECT)
- q += tmplen;
- *plen -= q - *pp;
- *pp = (unsigned char *)q;
- return 1;
- }
+{
+ const unsigned char *q = *pp;
+ int i, tag, xclass;
+ long tmplen;
+ i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen);
+ if (i & 0x80)
+ return 0;
+ if (tag != exptag || xclass != V_ASN1_UNIVERSAL)
+ return 0;
+ if (tag == V_ASN1_OBJECT)
+ q += tmplen;
+ *plen -= q - *pp;
+ *pp = (unsigned char *)q;
+ return 1;
+}
-/* Encode the DH shared info structure, return an offset to the counter
- * value so we can update the structure without reencoding it.
+/*
+ * Encode the DH shared info structure, return an offset to the counter value
+ * so we can update the structure without reencoding it.
*/
-
static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr,
- ASN1_OBJECT *key_oid, size_t outlen,
- const unsigned char *ukm, size_t ukmlen)
- {
- unsigned char *p;
- int derlen;
- long tlen;
- /* "magic" value to check offset is sane */
- static unsigned char ctr[4] = {0xF3, 0x17, 0x22, 0x53};
- X509_ALGOR atmp;
- ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct;
- ASN1_TYPE ctr_atype;
- if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX)
- return 0;
- ctr_oct.data = ctr;
- ctr_oct.length = 4;
- ctr_oct.flags = 0;
- ctr_oct.type = V_ASN1_OCTET_STRING;
- ctr_atype.type = V_ASN1_OCTET_STRING;
- ctr_atype.value.octet_string = &ctr_oct;
- atmp.algorithm = key_oid;
- atmp.parameter = &ctr_atype;
- if (ukm)
- {
- ukm_oct.type = V_ASN1_OCTET_STRING;
- ukm_oct.flags = 0;
- ukm_oct.data = (unsigned char *)ukm;
- ukm_oct.length = ukmlen;
- pukm_oct = &ukm_oct;
- }
- else
- pukm_oct = NULL;
- derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen);
- if (derlen <= 0)
- return 0;
- p = *pder;
- tlen = derlen;
- if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
- return 0;
- if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
- return 0;
- if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT))
- return 0;
- if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING))
- return 0;
- if (CRYPTO_memcmp(p, ctr, 4))
- return 0;
- *pctr = p;
- return derlen;
- }
-
-int DH_KDF_X9_42(unsigned char *out, size_t outlen,
- const unsigned char *Z, size_t Zlen,
- ASN1_OBJECT *key_oid,
- const unsigned char *ukm, size_t ukmlen,
- const EVP_MD *md)
- {
- EVP_MD_CTX mctx;
- int rv = 0;
- unsigned int i;
- size_t mdlen;
- unsigned char *der = NULL, *ctr;
- int derlen;
- if (Zlen > DH_KDF_MAX)
- return 0;
- mdlen = EVP_MD_size(md);
- EVP_MD_CTX_init(&mctx);
- derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen,
- ukm, ukmlen);
- if (derlen == 0)
- goto err;
- for (i = 1;;i++)
- {
- unsigned char mtmp[EVP_MAX_MD_SIZE];
- EVP_DigestInit_ex(&mctx, md, NULL);
- if (!EVP_DigestUpdate(&mctx, Z, Zlen))
- goto err;
- ctr[3] = i & 0xFF;
- ctr[2] = (i >> 8) & 0xFF;
- ctr[1] = (i >> 16) & 0xFF;
- ctr[0] = (i >> 24) & 0xFF;
- if (!EVP_DigestUpdate(&mctx, der, derlen))
- goto err;
- if (outlen >= mdlen)
- {
- if (!EVP_DigestFinal(&mctx, out, NULL))
- goto err;
- outlen -= mdlen;
- if (outlen == 0)
- break;
- out += mdlen;
- }
- else
- {
- if (!EVP_DigestFinal(&mctx, mtmp, NULL))
- goto err;
- memcpy(out, mtmp, outlen);
- OPENSSL_cleanse(mtmp, mdlen);
- break;
- }
- }
- rv = 1;
- err:
- if (der)
- OPENSSL_free(der);
- EVP_MD_CTX_cleanup(&mctx);
- return rv;
- }
+ ASN1_OBJECT *key_oid, size_t outlen,
+ const unsigned char *ukm, size_t ukmlen)
+{
+ unsigned char *p;
+ int derlen;
+ long tlen;
+ /* "magic" value to check offset is sane */
+ static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 };
+ X509_ALGOR atmp;
+ ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct;
+ ASN1_TYPE ctr_atype;
+ if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX)
+ return 0;
+ ctr_oct.data = ctr;
+ ctr_oct.length = 4;
+ ctr_oct.flags = 0;
+ ctr_oct.type = V_ASN1_OCTET_STRING;
+ ctr_atype.type = V_ASN1_OCTET_STRING;
+ ctr_atype.value.octet_string = &ctr_oct;
+ atmp.algorithm = key_oid;
+ atmp.parameter = &ctr_atype;
+ if (ukm) {
+ ukm_oct.type = V_ASN1_OCTET_STRING;
+ ukm_oct.flags = 0;
+ ukm_oct.data = (unsigned char *)ukm;
+ ukm_oct.length = ukmlen;
+ pukm_oct = &ukm_oct;
+ } else
+ pukm_oct = NULL;
+ derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen);
+ if (derlen <= 0)
+ return 0;
+ p = *pder;
+ tlen = derlen;
+ if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+ return 0;
+ if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+ return 0;
+ if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT))
+ return 0;
+ if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING))
+ return 0;
+ if (CRYPTO_memcmp(p, ctr, 4))
+ return 0;
+ *pctr = p;
+ return derlen;
+}
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ ASN1_OBJECT *key_oid,
+ const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
+{
+ EVP_MD_CTX mctx;
+ int rv = 0;
+ unsigned int i;
+ size_t mdlen;
+ unsigned char *der = NULL, *ctr;
+ int derlen;
+ if (Zlen > DH_KDF_MAX)
+ return 0;
+ mdlen = EVP_MD_size(md);
+ EVP_MD_CTX_init(&mctx);
+ derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen);
+ if (derlen == 0)
+ goto err;
+ for (i = 1;; i++) {
+ unsigned char mtmp[EVP_MAX_MD_SIZE];
+ EVP_DigestInit_ex(&mctx, md, NULL);
+ if (!EVP_DigestUpdate(&mctx, Z, Zlen))
+ goto err;
+ ctr[3] = i & 0xFF;
+ ctr[2] = (i >> 8) & 0xFF;
+ ctr[1] = (i >> 16) & 0xFF;
+ ctr[0] = (i >> 24) & 0xFF;
+ if (!EVP_DigestUpdate(&mctx, der, derlen))
+ goto err;
+ if (outlen >= mdlen) {
+ if (!EVP_DigestFinal(&mctx, out, NULL))
+ goto err;
+ outlen -= mdlen;
+ if (outlen == 0)
+ break;
+ out += mdlen;
+ } else {
+ if (!EVP_DigestFinal(&mctx, mtmp, NULL))
+ goto err;
+ memcpy(out, mtmp, outlen);
+ OPENSSL_cleanse(mtmp, mdlen);
+ break;
+ }
+ }
+ rv = 1;
+ err:
+ if (der)
+ OPENSSL_free(der);
+ EVP_MD_CTX_cleanup(&mctx);
+ return rv;
+}
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index d8eecde9b4..9e2c8b26e6 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,15 +49,13 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
-
-
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/rand.h>
@@ -67,231 +65,215 @@
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int dh_init(DH *dh);
static int dh_finish(DH *dh);
int DH_generate_key(DH *dh)
- {
- return dh->meth->generate_key(dh);
- }
+{
+ return dh->meth->generate_key(dh);
+}
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- return dh->meth->compute_key(key, pub_key, dh);
- }
+{
+ return dh->meth->compute_key(key, pub_key, dh);
+}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- int rv, pad;
- rv = dh->meth->compute_key(key, pub_key, dh);
- if (rv <= 0)
- return rv;
- pad = BN_num_bytes(dh->p) - rv;
- if (pad > 0)
- {
- memmove(key + pad, key, rv);
- memset(key, 0, pad);
- }
- return rv + pad;
- }
+{
+ int rv, pad;
+ rv = dh->meth->compute_key(key, pub_key, dh);
+ if (rv <= 0)
+ return rv;
+ pad = BN_num_bytes(dh->p) - rv;
+ if (pad > 0) {
+ memmove(key + pad, key, rv);
+ memset(key, 0, pad);
+ }
+ return rv + pad;
+}
static DH_METHOD dh_ossl = {
-"OpenSSL DH Method",
-generate_key,
-compute_key,
-dh_bn_mod_exp,
-dh_init,
-dh_finish,
-DH_FLAG_FIPS_METHOD,
-NULL,
-NULL
+ "OpenSSL DH Method",
+ generate_key,
+ compute_key,
+ dh_bn_mod_exp,
+ dh_init,
+ dh_finish,
+ DH_FLAG_FIPS_METHOD,
+ NULL,
+ NULL
};
const DH_METHOD *DH_OpenSSL(void)
{
- return &dh_ossl;
+ return &dh_ossl;
}
static int generate_key(DH *dh)
- {
- int ok=0;
- int generate_new_key=0;
- unsigned l;
- BN_CTX *ctx;
- BN_MONT_CTX *mont=NULL;
- BIGNUM *pub_key=NULL,*priv_key=NULL;
+{
+ int ok = 0;
+ int generate_new_key = 0;
+ unsigned l;
+ BN_CTX *ctx;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
- ctx = BN_CTX_new();
- if (ctx == NULL) goto err;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
- if (dh->priv_key == NULL)
- {
- priv_key=BN_new();
- if (priv_key == NULL) goto err;
- generate_new_key=1;
- }
- else
- priv_key=dh->priv_key;
+ if (dh->priv_key == NULL) {
+ priv_key = BN_new();
+ if (priv_key == NULL)
+ goto err;
+ generate_new_key = 1;
+ } else
+ priv_key = dh->priv_key;
- if (dh->pub_key == NULL)
- {
- pub_key=BN_new();
- if (pub_key == NULL) goto err;
- }
- else
- pub_key=dh->pub_key;
+ if (dh->pub_key == NULL) {
+ pub_key = BN_new();
+ if (pub_key == NULL)
+ goto err;
+ } else
+ pub_key = dh->pub_key;
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
+ }
- if (dh->flags & DH_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
- if (!mont)
- goto err;
- }
+ if (generate_new_key) {
+ if (dh->q) {
+ do {
+ if (!BN_rand_range(priv_key, dh->q))
+ goto err;
+ }
+ while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+ } else {
+ /* secret exponent length */
+ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
+ if (!BN_rand(priv_key, l, 0, 0))
+ goto err;
+ }
+ }
- if (generate_new_key)
- {
- if (dh->q)
- {
- do
- {
- if (!BN_rand_range(priv_key, dh->q))
- goto err;
- }
- while (BN_is_zero(priv_key) || BN_is_one(priv_key));
- }
- else
- {
- /* secret exponent length */
- l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
- if (!BN_rand(priv_key, l, 0, 0)) goto err;
- }
- }
+ {
+ BIGNUM *local_prk = NULL;
+ BIGNUM *prk;
- {
- BIGNUM *local_prk = NULL;
- BIGNUM *prk;
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+ local_prk = prk = BN_new();
+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+ } else
+ prk = priv_key;
- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- local_prk = prk = BN_new();
- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
- }
- else
- prk = priv_key;
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
+ if (local_prk)
+ BN_free(local_prk);
+ goto err;
+ }
+ if (local_prk)
+ BN_free(local_prk);
+ }
- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
- {
- if(local_prk) BN_free(local_prk);
- goto err;
- }
- if(local_prk) BN_free(local_prk);
- }
-
- dh->pub_key=pub_key;
- dh->priv_key=priv_key;
- ok=1;
-err:
- if (ok != 1)
- DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
+ dh->pub_key = pub_key;
+ dh->priv_key = priv_key;
+ ok = 1;
+ err:
+ if (ok != 1)
+ DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
- if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
- if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
- BN_CTX_free(ctx);
- return(ok);
- }
+ if ((pub_key != NULL) && (dh->pub_key == NULL))
+ BN_free(pub_key);
+ if ((priv_key != NULL) && (dh->priv_key == NULL))
+ BN_free(priv_key);
+ BN_CTX_free(ctx);
+ return (ok);
+}
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- BN_CTX *ctx=NULL;
- BN_MONT_CTX *mont=NULL;
- BIGNUM *tmp;
- int ret= -1;
- int check_result;
+{
+ BN_CTX *ctx = NULL;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *tmp;
+ int ret = -1;
+ int check_result;
- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
- goto err;
- }
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+ goto err;
+ }
- ctx = BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
-
- if (dh->priv_key == NULL)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
- goto err;
- }
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
- if (dh->flags & DH_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- /* XXX */
- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
- }
- if (!mont)
- goto err;
- }
+ if (dh->priv_key == NULL) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
- if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
- goto err;
- }
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+ /* XXX */
+ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+ }
+ if (!mont)
+ goto err;
+ }
- if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
- {
- DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
- goto err;
- }
+ if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+ goto err;
+ }
- ret=BN_bn2bin(tmp,key);
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return(ret);
- }
+ if (!dh->
+ meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+ goto err;
+ }
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- /* If a is only one word long and constant time is false, use the faster
- * exponenentiation function.
- */
- if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
- {
- BN_ULONG A = bn_get_words(a)[0];
- return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
- }
- else
- return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
- }
+ ret = BN_bn2bin(tmp, key);
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return (ret);
+}
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ /*
+ * If a is only one word long and constant time is false, use the faster
+ * exponenentiation function.
+ */
+ if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
+ BN_ULONG A = bn_get_words(a)[0];
+ return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
+ } else
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
static int dh_init(DH *dh)
- {
- dh->flags |= DH_FLAG_CACHE_MONT_P;
- return(1);
- }
+{
+ dh->flags |= DH_FLAG_CACHE_MONT_P;
+ return (1);
+}
static int dh_finish(DH *dh)
- {
- if(dh->method_mont_p)
- BN_MONT_CTX_free(dh->method_mont_p);
- return(1);
- }
+{
+ if (dh->method_mont_p)
+ BN_MONT_CTX_free(dh->method_mont_p);
+ return (1);
+}
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 83b3dc50c1..46d1a2b7b9 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -61,199 +61,203 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
#endif
-const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT;
static const DH_METHOD *default_DH_method = NULL;
void DH_set_default_method(const DH_METHOD *meth)
- {
- default_DH_method = meth;
- }
+{
+ default_DH_method = meth;
+}
const DH_METHOD *DH_get_default_method(void)
- {
- if(!default_DH_method)
- default_DH_method = DH_OpenSSL();
- return default_DH_method;
- }
+{
+ if (!default_DH_method)
+ default_DH_method = DH_OpenSSL();
+ return default_DH_method;
+}
int DH_set_method(DH *dh, const DH_METHOD *meth)
- {
- /* NB: The caller is specifically setting a method, so it's not up to us
- * to deal with which ENGINE it comes from. */
- const DH_METHOD *mtmp;
- mtmp = dh->meth;
- if (mtmp->finish) mtmp->finish(dh);
+{
+ /*
+ * NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from.
+ */
+ const DH_METHOD *mtmp;
+ mtmp = dh->meth;
+ if (mtmp->finish)
+ mtmp->finish(dh);
#ifndef OPENSSL_NO_ENGINE
- if (dh->engine)
- {
- ENGINE_finish(dh->engine);
- dh->engine = NULL;
- }
+ if (dh->engine) {
+ ENGINE_finish(dh->engine);
+ dh->engine = NULL;
+ }
#endif
- dh->meth = meth;
- if (meth->init) meth->init(dh);
- return 1;
- }
+ dh->meth = meth;
+ if (meth->init)
+ meth->init(dh);
+ return 1;
+}
DH *DH_new(void)
- {
- return DH_new_method(NULL);
- }
+{
+ return DH_new_method(NULL);
+}
DH *DH_new_method(ENGINE *engine)
- {
- DH *ret;
+{
+ DH *ret;
- ret=(DH *)OPENSSL_malloc(sizeof(DH));
- if (ret == NULL)
- {
- DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
+ ret = (DH *)OPENSSL_malloc(sizeof(DH));
+ if (ret == NULL) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
- ret->meth = DH_get_default_method();
+ ret->meth = DH_get_default_method();
#ifndef OPENSSL_NO_ENGINE
- if (engine)
- {
- if (!ENGINE_init(engine))
- {
- DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
- OPENSSL_free(ret);
- return NULL;
- }
- ret->engine = engine;
- }
- else
- ret->engine = ENGINE_get_default_DH();
- if(ret->engine)
- {
- ret->meth = ENGINE_get_DH(ret->engine);
- if(!ret->meth)
- {
- DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
+ if (engine) {
+ if (!ENGINE_init(engine)) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ ret->engine = engine;
+ } else
+ ret->engine = ENGINE_get_default_DH();
+ if (ret->engine) {
+ ret->meth = ENGINE_get_DH(ret->engine);
+ if (!ret->meth) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
#endif
- ret->pad=0;
- ret->version=0;
- ret->p=NULL;
- ret->g=NULL;
- ret->length=0;
- ret->pub_key=NULL;
- ret->priv_key=NULL;
- ret->q=NULL;
- ret->j=NULL;
- ret->seed = NULL;
- ret->seedlen = 0;
- ret->counter = NULL;
- ret->method_mont_p=NULL;
- ret->references = 1;
- ret->flags=ret->meth->flags;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
+ ret->pad = 0;
+ ret->version = 0;
+ ret->p = NULL;
+ ret->g = NULL;
+ ret->length = 0;
+ ret->pub_key = NULL;
+ ret->priv_key = NULL;
+ ret->q = NULL;
+ ret->j = NULL;
+ ret->seed = NULL;
+ ret->seedlen = 0;
+ ret->counter = NULL;
+ ret->method_mont_p = NULL;
+ ret->references = 1;
+ ret->flags = ret->meth->flags;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
void DH_free(DH *r)
- {
- int i;
- if(r == NULL) return;
- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
+{
+ int i;
+ if (r == NULL)
+ return;
+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
#ifdef REF_PRINT
- REF_PRINT("DH",r);
+ REF_PRINT("DH", r);
#endif
- if (i > 0) return;
+ if (i > 0)
+ return;
#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"DH_free, bad reference count\n");
- abort();
- }
+ if (i < 0) {
+ fprintf(stderr, "DH_free, bad reference count\n");
+ abort();
+ }
#endif
- if (r->meth->finish)
- r->meth->finish(r);
+ if (r->meth->finish)
+ r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
+ if (r->engine)
+ ENGINE_finish(r->engine);
#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->g != NULL) BN_clear_free(r->g);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->j != NULL) BN_clear_free(r->j);
- if (r->seed) OPENSSL_free(r->seed);
- if (r->counter != NULL) BN_clear_free(r->counter);
- if (r->pub_key != NULL) BN_clear_free(r->pub_key);
- if (r->priv_key != NULL) BN_clear_free(r->priv_key);
- OPENSSL_free(r);
- }
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->g != NULL)
+ BN_clear_free(r->g);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->j != NULL)
+ BN_clear_free(r->j);
+ if (r->seed)
+ OPENSSL_free(r->seed);
+ if (r->counter != NULL)
+ BN_clear_free(r->counter);
+ if (r->pub_key != NULL)
+ BN_clear_free(r->pub_key);
+ if (r->priv_key != NULL)
+ BN_clear_free(r->priv_key);
+ OPENSSL_free(r);
+}
int DH_up_ref(DH *r)
- {
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
+{
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
#ifdef REF_PRINT
- REF_PRINT("DH",r);
+ REF_PRINT("DH", r);
#endif
#ifdef REF_CHECK
- if (i < 2)
- {
- fprintf(stderr, "DH_up, bad reference count\n");
- abort();
- }
+ if (i < 2) {
+ fprintf(stderr, "DH_up, bad reference count\n");
+ abort();
+ }
#endif
- return ((i > 1) ? 1 : 0);
- }
+ return ((i > 1) ? 1 : 0);
+}
int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
- new_func, dup_func, free_func);
- }
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+ new_func, dup_func, free_func);
+}
int DH_set_ex_data(DH *d, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
- }
+{
+ return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+}
void *DH_get_ex_data(DH *d, int idx)
- {
- return(CRYPTO_get_ex_data(&d->ex_data,idx));
- }
+{
+ return (CRYPTO_get_ex_data(&d->ex_data, idx));
+}
int DH_size(const DH *dh)
- {
- return(BN_num_bytes(dh->p));
- }
+{
+ return (BN_num_bytes(dh->p));
+}
int DH_security_bits(const DH *dh)
- {
- int N;
- if (dh->q)
- N = BN_num_bits(dh->q);
- else if (dh->length)
- N = dh->length;
- else
- N = -1;
- return BN_security_bits(BN_num_bits(dh->p), N);
- }
+{
+ int N;
+ if (dh->q)
+ N = BN_num_bits(dh->q);
+ else if (dh->length)
+ N = dh->length;
+ else
+ N = -1;
+ return BN_security_bits(BN_num_bits(dh->p), N);
+}
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 85e743bfe1..c41de925c7 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -1,5 +1,6 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
@@ -9,7 +10,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -63,517 +64,491 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
#endif
#include <openssl/objects.h>
#include "evp_locl.h"
/* DH pkey context structure */
-typedef struct
- {
- /* Parameter gen parameters */
- int prime_len;
- int generator;
- int use_dsa;
- int subprime_len;
- /* message digest used for parameter generation */
- const EVP_MD *md;
- int rfc5114_param;
- /* Keygen callback info */
- int gentmp[2];
- /* KDF (if any) to use for DH */
- char kdf_type;
- /* OID to use for KDF */
- ASN1_OBJECT *kdf_oid;
- /* Message digest to use for key derivation */
- const EVP_MD *kdf_md;
- /* User key material */
- unsigned char *kdf_ukm;
- size_t kdf_ukmlen;
- /* KDF output length */
- size_t kdf_outlen;
- } DH_PKEY_CTX;
+typedef struct {
+ /* Parameter gen parameters */
+ int prime_len;
+ int generator;
+ int use_dsa;
+ int subprime_len;
+ /* message digest used for parameter generation */
+ const EVP_MD *md;
+ int rfc5114_param;
+ /* Keygen callback info */
+ int gentmp[2];
+ /* KDF (if any) to use for DH */
+ char kdf_type;
+ /* OID to use for KDF */
+ ASN1_OBJECT *kdf_oid;
+ /* Message digest to use for key derivation */
+ const EVP_MD *kdf_md;
+ /* User key material */
+ unsigned char *kdf_ukm;
+ size_t kdf_ukmlen;
+ /* KDF output length */
+ size_t kdf_outlen;
+} DH_PKEY_CTX;
static int pkey_dh_init(EVP_PKEY_CTX *ctx)
- {
- DH_PKEY_CTX *dctx;
- dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
- if (!dctx)
- return 0;
- dctx->prime_len = 1024;
- dctx->subprime_len = -1;
- dctx->generator = 2;
- dctx->use_dsa = 0;
- dctx->md = NULL;
- dctx->rfc5114_param = 0;
-
- dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
- dctx->kdf_oid = NULL;
- dctx->kdf_md = NULL;
- dctx->kdf_ukm = NULL;
- dctx->kdf_ukmlen = 0;
- dctx->kdf_outlen = 0;
-
- ctx->data = dctx;
- ctx->keygen_info = dctx->gentmp;
- ctx->keygen_info_count = 2;
-
- return 1;
- }
+{
+ DH_PKEY_CTX *dctx;
+ dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
+ if (!dctx)
+ return 0;
+ dctx->prime_len = 1024;
+ dctx->subprime_len = -1;
+ dctx->generator = 2;
+ dctx->use_dsa = 0;
+ dctx->md = NULL;
+ dctx->rfc5114_param = 0;
+
+ dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
+ dctx->kdf_oid = NULL;
+ dctx->kdf_md = NULL;
+ dctx->kdf_ukm = NULL;
+ dctx->kdf_ukmlen = 0;
+ dctx->kdf_outlen = 0;
+
+ ctx->data = dctx;
+ ctx->keygen_info = dctx->gentmp;
+ ctx->keygen_info_count = 2;
+
+ return 1;
+}
static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
- {
- DH_PKEY_CTX *dctx, *sctx;
- if (!pkey_dh_init(dst))
- return 0;
- sctx = src->data;
- dctx = dst->data;
- dctx->prime_len = sctx->prime_len;
- dctx->subprime_len = sctx->subprime_len;
- dctx->generator = sctx->generator;
- dctx->use_dsa = sctx->use_dsa;
- dctx->md = sctx->md;
- dctx->rfc5114_param = sctx->rfc5114_param;
-
- dctx->kdf_type = sctx->kdf_type;
- dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
- if (!dctx->kdf_oid)
- return 0;
- dctx->kdf_md = sctx->kdf_md;
- if (dctx->kdf_ukm)
- {
- dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
- dctx->kdf_ukmlen = sctx->kdf_ukmlen;
- }
- dctx->kdf_outlen = sctx->kdf_outlen;
- return 1;
- }
+{
+ DH_PKEY_CTX *dctx, *sctx;
+ if (!pkey_dh_init(dst))
+ return 0;
+ sctx = src->data;
+ dctx = dst->data;
+ dctx->prime_len = sctx->prime_len;
+ dctx->subprime_len = sctx->subprime_len;
+ dctx->generator = sctx->generator;
+ dctx->use_dsa = sctx->use_dsa;
+ dctx->md = sctx->md;
+ dctx->rfc5114_param = sctx->rfc5114_param;
+
+ dctx->kdf_type = sctx->kdf_type;
+ dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
+ if (!dctx->kdf_oid)
+ return 0;
+ dctx->kdf_md = sctx->kdf_md;
+ if (dctx->kdf_ukm) {
+ dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+ dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+ }
+ dctx->kdf_outlen = sctx->kdf_outlen;
+ return 1;
+}
static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
- {
- DH_PKEY_CTX *dctx = ctx->data;
- if (dctx)
- {
- if (dctx->kdf_ukm)
- OPENSSL_free(dctx->kdf_ukm);
- if (dctx->kdf_oid)
- ASN1_OBJECT_free(dctx->kdf_oid);
- OPENSSL_free(dctx);
- }
- }
+{
+ DH_PKEY_CTX *dctx = ctx->data;
+ if (dctx) {
+ if (dctx->kdf_ukm)
+ OPENSSL_free(dctx->kdf_ukm);
+ if (dctx->kdf_oid)
+ ASN1_OBJECT_free(dctx->kdf_oid);
+ OPENSSL_free(dctx);
+ }
+}
static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
- {
- DH_PKEY_CTX *dctx = ctx->data;
- switch (type)
- {
- case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
- if (p1 < 256)
- return -2;
- dctx->prime_len = p1;
- return 1;
-
- case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN:
- if (dctx->use_dsa == 0)
- return -2;
- dctx->subprime_len = p1;
- return 1;
-
- case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
- if (dctx->use_dsa)
- return -2;
- dctx->generator = p1;
- return 1;
-
- case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE:
+{
+ DH_PKEY_CTX *dctx = ctx->data;
+ switch (type) {
+ case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+ if (p1 < 256)
+ return -2;
+ dctx->prime_len = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN:
+ if (dctx->use_dsa == 0)
+ return -2;
+ dctx->subprime_len = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+ if (dctx->use_dsa)
+ return -2;
+ dctx->generator = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE:
#ifdef OPENSSL_NO_DSA
- if (p1 != 0)
- return -2;
+ if (p1 != 0)
+ return -2;
#else
- if (p1 < 0 || p1 > 2)
- return -2;
+ if (p1 < 0 || p1 > 2)
+ return -2;
#endif
- dctx->use_dsa = p1;
- return 1;
-
- case EVP_PKEY_CTRL_DH_RFC5114:
- if (p1 < 1 || p1 > 3)
- return -2;
- dctx->rfc5114_param = p1;
- return 1;
-
- case EVP_PKEY_CTRL_PEER_KEY:
- /* Default behaviour is OK */
- return 1;
-
- case EVP_PKEY_CTRL_DH_KDF_TYPE:
- if (p1 == -2)
- return dctx->kdf_type;
- if (p1 != EVP_PKEY_DH_KDF_NONE &&
- p1 != EVP_PKEY_DH_KDF_X9_42)
- return -2;
- dctx->kdf_type = p1;
- return 1;
-
- case EVP_PKEY_CTRL_DH_KDF_MD:
- dctx->kdf_md = p2;
- return 1;
-
- case EVP_PKEY_CTRL_GET_DH_KDF_MD:
- *(const EVP_MD **)p2 = dctx->kdf_md;
- return 1;
-
- case EVP_PKEY_CTRL_DH_KDF_OUTLEN:
- if (p1 <= 0)
- return -2;
- dctx->kdf_outlen = (size_t)p1;
- return 1;
-
- case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN:
- *(int *)p2 = dctx->kdf_outlen;
- return 1;
-
- case EVP_PKEY_CTRL_DH_KDF_UKM:
- if (dctx->kdf_ukm)
- OPENSSL_free(dctx->kdf_ukm);
- dctx->kdf_ukm = p2;
- if (p2)
- dctx->kdf_ukmlen = p1;
- else
- dctx->kdf_ukmlen = 0;
- return 1;
-
- case EVP_PKEY_CTRL_GET_DH_KDF_UKM:
- *(unsigned char **)p2 = dctx->kdf_ukm;
- return dctx->kdf_ukmlen;
-
- case EVP_PKEY_CTRL_DH_KDF_OID:
- if (dctx->kdf_oid)
- ASN1_OBJECT_free(dctx->kdf_oid);
- dctx->kdf_oid = p2;
- return 1;
-
- case EVP_PKEY_CTRL_GET_DH_KDF_OID:
- *(ASN1_OBJECT **)p2 = dctx->kdf_oid;
- return 1;
-
- default:
- return -2;
-
- }
- }
-
+ dctx->use_dsa = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_RFC5114:
+ if (p1 < 1 || p1 > 3)
+ return -2;
+ dctx->rfc5114_param = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_PEER_KEY:
+ /* Default behaviour is OK */
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_KDF_TYPE:
+ if (p1 == -2)
+ return dctx->kdf_type;
+ if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
+ return -2;
+ dctx->kdf_type = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_KDF_MD:
+ dctx->kdf_md = p2;
+ return 1;
+
+ case EVP_PKEY_CTRL_GET_DH_KDF_MD:
+ *(const EVP_MD **)p2 = dctx->kdf_md;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_KDF_OUTLEN:
+ if (p1 <= 0)
+ return -2;
+ dctx->kdf_outlen = (size_t)p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN:
+ *(int *)p2 = dctx->kdf_outlen;
+ return 1;
+
+ case EVP_PKEY_CTRL_DH_KDF_UKM:
+ if (dctx->kdf_ukm)
+ OPENSSL_free(dctx->kdf_ukm);
+ dctx->kdf_ukm = p2;
+ if (p2)
+ dctx->kdf_ukmlen = p1;
+ else
+ dctx->kdf_ukmlen = 0;
+ return 1;
+
+ case EVP_PKEY_CTRL_GET_DH_KDF_UKM:
+ *(unsigned char **)p2 = dctx->kdf_ukm;
+ return dctx->kdf_ukmlen;
+
+ case EVP_PKEY_CTRL_DH_KDF_OID:
+ if (dctx->kdf_oid)
+ ASN1_OBJECT_free(dctx->kdf_oid);
+ dctx->kdf_oid = p2;
+ return 1;
+
+ case EVP_PKEY_CTRL_GET_DH_KDF_OID:
+ *(ASN1_OBJECT **)p2 = dctx->kdf_oid;
+ return 1;
+
+ default:
+ return -2;
+
+ }
+}
static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
- const char *type, const char *value)
- {
- if (!strcmp(type, "dh_paramgen_prime_len"))
- {
- int len;
- len = atoi(value);
- return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
- }
- if (!strcmp(type, "dh_rfc5114"))
- {
- DH_PKEY_CTX *dctx = ctx->data;
- int len;
- len = atoi(value);
- if (len < 0 || len > 3)
- return -2;
- dctx->rfc5114_param = len;
- return 1;
- }
- if (!strcmp(type, "dh_paramgen_generator"))
- {
- int len;
- len = atoi(value);
- return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
- }
- if (!strcmp(type, "dh_paramgen_subprime_len"))
- {
- int len;
- len = atoi(value);
- return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len);
- }
- if (!strcmp(type, "dh_paramgen_type"))
- {
- int typ;
- typ = atoi(value);
- return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ);
- }
- return -2;
- }
+ const char *type, const char *value)
+{
+ if (!strcmp(type, "dh_paramgen_prime_len")) {
+ int len;
+ len = atoi(value);
+ return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
+ }
+ if (!strcmp(type, "dh_rfc5114")) {
+ DH_PKEY_CTX *dctx = ctx->data;
+ int len;
+ len = atoi(value);
+ if (len < 0 || len > 3)
+ return -2;
+ dctx->rfc5114_param = len;
+ return 1;
+ }
+ if (!strcmp(type, "dh_paramgen_generator")) {
+ int len;
+ len = atoi(value);
+ return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
+ }
+ if (!strcmp(type, "dh_paramgen_subprime_len")) {
+ int len;
+ len = atoi(value);
+ return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len);
+ }
+ if (!strcmp(type, "dh_paramgen_type")) {
+ int typ;
+ typ = atoi(value);
+ return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ);
+ }
+ return -2;
+}
#ifndef OPENSSL_NO_DSA
extern int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
- const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
- unsigned char *seed_out,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+ const EVP_MD *evpmd,
+ const unsigned char *seed_in, size_t seed_len,
+ unsigned char *seed_out, int *counter_ret,
+ unsigned long *h_ret, BN_GENCB *cb);
extern int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
- const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
- int idx, unsigned char *seed_out,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+ const EVP_MD *evpmd,
+ const unsigned char *seed_in,
+ size_t seed_len, int idx,
+ unsigned char *seed_out, int *counter_ret,
+ unsigned long *h_ret, BN_GENCB *cb);
static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb)
- {
- DSA *ret;
- int rv = 0;
- int prime_len = dctx->prime_len;
- int subprime_len = dctx->subprime_len;
- const EVP_MD *md = dctx->md;
- if (dctx->use_dsa > 2)
- return NULL;
- ret = DSA_new();
- if (!ret)
- return NULL;
- if (subprime_len == -1)
- {
- if (prime_len >= 2048)
- subprime_len = 256;
- else
- subprime_len = 160;
- }
- if (md == NULL)
- {
- if (prime_len >= 2048)
- md = EVP_sha256();
- else
- md = EVP_sha1();
- }
- if (dctx->use_dsa == 1)
- rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md,
- NULL, 0, NULL, NULL, NULL, pcb);
- else if(dctx->use_dsa == 2)
- rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md,
- NULL, 0, -1, NULL, NULL, NULL, pcb);
- if (rv <= 0)
- {
- DSA_free(ret);
- return NULL;
- }
- return ret;
- }
+{
+ DSA *ret;
+ int rv = 0;
+ int prime_len = dctx->prime_len;
+ int subprime_len = dctx->subprime_len;
+ const EVP_MD *md = dctx->md;
+ if (dctx->use_dsa > 2)
+ return NULL;
+ ret = DSA_new();
+ if (!ret)
+ return NULL;
+ if (subprime_len == -1) {
+ if (prime_len >= 2048)
+ subprime_len = 256;
+ else
+ subprime_len = 160;
+ }
+ if (md == NULL) {
+ if (prime_len >= 2048)
+ md = EVP_sha256();
+ else
+ md = EVP_sha1();
+ }
+ if (dctx->use_dsa == 1)
+ rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md,
+ NULL, 0, NULL, NULL, NULL, pcb);
+ else if (dctx->use_dsa == 2)
+ rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md,
+ NULL, 0, -1, NULL, NULL, NULL, pcb);
+ if (rv <= 0) {
+ DSA_free(ret);
+ return NULL;
+ }
+ return ret;
+}
#endif
static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- DH *dh = NULL;
- DH_PKEY_CTX *dctx = ctx->data;
- BN_GENCB *pcb;
- int ret;
- if (dctx->rfc5114_param)
- {
- switch (dctx->rfc5114_param)
- {
- case 1:
- dh = DH_get_1024_160();
- break;
-
- case 2:
- dh = DH_get_2048_224();
- break;
-
- case 3:
- dh = DH_get_2048_256();
- break;
-
- default:
- return -2;
- }
- EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
- return 1;
- }
-
- if (ctx->pkey_gencb)
- {
- pcb = BN_GENCB_new();
- evp_pkey_set_cb_translate(pcb, ctx);
- }
- else
- pcb = NULL;
+{
+ DH *dh = NULL;
+ DH_PKEY_CTX *dctx = ctx->data;
+ BN_GENCB *pcb;
+ int ret;
+ if (dctx->rfc5114_param) {
+ switch (dctx->rfc5114_param) {
+ case 1:
+ dh = DH_get_1024_160();
+ break;
+
+ case 2:
+ dh = DH_get_2048_224();
+ break;
+
+ case 3:
+ dh = DH_get_2048_256();
+ break;
+
+ default:
+ return -2;
+ }
+ EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+ return 1;
+ }
+
+ if (ctx->pkey_gencb) {
+ pcb = BN_GENCB_new();
+ evp_pkey_set_cb_translate(pcb, ctx);
+ } else
+ pcb = NULL;
#ifndef OPENSSL_NO_DSA
- if (dctx->use_dsa)
- {
- DSA *dsa_dh;
- dsa_dh = dsa_dh_generate(dctx, pcb);
- if(pcb) BN_GENCB_free(pcb);
- if (!dsa_dh)
- return 0;
- dh = DSA_dup_DH(dsa_dh);
- DSA_free(dsa_dh);
- if (!dh)
- return 0;
- EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
- return 1;
- }
+ if (dctx->use_dsa) {
+ DSA *dsa_dh;
+ dsa_dh = dsa_dh_generate(dctx, pcb);
+ if (pcb)
+ BN_GENCB_free(pcb);
+ if (!dsa_dh)
+ return 0;
+ dh = DSA_dup_DH(dsa_dh);
+ DSA_free(dsa_dh);
+ if (!dh)
+ return 0;
+ EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+ return 1;
+ }
#endif
- dh = DH_new();
- if (!dh)
- {
- if(pcb) BN_GENCB_free(pcb);
- return 0;
- }
- ret = DH_generate_parameters_ex(dh,
- dctx->prime_len, dctx->generator, pcb);
- if(pcb) BN_GENCB_free(pcb);
- if (ret)
- EVP_PKEY_assign_DH(pkey, dh);
- else
- DH_free(dh);
- return ret;
- }
+ dh = DH_new();
+ if (!dh) {
+ if (pcb)
+ BN_GENCB_free(pcb);
+ return 0;
+ }
+ ret = DH_generate_parameters_ex(dh,
+ dctx->prime_len, dctx->generator, pcb);
+ if (pcb)
+ BN_GENCB_free(pcb);
+ if (ret)
+ EVP_PKEY_assign_DH(pkey, dh);
+ else
+ DH_free(dh);
+ return ret;
+}
static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
- {
- DH *dh = NULL;
- if (ctx->pkey == NULL)
- {
- DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
- return 0;
- }
- dh = DH_new();
- if (!dh)
- return 0;
- EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
- /* Note: if error return, pkey is freed by parent routine */
- if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
- return 0;
- return DH_generate_key(pkey->pkey.dh);
- }
-
-static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
- {
- int ret;
- DH *dh;
- DH_PKEY_CTX *dctx = ctx->data;
- BIGNUM *dhpub;
- if (!ctx->pkey || !ctx->peerkey)
- {
- DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
- return 0;
- }
- dh = ctx->pkey->pkey.dh;
- dhpub = ctx->peerkey->pkey.dh->pub_key;
- if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE)
- {
- if (key == NULL)
- {
- *keylen = DH_size(dh);
- return 1;
- }
- ret = DH_compute_key(key, dhpub, dh);
- if (ret < 0)
- return ret;
- *keylen = ret;
- return 1;
- }
- else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42)
- {
- unsigned char *Z = NULL;
- size_t Zlen = 0;
- if (!dctx->kdf_outlen || !dctx->kdf_oid)
- return 0;
- if (key == NULL)
- {
- *keylen = dctx->kdf_outlen;
- return 1;
- }
- if (*keylen != dctx->kdf_outlen)
- return 0;
- ret = 0;
- Zlen = DH_size(dh);
- Z = OPENSSL_malloc(Zlen);
- if (DH_compute_key_padded(Z, dhpub, dh) <= 0)
- goto err;
- if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid,
- dctx->kdf_ukm, dctx->kdf_ukmlen,
- dctx->kdf_md))
- goto err;
- *keylen = dctx->kdf_outlen;
- ret = 1;
- err:
- if (Z)
- {
- OPENSSL_cleanse(Z, Zlen);
- OPENSSL_free(Z);
- }
- return ret;
- }
- return 1;
- }
-
-const EVP_PKEY_METHOD dh_pkey_meth =
- {
- EVP_PKEY_DH,
- 0,
- pkey_dh_init,
- pkey_dh_copy,
- pkey_dh_cleanup,
-
- 0,
- pkey_dh_paramgen,
-
- 0,
- pkey_dh_keygen,
-
- 0,
- 0,
-
- 0,
- 0,
-
- 0,0,
-
- 0,0,0,0,
-
- 0,0,
-
- 0,0,
-
- 0,
- pkey_dh_derive,
-
- pkey_dh_ctrl,
- pkey_dh_ctrl_str
-
- };
-
-const EVP_PKEY_METHOD dhx_pkey_meth =
- {
- EVP_PKEY_DHX,
- 0,
- pkey_dh_init,
- pkey_dh_copy,
- pkey_dh_cleanup,
-
- 0,
- pkey_dh_paramgen,
-
- 0,
- pkey_dh_keygen,
-
- 0,
- 0,
-
- 0,
- 0,
-
- 0,0,
-
- 0,0,0,0,
-
- 0,0,
-
- 0,0,
-
- 0,
- pkey_dh_derive,
-
- pkey_dh_ctrl,
- pkey_dh_ctrl_str
-
- };
+{
+ DH *dh = NULL;
+ if (ctx->pkey == NULL) {
+ DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
+ return 0;
+ }
+ dh = DH_new();
+ if (!dh)
+ return 0;
+ EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
+ /* Note: if error return, pkey is freed by parent routine */
+ if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+ return 0;
+ return DH_generate_key(pkey->pkey.dh);
+}
+
+static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+ size_t *keylen)
+{
+ int ret;
+ DH *dh;
+ DH_PKEY_CTX *dctx = ctx->data;
+ BIGNUM *dhpub;
+ if (!ctx->pkey || !ctx->peerkey) {
+ DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
+ return 0;
+ }
+ dh = ctx->pkey->pkey.dh;
+ dhpub = ctx->peerkey->pkey.dh->pub_key;
+ if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) {
+ if (key == NULL) {
+ *keylen = DH_size(dh);
+ return 1;
+ }
+ ret = DH_compute_key(key, dhpub, dh);
+ if (ret < 0)
+ return ret;
+ *keylen = ret;
+ return 1;
+ } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+ unsigned char *Z = NULL;
+ size_t Zlen = 0;
+ if (!dctx->kdf_outlen || !dctx->kdf_oid)
+ return 0;
+ if (key == NULL) {
+ *keylen = dctx->kdf_outlen;
+ return 1;
+ }
+ if (*keylen != dctx->kdf_outlen)
+ return 0;
+ ret = 0;
+ Zlen = DH_size(dh);
+ Z = OPENSSL_malloc(Zlen);
+ if (DH_compute_key_padded(Z, dhpub, dh) <= 0)
+ goto err;
+ if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid,
+ dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+ goto err;
+ *keylen = dctx->kdf_outlen;
+ ret = 1;
+ err:
+ if (Z) {
+ OPENSSL_cleanse(Z, Zlen);
+ OPENSSL_free(Z);
+ }
+ return ret;
+ }
+ return 1;
+}
+
+const EVP_PKEY_METHOD dh_pkey_meth = {
+ EVP_PKEY_DH,
+ 0,
+ pkey_dh_init,
+ pkey_dh_copy,
+ pkey_dh_cleanup,
+
+ 0,
+ pkey_dh_paramgen,
+
+ 0,
+ pkey_dh_keygen,
+
+ 0,
+ 0,
+
+ 0,
+ 0,
+
+ 0, 0,
+
+ 0, 0, 0, 0,
+
+ 0, 0,
+
+ 0, 0,
+
+ 0,
+ pkey_dh_derive,
+
+ pkey_dh_ctrl,
+ pkey_dh_ctrl_str
+};
+
+const EVP_PKEY_METHOD dhx_pkey_meth = {
+ EVP_PKEY_DHX,
+ 0,
+ pkey_dh_init,
+ pkey_dh_copy,
+ pkey_dh_cleanup,
+
+ 0,
+ pkey_dh_paramgen,
+
+ 0,
+ pkey_dh_keygen,
+
+ 0,
+ 0,
+
+ 0,
+ 0,
+
+ 0, 0,
+
+ 0, 0, 0, 0,
+
+ 0, 0,
+
+ 0, 0,
+
+ 0,
+ pkey_dh_derive,
+
+ pkey_dh_ctrl,
+ pkey_dh_ctrl_str
+};
diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c
index 78d1f98aac..fef19e3470 100644
--- a/crypto/dh/dh_prn.c
+++ b/crypto/dh/dh_prn.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -63,18 +63,17 @@
#ifndef OPENSSL_NO_STDIO
int DHparams_print_fp(FILE *fp, const DH *x)
- {
- BIO *b;
- int ret;
+{
+ BIO *b;
+ int ret;
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=DHparams_print(b, x);
- BIO_free(b);
- return(ret);
- }
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = DHparams_print(b, x);
+ BIO_free(b);
+ return (ret);
+}
#endif
diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c
index 0d04a6a00f..4a84ced6ec 100644
--- a/crypto/dh/dh_rfc5114.c
+++ b/crypto/dh/dh_rfc5114.c
@@ -1,5 +1,6 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2011.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2011.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@@ -9,7 +10,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -61,32 +62,33 @@
#include <openssl/bn.h>
#define make_dh_bn(x) \
- const extern BIGNUM _bignum_dh##x##_p;\
- const extern BIGNUM _bignum_dh##x##_g;\
- const extern BIGNUM _bignum_dh##x##_q;
+ const extern BIGNUM _bignum_dh##x##_p;\
+ const extern BIGNUM _bignum_dh##x##_g;\
+ const extern BIGNUM _bignum_dh##x##_q;
-/* Macro to make a DH structure from BIGNUM data. NB: although just copying
+/*
+ * Macro to make a DH structure from BIGNUM data. NB: although just copying
* the BIGNUM static pointers would be more efficient we can't as they get
* wiped using BN_clear_free() when DH_free() is called.
*/
#define make_dh(x) \
DH * DH_get_##x(void) \
- { \
- DH *dh; \
- dh = DH_new(); \
- if (!dh) \
- return NULL; \
- dh->p = BN_dup(&_bignum_dh##x##_p); \
- dh->g = BN_dup(&_bignum_dh##x##_g); \
- dh->q = BN_dup(&_bignum_dh##x##_q); \
- if (!dh->p || !dh->q || !dh->g) \
- { \
- DH_free(dh); \
- return NULL; \
- } \
- return dh; \
- }
+ { \
+ DH *dh; \
+ dh = DH_new(); \
+ if (!dh) \
+ return NULL; \
+ dh->p = BN_dup(&_bignum_dh##x##_p); \
+ dh->g = BN_dup(&_bignum_dh##x##_g); \
+ dh->q = BN_dup(&_bignum_dh##x##_q); \
+ if (!dh->p || !dh->q || !dh->g) \
+ { \
+ DH_free(dh); \
+ return NULL; \
+ } \
+ return dh; \
+ }
make_dh_bn(1024_160)
make_dh_bn(2048_224)
@@ -95,5 +97,3 @@ make_dh_bn(2048_256)
make_dh(1024_160)
make_dh(2048_224)
make_dh(2048_256)
-
-
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index 7452afbb5e..988322a703 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -5,21 +5,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -34,10 +34,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
@@ -72,454 +72,481 @@
int main(int argc, char *argv[])
{
printf("No DH support\n");
- return(0);
+ return (0);
}
#else
-#include <openssl/dh.h>
+# include <openssl/dh.h>
static int cb(int p, int n, BN_GENCB *arg);
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
static int run_rfc5114_tests(void);
int main(int argc, char *argv[])
- {
- BN_GENCB *_cb;
- DH *a=NULL;
- DH *b=NULL;
- char buf[12];
- unsigned char *abuf=NULL,*bbuf=NULL;
- int i,alen,blen,aout,bout,ret=1;
- BIO *out;
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#ifdef OPENSSL_SYS_WIN32
- CRYPTO_malloc_init();
-#endif
-
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- out=BIO_new(BIO_s_file());
- if (out == NULL) EXIT(1);
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
- _cb = BN_GENCB_new();
- if(!_cb)
- goto err;
- BN_GENCB_set(_cb, &cb, out);
- if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
- DH_GENERATOR_5, _cb))
- goto err;
-
- if (!DH_check(a, &i)) goto err;
- if (i & DH_CHECK_P_NOT_PRIME)
- BIO_puts(out, "p value is not prime\n");
- if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- BIO_puts(out, "p value is not a safe prime\n");
- if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- BIO_puts(out, "unable to check the generator value\n");
- if (i & DH_NOT_SUITABLE_GENERATOR)
- BIO_puts(out, "the g value is not a generator\n");
-
- BIO_puts(out,"\np =");
- BN_print(out,a->p);
- BIO_puts(out,"\ng =");
- BN_print(out,a->g);
- BIO_puts(out,"\n");
-
- b=DH_new();
- if (b == NULL) goto err;
-
- b->p=BN_dup(a->p);
- b->g=BN_dup(a->g);
- if ((b->p == NULL) || (b->g == NULL)) goto err;
-
- /* Set a to run with normal modexp and b to use constant time */
- a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
- b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
-
- if (!DH_generate_key(a)) goto err;
- BIO_puts(out,"pri 1=");
- BN_print(out,a->priv_key);
- BIO_puts(out,"\npub 1=");
- BN_print(out,a->pub_key);
- BIO_puts(out,"\n");
-
- if (!DH_generate_key(b)) goto err;
- BIO_puts(out,"pri 2=");
- BN_print(out,b->priv_key);
- BIO_puts(out,"\npub 2=");
- BN_print(out,b->pub_key);
- BIO_puts(out,"\n");
-
- alen=DH_size(a);
- abuf=(unsigned char *)OPENSSL_malloc(alen);
- aout=DH_compute_key(abuf,b->pub_key,a);
-
- BIO_puts(out,"key1 =");
- for (i=0; i<aout; i++)
- {
- sprintf(buf,"%02X",abuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
-
- blen=DH_size(b);
- bbuf=(unsigned char *)OPENSSL_malloc(blen);
- bout=DH_compute_key(bbuf,a->pub_key,b);
-
- BIO_puts(out,"key2 =");
- for (i=0; i<bout; i++)
- {
- sprintf(buf,"%02X",bbuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
- if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
- {
- fprintf(stderr,"Error in DH routines\n");
- ret=1;
- }
- else
- ret=0;
- if (!run_rfc5114_tests())
- ret = 1;
-err:
- ERR_print_errors_fp(stderr);
-
- if (abuf != NULL) OPENSSL_free(abuf);
- if (bbuf != NULL) OPENSSL_free(bbuf);
- if(b != NULL) DH_free(b);
- if(a != NULL) DH_free(a);
- if(_cb) BN_GENCB_free(_cb);
- BIO_free(out);
-#ifdef OPENSSL_SYS_NETWARE
- if (ret) printf("ERROR: %d\n", ret);
-#endif
- EXIT(ret);
- return(ret);
- }
+{
+ BN_GENCB *_cb;
+ DH *a = NULL;
+ DH *b = NULL;
+ char buf[12];
+ unsigned char *abuf = NULL, *bbuf = NULL;
+ int i, alen, blen, aout, bout, ret = 1;
+ BIO *out;
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+# ifdef OPENSSL_SYS_WIN32
+ CRYPTO_malloc_init();
+# endif
+
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ EXIT(1);
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+
+ _cb = BN_GENCB_new();
+ if (!_cb)
+ goto err;
+ BN_GENCB_set(_cb, &cb, out);
+ if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
+ DH_GENERATOR_5,
+ _cb))
+ goto err;
+
+ if (!DH_check(a, &i))
+ goto err;
+ if (i & DH_CHECK_P_NOT_PRIME)
+ BIO_puts(out, "p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ BIO_puts(out, "p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ BIO_puts(out, "unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ BIO_puts(out, "the g value is not a generator\n");
+
+ BIO_puts(out, "\np =");
+ BN_print(out, a->p);
+ BIO_puts(out, "\ng =");
+ BN_print(out, a->g);
+ BIO_puts(out, "\n");
+
+ b = DH_new();
+ if (b == NULL)
+ goto err;
+
+ b->p = BN_dup(a->p);
+ b->g = BN_dup(a->g);
+ if ((b->p == NULL) || (b->g == NULL))
+ goto err;
+
+ /* Set a to run with normal modexp and b to use constant time */
+ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+ b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
+ if (!DH_generate_key(a))
+ goto err;
+ BIO_puts(out, "pri 1=");
+ BN_print(out, a->priv_key);
+ BIO_puts(out, "\npub 1=");
+ BN_print(out, a->pub_key);
+ BIO_puts(out, "\n");
+
+ if (!DH_generate_key(b))
+ goto err;
+ BIO_puts(out, "pri 2=");
+ BN_print(out, b->priv_key);
+ BIO_puts(out, "\npub 2=");
+ BN_print(out, b->pub_key);
+ BIO_puts(out, "\n");
+
+ alen = DH_size(a);
+ abuf = (unsigned char *)OPENSSL_malloc(alen);
+ aout = DH_compute_key(abuf, b->pub_key, a);
+
+ BIO_puts(out, "key1 =");
+ for (i = 0; i < aout; i++) {
+ sprintf(buf, "%02X", abuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+
+ blen = DH_size(b);
+ bbuf = (unsigned char *)OPENSSL_malloc(blen);
+ bout = DH_compute_key(bbuf, a->pub_key, b);
+
+ BIO_puts(out, "key2 =");
+ for (i = 0; i < bout; i++) {
+ sprintf(buf, "%02X", bbuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+ if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
+ fprintf(stderr, "Error in DH routines\n");
+ ret = 1;
+ } else
+ ret = 0;
+ if (!run_rfc5114_tests())
+ ret = 1;
+ err:
+ ERR_print_errors_fp(stderr);
+
+ if (abuf != NULL)
+ OPENSSL_free(abuf);
+ if (bbuf != NULL)
+ OPENSSL_free(bbuf);
+ if (b != NULL)
+ DH_free(b);
+ if (a != NULL)
+ DH_free(a);
+ if (_cb)
+ BN_GENCB_free(_cb);
+ BIO_free(out);
+# ifdef OPENSSL_SYS_NETWARE
+ if (ret)
+ printf("ERROR: %d\n", ret);
+# endif
+ EXIT(ret);
+ return (ret);
+}
static int cb(int p, int n, BN_GENCB *arg)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(BN_GENCB_get_arg(arg),&c,1);
- (void)BIO_flush(BN_GENCB_get_arg(arg));
- return 1;
- }
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(BN_GENCB_get_arg(arg), &c, 1);
+ (void)BIO_flush(BN_GENCB_get_arg(arg));
+ return 1;
+}
/* Test data from RFC 5114 */
static const unsigned char dhtest_1024_160_xA[] = {
- 0xB9,0xA3,0xB3,0xAE,0x8F,0xEF,0xC1,0xA2,0x93,0x04,0x96,0x50,
- 0x70,0x86,0xF8,0x45,0x5D,0x48,0x94,0x3E
+ 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
+ 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
};
+
static const unsigned char dhtest_1024_160_yA[] = {
- 0x2A,0x85,0x3B,0x3D,0x92,0x19,0x75,0x01,0xB9,0x01,0x5B,0x2D,
- 0xEB,0x3E,0xD8,0x4F,0x5E,0x02,0x1D,0xCC,0x3E,0x52,0xF1,0x09,
- 0xD3,0x27,0x3D,0x2B,0x75,0x21,0x28,0x1C,0xBA,0xBE,0x0E,0x76,
- 0xFF,0x57,0x27,0xFA,0x8A,0xCC,0xE2,0x69,0x56,0xBA,0x9A,0x1F,
- 0xCA,0x26,0xF2,0x02,0x28,0xD8,0x69,0x3F,0xEB,0x10,0x84,0x1D,
- 0x84,0xA7,0x36,0x00,0x54,0xEC,0xE5,0xA7,0xF5,0xB7,0xA6,0x1A,
- 0xD3,0xDF,0xB3,0xC6,0x0D,0x2E,0x43,0x10,0x6D,0x87,0x27,0xDA,
- 0x37,0xDF,0x9C,0xCE,0x95,0xB4,0x78,0x75,0x5D,0x06,0xBC,0xEA,
- 0x8F,0x9D,0x45,0x96,0x5F,0x75,0xA5,0xF3,0xD1,0xDF,0x37,0x01,
- 0x16,0x5F,0xC9,0xE5,0x0C,0x42,0x79,0xCE,0xB0,0x7F,0x98,0x95,
- 0x40,0xAE,0x96,0xD5,0xD8,0x8E,0xD7,0x76
+ 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
+ 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
+ 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
+ 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
+ 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
+ 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
+ 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
+ 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
+ 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
+ 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
+ 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
};
+
static const unsigned char dhtest_1024_160_xB[] = {
- 0x93,0x92,0xC9,0xF9,0xEB,0x6A,0x7A,0x6A,0x90,0x22,0xF7,0xD8,
- 0x3E,0x72,0x23,0xC6,0x83,0x5B,0xBD,0xDA
+ 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
+ 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
};
+
static const unsigned char dhtest_1024_160_yB[] = {
- 0x71,0x7A,0x6C,0xB0,0x53,0x37,0x1F,0xF4,0xA3,0xB9,0x32,0x94,
- 0x1C,0x1E,0x56,0x63,0xF8,0x61,0xA1,0xD6,0xAD,0x34,0xAE,0x66,
- 0x57,0x6D,0xFB,0x98,0xF6,0xC6,0xCB,0xF9,0xDD,0xD5,0xA5,0x6C,
- 0x78,0x33,0xF6,0xBC,0xFD,0xFF,0x09,0x55,0x82,0xAD,0x86,0x8E,
- 0x44,0x0E,0x8D,0x09,0xFD,0x76,0x9E,0x3C,0xEC,0xCD,0xC3,0xD3,
- 0xB1,0xE4,0xCF,0xA0,0x57,0x77,0x6C,0xAA,0xF9,0x73,0x9B,0x6A,
- 0x9F,0xEE,0x8E,0x74,0x11,0xF8,0xD6,0xDA,0xC0,0x9D,0x6A,0x4E,
- 0xDB,0x46,0xCC,0x2B,0x5D,0x52,0x03,0x09,0x0E,0xAE,0x61,0x26,
- 0x31,0x1E,0x53,0xFD,0x2C,0x14,0xB5,0x74,0xE6,0xA3,0x10,0x9A,
- 0x3D,0xA1,0xBE,0x41,0xBD,0xCE,0xAA,0x18,0x6F,0x5C,0xE0,0x67,
- 0x16,0xA2,0xB6,0xA0,0x7B,0x3C,0x33,0xFE
+ 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
+ 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
+ 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
+ 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
+ 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
+ 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
+ 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
+ 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
+ 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
+ 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
+ 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
};
+
static const unsigned char dhtest_1024_160_Z[] = {
- 0x5C,0x80,0x4F,0x45,0x4D,0x30,0xD9,0xC4,0xDF,0x85,0x27,0x1F,
- 0x93,0x52,0x8C,0x91,0xDF,0x6B,0x48,0xAB,0x5F,0x80,0xB3,0xB5,
- 0x9C,0xAA,0xC1,0xB2,0x8F,0x8A,0xCB,0xA9,0xCD,0x3E,0x39,0xF3,
- 0xCB,0x61,0x45,0x25,0xD9,0x52,0x1D,0x2E,0x64,0x4C,0x53,0xB8,
- 0x07,0xB8,0x10,0xF3,0x40,0x06,0x2F,0x25,0x7D,0x7D,0x6F,0xBF,
- 0xE8,0xD5,0xE8,0xF0,0x72,0xE9,0xB6,0xE9,0xAF,0xDA,0x94,0x13,
- 0xEA,0xFB,0x2E,0x8B,0x06,0x99,0xB1,0xFB,0x5A,0x0C,0xAC,0xED,
- 0xDE,0xAE,0xAD,0x7E,0x9C,0xFB,0xB3,0x6A,0xE2,0xB4,0x20,0x83,
- 0x5B,0xD8,0x3A,0x19,0xFB,0x0B,0x5E,0x96,0xBF,0x8F,0xA4,0xD0,
- 0x9E,0x34,0x55,0x25,0x16,0x7E,0xCD,0x91,0x55,0x41,0x6F,0x46,
- 0xF4,0x08,0xED,0x31,0xB6,0x3C,0x6E,0x6D
+ 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
+ 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
+ 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
+ 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
+ 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
+ 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
+ 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
+ 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
+ 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
+ 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
+ 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
};
+
static const unsigned char dhtest_2048_224_xA[] = {
- 0x22,0xE6,0x26,0x01,0xDB,0xFF,0xD0,0x67,0x08,0xA6,0x80,0xF7,
- 0x47,0xF3,0x61,0xF7,0x6D,0x8F,0x4F,0x72,0x1A,0x05,0x48,0xE4,
- 0x83,0x29,0x4B,0x0C
+ 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
+ 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
+ 0x83, 0x29, 0x4B, 0x0C
};
+
static const unsigned char dhtest_2048_224_yA[] = {
- 0x1B,0x3A,0x63,0x45,0x1B,0xD8,0x86,0xE6,0x99,0xE6,0x7B,0x49,
- 0x4E,0x28,0x8B,0xD7,0xF8,0xE0,0xD3,0x70,0xBA,0xDD,0xA7,0xA0,
- 0xEF,0xD2,0xFD,0xE7,0xD8,0xF6,0x61,0x45,0xCC,0x9F,0x28,0x04,
- 0x19,0x97,0x5E,0xB8,0x08,0x87,0x7C,0x8A,0x4C,0x0C,0x8E,0x0B,
- 0xD4,0x8D,0x4A,0x54,0x01,0xEB,0x1E,0x87,0x76,0xBF,0xEE,0xE1,
- 0x34,0xC0,0x38,0x31,0xAC,0x27,0x3C,0xD9,0xD6,0x35,0xAB,0x0C,
- 0xE0,0x06,0xA4,0x2A,0x88,0x7E,0x3F,0x52,0xFB,0x87,0x66,0xB6,
- 0x50,0xF3,0x80,0x78,0xBC,0x8E,0xE8,0x58,0x0C,0xEF,0xE2,0x43,
- 0x96,0x8C,0xFC,0x4F,0x8D,0xC3,0xDB,0x08,0x45,0x54,0x17,0x1D,
- 0x41,0xBF,0x2E,0x86,0x1B,0x7B,0xB4,0xD6,0x9D,0xD0,0xE0,0x1E,
- 0xA3,0x87,0xCB,0xAA,0x5C,0xA6,0x72,0xAF,0xCB,0xE8,0xBD,0xB9,
- 0xD6,0x2D,0x4C,0xE1,0x5F,0x17,0xDD,0x36,0xF9,0x1E,0xD1,0xEE,
- 0xDD,0x65,0xCA,0x4A,0x06,0x45,0x5C,0xB9,0x4C,0xD4,0x0A,0x52,
- 0xEC,0x36,0x0E,0x84,0xB3,0xC9,0x26,0xE2,0x2C,0x43,0x80,0xA3,
- 0xBF,0x30,0x9D,0x56,0x84,0x97,0x68,0xB7,0xF5,0x2C,0xFD,0xF6,
- 0x55,0xFD,0x05,0x3A,0x7E,0xF7,0x06,0x97,0x9E,0x7E,0x58,0x06,
- 0xB1,0x7D,0xFA,0xE5,0x3A,0xD2,0xA5,0xBC,0x56,0x8E,0xBB,0x52,
- 0x9A,0x7A,0x61,0xD6,0x8D,0x25,0x6F,0x8F,0xC9,0x7C,0x07,0x4A,
- 0x86,0x1D,0x82,0x7E,0x2E,0xBC,0x8C,0x61,0x34,0x55,0x31,0x15,
- 0xB7,0x0E,0x71,0x03,0x92,0x0A,0xA1,0x6D,0x85,0xE5,0x2B,0xCB,
- 0xAB,0x8D,0x78,0x6A,0x68,0x17,0x8F,0xA8,0xFF,0x7C,0x2F,0x5C,
- 0x71,0x64,0x8D,0x6F
+ 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
+ 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
+ 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
+ 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
+ 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
+ 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
+ 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
+ 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
+ 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
+ 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
+ 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
+ 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
+ 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
+ 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
+ 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
+ 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
+ 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
+ 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
+ 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
+ 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
+ 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
+ 0x71, 0x64, 0x8D, 0x6F
};
+
static const unsigned char dhtest_2048_224_xB[] = {
- 0x4F,0xF3,0xBC,0x96,0xC7,0xFC,0x6A,0x6D,0x71,0xD3,0xB3,0x63,
- 0x80,0x0A,0x7C,0xDF,0xEF,0x6F,0xC4,0x1B,0x44,0x17,0xEA,0x15,
- 0x35,0x3B,0x75,0x90
+ 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
+ 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
+ 0x35, 0x3B, 0x75, 0x90
};
+
static const unsigned char dhtest_2048_224_yB[] = {
- 0x4D,0xCE,0xE9,0x92,0xA9,0x76,0x2A,0x13,0xF2,0xF8,0x38,0x44,
- 0xAD,0x3D,0x77,0xEE,0x0E,0x31,0xC9,0x71,0x8B,0x3D,0xB6,0xC2,
- 0x03,0x5D,0x39,0x61,0x18,0x2C,0x3E,0x0B,0xA2,0x47,0xEC,0x41,
- 0x82,0xD7,0x60,0xCD,0x48,0xD9,0x95,0x99,0x97,0x06,0x22,0xA1,
- 0x88,0x1B,0xBA,0x2D,0xC8,0x22,0x93,0x9C,0x78,0xC3,0x91,0x2C,
- 0x66,0x61,0xFA,0x54,0x38,0xB2,0x07,0x66,0x22,0x2B,0x75,0xE2,
- 0x4C,0x2E,0x3A,0xD0,0xC7,0x28,0x72,0x36,0x12,0x95,0x25,0xEE,
- 0x15,0xB5,0xDD,0x79,0x98,0xAA,0x04,0xC4,0xA9,0x69,0x6C,0xAC,
- 0xD7,0x17,0x20,0x83,0xA9,0x7A,0x81,0x66,0x4E,0xAD,0x2C,0x47,
- 0x9E,0x44,0x4E,0x4C,0x06,0x54,0xCC,0x19,0xE2,0x8D,0x77,0x03,
- 0xCE,0xE8,0xDA,0xCD,0x61,0x26,0xF5,0xD6,0x65,0xEC,0x52,0xC6,
- 0x72,0x55,0xDB,0x92,0x01,0x4B,0x03,0x7E,0xB6,0x21,0xA2,0xAC,
- 0x8E,0x36,0x5D,0xE0,0x71,0xFF,0xC1,0x40,0x0A,0xCF,0x07,0x7A,
- 0x12,0x91,0x3D,0xD8,0xDE,0x89,0x47,0x34,0x37,0xAB,0x7B,0xA3,
- 0x46,0x74,0x3C,0x1B,0x21,0x5D,0xD9,0xC1,0x21,0x64,0xA7,0xE4,
- 0x05,0x31,0x18,0xD1,0x99,0xBE,0xC8,0xEF,0x6F,0xC5,0x61,0x17,
- 0x0C,0x84,0xC8,0x7D,0x10,0xEE,0x9A,0x67,0x4A,0x1F,0xA8,0xFF,
- 0xE1,0x3B,0xDF,0xBA,0x1D,0x44,0xDE,0x48,0x94,0x6D,0x68,0xDC,
- 0x0C,0xDD,0x77,0x76,0x35,0xA7,0xAB,0x5B,0xFB,0x1E,0x4B,0xB7,
- 0xB8,0x56,0xF9,0x68,0x27,0x73,0x4C,0x18,0x41,0x38,0xE9,0x15,
- 0xD9,0xC3,0x00,0x2E,0xBC,0xE5,0x31,0x20,0x54,0x6A,0x7E,0x20,
- 0x02,0x14,0x2B,0x6C
+ 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
+ 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
+ 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
+ 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
+ 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
+ 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
+ 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
+ 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
+ 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
+ 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
+ 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
+ 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
+ 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
+ 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
+ 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
+ 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
+ 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
+ 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
+ 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
+ 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
+ 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
+ 0x02, 0x14, 0x2B, 0x6C
};
+
static const unsigned char dhtest_2048_224_Z[] = {
- 0x34,0xD9,0xBD,0xDC,0x1B,0x42,0x17,0x6C,0x31,0x3F,0xEA,0x03,
- 0x4C,0x21,0x03,0x4D,0x07,0x4A,0x63,0x13,0xBB,0x4E,0xCD,0xB3,
- 0x70,0x3F,0xFF,0x42,0x45,0x67,0xA4,0x6B,0xDF,0x75,0x53,0x0E,
- 0xDE,0x0A,0x9D,0xA5,0x22,0x9D,0xE7,0xD7,0x67,0x32,0x28,0x6C,
- 0xBC,0x0F,0x91,0xDA,0x4C,0x3C,0x85,0x2F,0xC0,0x99,0xC6,0x79,
- 0x53,0x1D,0x94,0xC7,0x8A,0xB0,0x3D,0x9D,0xEC,0xB0,0xA4,0xE4,
- 0xCA,0x8B,0x2B,0xB4,0x59,0x1C,0x40,0x21,0xCF,0x8C,0xE3,0xA2,
- 0x0A,0x54,0x1D,0x33,0x99,0x40,0x17,0xD0,0x20,0x0A,0xE2,0xC9,
- 0x51,0x6E,0x2F,0xF5,0x14,0x57,0x79,0x26,0x9E,0x86,0x2B,0x0F,
- 0xB4,0x74,0xA2,0xD5,0x6D,0xC3,0x1E,0xD5,0x69,0xA7,0x70,0x0B,
- 0x4C,0x4A,0xB1,0x6B,0x22,0xA4,0x55,0x13,0x53,0x1E,0xF5,0x23,
- 0xD7,0x12,0x12,0x07,0x7B,0x5A,0x16,0x9B,0xDE,0xFF,0xAD,0x7A,
- 0xD9,0x60,0x82,0x84,0xC7,0x79,0x5B,0x6D,0x5A,0x51,0x83,0xB8,
- 0x70,0x66,0xDE,0x17,0xD8,0xD6,0x71,0xC9,0xEB,0xD8,0xEC,0x89,
- 0x54,0x4D,0x45,0xEC,0x06,0x15,0x93,0xD4,0x42,0xC6,0x2A,0xB9,
- 0xCE,0x3B,0x1C,0xB9,0x94,0x3A,0x1D,0x23,0xA5,0xEA,0x3B,0xCF,
- 0x21,0xA0,0x14,0x71,0xE6,0x7E,0x00,0x3E,0x7F,0x8A,0x69,0xC7,
- 0x28,0xBE,0x49,0x0B,0x2F,0xC8,0x8C,0xFE,0xB9,0x2D,0xB6,0xA2,
- 0x15,0xE5,0xD0,0x3C,0x17,0xC4,0x64,0xC9,0xAC,0x1A,0x46,0xE2,
- 0x03,0xE1,0x3F,0x95,0x29,0x95,0xFB,0x03,0xC6,0x9D,0x3C,0xC4,
- 0x7F,0xCB,0x51,0x0B,0x69,0x98,0xFF,0xD3,0xAA,0x6D,0xE7,0x3C,
- 0xF9,0xF6,0x38,0x69
+ 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
+ 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
+ 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
+ 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
+ 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
+ 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
+ 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
+ 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
+ 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
+ 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
+ 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
+ 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
+ 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
+ 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
+ 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
+ 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
+ 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
+ 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
+ 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
+ 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
+ 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
+ 0xF9, 0xF6, 0x38, 0x69
};
+
static const unsigned char dhtest_2048_256_xA[] = {
- 0x08,0x81,0x38,0x2C,0xDB,0x87,0x66,0x0C,0x6D,0xC1,0x3E,0x61,
- 0x49,0x38,0xD5,0xB9,0xC8,0xB2,0xF2,0x48,0x58,0x1C,0xC5,0xE3,
- 0x1B,0x35,0x45,0x43,0x97,0xFC,0xE5,0x0E
+ 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
+ 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
+ 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
};
+
static const unsigned char dhtest_2048_256_yA[] = {
- 0x2E,0x93,0x80,0xC8,0x32,0x3A,0xF9,0x75,0x45,0xBC,0x49,0x41,
- 0xDE,0xB0,0xEC,0x37,0x42,0xC6,0x2F,0xE0,0xEC,0xE8,0x24,0xA6,
- 0xAB,0xDB,0xE6,0x6C,0x59,0xBE,0xE0,0x24,0x29,0x11,0xBF,0xB9,
- 0x67,0x23,0x5C,0xEB,0xA3,0x5A,0xE1,0x3E,0x4E,0xC7,0x52,0xBE,
- 0x63,0x0B,0x92,0xDC,0x4B,0xDE,0x28,0x47,0xA9,0xC6,0x2C,0xB8,
- 0x15,0x27,0x45,0x42,0x1F,0xB7,0xEB,0x60,0xA6,0x3C,0x0F,0xE9,
- 0x15,0x9F,0xCC,0xE7,0x26,0xCE,0x7C,0xD8,0x52,0x3D,0x74,0x50,
- 0x66,0x7E,0xF8,0x40,0xE4,0x91,0x91,0x21,0xEB,0x5F,0x01,0xC8,
- 0xC9,0xB0,0xD3,0xD6,0x48,0xA9,0x3B,0xFB,0x75,0x68,0x9E,0x82,
- 0x44,0xAC,0x13,0x4A,0xF5,0x44,0x71,0x1C,0xE7,0x9A,0x02,0xDC,
- 0xC3,0x42,0x26,0x68,0x47,0x80,0xDD,0xDC,0xB4,0x98,0x59,0x41,
- 0x06,0xC3,0x7F,0x5B,0xC7,0x98,0x56,0x48,0x7A,0xF5,0xAB,0x02,
- 0x2A,0x2E,0x5E,0x42,0xF0,0x98,0x97,0xC1,0xA8,0x5A,0x11,0xEA,
- 0x02,0x12,0xAF,0x04,0xD9,0xB4,0xCE,0xBC,0x93,0x7C,0x3C,0x1A,
- 0x3E,0x15,0xA8,0xA0,0x34,0x2E,0x33,0x76,0x15,0xC8,0x4E,0x7F,
- 0xE3,0xB8,0xB9,0xB8,0x7F,0xB1,0xE7,0x3A,0x15,0xAF,0x12,0xA3,
- 0x0D,0x74,0x6E,0x06,0xDF,0xC3,0x4F,0x29,0x0D,0x79,0x7C,0xE5,
- 0x1A,0xA1,0x3A,0xA7,0x85,0xBF,0x66,0x58,0xAF,0xF5,0xE4,0xB0,
- 0x93,0x00,0x3C,0xBE,0xAF,0x66,0x5B,0x3C,0x2E,0x11,0x3A,0x3A,
- 0x4E,0x90,0x52,0x69,0x34,0x1D,0xC0,0x71,0x14,0x26,0x68,0x5F,
- 0x4E,0xF3,0x7E,0x86,0x8A,0x81,0x26,0xFF,0x3F,0x22,0x79,0xB5,
- 0x7C,0xA6,0x7E,0x29
+ 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
+ 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
+ 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
+ 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
+ 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
+ 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
+ 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
+ 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
+ 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
+ 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
+ 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
+ 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
+ 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
+ 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
+ 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
+ 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
+ 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
+ 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
+ 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
+ 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
+ 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
+ 0x7C, 0xA6, 0x7E, 0x29
};
+
static const unsigned char dhtest_2048_256_xB[] = {
- 0x7D,0x62,0xA7,0xE3,0xEF,0x36,0xDE,0x61,0x7B,0x13,0xD1,0xAF,
- 0xB8,0x2C,0x78,0x0D,0x83,0xA2,0x3B,0xD4,0xEE,0x67,0x05,0x64,
- 0x51,0x21,0xF3,0x71,0xF5,0x46,0xA5,0x3D
+ 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
+ 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
+ 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
};
+
static const unsigned char dhtest_2048_256_yB[] = {
- 0x57,0x5F,0x03,0x51,0xBD,0x2B,0x1B,0x81,0x74,0x48,0xBD,0xF8,
- 0x7A,0x6C,0x36,0x2C,0x1E,0x28,0x9D,0x39,0x03,0xA3,0x0B,0x98,
- 0x32,0xC5,0x74,0x1F,0xA2,0x50,0x36,0x3E,0x7A,0xCB,0xC7,0xF7,
- 0x7F,0x3D,0xAC,0xBC,0x1F,0x13,0x1A,0xDD,0x8E,0x03,0x36,0x7E,
- 0xFF,0x8F,0xBB,0xB3,0xE1,0xC5,0x78,0x44,0x24,0x80,0x9B,0x25,
- 0xAF,0xE4,0xD2,0x26,0x2A,0x1A,0x6F,0xD2,0xFA,0xB6,0x41,0x05,
- 0xCA,0x30,0xA6,0x74,0xE0,0x7F,0x78,0x09,0x85,0x20,0x88,0x63,
- 0x2F,0xC0,0x49,0x23,0x37,0x91,0xAD,0x4E,0xDD,0x08,0x3A,0x97,
- 0x8B,0x88,0x3E,0xE6,0x18,0xBC,0x5E,0x0D,0xD0,0x47,0x41,0x5F,
- 0x2D,0x95,0xE6,0x83,0xCF,0x14,0x82,0x6B,0x5F,0xBE,0x10,0xD3,
- 0xCE,0x41,0xC6,0xC1,0x20,0xC7,0x8A,0xB2,0x00,0x08,0xC6,0x98,
- 0xBF,0x7F,0x0B,0xCA,0xB9,0xD7,0xF4,0x07,0xBE,0xD0,0xF4,0x3A,
- 0xFB,0x29,0x70,0xF5,0x7F,0x8D,0x12,0x04,0x39,0x63,0xE6,0x6D,
- 0xDD,0x32,0x0D,0x59,0x9A,0xD9,0x93,0x6C,0x8F,0x44,0x13,0x7C,
- 0x08,0xB1,0x80,0xEC,0x5E,0x98,0x5C,0xEB,0xE1,0x86,0xF3,0xD5,
- 0x49,0x67,0x7E,0x80,0x60,0x73,0x31,0xEE,0x17,0xAF,0x33,0x80,
- 0xA7,0x25,0xB0,0x78,0x23,0x17,0xD7,0xDD,0x43,0xF5,0x9D,0x7A,
- 0xF9,0x56,0x8A,0x9B,0xB6,0x3A,0x84,0xD3,0x65,0xF9,0x22,0x44,
- 0xED,0x12,0x09,0x88,0x21,0x93,0x02,0xF4,0x29,0x24,0xC7,0xCA,
- 0x90,0xB8,0x9D,0x24,0xF7,0x1B,0x0A,0xB6,0x97,0x82,0x3D,0x7D,
- 0xEB,0x1A,0xFF,0x5B,0x0E,0x8E,0x4A,0x45,0xD4,0x9F,0x7F,0x53,
- 0x75,0x7E,0x19,0x13
+ 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
+ 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
+ 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
+ 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
+ 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
+ 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
+ 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
+ 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
+ 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
+ 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
+ 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
+ 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
+ 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
+ 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
+ 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
+ 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
+ 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
+ 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
+ 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
+ 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
+ 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
+ 0x75, 0x7E, 0x19, 0x13
};
+
static const unsigned char dhtest_2048_256_Z[] = {
- 0x86,0xC7,0x0B,0xF8,0xD0,0xBB,0x81,0xBB,0x01,0x07,0x8A,0x17,
- 0x21,0x9C,0xB7,0xD2,0x72,0x03,0xDB,0x2A,0x19,0xC8,0x77,0xF1,
- 0xD1,0xF1,0x9F,0xD7,0xD7,0x7E,0xF2,0x25,0x46,0xA6,0x8F,0x00,
- 0x5A,0xD5,0x2D,0xC8,0x45,0x53,0xB7,0x8F,0xC6,0x03,0x30,0xBE,
- 0x51,0xEA,0x7C,0x06,0x72,0xCA,0xC1,0x51,0x5E,0x4B,0x35,0xC0,
- 0x47,0xB9,0xA5,0x51,0xB8,0x8F,0x39,0xDC,0x26,0xDA,0x14,0xA0,
- 0x9E,0xF7,0x47,0x74,0xD4,0x7C,0x76,0x2D,0xD1,0x77,0xF9,0xED,
- 0x5B,0xC2,0xF1,0x1E,0x52,0xC8,0x79,0xBD,0x95,0x09,0x85,0x04,
- 0xCD,0x9E,0xEC,0xD8,0xA8,0xF9,0xB3,0xEF,0xBD,0x1F,0x00,0x8A,
- 0xC5,0x85,0x30,0x97,0xD9,0xD1,0x83,0x7F,0x2B,0x18,0xF7,0x7C,
- 0xD7,0xBE,0x01,0xAF,0x80,0xA7,0xC7,0xB5,0xEA,0x3C,0xA5,0x4C,
- 0xC0,0x2D,0x0C,0x11,0x6F,0xEE,0x3F,0x95,0xBB,0x87,0x39,0x93,
- 0x85,0x87,0x5D,0x7E,0x86,0x74,0x7E,0x67,0x6E,0x72,0x89,0x38,
- 0xAC,0xBF,0xF7,0x09,0x8E,0x05,0xBE,0x4D,0xCF,0xB2,0x40,0x52,
- 0xB8,0x3A,0xEF,0xFB,0x14,0x78,0x3F,0x02,0x9A,0xDB,0xDE,0x7F,
- 0x53,0xFA,0xE9,0x20,0x84,0x22,0x40,0x90,0xE0,0x07,0xCE,0xE9,
- 0x4D,0x4B,0xF2,0xBA,0xCE,0x9F,0xFD,0x4B,0x57,0xD2,0xAF,0x7C,
- 0x72,0x4D,0x0C,0xAA,0x19,0xBF,0x05,0x01,0xF6,0xF1,0x7B,0x4A,
- 0xA1,0x0F,0x42,0x5E,0x3E,0xA7,0x60,0x80,0xB4,0xB9,0xD6,0xB3,
- 0xCE,0xFE,0xA1,0x15,0xB2,0xCE,0xB8,0x78,0x9B,0xB8,0xA3,0xB0,
- 0xEA,0x87,0xFE,0xBE,0x63,0xB6,0xC8,0xF8,0x46,0xEC,0x6D,0xB0,
- 0xC2,0x6C,0x5D,0x7C
+ 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
+ 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
+ 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
+ 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
+ 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
+ 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
+ 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
+ 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
+ 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
+ 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
+ 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
+ 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
+ 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
+ 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
+ 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
+ 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
+ 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
+ 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
+ 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
+ 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
+ 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
+ 0xC2, 0x6C, 0x5D, 0x7C
};
-typedef struct
- {
- DH * (*get_param)(void);
- const unsigned char *xA;
- size_t xA_len;
- const unsigned char *yA;
- size_t yA_len;
- const unsigned char *xB;
- size_t xB_len;
- const unsigned char *yB;
- size_t yB_len;
- const unsigned char *Z;
- size_t Z_len;
- } rfc5114_td;
-
-#define make_rfc5114_td(pre) { \
- DH_get_##pre, \
- dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
- dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
- dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
- dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
- dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
- }
+typedef struct {
+ DH *(*get_param) (void);
+ const unsigned char *xA;
+ size_t xA_len;
+ const unsigned char *yA;
+ size_t yA_len;
+ const unsigned char *xB;
+ size_t xB_len;
+ const unsigned char *yB;
+ size_t yB_len;
+ const unsigned char *Z;
+ size_t Z_len;
+} rfc5114_td;
+
+# define make_rfc5114_td(pre) { \
+ DH_get_##pre, \
+ dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
+ dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
+ dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
+ dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
+ dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
+ }
static const rfc5114_td rfctd[] = {
- make_rfc5114_td(1024_160),
- make_rfc5114_td(2048_224),
- make_rfc5114_td(2048_256)
+ make_rfc5114_td(1024_160),
+ make_rfc5114_td(2048_224),
+ make_rfc5114_td(2048_256)
};
static int run_rfc5114_tests(void)
- {
- int i;
- for (i = 0; i < (int)(sizeof(rfctd)/sizeof(rfc5114_td)); i++)
- {
- DH *dhA, *dhB;
- unsigned char *Z1 = NULL, *Z2 = NULL;
- const rfc5114_td *td = rfctd + i;
- /* Set up DH structures setting key components */
- dhA = td->get_param();
- dhB = td->get_param();
- if (!dhA || !dhB)
- goto bad_err;
-
- dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL);
- dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL);
-
- dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL);
- dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL);
-
- if (!dhA->priv_key || !dhA->pub_key
- || !dhB->priv_key || !dhB->pub_key)
- goto bad_err;
-
- if ((td->Z_len != (size_t)DH_size(dhA))
- || (td->Z_len != (size_t)DH_size(dhB)))
- goto err;
-
- Z1 = OPENSSL_malloc(DH_size(dhA));
- Z2 = OPENSSL_malloc(DH_size(dhB));
- /* Work out shared secrets using both sides and compare
- * with expected values.
- */
- if (!DH_compute_key(Z1, dhB->pub_key, dhA))
- goto bad_err;
- if (!DH_compute_key(Z2, dhA->pub_key, dhB))
- goto bad_err;
-
- if (memcmp(Z1, td->Z, td->Z_len))
- goto err;
- if (memcmp(Z2, td->Z, td->Z_len))
- goto err;
-
- printf("RFC5114 parameter test %d OK\n", i + 1);
-
- DH_free(dhA);
- DH_free(dhB);
- OPENSSL_free(Z1);
- OPENSSL_free(Z2);
-
- }
- return 1;
- bad_err:
- fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
- ERR_print_errors_fp(stderr);
- return 0;
- err:
- fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
- return 0;
- }
+{
+ int i;
+ for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) {
+ DH *dhA, *dhB;
+ unsigned char *Z1 = NULL, *Z2 = NULL;
+ const rfc5114_td *td = rfctd + i;
+ /* Set up DH structures setting key components */
+ dhA = td->get_param();
+ dhB = td->get_param();
+ if (!dhA || !dhB)
+ goto bad_err;
+
+ dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL);
+ dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL);
+
+ dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL);
+ dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL);
+
+ if (!dhA->priv_key || !dhA->pub_key
+ || !dhB->priv_key || !dhB->pub_key)
+ goto bad_err;
+
+ if ((td->Z_len != (size_t)DH_size(dhA))
+ || (td->Z_len != (size_t)DH_size(dhB)))
+ goto err;
+
+ Z1 = OPENSSL_malloc(DH_size(dhA));
+ Z2 = OPENSSL_malloc(DH_size(dhB));
+ /*
+ * Work out shared secrets using both sides and compare with expected
+ * values.
+ */
+ if (!DH_compute_key(Z1, dhB->pub_key, dhA))
+ goto bad_err;
+ if (!DH_compute_key(Z2, dhA->pub_key, dhB))
+ goto bad_err;
+
+ if (memcmp(Z1, td->Z, td->Z_len))
+ goto err;
+ if (memcmp(Z2, td->Z, td->Z_len))
+ goto err;
+
+ printf("RFC5114 parameter test %d OK\n", i + 1);
+
+ DH_free(dhA);
+ DH_free(dhB);
+ OPENSSL_free(Z1);
+ OPENSSL_free(Z2);
+
+ }
+ return 1;
+ bad_err:
+ fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
+ ERR_print_errors_fp(stderr);
+ return 0;
+ err:
+ fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
+ return 0;
+}
#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 04:35:44 +0100